From 8cbeebb892531fa04265bf4a01be3e5b65defb6b3f5d7057ae654c88e2187917 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 18 Dec 2006 23:17:21 +0000 Subject: [PATCH 001/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=1 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-0.99.6.3-docs.tar.bz2 | 3 + Linux-PAM-0.99.6.3.tar.bz2 | 3 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 23 + common-session.pamd | 11 + etc.environment | 5 + hu.po | 478 +++++++++++++++++ other.pamd | 10 + pam.changes | 875 ++++++++++++++++++++++++++++++++ pam.spec | 637 +++++++++++++++++++++++ pam_namespace.diff | 20 + pam_unix-crypt.diff | 63 +++ ready | 0 securetty | 17 + 17 files changed, 2189 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-0.99.6.3-docs.tar.bz2 create mode 100644 Linux-PAM-0.99.6.3.tar.bz2 create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session.pamd create mode 100644 etc.environment create mode 100644 hu.po create mode 100644 other.pamd create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam_namespace.diff create mode 100644 pam_unix-crypt.diff create mode 100644 ready create mode 100644 securetty diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-0.99.6.3-docs.tar.bz2 b/Linux-PAM-0.99.6.3-docs.tar.bz2 new file mode 100644 index 0000000..67fbd08 --- /dev/null +++ b/Linux-PAM-0.99.6.3-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7a7df483cab8841d8260eb0dba9243dd33141bd347c102b96f4711df90bf7aaf +size 398609 diff --git a/Linux-PAM-0.99.6.3.tar.bz2 b/Linux-PAM-0.99.6.3.tar.bz2 new file mode 100644 index 0000000..53cce21 --- /dev/null +++ b/Linux-PAM-0.99.6.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5ab359864e7cb677c2d1e29d4ca9bc3d71a00912b7bd2a99741bc2e0bdf17e48 +size 863345 diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..779c73c --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - authorization settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authorization modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix2.so diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..58e4952 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix2.so diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..15afcc9 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,23 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. The default is pam_unix2 in combination +# with pam_pwcheck. + +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +# To enable Blowfish or MD5 passwords, you should edit +# /etc/default/passwd. +# +# Alternate strength checking for passwords should be configured +# in /etc/security/pam_pwcheck.conf. +# +# pam_make can be used to rebuild NIS maps after password change. +# +password required pam_pwcheck.so nullok cracklib +password required pam_unix2.so nullok use_authtok +#password required pam_make.so /var/yp + diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..f67f6ac --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). The default is pam_unix2. +# +session required pam_limits.so +session required pam_unix2.so +session optional pam_umask.so diff --git a/etc.environment b/etc.environment new file mode 100644 index 0000000..09697f5 --- /dev/null +++ b/etc.environment @@ -0,0 +1,5 @@ +# +# This file is parsed by pam_env module +# +# Syntax: simple "KEY=VAL" pairs on seperate lines +# diff --git a/hu.po b/hu.po new file mode 100644 index 0000000..c244a17 --- /dev/null +++ b/hu.po @@ -0,0 +1,478 @@ +# translation of Linux-pam.po to +# translation of hu.po to +# This file is distributed under the same license as the PACKAGE package. +# Copyright (C) YEAR Linux-PAM Project. +# Papp Zsolt , 2006. +# Keresztes Ákos , 2006. +# Kalman Kemenczy , 2006. +# +msgid "" +msgstr "" +"Project-Id-Version: Linux-pam\n" +"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +"POT-Creation-Date: 2006-08-31 16:32+0200\n" +"PO-Revision-Date: 2006-10-06 13:54+0200\n" +"Last-Translator: \n" +"Language-Team: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#: modules/pam_tally/pam_tally.c:741 +msgid "Authentication error" +msgstr "Hitelesítési hiba" + +#: modules/pam_tally/pam_tally.c:742 +msgid "Service error" +msgstr "Szolgáltatási hiba" + +#: modules/pam_tally/pam_tally.c:743 +msgid "Unknown user" +msgstr "Ismeretlen felhasználó" + +#: modules/pam_tally/pam_tally.c:744 +msgid "Unknown error" +msgstr "Ismeretlen hiba" + +#: modules/pam_tally/pam_tally.c:760 +#, c-format +msgid "%s: Bad number given to --reset=\n" +msgstr "%s: Rossz szám lett megadva: --reset=\n" + +#: modules/pam_tally/pam_tally.c:764 +#, c-format +msgid "%s: Unrecognised option %s\n" +msgstr "%s: Fel nem ismert paraméter (%s)\n" + +#: modules/pam_tally/pam_tally.c:776 +#, c-format +msgid "" +"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" +msgstr "" +"%s: [--file rooted-fájlnév] [--user felhasználónév] [--reset[=n]] [--quiet]\n" + +#: modules/pam_tally/pam_tally.c:850 +#, c-format +msgid "%s: Can't reset all users to non-zero\n" +msgstr "%s: Nem állítható vissza minden felhasználó nem nullára\n" + +#. TRANSLATORS: "strftime options for date of last login" +#: modules/pam_lastlog/pam_lastlog.c:190 +msgid " %a %b %e %H:%M:%S %Z %Y" +msgstr "%Y. %b %e, %a %H:%M:%S %Z " + +#. TRANSLATORS: " from " +#: modules/pam_lastlog/pam_lastlog.c:199 +#, c-format +msgid " from %.*s" +msgstr " innen: %.*s" + +#. TRANSLATORS: " on " +#: modules/pam_lastlog/pam_lastlog.c:211 +#, c-format +msgid " on %.*s" +msgstr " itt: %.*s" + +#. TRANSLATORS: "Last login: from on " +#: modules/pam_lastlog/pam_lastlog.c:220 +#, c-format +msgid "Last login:%s%s%s" +msgstr "Utolsó belépés:%s%s%s" + +#: modules/pam_lastlog/pam_lastlog.c:226 +msgid "Welcome to your new account!" +msgstr "Üdvözöljük az új fiókjában!" + +#: modules/pam_limits/pam_limits.c:647 +#, c-format +msgid "Too many logins for '%s'." +msgstr "Túl sok belépés '%s' részéről." + +#: modules/pam_selinux/pam_selinux_check.c:99 +#, c-format +msgid "failed to initialize PAM\n" +msgstr "PAM inicializálása sikertelen\n" + +#: modules/pam_selinux/pam_selinux_check.c:105 +#, c-format +msgid "failed to pam_set_item()\n" +msgstr "pam_set_item() meghiúsult\n" + +#: modules/pam_selinux/pam_selinux_check.c:133 +#, c-format +msgid "login: failure forking: %m" +msgstr "bejelentkezés: hiba az elágazás közben: %m" + +#: modules/pam_selinux/pam_selinux.c:102 +#, c-format +msgid "Your default context is %s. \n" +msgstr "Az Ön alapértelmezett kontextusa: %s. \n" + +#: modules/pam_selinux/pam_selinux.c:105 +msgid "Do you want to choose a different one? [n]" +msgstr "Kíván másikat választani? [n]" + +#: modules/pam_selinux/pam_selinux.c:112 +msgid "Enter number of choice: " +msgstr "Adja meg a kívánt lehetőség számát: " + +#: modules/pam_selinux/pam_selinux.c:152 +msgid "Would you like to enter a security context? [y] " +msgstr "Kíván megadni egy biztonsági kontextust? [y] " + +#: modules/pam_selinux/pam_selinux.c:169 +msgid "role: " +msgstr "szerep: " + +#: modules/pam_selinux/pam_selinux.c:177 +msgid "type: " +msgstr "típus: " + +#: modules/pam_selinux/pam_selinux.c:187 +msgid "level: " +msgstr "szint: " + +#: modules/pam_selinux/pam_selinux.c:203 +msgid "Not a valid security context" +msgstr "Nem érvényes biztonsági kontextus" + +#: modules/pam_selinux/pam_selinux.c:417 +#, c-format +msgid "Security Context %s Assigned" +msgstr "%s biztonsági kontextus hozzárendelve" + +#: modules/pam_exec/pam_exec.c:118 +#, c-format +msgid "%s failed: exit code %d" +msgstr "%s hiba: kimeneti érték %d" + +#: modules/pam_exec/pam_exec.c:126 +#, c-format +msgid "%s failed: caught signal %d%s" +msgstr "%s hiba: kimeneti signal %d%s" + +#: modules/pam_exec/pam_exec.c:134 +#, c-format +msgid "%s failed: unknown status 0x%x" +msgstr "%s hiba: ismeretlen állapot 0x%x" + +#: modules/pam_mail/pam_mail.c:313 +msgid "No mail." +msgstr "Nincs levél." + +#: modules/pam_mail/pam_mail.c:316 +msgid "You have new mail." +msgstr "Új levele érkezett." + +#: modules/pam_mail/pam_mail.c:319 +msgid "You have old mail." +msgstr "Régebbi levelei vannak." + +#: modules/pam_mail/pam_mail.c:323 +msgid "You have mail." +msgstr "Önnek levele van." + +#: modules/pam_mail/pam_mail.c:330 +#, c-format +msgid "You have no mail in folder %s." +msgstr "%s könyvtárban nincs levél." + +#: modules/pam_mail/pam_mail.c:334 +#, c-format +msgid "You have new mail in folder %s." +msgstr "%s könyvtárban új levél van." + +#: modules/pam_mail/pam_mail.c:338 +#, c-format +msgid "You have old mail in folder %s." +msgstr "%s könyvtárban régi levél van." + +#: modules/pam_mail/pam_mail.c:343 +#, c-format +msgid "You have mail in folder %s." +msgstr "%s könyvtárban levelek vannak." + +#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301 +msgid "Your account has expired; please contact your system administrator" +msgstr "A fiók érvényessége lejárt; keresse meg a rendszergazdát" + +#: modules/pam_unix/pam_unix_acct.c:283 +msgid "You are required to change your password immediately (root enforced)" +msgstr "Azonnal meg kell változtatnia a jelszavát (a root írta elő)" + +#: modules/pam_unix/pam_unix_acct.c:310 +msgid "You are required to change your password immediately (password aged)" +msgstr "Azonnal meg kell változtatnia a jelszavát (a jelszó elévült)" + +#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330 +#, c-format +msgid "Warning: your password will expire in %d day" +msgid_plural "Warning: your password will expire in %d days" +msgstr[0] "Figyelmeztetés: a jelszava lejár %d nap múlva" + +#. TRANSLATORS: only used if dngettext is not support +#. ed +#: modules/pam_unix/pam_unix_acct.c:336 +#, c-format +msgid "Warning: your password will expire in %d days" +msgstr "Figyelmeztetés: a jelszava lejár %d nap múlva" + +#: modules/pam_unix/pam_unix_auth.c:160 modules/pam_userdb/pam_userdb.c:61 +msgid "Password: " +msgstr "Jelszó: " + +#: modules/pam_unix/pam_unix_passwd.c:819 +msgid "NIS password could not be changed." +msgstr "A NIS-jelszó nem módosítható." + +#: modules/pam_unix/pam_unix_passwd.c:975 +#: modules/pam_cracklib/pam_cracklib.c:464 +msgid "No password supplied" +msgstr "Nem lett megadva jelszó" + +#: modules/pam_unix/pam_unix_passwd.c:975 +#: modules/pam_cracklib/pam_cracklib.c:464 +msgid "Password unchanged" +msgstr "A jelszó nem változott" + +#: modules/pam_unix/pam_unix_passwd.c:996 +msgid "You must choose a longer password" +msgstr "Hosszabb jelszót kell választania" + +#: modules/pam_unix/pam_unix_passwd.c:1001 +msgid "Password has been already used. Choose another." +msgstr "A jelszót már használta. Válasszon egy másikat." + +#: modules/pam_unix/pam_unix_passwd.c:1125 +msgid "(current) UNIX password: " +msgstr "A (jelenlegi) UNIX jelszó: " + +#: modules/pam_unix/pam_unix_passwd.c:1160 +msgid "You must wait longer to change your password" +msgstr "Tovább kell várnia a jelszó módosítására" + +#: modules/pam_unix/pam_unix_passwd.c:1220 +msgid "Enter new UNIX password: " +msgstr "Adja meg az új UNIX jelszót: " + +#: modules/pam_unix/pam_unix_passwd.c:1221 +msgid "Retype new UNIX password: " +msgstr "Írja be újra a UNIX jelszót: " + +#: modules/pam_stress/pam_stress.c:477 +msgid "Changing STRESS password for " +msgstr "STRESS jelszó megváltoztatása - " + +#: modules/pam_stress/pam_stress.c:491 +msgid "Enter new STRESS password: " +msgstr "Új STRESS jelszó: " + +#: modules/pam_stress/pam_stress.c:494 +msgid "Retype new STRESS password: " +msgstr "Írja be mégegyszer az új STRESS jelszót: " + +#: modules/pam_stress/pam_stress.c:523 +msgid "Verification mis-typed; password unchanged" +msgstr "Az ellenőrző jelszó nem egyezik; a jelszó nem került módosításra" + +#: modules/pam_cracklib/pam_cracklib.c:60 +#, c-format +msgid "New %s%spassword: " +msgstr "Az új %s%sjelszó: " + +#: modules/pam_cracklib/pam_cracklib.c:62 +#, c-format +msgid "Retype new %s%spassword: " +msgstr "Írja be újra az új %s%sjelszót: " + +#: modules/pam_cracklib/pam_cracklib.c:63 +msgid "Sorry, passwords do not match." +msgstr "Sajnálom, de a jelszavak nem egyeznek." + +#: modules/pam_cracklib/pam_cracklib.c:378 +msgid "is the same as the old one" +msgstr "ugyanaz, mint a régi" + +#: modules/pam_cracklib/pam_cracklib.c:389 +msgid "is a palindrome" +msgstr "A jelszó egy palindrom" + +#: modules/pam_cracklib/pam_cracklib.c:392 +msgid "case changes only" +msgstr "A jelszó csak a kis/nagybetűkben változott" + +#: modules/pam_cracklib/pam_cracklib.c:395 +msgid "is too similar to the old one" +msgstr "A jelszó túl hasonló a régihez" + +#: modules/pam_cracklib/pam_cracklib.c:398 +msgid "is too simple" +msgstr "A jelszó túl egyszerű" + +#: modules/pam_cracklib/pam_cracklib.c:401 +msgid "is rotated" +msgstr "A jelszó át lett forgatva" + +#: modules/pam_cracklib/pam_cracklib.c:436 +msgid "has been already used" +msgstr "A jelszót már használta. Válasszon egy másikat." + +#: modules/pam_cracklib/pam_cracklib.c:487 +#: modules/pam_cracklib/pam_cracklib.c:615 +#, c-format +msgid "BAD PASSWORD: %s" +msgstr "ROSSZ JELSZÓ: %s" + +#: libpam/pam_item.c:271 +msgid "login:" +msgstr "belépés:" + +#: libpam/pam_strerror.c:40 +msgid "Success" +msgstr "Sikerült" + +#: libpam/pam_strerror.c:42 +msgid "Critical error - immediate abort" +msgstr "Kritikus hiba - azonnali leállás" + +#: libpam/pam_strerror.c:44 +msgid "Failed to load module" +msgstr "A modul betöltése sikertelen" + +#: libpam/pam_strerror.c:46 +msgid "Symbol not found" +msgstr "A szimbólum nem található" + +#: libpam/pam_strerror.c:48 +msgid "Error in service module" +msgstr "Hiba a szervizmodulban" + +#: libpam/pam_strerror.c:50 +msgid "System error" +msgstr "Rendszerhiba" + +#: libpam/pam_strerror.c:52 +msgid "Memory buffer error" +msgstr "Memóriapuffer-hiba" + +#: libpam/pam_strerror.c:54 +msgid "Permission denied" +msgstr "Engedély megtagadva" + +#: libpam/pam_strerror.c:56 +msgid "Authentication failure" +msgstr "Hitelesítési hiba" + +#: libpam/pam_strerror.c:58 +msgid "Insufficient credentials to access authentication data" +msgstr "Nem elegendő azonosítási adat a hitelesítési adatok eléréséhez" + +#: libpam/pam_strerror.c:60 +msgid "Authentication service cannot retrieve authentication info" +msgstr "A hitelesítési szolgáltatás nem tudja lekérni a hitelesítési adatokat" + +#: libpam/pam_strerror.c:62 +msgid "User not known to the underlying authentication module" +msgstr "Az alsóbb szintű hitelesítési modul nem ismeri a felhasználót" + +#: libpam/pam_strerror.c:64 +msgid "Have exhausted maximum number of retries for service" +msgstr "" +"Elérte a szolgáltatás által engedélyezett újrapróbálkozások maximális számát" + +#: libpam/pam_strerror.c:66 +msgid "Authentication token is no longer valid; new one required" +msgstr "A hitelesítési token már nem érvényes; újra van szükség" + +#: libpam/pam_strerror.c:68 +msgid "User account has expired" +msgstr "A felhasználói fiók lejárt" + +#: libpam/pam_strerror.c:70 +msgid "Cannot make/remove an entry for the specified session" +msgstr "Nem készíthető/törölhető bejegyzés az adott munkamenethez" + +#: libpam/pam_strerror.c:72 +msgid "Authentication service cannot retrieve user credentials" +msgstr "" +"A hitelesítési szolgáltatás nem tudja lekérni a felhasználó hitelesítési " +"adatait" + +#: libpam/pam_strerror.c:74 +msgid "User credentials expired" +msgstr "A felhasználó hitelesítési adatai lejártak" + +#: libpam/pam_strerror.c:76 +msgid "Failure setting user credentials" +msgstr "Hiba a felhasználó hitelesítési adatainak beállítása közben" + +#: libpam/pam_strerror.c:78 +msgid "No module specific data is present" +msgstr "Nem található modulspecifikus adat" + +#: libpam/pam_strerror.c:80 +msgid "Bad item passed to pam_*_item()" +msgstr "Rossz elem lett átadva a pam_*_item() számára" + +#: libpam/pam_strerror.c:82 +msgid "Conversation error" +msgstr "Beszélgetési hiba" + +#: libpam/pam_strerror.c:84 +msgid "Authentication token manipulation error" +msgstr "Hitelesítésitoken-kezelési hiba" + +#: libpam/pam_strerror.c:86 +msgid "Authentication information cannot be recovered" +msgstr "A hitelesítési adatok nem állíthatók helyre" + +#: libpam/pam_strerror.c:88 +msgid "Authentication token lock busy" +msgstr "Hitelesítési token zár foglalt" + +#: libpam/pam_strerror.c:90 +msgid "Authentication token aging disabled" +msgstr "Hitelesítési token lejárat kikapcsolva" + +#: libpam/pam_strerror.c:92 +msgid "Failed preliminary check by password service" +msgstr "A jelszószolgáltatás előzetes ellenőrzésén megbukott" + +#: libpam/pam_strerror.c:94 +msgid "The return value should be ignored by PAM dispatch" +msgstr "A PAM elosztónak a visszatérési értéket figyelmen kívül kell hagynia" + +#: libpam/pam_strerror.c:96 +msgid "Module is unknown" +msgstr "A modul ismeretlen" + +#: libpam/pam_strerror.c:98 +msgid "Authentication token expired" +msgstr "A hitelesítési token lejárt" + +#: libpam/pam_strerror.c:100 +msgid "Conversation is waiting for event" +msgstr "A beszélgetés egy eseményre várakozik" + +#: libpam/pam_strerror.c:102 +msgid "Application needs to call libpam again" +msgstr "Az alkalmazásnak újra meg kell hívnia a libpam modult" + +#: libpam/pam_strerror.c:105 +msgid "Unknown PAM error" +msgstr "Ismeretlen PAM-hiba" + +#: libpam_misc/misc_conv.c:33 +msgid "...Time is running out...\n" +msgstr "...Kifut az időből...\n" + +#: libpam_misc/misc_conv.c:34 +msgid "...Sorry, your time is up!\n" +msgstr "...Elnézést, de az idő lejárt!\n" + +#: libpam_misc/misc_conv.c:343 +#, c-format +msgid "erroneous conversation (%d)\n" +msgstr "hibás beszélgetés (%d)\n" diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..7132366 --- /dev/null +++ b/pam.changes @@ -0,0 +1,875 @@ +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..6b9a273 --- /dev/null +++ b/pam.spec @@ -0,0 +1,637 @@ +# +# spec file for package pam (Version 0.99.6.3) +# +# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: pam +URL: http://www.kernel.org/pub/linux/libs/pam/ +BuildRequires: cracklib-devel db-devel libxcrypt-devel +%if %{suse_version} > 1000 +BuildRequires: audit-devel +%endif +%define libpam_so_version 0.81.5 +%define libpam_misc_so_version 0.81.2 +%define libpamc_so_version 0.81.0 +License: Beerware, Cardware, Shareware (not restricted), BSD License and BSD-like +Group: System/Libraries +Autoreqprov: on +Version: 0.99.6.3 +Release: 16 +Summary: A security tool that provides authentication for applications +Obsoletes: pam-laus +Source: Linux-PAM-%{version}.tar.bz2 +Source1: Linux-PAM-%{version}-docs.tar.bz2 +Source2: securetty +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source8: etc.environment +Source30: hu.po +Patch: pam_unix-crypt.diff +Patch1: pam_namespace.diff +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + + + +%package devel +Summary: Include Files and Libraries for PAM-Development +Group: Development/Libraries/C and C++ +Requires: pam = %{version} glibc-devel +Autoreqprov: on + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + + + +%prep +%setup -q -n Linux-PAM-%{version} -b 1 +%patch +%patch1 +cp -av %SOURCE30 po + +%build +CFLAGS="$RPM_OPT_FLAGS" \ +./configure \ + --infodir=%{_infodir} \ + --mandir=%{_mandir} \ + --libdir=/%{_lib} \ + --enable-isadir=../../%{_lib}/security \ + --enable-docdir=%{_docdir}/pam \ + --enable-securedir=/%{_lib}/security +make +make check + +%install +install -d -m 755 $RPM_BUILD_ROOT/etc/pam.d +mkdir -p $RPM_BUILD_ROOT/usr/include/security +mkdir -p $RPM_BUILD_ROOT/%{_lib}/security +mkdir -p $RPM_BUILD_ROOT/sbin +install -d -m 755 $RPM_BUILD_ROOT%{_libdir} +make DESTDIR=$RPM_BUILD_ROOT install +/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib} +# Install documentation +make -C doc install DESTDIR=$RPM_BUILD_ROOT +# install /etc/environment +install -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/environment +# install securetty +install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc +%ifarch s390 s390x +echo "ttyS0" >> $RPM_BUILD_ROOT/etc/securetty +echo "ttyS1" >> $RPM_BUILD_ROOT/etc/securetty +%endif +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other +install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/common-auth +install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/common-account +install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/common-password +install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/common-session +rm $RPM_BUILD_ROOT/%{_lib}/libpam.so +ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam.so +rm $RPM_BUILD_ROOT/%{_lib}/libpamc.so +ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpamc.so +rm $RPM_BUILD_ROOT/%{_lib}/libpam_misc.so +ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so +# +# Remove crap +# +rm -rf $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT/%{_lib}/security/*.la +for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do + ln -f $RPM_BUILD_ROOT/%{_lib}/security/pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/$x.so +done +# +# Install READMEs of PAM modules +# +DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam +mkdir -p $DOC/modules +( + cd modules; + for i in pam_*/README ; do + cp -fpv ${i} $DOC/modules/README.`dirname ${i}` + done +) +# +# Install misc docu and md5.config +# +install -m 644 CHANGELOG Copyright README $DOC +# SELinux is not part of SL: +rm $DOC/modules/README.pam_selinux +# Not for CODE10 and older +%if %{suse_version} <= 1010 +rm $DOC/modules/README.pam_keyinit +rm $DOC/modules/README.pam_namespace +rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_keyinit* +rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_keyinit.so +%endif +# Create filelist with translatins +%{find_lang} Linux-PAM + +%clean +rm -rf $RPM_BUILD_ROOT + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files -f Linux-PAM.lang +%defattr(-,root,root) +%doc %{_defaultdocdir}/pam +%dir %{_sysconfdir}/pam.d +%dir %{_sysconfdir}/security +%config(noreplace) %{_sysconfdir}/pam.d/other +%config(noreplace) %{_sysconfdir}/pam.d/common-* +%config(noreplace) %{_sysconfdir}/securetty +%config(noreplace) %{_sysconfdir}/environment +%config(noreplace) %{_sysconfdir}/security/access.conf +%config(noreplace) %{_sysconfdir}/security/group.conf +%config(noreplace) %{_sysconfdir}/security/limits.conf +%config(noreplace) %{_sysconfdir}/security/pam_env.conf +%config(noreplace) %{_sysconfdir}/security/time.conf +%if %{suse_version} > 1010 +%config(noreplace) %{_sysconfdir}/security/namespace.conf +%config(noreplace) %{_sysconfdir}/security/namespace.init +%endif +%doc %{_mandir}/man5/*.conf.5* +%doc %{_mandir}/man5/pam.d.5* +%doc %{_mandir}/man8/* +/%{_lib}/libpam.so.0 +/%{_lib}/libpam.so.%{libpam_so_version} +/%{_lib}/libpamc.so.0 +/%{_lib}/libpamc.so.%{libpamc_so_version} +/%{_lib}/libpam_misc.so.0 +/%{_lib}/libpam_misc.so.%{libpam_misc_so_version} +%dir /%{_lib}/security +/%{_lib}/security/pam_access.so +/%{_lib}/security/pam_cracklib.so +/%{_lib}/security/pam_debug.so +/%{_lib}/security/pam_deny.so +/%{_lib}/security/pam_echo.so +/%{_lib}/security/pam_env.so +/%{_lib}/security/pam_exec.so +/%{_lib}/security/pam_filter.so +%dir /%{_lib}/security/pam_filter +/%{_lib}/security//pam_filter/upperLOWER +/%{_lib}/security/pam_ftp.so +/%{_lib}/security/pam_group.so +/%{_lib}/security/pam_issue.so +%if %{suse_version} > 1010 +/%{_lib}/security/pam_keyinit.so +%endif +/%{_lib}/security/pam_lastlog.so +/%{_lib}/security/pam_limits.so +/%{_lib}/security/pam_listfile.so +/%{_lib}/security/pam_localuser.so +/%{_lib}/security/pam_loginuid.so +/%{_lib}/security/pam_mail.so +/%{_lib}/security/pam_mkhomedir.so +/%{_lib}/security/pam_motd.so +%if %{suse_version} > 1010 +/%{_lib}/security/pam_namespace.so +%endif +/%{_lib}/security/pam_nologin.so +/%{_lib}/security/pam_permit.so +/%{_lib}/security/pam_rhosts.so +/%{_lib}/security/pam_rhosts_auth.so +/%{_lib}/security/pam_rootok.so +/%{_lib}/security/pam_securetty.so +/%{_lib}/security/pam_shells.so +/%{_lib}/security/pam_stress.so +/%{_lib}/security/pam_succeed_if.so +/%{_lib}/security/pam_tally.so +/%{_lib}/security/pam_time.so +/%{_lib}/security/pam_umask.so +/%{_lib}/security/pam_unix.so +/%{_lib}/security/pam_unix_acct.so +/%{_lib}/security/pam_unix_auth.so +/%{_lib}/security/pam_unix_passwd.so +/%{_lib}/security/pam_unix_session.so +/%{_lib}/security/pam_userdb.so +/%{_lib}/security/pam_warn.so +/%{_lib}/security/pam_wheel.so +/%{_lib}/security/pam_xauth.so +/sbin/pam_tally +%attr (2755,root,shadow)/sbin/unix_chkpwd + +%files devel +%defattr(644,root,root,755) +%dir /usr/include/security +%doc %{_mandir}/man3/pam* +%doc %{_mandir}/man3/misc_conv.3* +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so + +%changelog -n pam +* Tue Oct 24 2006 - kukuk@suse.de +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt +* Sat Oct 07 2006 - kukuk@suse.de +- Update hungarian translation [#210091] +* Tue Sep 19 2006 - kukuk@suse.de +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) +* Thu Sep 14 2006 - kukuk@suse.de +- Add pam_umask.so to common-session [Fate#3621] +* Wed Sep 06 2006 - kukuk@suse.de +- Update to Linux-PAM 0.99.6.3 (merges all patches) +* Wed Aug 30 2006 - kukuk@suse.de +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] +* Wed Aug 23 2006 - kukuk@suse.de +- Fix seg.fault in pam_cracklib if retyped password is empty +* Tue Aug 22 2006 - kukuk@suse.de +- Remove use_first_pass from pam_unix2.so in password section +* Fri Aug 11 2006 - kukuk@suse.de +- Update to Linux-PAM 0.99.6.1 (big documentation update) +* Fri Jul 28 2006 - kukuk@suse.de +- Add missing namespace.init script +* Thu Jul 27 2006 - kukuk@suse.de +- Reenable audit subsystem [Fate#300486] +* Wed Jun 28 2006 - kukuk@suse.de +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) +* Mon Jun 12 2006 - kukuk@suse.de +- Update to current CVS (lot of new manual pages and docu) +* Tue May 30 2006 - kukuk@suse.de +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) +* Wed May 24 2006 - kukuk@suse.de +- Fix problems found by Coverity +* Wed May 17 2006 - schwab@suse.de +- Don't strip binaries. +* Fri May 05 2006 - kukuk@suse.de +- Fix pam_tally LFS support [#172492] +* Fri Apr 21 2006 - kukuk@suse.de +- Update fr.po and pl.po +* Tue Apr 11 2006 - kukuk@suse.de +- Update km.po +* Tue Apr 04 2006 - kukuk@suse.de +- Remove obsolete pam-laus from the system +* Mon Mar 27 2006 - kukuk@suse.de +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk +* Tue Mar 21 2006 - kukuk@suse.de +- Update hu.po +* Tue Mar 21 2006 - kukuk@suse.de +- Add translation for tr +* Mon Mar 13 2006 - kukuk@suse.de +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu +* Thu Mar 02 2006 - kukuk@suse.de +- Update km translation +* Thu Feb 23 2006 - kukuk@suse.de +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] +* Sun Feb 19 2006 - kukuk@suse.de +- Update more manual pages +* Sat Feb 18 2006 - ro@suse.de +- really disable audit if header file not present +* Tue Feb 14 2006 - kukuk@suse.de +- Update fi.po +- Add km.po +- Update pl.po +* Mon Feb 13 2006 - kukuk@suse.de +- Update with better manual pages +* Thu Feb 09 2006 - kukuk@suse.de +- Add translation for nl, update pt translation +* Fri Jan 27 2006 - kukuk@suse.de +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Fri Jan 13 2006 - kukuk@suse.de +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) +* Mon Jan 09 2006 - kukuk@suse.de +- Fix NULL handling for LSB-pam test suite [#141240] +* Sun Jan 08 2006 - kukuk@suse.de +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR +* Fri Jan 06 2006 - kukuk@suse.de +- NULL is allowed as thirs argument for pam_get_item [#141240] +* Wed Dec 21 2005 - kukuk@suse.de +- Add fixes from CVS +* Thu Dec 15 2005 - kukuk@suse.de +- Fix pam_lastlog: don't report error on first login +* Tue Dec 13 2005 - kukuk@suse.de +- Update to 0.99.2.1 +* Fri Dec 09 2005 - kukuk@suse.de +- Add /etc/environment to avoid warnings in syslog +* Mon Dec 05 2005 - kukuk@suse.de +- disable SELinux +* Wed Nov 23 2005 - kukuk@suse.de +- Update getlogin() fix to final one +* Mon Nov 21 2005 - kukuk@suse.de +- Fix PAM getlogin() implementation +* Mon Nov 21 2005 - kukuk@suse.de +- Update to official 0.99.2.0 release +* Tue Nov 08 2005 - kukuk@suse.de +- Update to new snapshot +* Mon Oct 10 2005 - kukuk@suse.de +- Enable original pam_wheel module +* Tue Sep 27 2005 - kukuk@suse.de +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing +* Mon Sep 19 2005 - kukuk@suse.de +- Update to current CVS +- Fix compiling of pammodutil with -fPIC +* Sun Sep 18 2005 - kukuk@suse.de +- Update to current CVS +* Tue Aug 23 2005 - kukuk@suse.de +- Update to new snapshot (Major version is back to 0) +* Fri Aug 19 2005 - kukuk@suse.de +- Update to Linux-PAM 0.99.0.3 snapshot +* Mon Jul 11 2005 - kukuk@suse.de +- Add pam_umask +* Mon Jul 04 2005 - kukuk@suse.de +- Update to current CVS snapshot +* Thu Jun 23 2005 - kukuk@suse.de +- Update to current CVS snapshot +- Add pam_loginuid +* Thu Jun 09 2005 - kukuk@suse.de +- Update to current CVS snapshot +* Mon Jun 06 2005 - kukuk@suse.de +- Don't reset priority [#81690] +- Fix creating of symlinks +* Fri May 20 2005 - kukuk@suse.de +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) +* Thu May 12 2005 - schubi@suse.de +- Bug 82687 - pam_client.h redefines __u8 and __u32 +* Fri Apr 29 2005 - kukuk@suse.de +- Apply lot of fixes from CVS (including SELinux support) +* Fri Apr 01 2005 - kukuk@suse.de +- Update to final 0.79 release +* Mon Mar 14 2005 - kukuk@suse.de +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] +* Mon Jan 24 2005 - kukuk@suse.de +- Compile with large file support +* Mon Jan 24 2005 - schubi@suse.de +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff +* Wed Jan 05 2005 - kukuk@suse.de +- Fix seg.fault, if a PAM config line is incomplete +* Thu Nov 18 2004 - kukuk@suse.de +- Update to final 0.78 +* Mon Nov 08 2004 - kukuk@suse.de +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session +* Wed Oct 13 2004 - kukuk@suse.de +- Update to 0.78-Beta1 +* Wed Sep 22 2004 - kukuk@suse.de +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release +* Mon Aug 23 2004 - kukuk@suse.de +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default +* Thu Aug 19 2004 - kukuk@suse.de +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package +* Wed Aug 18 2004 - kukuk@suse.de +- Disable "code cleanup" patch (no more comments about security + fixes) +* Fri Aug 13 2004 - kukuk@suse.de +- Apply big "code cleanup" patch [Bug #39673] +* Fri Mar 12 2004 - kukuk@suse.de +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] +* Sun Jan 18 2004 - meissner@suse.de +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. +* Thu Jan 15 2004 - kukuk@suse.de +- Cleanup neededforbuild +* Fri Dec 05 2003 - kukuk@suse.de +- Add manual pages from SLES8 +* Fri Nov 28 2003 - kukuk@suse.de +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) +* Thu Nov 27 2003 - kukuk@suse.de +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user +* Fri Nov 21 2003 - kukuk@suse.de +- Compile with noexecstack +* Thu Nov 06 2003 - kukuk@suse.de +- Fix pam_securetty CVS patch +* Wed Oct 29 2003 - kukuk@suse.de +- Sync with current CVS version +* Thu Oct 02 2003 - kukuk@suse.de +- Add patch to implement "include" statement in pamd files +* Wed Sep 10 2003 - uli@suse.de +- added ttyS1 (VT220) to securetty on s390* (bug #29239) +* Mon Jul 28 2003 - kukuk@suse.de +- Apply lot of fixes for various problems +* Tue Jun 10 2003 - kukuk@suse.de +- Fix getlogin handling in pam_wheel.so +* Tue May 27 2003 - ro@suse.de +- added cracklib-devel to neededforbuild +* Thu Feb 13 2003 - kukuk@suse.de +- Update pam_localuser and pam_xauth. +* Wed Nov 13 2002 - kukuk@suse.de +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) +* Mon Nov 11 2002 - ro@suse.de +- changed neededforbuild to +* Sat Sep 14 2002 - ro@suse.de +- changed securetty / use extra file +* Fri Sep 13 2002 - bk@suse.de +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty +* Tue Aug 27 2002 - kukuk@suse.de +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. +* Sat Aug 24 2002 - kukuk@suse.de +- Don't build ps and pdf documentation +* Fri Aug 09 2002 - kukuk@suse.de +- pam-devel requires pam [Bug #17543] +* Wed Jul 17 2002 - kukuk@suse.de +- Remove explicit requires +* Wed Jul 10 2002 - kukuk@suse.de +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format +* Thu Jul 04 2002 - kukuk@suse.de +- Fix build on different partitions +* Tue Apr 16 2002 - mmj@suse.de +- Fix to not own /usr/shar/man/man3 +* Wed Mar 13 2002 - kukuk@suse.de +- Add /usr/include/security to pam-devel filelist +* Mon Feb 11 2002 - ro@suse.de +- tar option for bz2 is "j" +* Fri Jan 25 2002 - kukuk@suse.de +- Fix last pam_securetty patch +* Thu Jan 24 2002 - kukuk@suse.de +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb +* Sun Jan 20 2002 - kukuk@suse.de +- libpam_misc: Don't handle Ctrl-D as error. +* Wed Jan 16 2002 - kukuk@suse.de +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib +* Mon Nov 12 2001 - kukuk@suse.de +- Remove pam_unix.so (is part of pam-modules) +* Fri Nov 09 2001 - kukuk@suse.de +- Move extra PAM modules to separate package +- Require pam-modules package +* Fri Aug 24 2001 - kukuk@suse.de +- Move susehelp config file to susehelp package +* Mon Aug 13 2001 - ro@suse.de +- changed neededforbuild to +* Tue Aug 07 2001 - kukuk@suse.de +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] +* Wed Jul 11 2001 - kukuk@suse.de +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired +* Sat May 05 2001 - kukuk@suse.de +- Cleanup Patches, make tar archive from extra pam modules +* Fri May 04 2001 - kukuk@suse.de +- Use LOG_NOTICE for trace option [Bug #7673] +* Thu Apr 12 2001 - kukuk@suse.de +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu +* Tue Apr 10 2001 - kukuk@suse.de +- Linux-PAM: Update to version 0.75 +* Tue Apr 03 2001 - kukuk@suse.de +- Linux-PAM: link libpam_misc against libpam [Bug #6890] +* Thu Mar 08 2001 - kukuk@suse.de +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile +* Tue Mar 06 2001 - kukuk@suse.de +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage +* Tue Feb 13 2001 - kukuk@suse.de +- pam_unix2: Create temp files with permission 0600 +* Tue Feb 06 2001 - ro@suse.de +- pam_issue.c: include time.h to make it compile +* Fri Jan 05 2001 - kukuk@suse.de +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] +* Thu Jan 04 2001 - kukuk@suse.de +- Adjust docu for pam_limits +* Sun Dec 17 2000 - kukuk@suse.de +- Adjust docu for pam_pwcheck +* Thu Dec 07 2000 - kukuk@suse.de +- Add fix for pam_limits from 0.73 +* Thu Oct 26 2000 - kukuk@suse.de +- Add db-devel to need for build +* Fri Oct 20 2000 - kukuk@suse.de +- Don't link PAM modules against old libpam library +* Wed Oct 18 2000 - kukuk@suse.de +- Create new "devel" subpackage +* Thu Oct 12 2000 - kukuk@suse.de +- Add SuSEconfig.pam +* Tue Oct 03 2000 - kukuk@suse.de +- Fix problems with new gcc and glibc 2.2 header files +* Wed Sep 13 2000 - kukuk@suse.de +- Fix problem with passwords longer then PASS_MAX_LEN +* Wed Sep 06 2000 - kukuk@suse.de +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file +* Fri Jun 23 2000 - kukuk@suse.de +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu +* Mon May 15 2000 - kukuk@suse.de +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck +* Tue Apr 25 2000 - kukuk@suse.de +- Add pam_homecheck Module +* Tue Apr 25 2000 - kukuk@suse.de +- Add devfs devices to /etc/securetty +* Wed Mar 01 2000 - kukuk@suse.de +- Fix handling of changing passwords to empty one +* Tue Feb 22 2000 - kukuk@suse.de +- Set correct attr for unix_chkpwd and pwdb_chkpwd +* Tue Feb 15 2000 - kukuk@suse.de +- Update pam_pwcheck +- Update pam_unix2 +* Mon Feb 07 2000 - kukuk@suse.de +- pwdb: Update to 0.61 +* Thu Jan 27 2000 - kukuk@suse.de +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 +* Thu Jan 13 2000 - kukuk@suse.de +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 +* Wed Oct 13 1999 - kukuk@suse.de +- pam_pwdb: Add security fixes from RedHat +* Mon Oct 11 1999 - kukuk@suse.de +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs +* Fri Oct 08 1999 - kukuk@suse.de +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) +* Mon Sep 13 1999 - bs@suse.de +- ran old prepare_spec on spec file to switch to new prepare_spec. +* Sat Sep 11 1999 - kukuk@suse.de +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information +* Mon Aug 30 1999 - kukuk@suse.de +- pam_unix2: Fix typo +* Thu Aug 19 1999 - kukuk@suse.de +- Linux-PAM: Update to version 0.69 +* Fri Jul 16 1999 - kukuk@suse.de +- pam_unix2: Root is allowed to use the old password again. +* Tue Jul 13 1999 - kukuk@suse.de +- pam_unix2: Allow root to set an empty password. +* Sat Jul 10 1999 - kukuk@suse.de +- Add HP-UX password aging to pam_unix2. +* Wed Jul 07 1999 - kukuk@suse.de +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights +* Tue Jul 06 1999 - kukuk@suse.de +- Update to Linux-PAM 0.68 +* Wed Jun 30 1999 - kukuk@suse.de +- pam_unix2: more bug fixes +* Tue Jun 29 1999 - kukuk@suse.de +- pam_unix2: Fix "inactive" password +* Mon Jun 28 1999 - kukuk@suse.de +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku +* Thu Jun 24 1999 - kukuk@suse.de +- Add securetty config file +- Fix Debian pam_env patch +* Mon Jun 21 1999 - kukuk@suse.de +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch +* Thu Jun 17 1999 - kukuk@suse.de +- pam_ftp malloc (core dump) fix +* Tue Jun 15 1999 - kukuk@suse.de +- pam_unix2 fixes +* Mon Jun 07 1999 - kukuk@suse.de +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam_namespace.diff b/pam_namespace.diff new file mode 100644 index 0000000..4708e01 --- /dev/null +++ b/pam_namespace.diff @@ -0,0 +1,20 @@ +--- modules/pam_namespace/pam_namespace.c 30 Aug 2006 08:42:38 -0000 1.3 ++++ modules/pam_namespace/pam_namespace.c 24 Oct 2006 12:21:45 -0000 +@@ -1206,7 +1206,7 @@ + * Add the user info to the instance data so we can refer to them later. + */ + idata.user[0] = 0; +- strncat(idata.user, user_name, sizeof(idata.user)); ++ strncat(idata.user, user_name, sizeof(idata.user) - 1); + idata.uid = pwd->pw_uid; + + /* +@@ -1290,7 +1290,7 @@ + * Add the user info to the instance data so we can refer to them later. + */ + idata.user[0] = 0; +- strncat(idata.user, user_name, sizeof(idata.user)); ++ strncat(idata.user, user_name, sizeof(idata.user) - 1); + idata.uid = pwd->pw_uid; + + /* diff --git a/pam_unix-crypt.diff b/pam_unix-crypt.diff new file mode 100644 index 0000000..3d5ade0 --- /dev/null +++ b/pam_unix-crypt.diff @@ -0,0 +1,63 @@ +Index: modules/pam_unix/support.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/support.c,v +retrieving revision 1.40 +diff -u -r1.40 support.c +--- modules/pam_unix/support.c 27 Jun 2006 08:38:14 -0000 1.40 ++++ modules/pam_unix/support.c 24 Oct 2006 10:14:15 -0000 +@@ -689,7 +689,7 @@ + D(("user has empty password - access denied")); + retval = PAM_AUTH_ERR; + } +- } else if (!p || (*salt == '*') || (salt_len < 13)) { ++ } else if (!p || (*salt == '*')) { + retval = PAM_AUTH_ERR; + } else { + if (!strncmp(salt, "$1$", 3)) { +@@ -698,6 +698,12 @@ + _pam_delete(pp); + pp = Brokencrypt_md5(p, salt); + } ++ } else if (*salt == '$') { ++ /* ++ * Ok, we don't know the crypt algorithm, but maybe ++ * libcrypt nows about it? We should try it. ++ */ ++ pp = x_strdup (crypt(p, salt)); + } else { + pp = bigcrypt(p, salt); + } +Index: modules/pam_unix/unix_chkpwd.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/unix_chkpwd.c,v +retrieving revision 1.17 +diff -u -r1.17 unix_chkpwd.c +--- modules/pam_unix/unix_chkpwd.c 14 Jun 2006 15:28:44 -0000 1.17 ++++ modules/pam_unix/unix_chkpwd.c 24 Oct 2006 10:14:15 -0000 +@@ -40,9 +40,7 @@ + #include + + #include "md5.h" +- +-extern char *crypt(const char *key, const char *salt); +-extern char *bigcrypt(const char *key, const char *salt); ++#include "bigcrypt.h" + + /* syslogging function for errors and other information */ + +@@ -205,6 +203,15 @@ + if (strcmp(pp, salt) == 0) + retval = PAM_SUCCESS; + } ++ } else if (*salt == '$') { ++ /* ++ * Ok, we don't know the crypt algorithm, but maybe ++ * libcrypt nows about it? We should try it. ++ */ ++ pp = x_strdup (crypt(p, salt)); ++ if (strcmp(pp, salt) == 0) { ++ retval = PAM_SUCCESS; ++ } + } else if ((*salt == '*') || (salt_len < 13)) { + retval = PAM_AUTH_ERR; + } else { diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/securetty b/securetty new file mode 100644 index 0000000..a2f8307 --- /dev/null +++ b/securetty @@ -0,0 +1,17 @@ +# +# This file contains the device names of tty lines (one per line, +# without leading /dev/) on which root is allowed to login. +# +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +# for devfs: +vc/1 +vc/2 +vc/3 +vc/4 +vc/5 +vc/6 -- 2.51.1 From 84e532d1fe26ce8dfb415b946b38103159c893d40f19719513f718ad6ae7158c Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 18 Jan 2007 00:38:13 +0000 Subject: [PATCH 002/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=2 --- pam.changes | 5 +++++ pam.spec | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index 7132366..29b6eb9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + ------------------------------------------------------------------- Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 6b9a273..7f1a6cb 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam (Version 0.99.6.3) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -23,7 +23,7 @@ License: Beerware, Cardware, Shareware (not restricted), BSD License and Group: System/Libraries Autoreqprov: on Version: 0.99.6.3 -Release: 16 +Release: 29 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -229,7 +229,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so /sbin/pam_tally -%attr (2755,root,shadow)/sbin/unix_chkpwd +%attr (4755,root,shadow)/sbin/unix_chkpwd %files devel %defattr(644,root,root,755) @@ -242,6 +242,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog -n pam +* Wed Jan 17 2007 - lnussel@suse.de +- install unix_chkpwd setuid root instead of setgid shadow (#216816) * Tue Oct 24 2006 - kukuk@suse.de - pam_unix.so/unix_chkpwd: teach about blowfish [#213929] - pam_namespace.so: Fix two possible buffer overflow -- 2.51.1 From 7a4d18ac54f975419039eabe67f9b88845a2ab12dc48320c4258fd9d39e6629f Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 18 Jan 2007 15:42:07 +0000 Subject: [PATCH 003/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=3 --- Linux-PAM-0.99.6.3-docs.tar.bz2 | 3 - Linux-PAM-0.99.6.3.tar.bz2 | 3 - Linux-PAM-0.99.7.0-docs.tar.bz2 | 3 + Linux-PAM-0.99.7.0.tar.bz2 | 3 + hu.po | 478 -------------------------------- pam.changes | 10 + pam.spec | 26 +- pam_namespace.diff | 20 -- pam_unix-crypt.diff | 63 ----- 9 files changed, 31 insertions(+), 578 deletions(-) delete mode 100644 Linux-PAM-0.99.6.3-docs.tar.bz2 delete mode 100644 Linux-PAM-0.99.6.3.tar.bz2 create mode 100644 Linux-PAM-0.99.7.0-docs.tar.bz2 create mode 100644 Linux-PAM-0.99.7.0.tar.bz2 delete mode 100644 hu.po delete mode 100644 pam_namespace.diff delete mode 100644 pam_unix-crypt.diff diff --git a/Linux-PAM-0.99.6.3-docs.tar.bz2 b/Linux-PAM-0.99.6.3-docs.tar.bz2 deleted file mode 100644 index 67fbd08..0000000 --- a/Linux-PAM-0.99.6.3-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7a7df483cab8841d8260eb0dba9243dd33141bd347c102b96f4711df90bf7aaf -size 398609 diff --git a/Linux-PAM-0.99.6.3.tar.bz2 b/Linux-PAM-0.99.6.3.tar.bz2 deleted file mode 100644 index 53cce21..0000000 --- a/Linux-PAM-0.99.6.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5ab359864e7cb677c2d1e29d4ca9bc3d71a00912b7bd2a99741bc2e0bdf17e48 -size 863345 diff --git a/Linux-PAM-0.99.7.0-docs.tar.bz2 b/Linux-PAM-0.99.7.0-docs.tar.bz2 new file mode 100644 index 0000000..c1b6782 --- /dev/null +++ b/Linux-PAM-0.99.7.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:179b4f348dd9bdaf14d138199ebb934264dfbacdad7ac2becb2c4d73d65c3f70 +size 402659 diff --git a/Linux-PAM-0.99.7.0.tar.bz2 b/Linux-PAM-0.99.7.0.tar.bz2 new file mode 100644 index 0000000..da7d692 --- /dev/null +++ b/Linux-PAM-0.99.7.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:69058389cc33947583ab3e6da5f4cd543f55bff83b621efde7b35550c5b6d951 +size 873193 diff --git a/hu.po b/hu.po deleted file mode 100644 index c244a17..0000000 --- a/hu.po +++ /dev/null @@ -1,478 +0,0 @@ -# translation of Linux-pam.po to -# translation of hu.po to -# This file is distributed under the same license as the PACKAGE package. -# Copyright (C) YEAR Linux-PAM Project. -# Papp Zsolt , 2006. -# Keresztes Ákos , 2006. -# Kalman Kemenczy , 2006. -# -msgid "" -msgstr "" -"Project-Id-Version: Linux-pam\n" -"Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" -"POT-Creation-Date: 2006-08-31 16:32+0200\n" -"PO-Revision-Date: 2006-10-06 13:54+0200\n" -"Last-Translator: \n" -"Language-Team: \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"X-Generator: KBabel 1.11.4\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#: modules/pam_tally/pam_tally.c:741 -msgid "Authentication error" -msgstr "Hitelesítési hiba" - -#: modules/pam_tally/pam_tally.c:742 -msgid "Service error" -msgstr "Szolgáltatási hiba" - -#: modules/pam_tally/pam_tally.c:743 -msgid "Unknown user" -msgstr "Ismeretlen felhasználó" - -#: modules/pam_tally/pam_tally.c:744 -msgid "Unknown error" -msgstr "Ismeretlen hiba" - -#: modules/pam_tally/pam_tally.c:760 -#, c-format -msgid "%s: Bad number given to --reset=\n" -msgstr "%s: Rossz szám lett megadva: --reset=\n" - -#: modules/pam_tally/pam_tally.c:764 -#, c-format -msgid "%s: Unrecognised option %s\n" -msgstr "%s: Fel nem ismert paraméter (%s)\n" - -#: modules/pam_tally/pam_tally.c:776 -#, c-format -msgid "" -"%s: [--file rooted-filename] [--user username] [--reset[=n]] [--quiet]\n" -msgstr "" -"%s: [--file rooted-fájlnév] [--user felhasználónév] [--reset[=n]] [--quiet]\n" - -#: modules/pam_tally/pam_tally.c:850 -#, c-format -msgid "%s: Can't reset all users to non-zero\n" -msgstr "%s: Nem állítható vissza minden felhasználó nem nullára\n" - -#. TRANSLATORS: "strftime options for date of last login" -#: modules/pam_lastlog/pam_lastlog.c:190 -msgid " %a %b %e %H:%M:%S %Z %Y" -msgstr "%Y. %b %e, %a %H:%M:%S %Z " - -#. TRANSLATORS: " from " -#: modules/pam_lastlog/pam_lastlog.c:199 -#, c-format -msgid " from %.*s" -msgstr " innen: %.*s" - -#. TRANSLATORS: " on " -#: modules/pam_lastlog/pam_lastlog.c:211 -#, c-format -msgid " on %.*s" -msgstr " itt: %.*s" - -#. TRANSLATORS: "Last login: from on " -#: modules/pam_lastlog/pam_lastlog.c:220 -#, c-format -msgid "Last login:%s%s%s" -msgstr "Utolsó belépés:%s%s%s" - -#: modules/pam_lastlog/pam_lastlog.c:226 -msgid "Welcome to your new account!" -msgstr "Üdvözöljük az új fiókjában!" - -#: modules/pam_limits/pam_limits.c:647 -#, c-format -msgid "Too many logins for '%s'." -msgstr "Túl sok belépés '%s' részéről." - -#: modules/pam_selinux/pam_selinux_check.c:99 -#, c-format -msgid "failed to initialize PAM\n" -msgstr "PAM inicializálása sikertelen\n" - -#: modules/pam_selinux/pam_selinux_check.c:105 -#, c-format -msgid "failed to pam_set_item()\n" -msgstr "pam_set_item() meghiúsult\n" - -#: modules/pam_selinux/pam_selinux_check.c:133 -#, c-format -msgid "login: failure forking: %m" -msgstr "bejelentkezés: hiba az elágazás közben: %m" - -#: modules/pam_selinux/pam_selinux.c:102 -#, c-format -msgid "Your default context is %s. \n" -msgstr "Az Ön alapértelmezett kontextusa: %s. \n" - -#: modules/pam_selinux/pam_selinux.c:105 -msgid "Do you want to choose a different one? [n]" -msgstr "Kíván másikat választani? [n]" - -#: modules/pam_selinux/pam_selinux.c:112 -msgid "Enter number of choice: " -msgstr "Adja meg a kívánt lehetőség számát: " - -#: modules/pam_selinux/pam_selinux.c:152 -msgid "Would you like to enter a security context? [y] " -msgstr "Kíván megadni egy biztonsági kontextust? [y] " - -#: modules/pam_selinux/pam_selinux.c:169 -msgid "role: " -msgstr "szerep: " - -#: modules/pam_selinux/pam_selinux.c:177 -msgid "type: " -msgstr "típus: " - -#: modules/pam_selinux/pam_selinux.c:187 -msgid "level: " -msgstr "szint: " - -#: modules/pam_selinux/pam_selinux.c:203 -msgid "Not a valid security context" -msgstr "Nem érvényes biztonsági kontextus" - -#: modules/pam_selinux/pam_selinux.c:417 -#, c-format -msgid "Security Context %s Assigned" -msgstr "%s biztonsági kontextus hozzárendelve" - -#: modules/pam_exec/pam_exec.c:118 -#, c-format -msgid "%s failed: exit code %d" -msgstr "%s hiba: kimeneti érték %d" - -#: modules/pam_exec/pam_exec.c:126 -#, c-format -msgid "%s failed: caught signal %d%s" -msgstr "%s hiba: kimeneti signal %d%s" - -#: modules/pam_exec/pam_exec.c:134 -#, c-format -msgid "%s failed: unknown status 0x%x" -msgstr "%s hiba: ismeretlen állapot 0x%x" - -#: modules/pam_mail/pam_mail.c:313 -msgid "No mail." -msgstr "Nincs levél." - -#: modules/pam_mail/pam_mail.c:316 -msgid "You have new mail." -msgstr "Új levele érkezett." - -#: modules/pam_mail/pam_mail.c:319 -msgid "You have old mail." -msgstr "Régebbi levelei vannak." - -#: modules/pam_mail/pam_mail.c:323 -msgid "You have mail." -msgstr "Önnek levele van." - -#: modules/pam_mail/pam_mail.c:330 -#, c-format -msgid "You have no mail in folder %s." -msgstr "%s könyvtárban nincs levél." - -#: modules/pam_mail/pam_mail.c:334 -#, c-format -msgid "You have new mail in folder %s." -msgstr "%s könyvtárban új levél van." - -#: modules/pam_mail/pam_mail.c:338 -#, c-format -msgid "You have old mail in folder %s." -msgstr "%s könyvtárban régi levél van." - -#: modules/pam_mail/pam_mail.c:343 -#, c-format -msgid "You have mail in folder %s." -msgstr "%s könyvtárban levelek vannak." - -#: modules/pam_unix/pam_unix_acct.c:274 modules/pam_unix/pam_unix_acct.c:301 -msgid "Your account has expired; please contact your system administrator" -msgstr "A fiók érvényessége lejárt; keresse meg a rendszergazdát" - -#: modules/pam_unix/pam_unix_acct.c:283 -msgid "You are required to change your password immediately (root enforced)" -msgstr "Azonnal meg kell változtatnia a jelszavát (a root írta elő)" - -#: modules/pam_unix/pam_unix_acct.c:310 -msgid "You are required to change your password immediately (password aged)" -msgstr "Azonnal meg kell változtatnia a jelszavát (a jelszó elévült)" - -#: modules/pam_unix/pam_unix_acct.c:323 modules/pam_unix/pam_unix_acct.c:330 -#, c-format -msgid "Warning: your password will expire in %d day" -msgid_plural "Warning: your password will expire in %d days" -msgstr[0] "Figyelmeztetés: a jelszava lejár %d nap múlva" - -#. TRANSLATORS: only used if dngettext is not support -#. ed -#: modules/pam_unix/pam_unix_acct.c:336 -#, c-format -msgid "Warning: your password will expire in %d days" -msgstr "Figyelmeztetés: a jelszava lejár %d nap múlva" - -#: modules/pam_unix/pam_unix_auth.c:160 modules/pam_userdb/pam_userdb.c:61 -msgid "Password: " -msgstr "Jelszó: " - -#: modules/pam_unix/pam_unix_passwd.c:819 -msgid "NIS password could not be changed." -msgstr "A NIS-jelszó nem módosítható." - -#: modules/pam_unix/pam_unix_passwd.c:975 -#: modules/pam_cracklib/pam_cracklib.c:464 -msgid "No password supplied" -msgstr "Nem lett megadva jelszó" - -#: modules/pam_unix/pam_unix_passwd.c:975 -#: modules/pam_cracklib/pam_cracklib.c:464 -msgid "Password unchanged" -msgstr "A jelszó nem változott" - -#: modules/pam_unix/pam_unix_passwd.c:996 -msgid "You must choose a longer password" -msgstr "Hosszabb jelszót kell választania" - -#: modules/pam_unix/pam_unix_passwd.c:1001 -msgid "Password has been already used. Choose another." -msgstr "A jelszót már használta. Válasszon egy másikat." - -#: modules/pam_unix/pam_unix_passwd.c:1125 -msgid "(current) UNIX password: " -msgstr "A (jelenlegi) UNIX jelszó: " - -#: modules/pam_unix/pam_unix_passwd.c:1160 -msgid "You must wait longer to change your password" -msgstr "Tovább kell várnia a jelszó módosítására" - -#: modules/pam_unix/pam_unix_passwd.c:1220 -msgid "Enter new UNIX password: " -msgstr "Adja meg az új UNIX jelszót: " - -#: modules/pam_unix/pam_unix_passwd.c:1221 -msgid "Retype new UNIX password: " -msgstr "Írja be újra a UNIX jelszót: " - -#: modules/pam_stress/pam_stress.c:477 -msgid "Changing STRESS password for " -msgstr "STRESS jelszó megváltoztatása - " - -#: modules/pam_stress/pam_stress.c:491 -msgid "Enter new STRESS password: " -msgstr "Új STRESS jelszó: " - -#: modules/pam_stress/pam_stress.c:494 -msgid "Retype new STRESS password: " -msgstr "Írja be mégegyszer az új STRESS jelszót: " - -#: modules/pam_stress/pam_stress.c:523 -msgid "Verification mis-typed; password unchanged" -msgstr "Az ellenőrző jelszó nem egyezik; a jelszó nem került módosításra" - -#: modules/pam_cracklib/pam_cracklib.c:60 -#, c-format -msgid "New %s%spassword: " -msgstr "Az új %s%sjelszó: " - -#: modules/pam_cracklib/pam_cracklib.c:62 -#, c-format -msgid "Retype new %s%spassword: " -msgstr "Írja be újra az új %s%sjelszót: " - -#: modules/pam_cracklib/pam_cracklib.c:63 -msgid "Sorry, passwords do not match." -msgstr "Sajnálom, de a jelszavak nem egyeznek." - -#: modules/pam_cracklib/pam_cracklib.c:378 -msgid "is the same as the old one" -msgstr "ugyanaz, mint a régi" - -#: modules/pam_cracklib/pam_cracklib.c:389 -msgid "is a palindrome" -msgstr "A jelszó egy palindrom" - -#: modules/pam_cracklib/pam_cracklib.c:392 -msgid "case changes only" -msgstr "A jelszó csak a kis/nagybetűkben változott" - -#: modules/pam_cracklib/pam_cracklib.c:395 -msgid "is too similar to the old one" -msgstr "A jelszó túl hasonló a régihez" - -#: modules/pam_cracklib/pam_cracklib.c:398 -msgid "is too simple" -msgstr "A jelszó túl egyszerű" - -#: modules/pam_cracklib/pam_cracklib.c:401 -msgid "is rotated" -msgstr "A jelszó át lett forgatva" - -#: modules/pam_cracklib/pam_cracklib.c:436 -msgid "has been already used" -msgstr "A jelszót már használta. Válasszon egy másikat." - -#: modules/pam_cracklib/pam_cracklib.c:487 -#: modules/pam_cracklib/pam_cracklib.c:615 -#, c-format -msgid "BAD PASSWORD: %s" -msgstr "ROSSZ JELSZÓ: %s" - -#: libpam/pam_item.c:271 -msgid "login:" -msgstr "belépés:" - -#: libpam/pam_strerror.c:40 -msgid "Success" -msgstr "Sikerült" - -#: libpam/pam_strerror.c:42 -msgid "Critical error - immediate abort" -msgstr "Kritikus hiba - azonnali leállás" - -#: libpam/pam_strerror.c:44 -msgid "Failed to load module" -msgstr "A modul betöltése sikertelen" - -#: libpam/pam_strerror.c:46 -msgid "Symbol not found" -msgstr "A szimbólum nem található" - -#: libpam/pam_strerror.c:48 -msgid "Error in service module" -msgstr "Hiba a szervizmodulban" - -#: libpam/pam_strerror.c:50 -msgid "System error" -msgstr "Rendszerhiba" - -#: libpam/pam_strerror.c:52 -msgid "Memory buffer error" -msgstr "Memóriapuffer-hiba" - -#: libpam/pam_strerror.c:54 -msgid "Permission denied" -msgstr "Engedély megtagadva" - -#: libpam/pam_strerror.c:56 -msgid "Authentication failure" -msgstr "Hitelesítési hiba" - -#: libpam/pam_strerror.c:58 -msgid "Insufficient credentials to access authentication data" -msgstr "Nem elegendő azonosítási adat a hitelesítési adatok eléréséhez" - -#: libpam/pam_strerror.c:60 -msgid "Authentication service cannot retrieve authentication info" -msgstr "A hitelesítési szolgáltatás nem tudja lekérni a hitelesítési adatokat" - -#: libpam/pam_strerror.c:62 -msgid "User not known to the underlying authentication module" -msgstr "Az alsóbb szintű hitelesítési modul nem ismeri a felhasználót" - -#: libpam/pam_strerror.c:64 -msgid "Have exhausted maximum number of retries for service" -msgstr "" -"Elérte a szolgáltatás által engedélyezett újrapróbálkozások maximális számát" - -#: libpam/pam_strerror.c:66 -msgid "Authentication token is no longer valid; new one required" -msgstr "A hitelesítési token már nem érvényes; újra van szükség" - -#: libpam/pam_strerror.c:68 -msgid "User account has expired" -msgstr "A felhasználói fiók lejárt" - -#: libpam/pam_strerror.c:70 -msgid "Cannot make/remove an entry for the specified session" -msgstr "Nem készíthető/törölhető bejegyzés az adott munkamenethez" - -#: libpam/pam_strerror.c:72 -msgid "Authentication service cannot retrieve user credentials" -msgstr "" -"A hitelesítési szolgáltatás nem tudja lekérni a felhasználó hitelesítési " -"adatait" - -#: libpam/pam_strerror.c:74 -msgid "User credentials expired" -msgstr "A felhasználó hitelesítési adatai lejártak" - -#: libpam/pam_strerror.c:76 -msgid "Failure setting user credentials" -msgstr "Hiba a felhasználó hitelesítési adatainak beállítása közben" - -#: libpam/pam_strerror.c:78 -msgid "No module specific data is present" -msgstr "Nem található modulspecifikus adat" - -#: libpam/pam_strerror.c:80 -msgid "Bad item passed to pam_*_item()" -msgstr "Rossz elem lett átadva a pam_*_item() számára" - -#: libpam/pam_strerror.c:82 -msgid "Conversation error" -msgstr "Beszélgetési hiba" - -#: libpam/pam_strerror.c:84 -msgid "Authentication token manipulation error" -msgstr "Hitelesítésitoken-kezelési hiba" - -#: libpam/pam_strerror.c:86 -msgid "Authentication information cannot be recovered" -msgstr "A hitelesítési adatok nem állíthatók helyre" - -#: libpam/pam_strerror.c:88 -msgid "Authentication token lock busy" -msgstr "Hitelesítési token zár foglalt" - -#: libpam/pam_strerror.c:90 -msgid "Authentication token aging disabled" -msgstr "Hitelesítési token lejárat kikapcsolva" - -#: libpam/pam_strerror.c:92 -msgid "Failed preliminary check by password service" -msgstr "A jelszószolgáltatás előzetes ellenőrzésén megbukott" - -#: libpam/pam_strerror.c:94 -msgid "The return value should be ignored by PAM dispatch" -msgstr "A PAM elosztónak a visszatérési értéket figyelmen kívül kell hagynia" - -#: libpam/pam_strerror.c:96 -msgid "Module is unknown" -msgstr "A modul ismeretlen" - -#: libpam/pam_strerror.c:98 -msgid "Authentication token expired" -msgstr "A hitelesítési token lejárt" - -#: libpam/pam_strerror.c:100 -msgid "Conversation is waiting for event" -msgstr "A beszélgetés egy eseményre várakozik" - -#: libpam/pam_strerror.c:102 -msgid "Application needs to call libpam again" -msgstr "Az alkalmazásnak újra meg kell hívnia a libpam modult" - -#: libpam/pam_strerror.c:105 -msgid "Unknown PAM error" -msgstr "Ismeretlen PAM-hiba" - -#: libpam_misc/misc_conv.c:33 -msgid "...Time is running out...\n" -msgstr "...Kifut az időből...\n" - -#: libpam_misc/misc_conv.c:34 -msgid "...Sorry, your time is up!\n" -msgstr "...Elnézést, de az idő lejárt!\n" - -#: libpam_misc/misc_conv.c:343 -#, c-format -msgid "erroneous conversation (%d)\n" -msgstr "hibás beszélgetés (%d)\n" diff --git a/pam.changes b/pam.changes index 29b6eb9..9f76f01 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + ------------------------------------------------------------------- Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de diff --git a/pam.spec b/pam.spec index 7f1a6cb..398426c 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 0.99.6.3) +# spec file for package pam (Version 0.99.7.0) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -16,14 +16,14 @@ BuildRequires: cracklib-devel db-devel libxcrypt-devel %if %{suse_version} > 1000 BuildRequires: audit-devel %endif -%define libpam_so_version 0.81.5 +%define libpam_so_version 0.81.6 %define libpam_misc_so_version 0.81.2 %define libpamc_so_version 0.81.0 License: Beerware, Cardware, Shareware (not restricted), BSD License and BSD-like Group: System/Libraries Autoreqprov: on -Version: 0.99.6.3 -Release: 29 +Version: 0.99.7.0 +Release: 1 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -35,9 +35,6 @@ Source5: common-account.pamd Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment -Source30: hu.po -Patch: pam_unix-crypt.diff -Patch1: pam_namespace.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -65,18 +62,17 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 -%patch -%patch1 -cp -av %SOURCE30 po %build CFLAGS="$RPM_OPT_FLAGS" \ ./configure \ --infodir=%{_infodir} \ --mandir=%{_mandir} \ + --docdir=%{_docdir}/pam \ + --htmldir=%{_docdir}/pam/html \ + --pdfdir=%{_docdir}/pam/pdf \ --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ - --enable-docdir=%{_docdir}/pam \ --enable-securedir=/%{_lib}/security make make check @@ -187,6 +183,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_echo.so /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so +/%{_lib}/security/pam_faildelay.so /%{_lib}/security/pam_filter.so %dir /%{_lib}/security/pam_filter /%{_lib}/security//pam_filter/upperLOWER @@ -242,6 +239,13 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog -n pam +* Wed Jan 17 2007 - kukuk@suse.de +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. * Wed Jan 17 2007 - lnussel@suse.de - install unix_chkpwd setuid root instead of setgid shadow (#216816) * Tue Oct 24 2006 - kukuk@suse.de diff --git a/pam_namespace.diff b/pam_namespace.diff deleted file mode 100644 index 4708e01..0000000 --- a/pam_namespace.diff +++ /dev/null @@ -1,20 +0,0 @@ ---- modules/pam_namespace/pam_namespace.c 30 Aug 2006 08:42:38 -0000 1.3 -+++ modules/pam_namespace/pam_namespace.c 24 Oct 2006 12:21:45 -0000 -@@ -1206,7 +1206,7 @@ - * Add the user info to the instance data so we can refer to them later. - */ - idata.user[0] = 0; -- strncat(idata.user, user_name, sizeof(idata.user)); -+ strncat(idata.user, user_name, sizeof(idata.user) - 1); - idata.uid = pwd->pw_uid; - - /* -@@ -1290,7 +1290,7 @@ - * Add the user info to the instance data so we can refer to them later. - */ - idata.user[0] = 0; -- strncat(idata.user, user_name, sizeof(idata.user)); -+ strncat(idata.user, user_name, sizeof(idata.user) - 1); - idata.uid = pwd->pw_uid; - - /* diff --git a/pam_unix-crypt.diff b/pam_unix-crypt.diff deleted file mode 100644 index 3d5ade0..0000000 --- a/pam_unix-crypt.diff +++ /dev/null @@ -1,63 +0,0 @@ -Index: modules/pam_unix/support.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/support.c,v -retrieving revision 1.40 -diff -u -r1.40 support.c ---- modules/pam_unix/support.c 27 Jun 2006 08:38:14 -0000 1.40 -+++ modules/pam_unix/support.c 24 Oct 2006 10:14:15 -0000 -@@ -689,7 +689,7 @@ - D(("user has empty password - access denied")); - retval = PAM_AUTH_ERR; - } -- } else if (!p || (*salt == '*') || (salt_len < 13)) { -+ } else if (!p || (*salt == '*')) { - retval = PAM_AUTH_ERR; - } else { - if (!strncmp(salt, "$1$", 3)) { -@@ -698,6 +698,12 @@ - _pam_delete(pp); - pp = Brokencrypt_md5(p, salt); - } -+ } else if (*salt == '$') { -+ /* -+ * Ok, we don't know the crypt algorithm, but maybe -+ * libcrypt nows about it? We should try it. -+ */ -+ pp = x_strdup (crypt(p, salt)); - } else { - pp = bigcrypt(p, salt); - } -Index: modules/pam_unix/unix_chkpwd.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/unix_chkpwd.c,v -retrieving revision 1.17 -diff -u -r1.17 unix_chkpwd.c ---- modules/pam_unix/unix_chkpwd.c 14 Jun 2006 15:28:44 -0000 1.17 -+++ modules/pam_unix/unix_chkpwd.c 24 Oct 2006 10:14:15 -0000 -@@ -40,9 +40,7 @@ - #include - - #include "md5.h" -- --extern char *crypt(const char *key, const char *salt); --extern char *bigcrypt(const char *key, const char *salt); -+#include "bigcrypt.h" - - /* syslogging function for errors and other information */ - -@@ -205,6 +203,15 @@ - if (strcmp(pp, salt) == 0) - retval = PAM_SUCCESS; - } -+ } else if (*salt == '$') { -+ /* -+ * Ok, we don't know the crypt algorithm, but maybe -+ * libcrypt nows about it? We should try it. -+ */ -+ pp = x_strdup (crypt(p, salt)); -+ if (strcmp(pp, salt) == 0) { -+ retval = PAM_SUCCESS; -+ } - } else if ((*salt == '*') || (salt_len < 13)) { - retval = PAM_AUTH_ERR; - } else { -- 2.51.1 From b43bc958a5996fab1e32dd82bf75aaddca68b0358d44d9f1acc68e8e6cf239f1 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 23 Jan 2007 14:23:12 +0000 Subject: [PATCH 004/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=4 --- Linux-PAM-0.99.7.0-docs.tar.bz2 | 3 --- Linux-PAM-0.99.7.0.tar.bz2 | 3 --- Linux-PAM-0.99.7.1-docs.tar.bz2 | 3 +++ Linux-PAM-0.99.7.1.tar.bz2 | 3 +++ pam.changes | 5 +++++ pam.spec | 6 ++++-- 6 files changed, 15 insertions(+), 8 deletions(-) delete mode 100644 Linux-PAM-0.99.7.0-docs.tar.bz2 delete mode 100644 Linux-PAM-0.99.7.0.tar.bz2 create mode 100644 Linux-PAM-0.99.7.1-docs.tar.bz2 create mode 100644 Linux-PAM-0.99.7.1.tar.bz2 diff --git a/Linux-PAM-0.99.7.0-docs.tar.bz2 b/Linux-PAM-0.99.7.0-docs.tar.bz2 deleted file mode 100644 index c1b6782..0000000 --- a/Linux-PAM-0.99.7.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:179b4f348dd9bdaf14d138199ebb934264dfbacdad7ac2becb2c4d73d65c3f70 -size 402659 diff --git a/Linux-PAM-0.99.7.0.tar.bz2 b/Linux-PAM-0.99.7.0.tar.bz2 deleted file mode 100644 index da7d692..0000000 --- a/Linux-PAM-0.99.7.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:69058389cc33947583ab3e6da5f4cd543f55bff83b621efde7b35550c5b6d951 -size 873193 diff --git a/Linux-PAM-0.99.7.1-docs.tar.bz2 b/Linux-PAM-0.99.7.1-docs.tar.bz2 new file mode 100644 index 0000000..ff92d00 --- /dev/null +++ b/Linux-PAM-0.99.7.1-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f54fa8cde613ac421cc97902bcbdf4fd5769f1d7e9d1a97f7fd35506c70a9e65 +size 402593 diff --git a/Linux-PAM-0.99.7.1.tar.bz2 b/Linux-PAM-0.99.7.1.tar.bz2 new file mode 100644 index 0000000..0803ef6 --- /dev/null +++ b/Linux-PAM-0.99.7.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:dd7652d8a4f47b6730859440180f14be82707cee31063f6c51731c47f5e56260 +size 872657 diff --git a/pam.changes b/pam.changes index 9f76f01..14e8be7 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + ------------------------------------------------------------------- Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 398426c..8a2ee15 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 0.99.7.0) +# spec file for package pam (Version 0.99.7.1) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -22,7 +22,7 @@ BuildRequires: audit-devel License: Beerware, Cardware, Shareware (not restricted), BSD License and BSD-like Group: System/Libraries Autoreqprov: on -Version: 0.99.7.0 +Version: 0.99.7.1 Release: 1 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus @@ -239,6 +239,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog -n pam +* Tue Jan 23 2007 - kukuk@suse.de +- Update to Version 0.99.7.1 (security fix) * Wed Jan 17 2007 - kukuk@suse.de - Update to Version 0.99.7.0 * Add manual page for pam_unix.so. -- 2.51.1 From ea59829a21947286e6aa785ff740d437067c9fc8fb41e67562c77e57133f0e61 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 26 Jan 2007 16:44:38 +0000 Subject: [PATCH 005/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=5 --- pam.changes | 6 ++++++ pam.spec | 16 ++++++++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/pam.changes b/pam.changes index 14e8be7..3320689 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + ------------------------------------------------------------------- Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 8a2ee15..380b657 100644 --- a/pam.spec +++ b/pam.spec @@ -23,7 +23,7 @@ License: Beerware, Cardware, Shareware (not restricted), BSD License and Group: System/Libraries Autoreqprov: on Version: 0.99.7.1 -Release: 1 +Release: 2 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -144,9 +144,14 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_keyinit.so %clean rm -rf $RPM_BUILD_ROOT -%post -p /sbin/ldconfig +%post +%run_ldconfig -%postun -p /sbin/ldconfig +%postun +%run_ldconfig + +%verifyscript +%verify_permissions -e /sbin/unix_chkpwd %files -f Linux-PAM.lang %defattr(-,root,root) @@ -226,7 +231,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so /sbin/pam_tally -%attr (4755,root,shadow)/sbin/unix_chkpwd +%verify(not mode) %attr (4755,root,shadow)/sbin/unix_chkpwd %files devel %defattr(644,root,root,755) @@ -239,6 +244,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog -n pam +* Wed Jan 24 2007 - mc@suse.de +- add %%verify_permissions for /sbin/unix_chkpwd + [#237625] * Tue Jan 23 2007 - kukuk@suse.de - Update to Version 0.99.7.1 (security fix) * Wed Jan 17 2007 - kukuk@suse.de -- 2.51.1 From eabe170c83d3e06ef380712c73a26f6056aa6f3b55ca51163f834b160b52f59f Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 28 Mar 2007 22:57:30 +0000 Subject: [PATCH 006/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=6 --- pam.changes | 5 +++++ pam.spec | 8 +++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index 3320689..36bca1a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + ------------------------------------------------------------------- Wed Jan 24 11:27:16 CET 2007 - mc@suse.de diff --git a/pam.spec b/pam.spec index 380b657..d655627 100644 --- a/pam.spec +++ b/pam.spec @@ -12,7 +12,7 @@ Name: pam URL: http://www.kernel.org/pub/linux/libs/pam/ -BuildRequires: cracklib-devel db-devel libxcrypt-devel +BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel %if %{suse_version} > 1000 BuildRequires: audit-devel %endif @@ -23,7 +23,7 @@ License: Beerware, Cardware, Shareware (not restricted), BSD License and Group: System/Libraries Autoreqprov: on Version: 0.99.7.1 -Release: 2 +Release: 9 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -243,7 +243,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so -%changelog -n pam +%changelog +* Mon Mar 26 2007 - rguenther@suse.de +- add flex and bison BuildRequires * Wed Jan 24 2007 - mc@suse.de - add %%verify_permissions for /sbin/unix_chkpwd [#237625] -- 2.51.1 From 5ec98b4c9c07a038131600a577c3df48c733490e4d9eb1142035fb01e7acbf2e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 19 Apr 2007 20:09:31 +0000 Subject: [PATCH 007/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=7 --- pam.changes | 6 ++++++ pam.spec | 29 +++++++++++++++++++++++++++-- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/pam.changes b/pam.changes index 36bca1a..b76ccc9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + ------------------------------------------------------------------- Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de diff --git a/pam.spec b/pam.spec index d655627..dfe5b25 100644 --- a/pam.spec +++ b/pam.spec @@ -23,7 +23,7 @@ License: Beerware, Cardware, Shareware (not restricted), BSD License and Group: System/Libraries Autoreqprov: on Version: 0.99.7.1 -Release: 9 +Release: 11 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -44,6 +44,19 @@ having to recompile programs that do authentication. +%package doc +Summary: Documentation for pam - A security tool that provides authentication for applications +Group: Documentation/HTML + +%description doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + + + %package devel Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ @@ -155,7 +168,6 @@ rm -rf $RPM_BUILD_ROOT %files -f Linux-PAM.lang %defattr(-,root,root) -%doc %{_defaultdocdir}/pam %dir %{_sysconfdir}/pam.d %dir %{_sysconfdir}/security %config(noreplace) %{_sysconfdir}/pam.d/other @@ -171,6 +183,9 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_sysconfdir}/security/namespace.init %endif +%doc %{_defaultdocdir}/pam/CHANGELOG +%doc %{_defaultdocdir}/pam/Copyright +%doc %{_defaultdocdir}/pam/README %doc %{_mandir}/man5/*.conf.5* %doc %{_mandir}/man5/pam.d.5* %doc %{_mandir}/man8/* @@ -233,6 +248,13 @@ rm -rf $RPM_BUILD_ROOT /sbin/pam_tally %verify(not mode) %attr (4755,root,shadow)/sbin/unix_chkpwd +%files doc +%defattr(644,root,root,755) +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + %files devel %defattr(644,root,root,755) %dir /usr/include/security @@ -244,6 +266,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Thu Apr 19 2007 - mc@suse.de +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] * Mon Mar 26 2007 - rguenther@suse.de - add flex and bison BuildRequires * Wed Jan 24 2007 - mc@suse.de -- 2.51.1 From 4e408a01e9d049e2716f0e614875c667ff43e8840d90345602708d6aca47aaa3 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 10 Jul 2007 11:34:21 +0000 Subject: [PATCH 008/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=8 --- Linux-PAM-0.99.7.1-docs.tar.bz2 | 3 --- Linux-PAM-0.99.7.1.tar.bz2 | 3 --- Linux-PAM-0.99.8.0-docs.tar.bz2 | 3 +++ Linux-PAM-0.99.8.0.tar.bz2 | 3 +++ pam.changes | 10 ++++++++++ pam.spec | 21 +++++++++++++++------ 6 files changed, 31 insertions(+), 12 deletions(-) delete mode 100644 Linux-PAM-0.99.7.1-docs.tar.bz2 delete mode 100644 Linux-PAM-0.99.7.1.tar.bz2 create mode 100644 Linux-PAM-0.99.8.0-docs.tar.bz2 create mode 100644 Linux-PAM-0.99.8.0.tar.bz2 diff --git a/Linux-PAM-0.99.7.1-docs.tar.bz2 b/Linux-PAM-0.99.7.1-docs.tar.bz2 deleted file mode 100644 index ff92d00..0000000 --- a/Linux-PAM-0.99.7.1-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f54fa8cde613ac421cc97902bcbdf4fd5769f1d7e9d1a97f7fd35506c70a9e65 -size 402593 diff --git a/Linux-PAM-0.99.7.1.tar.bz2 b/Linux-PAM-0.99.7.1.tar.bz2 deleted file mode 100644 index 0803ef6..0000000 --- a/Linux-PAM-0.99.7.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dd7652d8a4f47b6730859440180f14be82707cee31063f6c51731c47f5e56260 -size 872657 diff --git a/Linux-PAM-0.99.8.0-docs.tar.bz2 b/Linux-PAM-0.99.8.0-docs.tar.bz2 new file mode 100644 index 0000000..a612868 --- /dev/null +++ b/Linux-PAM-0.99.8.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f0727385e36d9579145ce2ac47b5e5320be0df8619afbe5d5f10213d5b03c3df +size 406683 diff --git a/Linux-PAM-0.99.8.0.tar.bz2 b/Linux-PAM-0.99.8.0.tar.bz2 new file mode 100644 index 0000000..60fbdff --- /dev/null +++ b/Linux-PAM-0.99.8.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:929fd4502f658592e411c3ae38d159b15d78075581996fd12c7e8640d2db4def +size 903369 diff --git a/pam.changes b/pam.changes index b76ccc9..3702710 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + ------------------------------------------------------------------- Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de diff --git a/pam.spec b/pam.spec index dfe5b25..cdd8654 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 0.99.7.1) +# spec file for package pam (Version 0.99.8.0) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -16,14 +16,14 @@ BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel %if %{suse_version} > 1000 BuildRequires: audit-devel %endif -%define libpam_so_version 0.81.6 +%define libpam_so_version 0.81.7 %define libpam_misc_so_version 0.81.2 %define libpamc_so_version 0.81.0 -License: Beerware, Cardware, Shareware (not restricted), BSD License and BSD-like +License: Beerware, Cardware, Shareware (not restricted), BSD 3-Clause, THE BEER-WARE LICENSE" (Revision 42) Group: System/Libraries Autoreqprov: on -Version: 0.99.7.1 -Release: 11 +Version: 0.99.8.0 +Release: 1 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -45,7 +45,7 @@ having to recompile programs that do authentication. %package doc -Summary: Documentation for pam - A security tool that provides authentication for applications +Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML %description doc @@ -88,6 +88,8 @@ CFLAGS="$RPM_OPT_FLAGS" \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security make + +%check make check %install @@ -266,6 +268,13 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Fri Jul 06 2007 - kukuk@suse.de +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access * Thu Apr 19 2007 - mc@suse.de - move the documentation into a seperate package (pam-doc) [partly fixes Bug #265733] -- 2.51.1 From 2c82685731fc7728abae386b8b71d77e4dc684185c6e7f141d342bf132c27ce1 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 18 Jul 2007 20:57:48 +0000 Subject: [PATCH 009/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=9 --- Linux-PAM-0.99.8.0-docs.tar.bz2 | 3 --- Linux-PAM-0.99.8.0.tar.bz2 | 3 --- Linux-PAM-0.99.8.1-docs.tar.bz2 | 3 +++ Linux-PAM-0.99.8.1.tar.bz2 | 3 +++ pam.changes | 6 ++++++ pam.spec | 9 ++++++--- 6 files changed, 18 insertions(+), 9 deletions(-) delete mode 100644 Linux-PAM-0.99.8.0-docs.tar.bz2 delete mode 100644 Linux-PAM-0.99.8.0.tar.bz2 create mode 100644 Linux-PAM-0.99.8.1-docs.tar.bz2 create mode 100644 Linux-PAM-0.99.8.1.tar.bz2 diff --git a/Linux-PAM-0.99.8.0-docs.tar.bz2 b/Linux-PAM-0.99.8.0-docs.tar.bz2 deleted file mode 100644 index a612868..0000000 --- a/Linux-PAM-0.99.8.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f0727385e36d9579145ce2ac47b5e5320be0df8619afbe5d5f10213d5b03c3df -size 406683 diff --git a/Linux-PAM-0.99.8.0.tar.bz2 b/Linux-PAM-0.99.8.0.tar.bz2 deleted file mode 100644 index 60fbdff..0000000 --- a/Linux-PAM-0.99.8.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:929fd4502f658592e411c3ae38d159b15d78075581996fd12c7e8640d2db4def -size 903369 diff --git a/Linux-PAM-0.99.8.1-docs.tar.bz2 b/Linux-PAM-0.99.8.1-docs.tar.bz2 new file mode 100644 index 0000000..54a42a8 --- /dev/null +++ b/Linux-PAM-0.99.8.1-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d9b41251618612824a95c7bb30ca015217c976a8b00bcc3ddaa7d2352743f009 +size 406450 diff --git a/Linux-PAM-0.99.8.1.tar.bz2 b/Linux-PAM-0.99.8.1.tar.bz2 new file mode 100644 index 0000000..51f44b3 --- /dev/null +++ b/Linux-PAM-0.99.8.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4824d6c654ecb25818e12f490f8e0b9ea84b212beeb02362ece1d713a9ca4313 +size 903899 diff --git a/pam.changes b/pam.changes index 3702710..bd1e3d1 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + ------------------------------------------------------------------- Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index cdd8654..00d14c9 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 0.99.8.0) +# spec file for package pam (Version 0.99.8.1) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -16,13 +16,13 @@ BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel %if %{suse_version} > 1000 BuildRequires: audit-devel %endif -%define libpam_so_version 0.81.7 +%define libpam_so_version 0.81.8 %define libpam_misc_so_version 0.81.2 %define libpamc_so_version 0.81.0 License: Beerware, Cardware, Shareware (not restricted), BSD 3-Clause, THE BEER-WARE LICENSE" (Revision 42) Group: System/Libraries Autoreqprov: on -Version: 0.99.8.0 +Version: 0.99.8.1 Release: 1 Summary: A security tool that provides authentication for applications Obsoletes: pam-laus @@ -268,6 +268,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Wed Jul 18 2007 - kukuk@suse.de +- Update to version 0.99.8.1: + - Fix regression in pam_audit * Fri Jul 06 2007 - kukuk@suse.de - Update to version 0.99.8.0: - Add translations for ar, ca, da, ru, sv and zu. -- 2.51.1 From a0ff3993cce8e2c8b1051c7df72d512decfd784f228ade60018461109c156df0 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 11 Oct 2007 20:08:44 +0000 Subject: [PATCH 010/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=10 --- Linux-PAM-0.99.8.1-docs.tar.bz2 | 3 --- Linux-PAM-0.99.8.1.tar.bz2 | 3 --- Linux-PAM-0.99.9.0-docs.tar.bz2 | 3 +++ Linux-PAM-0.99.9.0.tar.bz2 | 3 +++ pam.changes | 9 +++++++++ pam.spec | 30 +++++++++++++++++------------- 6 files changed, 32 insertions(+), 19 deletions(-) delete mode 100644 Linux-PAM-0.99.8.1-docs.tar.bz2 delete mode 100644 Linux-PAM-0.99.8.1.tar.bz2 create mode 100644 Linux-PAM-0.99.9.0-docs.tar.bz2 create mode 100644 Linux-PAM-0.99.9.0.tar.bz2 diff --git a/Linux-PAM-0.99.8.1-docs.tar.bz2 b/Linux-PAM-0.99.8.1-docs.tar.bz2 deleted file mode 100644 index 54a42a8..0000000 --- a/Linux-PAM-0.99.8.1-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9b41251618612824a95c7bb30ca015217c976a8b00bcc3ddaa7d2352743f009 -size 406450 diff --git a/Linux-PAM-0.99.8.1.tar.bz2 b/Linux-PAM-0.99.8.1.tar.bz2 deleted file mode 100644 index 51f44b3..0000000 --- a/Linux-PAM-0.99.8.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4824d6c654ecb25818e12f490f8e0b9ea84b212beeb02362ece1d713a9ca4313 -size 903899 diff --git a/Linux-PAM-0.99.9.0-docs.tar.bz2 b/Linux-PAM-0.99.9.0-docs.tar.bz2 new file mode 100644 index 0000000..a1d6acc --- /dev/null +++ b/Linux-PAM-0.99.9.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d199d9c30e5aab1239b5b3cf83b25009357107ab506b67ff3dcbdcee83661899 +size 701407 diff --git a/Linux-PAM-0.99.9.0.tar.bz2 b/Linux-PAM-0.99.9.0.tar.bz2 new file mode 100644 index 0000000..4b31001 --- /dev/null +++ b/Linux-PAM-0.99.9.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ccdd8ac155bdeb6a630bdb5fd05606fd0a54849361a22f4d306d08ea7f8af823 +size 909242 diff --git a/pam.changes b/pam.changes index bd1e3d1..6c7d035 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + ------------------------------------------------------------------- Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 00d14c9..ec940fc 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 0.99.8.1) +# spec file for package pam (Version 0.99.9.0) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -11,20 +11,20 @@ # norootforbuild Name: pam -URL: http://www.kernel.org/pub/linux/libs/pam/ +Url: http://www.kernel.org/pub/linux/libs/pam/ BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel %if %{suse_version} > 1000 BuildRequires: audit-devel %endif -%define libpam_so_version 0.81.8 -%define libpam_misc_so_version 0.81.2 +%define libpam_so_version 0.81.9 +%define libpam_misc_so_version 0.81.3 %define libpamc_so_version 0.81.0 -License: Beerware, Cardware, Shareware (not restricted), BSD 3-Clause, THE BEER-WARE LICENSE" (Revision 42) +License: BSD 3-Clause; GPL v2 or later Group: System/Libraries -Autoreqprov: on -Version: 0.99.8.1 +AutoReqProv: on +Version: 0.99.9.0 Release: 1 -Summary: A security tool that provides authentication for applications +Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -61,7 +61,7 @@ This package contains the documentation. Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: pam = %{version} glibc-devel -Autoreqprov: on +AutoReqProv: on %description devel PAM (Pluggable Authentication Modules) is a system security tool which @@ -93,11 +93,11 @@ make make check %install -install -d -m 755 $RPM_BUILD_ROOT/etc/pam.d +mkdir -p $RPM_BUILD_ROOT/etc/pam.d mkdir -p $RPM_BUILD_ROOT/usr/include/security mkdir -p $RPM_BUILD_ROOT/%{_lib}/security mkdir -p $RPM_BUILD_ROOT/sbin -install -d -m 755 $RPM_BUILD_ROOT%{_libdir} +mkdir -p -m 755 $RPM_BUILD_ROOT%{_libdir} make DESTDIR=$RPM_BUILD_ROOT install /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib} # Install documentation @@ -164,7 +164,6 @@ rm -rf $RPM_BUILD_ROOT %postun %run_ldconfig - %verifyscript %verify_permissions -e /sbin/unix_chkpwd @@ -266,8 +265,13 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam.so %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so - %changelog +* Wed Oct 10 2007 - kukuk@suse.de +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time * Wed Jul 18 2007 - kukuk@suse.de - Update to version 0.99.8.1: - Fix regression in pam_audit -- 2.51.1 From 1738681981be618754669940c6f7688838ad5ed93d099e8287db3ce355252d41 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sat, 16 Feb 2008 07:33:36 +0000 Subject: [PATCH 011/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=11 --- Linux-PAM-0.99.10.0-docs.tar.bz2 | 3 + Linux-PAM-0.99.10.0.tar.bz2 | 3 + Linux-PAM-0.99.9.0-docs.tar.bz2 | 3 - Linux-PAM-0.99.9.0.tar.bz2 | 3 - pam.changes | 12 + pam.spec | 375 ++++++++++++++++--------------- 6 files changed, 217 insertions(+), 182 deletions(-) create mode 100644 Linux-PAM-0.99.10.0-docs.tar.bz2 create mode 100644 Linux-PAM-0.99.10.0.tar.bz2 delete mode 100644 Linux-PAM-0.99.9.0-docs.tar.bz2 delete mode 100644 Linux-PAM-0.99.9.0.tar.bz2 diff --git a/Linux-PAM-0.99.10.0-docs.tar.bz2 b/Linux-PAM-0.99.10.0-docs.tar.bz2 new file mode 100644 index 0000000..70a0cb7 --- /dev/null +++ b/Linux-PAM-0.99.10.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:28820b2e1f965c5237e04fe9ff0fabf2e063fc66315c568003dfb044eec9ae7b +size 708873 diff --git a/Linux-PAM-0.99.10.0.tar.bz2 b/Linux-PAM-0.99.10.0.tar.bz2 new file mode 100644 index 0000000..24c7d71 --- /dev/null +++ b/Linux-PAM-0.99.10.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e08ab35169bfc3f1c409478889b20d7635f19c7a9765ff347de2330d18e5ac40 +size 932148 diff --git a/Linux-PAM-0.99.9.0-docs.tar.bz2 b/Linux-PAM-0.99.9.0-docs.tar.bz2 deleted file mode 100644 index a1d6acc..0000000 --- a/Linux-PAM-0.99.9.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d199d9c30e5aab1239b5b3cf83b25009357107ab506b67ff3dcbdcee83661899 -size 701407 diff --git a/Linux-PAM-0.99.9.0.tar.bz2 b/Linux-PAM-0.99.9.0.tar.bz2 deleted file mode 100644 index 4b31001..0000000 --- a/Linux-PAM-0.99.9.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ccdd8ac155bdeb6a630bdb5fd05606fd0a54849361a22f4d306d08ea7f8af823 -size 909242 diff --git a/pam.changes b/pam.changes index 6c7d035..f65177b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + ------------------------------------------------------------------- Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index ec940fc..443def7 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # -# spec file for package pam (Version 0.99.9.0) +# spec file for package pam (Version 0.99.10.0) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -10,19 +10,24 @@ # norootforbuild +%define enable_selinux 0 + Name: pam Url: http://www.kernel.org/pub/linux/libs/pam/ BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel %if %{suse_version} > 1000 BuildRequires: audit-devel %endif -%define libpam_so_version 0.81.9 +%if %{enable_selinux} +BuildRequires: libselinux-devel +%endif +%define libpam_so_version 0.81.10 %define libpam_misc_so_version 0.81.3 %define libpamc_so_version 0.81.0 License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on -Version: 0.99.9.0 +Version: 0.99.10.0 Release: 1 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus @@ -179,6 +184,9 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) %{_sysconfdir}/security/group.conf %config(noreplace) %{_sysconfdir}/security/limits.conf %config(noreplace) %{_sysconfdir}/security/pam_env.conf +%if %{enable_selinux} +%config(noreplace) %{_sysconfdir}/security/sepermit.conf +%endif %config(noreplace) %{_sysconfdir}/security/time.conf %if %{suse_version} > 1010 %config(noreplace) %{_sysconfdir}/security/namespace.conf @@ -228,14 +236,18 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_nologin.so /%{_lib}/security/pam_permit.so /%{_lib}/security/pam_rhosts.so -/%{_lib}/security/pam_rhosts_auth.so /%{_lib}/security/pam_rootok.so /%{_lib}/security/pam_securetty.so +%if %{enable_selinux} +/%{_lib}/security/pam_selinux.so +/%{_lib}/security/pam_sepermit.so +%endif /%{_lib}/security/pam_shells.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so /%{_lib}/security/pam_tally.so /%{_lib}/security/pam_time.so +/%{_lib}/security/pam_tty_audit.so /%{_lib}/security/pam_umask.so /%{_lib}/security/pam_unix.so /%{_lib}/security/pam_unix_acct.so @@ -247,7 +259,8 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so /sbin/pam_tally -%verify(not mode) %attr (4755,root,shadow)/sbin/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd +%attr(0700,root,root) /sbin/unix_update %files doc %defattr(644,root,root,755) @@ -265,118 +278,128 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam.so %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so + %changelog -* Wed Oct 10 2007 - kukuk@suse.de +* Fri Feb 15 2008 kukuk@suse.de +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. +* Wed Oct 10 2007 kukuk@suse.de - Update to version 0.99.9.0: - misc_conv no longer blocks SIGINT; applications that don't want user-interruptable prompts should block SIGINT themselves - Merge fixes from Debian - Fix parser for pam_group and pam_time -* Wed Jul 18 2007 - kukuk@suse.de +* Wed Jul 18 2007 kukuk@suse.de - Update to version 0.99.8.1: - Fix regression in pam_audit -* Fri Jul 06 2007 - kukuk@suse.de +* Fri Jul 06 2007 kukuk@suse.de - Update to version 0.99.8.0: - Add translations for ar, ca, da, ru, sv and zu. - Update hungarian translation. - Add support for limits.d directory to pam_limits. - Add minclass option to pam_cracklib - Add new group syntax to pam_access -* Thu Apr 19 2007 - mc@suse.de +* Thu Apr 19 2007 mc@suse.de - move the documentation into a seperate package (pam-doc) [partly fixes Bug #265733] -* Mon Mar 26 2007 - rguenther@suse.de +* Mon Mar 26 2007 rguenther@suse.de - add flex and bison BuildRequires -* Wed Jan 24 2007 - mc@suse.de +* Wed Jan 24 2007 mc@suse.de - add %%verify_permissions for /sbin/unix_chkpwd [#237625] -* Tue Jan 23 2007 - kukuk@suse.de +* Tue Jan 23 2007 kukuk@suse.de - Update to Version 0.99.7.1 (security fix) -* Wed Jan 17 2007 - kukuk@suse.de +* Wed Jan 17 2007 kukuk@suse.de - Update to Version 0.99.7.0 * Add manual page for pam_unix.so. * Add pam_faildelay module to set pam_fail_delay() value. * Fix possible seg.fault in libpam/pam_set_data(). * Cleanup of configure options. * Update hungarian translation, fix german translation. -* Wed Jan 17 2007 - lnussel@suse.de +* Wed Jan 17 2007 lnussel@suse.de - install unix_chkpwd setuid root instead of setgid shadow (#216816) -* Tue Oct 24 2006 - kukuk@suse.de +* Tue Oct 24 2006 kukuk@suse.de - pam_unix.so/unix_chkpwd: teach about blowfish [#213929] - pam_namespace.so: Fix two possible buffer overflow - link against libxcrypt -* Sat Oct 07 2006 - kukuk@suse.de +* Sat Oct 07 2006 kukuk@suse.de - Update hungarian translation [#210091] -* Tue Sep 19 2006 - kukuk@suse.de +* Tue Sep 19 2006 kukuk@suse.de - Don't remove pam_unix.so - Use cracklib again (goes lost with one of the last cleanups) -* Thu Sep 14 2006 - kukuk@suse.de +* Thu Sep 14 2006 kukuk@suse.de - Add pam_umask.so to common-session [Fate#3621] -* Wed Sep 06 2006 - kukuk@suse.de +* Wed Sep 06 2006 kukuk@suse.de - Update to Linux-PAM 0.99.6.3 (merges all patches) -* Wed Aug 30 2006 - kukuk@suse.de +* Wed Aug 30 2006 kukuk@suse.de - Update to Linux-PAM 0.99.6.2 (incorporate last change) - Add pam_loginuid and fixes from CVS [Fate#300486] -* Wed Aug 23 2006 - kukuk@suse.de +* Wed Aug 23 2006 kukuk@suse.de - Fix seg.fault in pam_cracklib if retyped password is empty -* Tue Aug 22 2006 - kukuk@suse.de +* Tue Aug 22 2006 kukuk@suse.de - Remove use_first_pass from pam_unix2.so in password section -* Fri Aug 11 2006 - kukuk@suse.de +* Fri Aug 11 2006 kukuk@suse.de - Update to Linux-PAM 0.99.6.1 (big documentation update) -* Fri Jul 28 2006 - kukuk@suse.de +* Fri Jul 28 2006 kukuk@suse.de - Add missing namespace.init script -* Thu Jul 27 2006 - kukuk@suse.de +* Thu Jul 27 2006 kukuk@suse.de - Reenable audit subsystem [Fate#300486] -* Wed Jun 28 2006 - kukuk@suse.de +* Wed Jun 28 2006 kukuk@suse.de - Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM modules: pam_keyinit, pam_namespace, pam_rhosts) -* Mon Jun 12 2006 - kukuk@suse.de +* Mon Jun 12 2006 kukuk@suse.de - Update to current CVS (lot of new manual pages and docu) -* Tue May 30 2006 - kukuk@suse.de +* Tue May 30 2006 kukuk@suse.de - Update to Linux-PAM 0.99.4.0 (merge all patches and translations) -* Wed May 24 2006 - kukuk@suse.de +* Wed May 24 2006 kukuk@suse.de - Fix problems found by Coverity -* Wed May 17 2006 - schwab@suse.de +* Wed May 17 2006 schwab@suse.de - Don't strip binaries. -* Fri May 05 2006 - kukuk@suse.de +* Fri May 05 2006 kukuk@suse.de - Fix pam_tally LFS support [#172492] -* Fri Apr 21 2006 - kukuk@suse.de +* Fri Apr 21 2006 kukuk@suse.de - Update fr.po and pl.po -* Tue Apr 11 2006 - kukuk@suse.de +* Tue Apr 11 2006 kukuk@suse.de - Update km.po -* Tue Apr 04 2006 - kukuk@suse.de +* Tue Apr 04 2006 kukuk@suse.de - Remove obsolete pam-laus from the system -* Mon Mar 27 2006 - kukuk@suse.de +* Mon Mar 27 2006 kukuk@suse.de - Update translations for pt, pl, fr, fi and cs - Add translation for uk -* Tue Mar 21 2006 - kukuk@suse.de +* Tue Mar 21 2006 kukuk@suse.de - Update hu.po -* Tue Mar 21 2006 - kukuk@suse.de +* Tue Mar 21 2006 kukuk@suse.de - Add translation for tr -* Mon Mar 13 2006 - kukuk@suse.de +* Mon Mar 13 2006 kukuk@suse.de - Fix order of NULL checks in pam_get_user - Fix comment in pam_lastlog for translators to be visible in pot file - Docu update, remove pam_selinux docu -* Thu Mar 02 2006 - kukuk@suse.de +* Thu Mar 02 2006 kukuk@suse.de - Update km translation -* Thu Feb 23 2006 - kukuk@suse.de +* Thu Feb 23 2006 kukuk@suse.de - pam_lastlog: - Initialize correct struct member [SF#1427401] - Mark strftime fmt string for translation [SF#1428269] -* Sun Feb 19 2006 - kukuk@suse.de +* Sun Feb 19 2006 kukuk@suse.de - Update more manual pages -* Sat Feb 18 2006 - ro@suse.de +* Sat Feb 18 2006 ro@suse.de - really disable audit if header file not present -* Tue Feb 14 2006 - kukuk@suse.de +* Tue Feb 14 2006 kukuk@suse.de - Update fi.po - Add km.po - Update pl.po -* Mon Feb 13 2006 - kukuk@suse.de +* Mon Feb 13 2006 kukuk@suse.de - Update with better manual pages -* Thu Feb 09 2006 - kukuk@suse.de +* Thu Feb 09 2006 kukuk@suse.de - Add translation for nl, update pt translation -* Fri Jan 27 2006 - kukuk@suse.de +* Fri Jan 27 2006 kukuk@suse.de - Move devel manual pages to -devel package - Mark PAM config files as noreplace - Mark /etc/securetty as noreplace @@ -384,313 +407,313 @@ rm -rf $RPM_BUILD_ROOT - Fix libdb/ndbm compat detection with gdbm - Adjust german translation - Add all services to pam_listfile -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Fri Jan 13 2006 - kukuk@suse.de +* Fri Jan 13 2006 kukuk@suse.de - Update to Linux-PAM 0.99.3.0 release candiate tar balls (new translations) -* Mon Jan 09 2006 - kukuk@suse.de +* Mon Jan 09 2006 kukuk@suse.de - Fix NULL handling for LSB-pam test suite [#141240] -* Sun Jan 08 2006 - kukuk@suse.de +* Sun Jan 08 2006 kukuk@suse.de - Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR -* Fri Jan 06 2006 - kukuk@suse.de +* Fri Jan 06 2006 kukuk@suse.de - NULL is allowed as thirs argument for pam_get_item [#141240] -* Wed Dec 21 2005 - kukuk@suse.de +* Wed Dec 21 2005 kukuk@suse.de - Add fixes from CVS -* Thu Dec 15 2005 - kukuk@suse.de +* Thu Dec 15 2005 kukuk@suse.de - Fix pam_lastlog: don't report error on first login -* Tue Dec 13 2005 - kukuk@suse.de +* Tue Dec 13 2005 kukuk@suse.de - Update to 0.99.2.1 -* Fri Dec 09 2005 - kukuk@suse.de +* Fri Dec 09 2005 kukuk@suse.de - Add /etc/environment to avoid warnings in syslog -* Mon Dec 05 2005 - kukuk@suse.de +* Mon Dec 05 2005 kukuk@suse.de - disable SELinux -* Wed Nov 23 2005 - kukuk@suse.de +* Wed Nov 23 2005 kukuk@suse.de - Update getlogin() fix to final one -* Mon Nov 21 2005 - kukuk@suse.de +* Mon Nov 21 2005 kukuk@suse.de - Fix PAM getlogin() implementation -* Mon Nov 21 2005 - kukuk@suse.de +* Mon Nov 21 2005 kukuk@suse.de - Update to official 0.99.2.0 release -* Tue Nov 08 2005 - kukuk@suse.de +* Tue Nov 08 2005 kukuk@suse.de - Update to new snapshot -* Mon Oct 10 2005 - kukuk@suse.de +* Mon Oct 10 2005 kukuk@suse.de - Enable original pam_wheel module -* Tue Sep 27 2005 - kukuk@suse.de +* Tue Sep 27 2005 kukuk@suse.de - Update to current CVS - Compile libpam_misc with -fno-strict-aliasing -* Mon Sep 19 2005 - kukuk@suse.de +* Mon Sep 19 2005 kukuk@suse.de - Update to current CVS - Fix compiling of pammodutil with -fPIC -* Sun Sep 18 2005 - kukuk@suse.de +* Sun Sep 18 2005 kukuk@suse.de - Update to current CVS -* Tue Aug 23 2005 - kukuk@suse.de +* Tue Aug 23 2005 kukuk@suse.de - Update to new snapshot (Major version is back to 0) -* Fri Aug 19 2005 - kukuk@suse.de +* Fri Aug 19 2005 kukuk@suse.de - Update to Linux-PAM 0.99.0.3 snapshot -* Mon Jul 11 2005 - kukuk@suse.de +* Mon Jul 11 2005 kukuk@suse.de - Add pam_umask -* Mon Jul 04 2005 - kukuk@suse.de +* Mon Jul 04 2005 kukuk@suse.de - Update to current CVS snapshot -* Thu Jun 23 2005 - kukuk@suse.de +* Thu Jun 23 2005 kukuk@suse.de - Update to current CVS snapshot - Add pam_loginuid -* Thu Jun 09 2005 - kukuk@suse.de +* Thu Jun 09 2005 kukuk@suse.de - Update to current CVS snapshot -* Mon Jun 06 2005 - kukuk@suse.de +* Mon Jun 06 2005 kukuk@suse.de - Don't reset priority [#81690] - Fix creating of symlinks -* Fri May 20 2005 - kukuk@suse.de +* Fri May 20 2005 kukuk@suse.de - Update to current CVS snapshot - Real fix for [#82687] (don't include kernel header files) -* Thu May 12 2005 - schubi@suse.de +* Thu May 12 2005 schubi@suse.de - Bug 82687 - pam_client.h redefines __u8 and __u32 -* Fri Apr 29 2005 - kukuk@suse.de +* Fri Apr 29 2005 kukuk@suse.de - Apply lot of fixes from CVS (including SELinux support) -* Fri Apr 01 2005 - kukuk@suse.de +* Fri Apr 01 2005 kukuk@suse.de - Update to final 0.79 release -* Mon Mar 14 2005 - kukuk@suse.de +* Mon Mar 14 2005 kukuk@suse.de - Apply patch for pam_xauth to preserve DISPLAY variable [#66885] -* Mon Jan 24 2005 - kukuk@suse.de +* Mon Jan 24 2005 kukuk@suse.de - Compile with large file support -* Mon Jan 24 2005 - schubi@suse.de +* Mon Jan 24 2005 schubi@suse.de - Made patch of latest CVS tree - Removed patch pam_handler.diff ( included in CVS now ) - moved Linux-PAM-0.78.dif to pam_group_time.diff -* Wed Jan 05 2005 - kukuk@suse.de +* Wed Jan 05 2005 kukuk@suse.de - Fix seg.fault, if a PAM config line is incomplete -* Thu Nov 18 2004 - kukuk@suse.de +* Thu Nov 18 2004 kukuk@suse.de - Update to final 0.78 -* Mon Nov 08 2004 - kukuk@suse.de +* Mon Nov 08 2004 kukuk@suse.de - Add pam_env.so to common-auth - Add pam_limit.so to common-session -* Wed Oct 13 2004 - kukuk@suse.de +* Wed Oct 13 2004 kukuk@suse.de - Update to 0.78-Beta1 -* Wed Sep 22 2004 - kukuk@suse.de +* Wed Sep 22 2004 kukuk@suse.de - Create pam.d/common-{auth,account,password,session} and include them in pam.d/other - Update to current CVS version of upcoming 0.78 release -* Mon Aug 23 2004 - kukuk@suse.de +* Mon Aug 23 2004 kukuk@suse.de - Update "code cleanup" patch - Disable reading of /etc/environment in pam_env.so per default -* Thu Aug 19 2004 - kukuk@suse.de +* Thu Aug 19 2004 kukuk@suse.de - Reenable a "fixed" version of "code cleanup" patch - Use pam_wheel from pam-modules package -* Wed Aug 18 2004 - kukuk@suse.de +* Wed Aug 18 2004 kukuk@suse.de - Disable "code cleanup" patch (no more comments about security fixes) -* Fri Aug 13 2004 - kukuk@suse.de +* Fri Aug 13 2004 kukuk@suse.de - Apply big "code cleanup" patch [Bug #39673] -* Fri Mar 12 2004 - kukuk@suse.de +* Fri Mar 12 2004 kukuk@suse.de - pam_wheel: Use original getlogin again, PAM internal does not work without application help [Bug #35682] -* Sun Jan 18 2004 - meissner@suse.de +* Sun Jan 18 2004 meissner@suse.de - We no longer have pam in the buildsystem, so we need some buildroot magic flags for the dlopen tests. -* Thu Jan 15 2004 - kukuk@suse.de +* Fri Jan 16 2004 kukuk@suse.de - Cleanup neededforbuild -* Fri Dec 05 2003 - kukuk@suse.de +* Fri Dec 05 2003 kukuk@suse.de - Add manual pages from SLES8 -* Fri Nov 28 2003 - kukuk@suse.de +* Fri Nov 28 2003 kukuk@suse.de - Fix installing manual pages of modules - Remove pthread check (db is now linked against pthread) -* Thu Nov 27 2003 - kukuk@suse.de +* Thu Nov 27 2003 kukuk@suse.de - Merge with current CVS - Apply bug fixes from bugtracking system - Build as normal user -* Fri Nov 21 2003 - kukuk@suse.de +* Fri Nov 21 2003 kukuk@suse.de - Compile with noexecstack -* Thu Nov 06 2003 - kukuk@suse.de +* Thu Nov 06 2003 kukuk@suse.de - Fix pam_securetty CVS patch -* Wed Oct 29 2003 - kukuk@suse.de +* Wed Oct 29 2003 kukuk@suse.de - Sync with current CVS version -* Thu Oct 02 2003 - kukuk@suse.de +* Thu Oct 02 2003 kukuk@suse.de - Add patch to implement "include" statement in pamd files -* Wed Sep 10 2003 - uli@suse.de +* Wed Sep 10 2003 uli@suse.de - added ttyS1 (VT220) to securetty on s390* (bug #29239) -* Mon Jul 28 2003 - kukuk@suse.de +* Mon Jul 28 2003 kukuk@suse.de - Apply lot of fixes for various problems -* Tue Jun 10 2003 - kukuk@suse.de +* Tue Jun 10 2003 kukuk@suse.de - Fix getlogin handling in pam_wheel.so -* Tue May 27 2003 - ro@suse.de +* Tue May 27 2003 ro@suse.de - added cracklib-devel to neededforbuild -* Thu Feb 13 2003 - kukuk@suse.de +* Thu Feb 13 2003 kukuk@suse.de - Update pam_localuser and pam_xauth. -* Wed Nov 13 2002 - kukuk@suse.de +* Wed Nov 13 2002 kukuk@suse.de - Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) -* Mon Nov 11 2002 - ro@suse.de +* Mon Nov 11 2002 ro@suse.de - changed neededforbuild to -* Sat Sep 14 2002 - ro@suse.de +* Sat Sep 14 2002 ro@suse.de - changed securetty / use extra file -* Fri Sep 13 2002 - bk@suse.de +* Fri Sep 13 2002 bk@suse.de - 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty -* Tue Aug 27 2002 - kukuk@suse.de +* Tue Aug 27 2002 kukuk@suse.de - Call password checking helper from pam_unix.so whenever the passwd field is invalid. -* Sat Aug 24 2002 - kukuk@suse.de +* Sat Aug 24 2002 kukuk@suse.de - Don't build ps and pdf documentation -* Fri Aug 09 2002 - kukuk@suse.de +* Fri Aug 09 2002 kukuk@suse.de - pam-devel requires pam [Bug #17543] -* Wed Jul 17 2002 - kukuk@suse.de +* Wed Jul 17 2002 kukuk@suse.de - Remove explicit requires -* Wed Jul 10 2002 - kukuk@suse.de +* Wed Jul 10 2002 kukuk@suse.de - Update to Linux-PAM 0.76 - Remove reentrant patch for original PAM modules (needs to be rewritten for new PAM version) - Add docu in PDF format -* Thu Jul 04 2002 - kukuk@suse.de +* Thu Jul 04 2002 kukuk@suse.de - Fix build on different partitions -* Tue Apr 16 2002 - mmj@suse.de +* Tue Apr 16 2002 mmj@suse.de - Fix to not own /usr/shar/man/man3 -* Wed Mar 13 2002 - kukuk@suse.de +* Wed Mar 13 2002 kukuk@suse.de - Add /usr/include/security to pam-devel filelist -* Mon Feb 11 2002 - ro@suse.de +* Mon Feb 11 2002 ro@suse.de - tar option for bz2 is "j" -* Fri Jan 25 2002 - kukuk@suse.de +* Fri Jan 25 2002 kukuk@suse.de - Fix last pam_securetty patch -* Thu Jan 24 2002 - kukuk@suse.de +* Thu Jan 24 2002 kukuk@suse.de - Use reentrant getpwnam functions for most modules - Fix unresolved symbols in pam_access and pam_userdb -* Sun Jan 20 2002 - kukuk@suse.de +* Sun Jan 20 2002 kukuk@suse.de - libpam_misc: Don't handle Ctrl-D as error. -* Wed Jan 16 2002 - kukuk@suse.de +* Wed Jan 16 2002 kukuk@suse.de - Remove SuSEconfig.pam - Update pam_localuser and pam_xauth - Add new READMEs about blowfish and cracklib -* Mon Nov 12 2001 - kukuk@suse.de +* Mon Nov 12 2001 kukuk@suse.de - Remove pam_unix.so (is part of pam-modules) -* Fri Nov 09 2001 - kukuk@suse.de +* Fri Nov 09 2001 kukuk@suse.de - Move extra PAM modules to separate package - Require pam-modules package -* Fri Aug 24 2001 - kukuk@suse.de +* Fri Aug 24 2001 kukuk@suse.de - Move susehelp config file to susehelp package -* Mon Aug 13 2001 - ro@suse.de +* Mon Aug 13 2001 ro@suse.de - changed neededforbuild to -* Tue Aug 07 2001 - kukuk@suse.de +* Tue Aug 07 2001 kukuk@suse.de - Fixes wrong symlink handling of pam_homecheck [Bug #3905] -* Wed Jul 11 2001 - kukuk@suse.de +* Wed Jul 11 2001 kukuk@suse.de - Sync pam_homecheck and pam_unix2 fixes from 7.2 - Always ask for the old password if it is expired -* Sat May 05 2001 - kukuk@suse.de +* Sat May 05 2001 kukuk@suse.de - Cleanup Patches, make tar archive from extra pam modules -* Fri May 04 2001 - kukuk@suse.de +* Fri May 04 2001 kukuk@suse.de - Use LOG_NOTICE for trace option [Bug #7673] -* Thu Apr 12 2001 - kukuk@suse.de +* Thu Apr 12 2001 kukuk@suse.de - Linux-PAM: link pam_access against libnsl - Add pam.conf for susehelp/pam html docu -* Tue Apr 10 2001 - kukuk@suse.de +* Tue Apr 10 2001 kukuk@suse.de - Linux-PAM: Update to version 0.75 -* Tue Apr 03 2001 - kukuk@suse.de +* Tue Apr 03 2001 kukuk@suse.de - Linux-PAM: link libpam_misc against libpam [Bug #6890] -* Thu Mar 08 2001 - kukuk@suse.de +* Thu Mar 08 2001 kukuk@suse.de - Linux-PAM: Fix manual pages (.so reference) - pam_pwcheck: fix Makefile -* Tue Mar 06 2001 - kukuk@suse.de +* Tue Mar 06 2001 kukuk@suse.de - Update for Linux-PAM 0.74 - Drop pwdb subpackage -* Tue Feb 13 2001 - kukuk@suse.de +* Tue Feb 13 2001 kukuk@suse.de - pam_unix2: Create temp files with permission 0600 -* Tue Feb 06 2001 - ro@suse.de +* Tue Feb 06 2001 ro@suse.de - pam_issue.c: include time.h to make it compile -* Fri Jan 05 2001 - kukuk@suse.de +* Fri Jan 05 2001 kukuk@suse.de - Don't print error message about failed initialization from pam_limits with kernel 2.2 [Bug #5198] -* Thu Jan 04 2001 - kukuk@suse.de +* Thu Jan 04 2001 kukuk@suse.de - Adjust docu for pam_limits -* Sun Dec 17 2000 - kukuk@suse.de +* Sun Dec 17 2000 kukuk@suse.de - Adjust docu for pam_pwcheck -* Thu Dec 07 2000 - kukuk@suse.de +* Thu Dec 07 2000 kukuk@suse.de - Add fix for pam_limits from 0.73 -* Thu Oct 26 2000 - kukuk@suse.de +* Thu Oct 26 2000 kukuk@suse.de - Add db-devel to need for build -* Fri Oct 20 2000 - kukuk@suse.de +* Fri Oct 20 2000 kukuk@suse.de - Don't link PAM modules against old libpam library -* Wed Oct 18 2000 - kukuk@suse.de +* Wed Oct 18 2000 kukuk@suse.de - Create new "devel" subpackage -* Thu Oct 12 2000 - kukuk@suse.de +* Thu Oct 12 2000 kukuk@suse.de - Add SuSEconfig.pam -* Tue Oct 03 2000 - kukuk@suse.de +* Tue Oct 03 2000 kukuk@suse.de - Fix problems with new gcc and glibc 2.2 header files -* Wed Sep 13 2000 - kukuk@suse.de +* Wed Sep 13 2000 kukuk@suse.de - Fix problem with passwords longer then PASS_MAX_LEN -* Wed Sep 06 2000 - kukuk@suse.de +* Wed Sep 06 2000 kukuk@suse.de - Add missing PAM modules to filelist - Fix seg.fault in pam_pwcheck [BUG #3894] - Clean spec file -* Fri Jun 23 2000 - kukuk@suse.de +* Fri Jun 23 2000 kukuk@suse.de - Lot of bug fixes in pam_unix2 and pam_pwcheck - compress postscript docu -* Mon May 15 2000 - kukuk@suse.de +* Mon May 15 2000 kukuk@suse.de - Move docu to /usr/share/doc/pam - Fix some bugs in pam_unix2 and pam_pwcheck -* Tue Apr 25 2000 - kukuk@suse.de +* Tue Apr 25 2000 kukuk@suse.de - Add pam_homecheck Module -* Tue Apr 25 2000 - kukuk@suse.de +* Tue Apr 25 2000 kukuk@suse.de - Add devfs devices to /etc/securetty -* Wed Mar 01 2000 - kukuk@suse.de +* Wed Mar 01 2000 kukuk@suse.de - Fix handling of changing passwords to empty one -* Tue Feb 22 2000 - kukuk@suse.de +* Tue Feb 22 2000 kukuk@suse.de - Set correct attr for unix_chkpwd and pwdb_chkpwd -* Tue Feb 15 2000 - kukuk@suse.de +* Tue Feb 15 2000 kukuk@suse.de - Update pam_pwcheck - Update pam_unix2 -* Mon Feb 07 2000 - kukuk@suse.de +* Mon Feb 07 2000 kukuk@suse.de - pwdb: Update to 0.61 -* Thu Jan 27 2000 - kukuk@suse.de +* Thu Jan 27 2000 kukuk@suse.de - Add config files and README for md5 passwords - Update pam_pwcheck - Update pam_unix2 -* Thu Jan 13 2000 - kukuk@suse.de +* Thu Jan 13 2000 kukuk@suse.de - Update pam_unix2 - New: pam_pwcheck - Update to Linux-PAM 0.72 -* Wed Oct 13 1999 - kukuk@suse.de +* Wed Oct 13 1999 kukuk@suse.de - pam_pwdb: Add security fixes from RedHat -* Mon Oct 11 1999 - kukuk@suse.de +* Mon Oct 11 1999 kukuk@suse.de - Update to Linux-PAM 0.70 - Update to pwdb-0.60 - Fix more pam_unix2 shadow bugs -* Fri Oct 08 1999 - kukuk@suse.de +* Fri Oct 08 1999 kukuk@suse.de - Add more PAM fixes - Implement Password changing request (sp_lstchg == 0) -* Mon Sep 13 1999 - bs@suse.de +* Mon Sep 13 1999 bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. -* Sat Sep 11 1999 - kukuk@suse.de +* Sat Sep 11 1999 kukuk@suse.de - Add pam_wheel to file list - pam_wheel: Minor fixes - pam_unix2: root is allowed to change passwords with wrong password aging information -* Mon Aug 30 1999 - kukuk@suse.de +* Mon Aug 30 1999 kukuk@suse.de - pam_unix2: Fix typo -* Thu Aug 19 1999 - kukuk@suse.de +* Thu Aug 19 1999 kukuk@suse.de - Linux-PAM: Update to version 0.69 -* Fri Jul 16 1999 - kukuk@suse.de +* Fri Jul 16 1999 kukuk@suse.de - pam_unix2: Root is allowed to use the old password again. -* Tue Jul 13 1999 - kukuk@suse.de +* Tue Jul 13 1999 kukuk@suse.de - pam_unix2: Allow root to set an empty password. -* Sat Jul 10 1999 - kukuk@suse.de +* Sat Jul 10 1999 kukuk@suse.de - Add HP-UX password aging to pam_unix2. -* Wed Jul 07 1999 - kukuk@suse.de +* Wed Jul 07 1999 kukuk@suse.de - Don't install .cvsignore files - Make sure, /etc/shadow has the correct rights -* Tue Jul 06 1999 - kukuk@suse.de +* Tue Jul 06 1999 kukuk@suse.de - Update to Linux-PAM 0.68 -* Wed Jun 30 1999 - kukuk@suse.de +* Wed Jun 30 1999 kukuk@suse.de - pam_unix2: more bug fixes -* Tue Jun 29 1999 - kukuk@suse.de +* Tue Jun 29 1999 kukuk@suse.de - pam_unix2: Fix "inactive" password -* Mon Jun 28 1999 - kukuk@suse.de +* Mon Jun 28 1999 kukuk@suse.de - pam_warn: Add missing functions - other.pamd: Update - Add more doku -* Thu Jun 24 1999 - kukuk@suse.de +* Thu Jun 24 1999 kukuk@suse.de - Add securetty config file - Fix Debian pam_env patch -* Mon Jun 21 1999 - kukuk@suse.de +* Mon Jun 21 1999 kukuk@suse.de - Update to Linux-PAM 0.67 - Add Debian pam_env patch -* Thu Jun 17 1999 - kukuk@suse.de +* Thu Jun 17 1999 kukuk@suse.de - pam_ftp malloc (core dump) fix -* Tue Jun 15 1999 - kukuk@suse.de +* Tue Jun 15 1999 kukuk@suse.de - pam_unix2 fixes -* Mon Jun 07 1999 - kukuk@suse.de +* Mon Jun 07 1999 kukuk@suse.de - First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 -- 2.51.1 From 93bb319e3d2f1a91c8e699dfa607a487cd356673b3cdc2b4e4edee82ff51ecdd Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sun, 6 Apr 2008 01:54:16 +0000 Subject: [PATCH 012/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=12 --- Linux-PAM-0.99.10.0-docs.tar.bz2 | 3 --- Linux-PAM-0.99.10.0.tar.bz2 | 3 --- Linux-PAM-1.0.0-docs.tar.bz2 | 3 +++ Linux-PAM-1.0.0.tar.bz2 | 3 +++ pam.changes | 13 +++++++++++++ pam.spec | 28 ++++++++++++++++++---------- securetty | 7 ------- 7 files changed, 37 insertions(+), 23 deletions(-) delete mode 100644 Linux-PAM-0.99.10.0-docs.tar.bz2 delete mode 100644 Linux-PAM-0.99.10.0.tar.bz2 create mode 100644 Linux-PAM-1.0.0-docs.tar.bz2 create mode 100644 Linux-PAM-1.0.0.tar.bz2 diff --git a/Linux-PAM-0.99.10.0-docs.tar.bz2 b/Linux-PAM-0.99.10.0-docs.tar.bz2 deleted file mode 100644 index 70a0cb7..0000000 --- a/Linux-PAM-0.99.10.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:28820b2e1f965c5237e04fe9ff0fabf2e063fc66315c568003dfb044eec9ae7b -size 708873 diff --git a/Linux-PAM-0.99.10.0.tar.bz2 b/Linux-PAM-0.99.10.0.tar.bz2 deleted file mode 100644 index 24c7d71..0000000 --- a/Linux-PAM-0.99.10.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e08ab35169bfc3f1c409478889b20d7635f19c7a9765ff347de2330d18e5ac40 -size 932148 diff --git a/Linux-PAM-1.0.0-docs.tar.bz2 b/Linux-PAM-1.0.0-docs.tar.bz2 new file mode 100644 index 0000000..c73e45b --- /dev/null +++ b/Linux-PAM-1.0.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1540ab263927beff5558b9c1fbf28b3a6735cad508135638e82cd5508c437c9d +size 708717 diff --git a/Linux-PAM-1.0.0.tar.bz2 b/Linux-PAM-1.0.0.tar.bz2 new file mode 100644 index 0000000..c03e5bd --- /dev/null +++ b/Linux-PAM-1.0.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b9e88f513c0e9d3c4f9171ba0a9522228b2d8a5438d6aaa6cfb56fb1028e1ae7 +size 965138 diff --git a/pam.changes b/pam.changes index f65177b..a4177cc 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + ------------------------------------------------------------------- Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 443def7..d9a0dab 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 0.99.10.0) +# spec file for package pam (Version 1.0.0) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -21,13 +21,13 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.81.10 +%define libpam_so_version 0.81.11 %define libpam_misc_so_version 0.81.3 %define libpamc_so_version 0.81.0 License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on -Version: 0.99.10.0 +Version: 1.0.0 Release: 1 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus @@ -50,6 +50,7 @@ having to recompile programs that do authentication. %package doc +License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML @@ -63,6 +64,7 @@ This package contains the documentation. %package devel +License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: pam = %{version} glibc-devel @@ -164,11 +166,10 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_keyinit.so %clean rm -rf $RPM_BUILD_ROOT -%post -%run_ldconfig +%post -p /sbin/ldconfig %postun -%run_ldconfig +/sbin/ldconfig %verifyscript %verify_permissions -e /sbin/unix_chkpwd @@ -280,6 +281,13 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Fri Apr 04 2008 kukuk@suse.de +- Remove devfs lines from securetty [bnc#372241] +* Thu Apr 03 2008 kukuk@suse.de +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates * Fri Feb 15 2008 kukuk@suse.de - Update to version 0.99.10.0: - New substack directive in config file syntax @@ -409,7 +417,7 @@ rm -rf $RPM_BUILD_ROOT - Add all services to pam_listfile * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Fri Jan 13 2006 kukuk@suse.de +* Sat Jan 14 2006 kukuk@suse.de - Update to Linux-PAM 0.99.3.0 release candiate tar balls (new translations) * Mon Jan 09 2006 kukuk@suse.de @@ -566,14 +574,14 @@ rm -rf $RPM_BUILD_ROOT - Fix to not own /usr/shar/man/man3 * Wed Mar 13 2002 kukuk@suse.de - Add /usr/include/security to pam-devel filelist -* Mon Feb 11 2002 ro@suse.de +* Tue Feb 12 2002 ro@suse.de - tar option for bz2 is "j" * Fri Jan 25 2002 kukuk@suse.de - Fix last pam_securetty patch * Thu Jan 24 2002 kukuk@suse.de - Use reentrant getpwnam functions for most modules - Fix unresolved symbols in pam_access and pam_userdb -* Sun Jan 20 2002 kukuk@suse.de +* Mon Jan 21 2002 kukuk@suse.de - libpam_misc: Don't handle Ctrl-D as error. * Wed Jan 16 2002 kukuk@suse.de - Remove SuSEconfig.pam @@ -614,7 +622,7 @@ rm -rf $RPM_BUILD_ROOT - pam_unix2: Create temp files with permission 0600 * Tue Feb 06 2001 ro@suse.de - pam_issue.c: include time.h to make it compile -* Fri Jan 05 2001 kukuk@suse.de +* Sat Jan 06 2001 kukuk@suse.de - Don't print error message about failed initialization from pam_limits with kernel 2.2 [Bug #5198] * Thu Jan 04 2001 kukuk@suse.de diff --git a/securetty b/securetty index a2f8307..20a3840 100644 --- a/securetty +++ b/securetty @@ -8,10 +8,3 @@ tty3 tty4 tty5 tty6 -# for devfs: -vc/1 -vc/2 -vc/3 -vc/4 -vc/5 -vc/6 -- 2.51.1 From 678aa79a11f82b7b61ecb6b6bf8f1ecc4bf0c67dab1c34d16693544bfb83f914 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 10 Apr 2008 13:20:08 +0000 Subject: [PATCH 013/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=13 --- baselibs.conf | 2 ++ pam.changes | 6 ++++++ pam.spec | 5 ++++- 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 baselibs.conf diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..4cd0578 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,2 @@ +pam +pam-devel diff --git a/pam.changes b/pam.changes index a4177cc..569b9b9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + ------------------------------------------------------------------- Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index d9a0dab..77b0199 100644 --- a/pam.spec +++ b/pam.spec @@ -28,7 +28,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.0 -Release: 1 +Release: 3 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -281,6 +281,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Thu Apr 10 2008 ro@suse.de +- added baselibs.conf file to build xxbit packages + for multilib support * Fri Apr 04 2008 kukuk@suse.de - Remove devfs lines from securetty [bnc#372241] * Thu Apr 03 2008 kukuk@suse.de -- 2.51.1 From d90d782f300e86ffa3500fcd7705dc60d10e0f081f13bea8e9c381ebf5907a3a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 25 Apr 2008 13:20:44 +0000 Subject: [PATCH 014/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=14 --- Linux-PAM-1.0.0-docs.tar.bz2 | 3 --- Linux-PAM-1.0.0.tar.bz2 | 3 --- Linux-PAM-1.0.1-docs.tar.bz2 | 3 +++ Linux-PAM-1.0.1.tar.bz2 | 3 +++ pam.changes | 6 ++++++ pam.spec | 15 +++++++++++---- 6 files changed, 23 insertions(+), 10 deletions(-) delete mode 100644 Linux-PAM-1.0.0-docs.tar.bz2 delete mode 100644 Linux-PAM-1.0.0.tar.bz2 create mode 100644 Linux-PAM-1.0.1-docs.tar.bz2 create mode 100644 Linux-PAM-1.0.1.tar.bz2 diff --git a/Linux-PAM-1.0.0-docs.tar.bz2 b/Linux-PAM-1.0.0-docs.tar.bz2 deleted file mode 100644 index c73e45b..0000000 --- a/Linux-PAM-1.0.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1540ab263927beff5558b9c1fbf28b3a6735cad508135638e82cd5508c437c9d -size 708717 diff --git a/Linux-PAM-1.0.0.tar.bz2 b/Linux-PAM-1.0.0.tar.bz2 deleted file mode 100644 index c03e5bd..0000000 --- a/Linux-PAM-1.0.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b9e88f513c0e9d3c4f9171ba0a9522228b2d8a5438d6aaa6cfb56fb1028e1ae7 -size 965138 diff --git a/Linux-PAM-1.0.1-docs.tar.bz2 b/Linux-PAM-1.0.1-docs.tar.bz2 new file mode 100644 index 0000000..cb0d8ee --- /dev/null +++ b/Linux-PAM-1.0.1-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0cece8350dacc264479a4d047b8b9bf0e6deab89a169f638aef8ebfb153f6d9d +size 709063 diff --git a/Linux-PAM-1.0.1.tar.bz2 b/Linux-PAM-1.0.1.tar.bz2 new file mode 100644 index 0000000..2a1cb29 --- /dev/null +++ b/Linux-PAM-1.0.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:62973b460be34fb7cb4b650bd62ce0c2318d13777b7312ef12656e55a2d9f00e +size 979879 diff --git a/pam.changes b/pam.changes index 569b9b9..f4ad4d7 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de diff --git a/pam.spec b/pam.spec index 77b0199..50e0867 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.0.0) +# spec file for package pam (Version 1.0.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -21,14 +21,14 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.81.11 +%define libpam_so_version 0.81.12 %define libpam_misc_so_version 0.81.3 %define libpamc_so_version 0.81.0 License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on -Version: 1.0.0 -Release: 3 +Version: 1.0.1 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -160,6 +160,10 @@ rm $DOC/modules/README.pam_namespace rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_keyinit* rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_keyinit.so %endif +# +# XXX Fix name of locale +# +mv $RPM_BUILD_ROOT/usr/share/locale/sr@latin $RPM_BUILD_ROOT/usr/share/locale/sr@Latn # Create filelist with translatins %{find_lang} Linux-PAM @@ -281,6 +285,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Wed Apr 16 2008 kukuk@suse.de +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). * Thu Apr 10 2008 ro@suse.de - added baselibs.conf file to build xxbit packages for multilib support -- 2.51.1 From 899875f86b0eed4a22052f90d92ecfdea01c866a924ff5e01dd566a1e1a0fa3a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 21 Aug 2008 16:47:18 +0000 Subject: [PATCH 015/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=15 --- pam.changes | 5 +++++ pam.spec | 19 +++++++++++++------ 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/pam.changes b/pam.changes index f4ad4d7..69a3532 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + ------------------------------------------------------------------- Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 50e0867..1960504 100644 --- a/pam.spec +++ b/pam.spec @@ -2,15 +2,22 @@ # spec file for package pam (Version 1.0.1) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild -%define enable_selinux 0 +%define enable_selinux 1 Name: pam Url: http://www.kernel.org/pub/linux/libs/pam/ @@ -28,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.1 -Release: 1 +Release: 26 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -151,8 +158,6 @@ mkdir -p $DOC/modules # Install misc docu and md5.config # install -m 644 CHANGELOG Copyright README $DOC -# SELinux is not part of SL: -rm $DOC/modules/README.pam_selinux # Not for CODE10 and older %if %{suse_version} <= 1010 rm $DOC/modules/README.pam_keyinit @@ -285,6 +290,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Wed Aug 20 2008 prusnak@suse.cz +- enabled SELinux support [Fate#303662] * Wed Apr 16 2008 kukuk@suse.de - Update to version 1.0.1: - Fixes regression in pam_set_item(). -- 2.51.1 From 513de029acc9f80ba5b34af22044ade69c955df791648204f53cb276cc56ae8f Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 29 Aug 2008 23:16:13 +0000 Subject: [PATCH 016/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=16 --- Linux-PAM-1.0.1-docs.tar.bz2 | 3 - Linux-PAM-1.0.1.tar.bz2 | 3 - Linux-PAM-1.0.2-SUSE-docs.tar.bz2 | 3 + Linux-PAM-1.0.2.tar.bz2 | 3 + Linux-PAM-docu-generated.diff | 1884 ++++++++++++++++++++++++++++ Linux-PAM-docu.diff | 1645 ++++++++++++++++++++++++ pam-1.0.0-selinux-env-params.patch | 561 +++++++++ pam-1.0.1-namespace-create.patch | 679 ++++++++++ pam.changes | 7 + pam.spec | 26 +- pam_sepermit.diff | 17 + pam_tally.diff | 173 +++ pam_xauth.diff | 26 + 13 files changed, 5020 insertions(+), 10 deletions(-) delete mode 100644 Linux-PAM-1.0.1-docs.tar.bz2 delete mode 100644 Linux-PAM-1.0.1.tar.bz2 create mode 100644 Linux-PAM-1.0.2-SUSE-docs.tar.bz2 create mode 100644 Linux-PAM-1.0.2.tar.bz2 create mode 100644 Linux-PAM-docu-generated.diff create mode 100644 Linux-PAM-docu.diff create mode 100644 pam-1.0.0-selinux-env-params.patch create mode 100644 pam-1.0.1-namespace-create.patch create mode 100644 pam_sepermit.diff create mode 100644 pam_tally.diff create mode 100644 pam_xauth.diff diff --git a/Linux-PAM-1.0.1-docs.tar.bz2 b/Linux-PAM-1.0.1-docs.tar.bz2 deleted file mode 100644 index cb0d8ee..0000000 --- a/Linux-PAM-1.0.1-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0cece8350dacc264479a4d047b8b9bf0e6deab89a169f638aef8ebfb153f6d9d -size 709063 diff --git a/Linux-PAM-1.0.1.tar.bz2 b/Linux-PAM-1.0.1.tar.bz2 deleted file mode 100644 index 2a1cb29..0000000 --- a/Linux-PAM-1.0.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:62973b460be34fb7cb4b650bd62ce0c2318d13777b7312ef12656e55a2d9f00e -size 979879 diff --git a/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 b/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 new file mode 100644 index 0000000..13eac9b --- /dev/null +++ b/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2edaf8a8c29b7a214f99871aeb19a427c4a368604bc40281c655adfffb7852bc +size 475385 diff --git a/Linux-PAM-1.0.2.tar.bz2 b/Linux-PAM-1.0.2.tar.bz2 new file mode 100644 index 0000000..a4087f8 --- /dev/null +++ b/Linux-PAM-1.0.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1f85b4ed494c73b43fcfb195758ee6570615fd6e5f7cf09fd27644a1838019ae +size 980339 diff --git a/Linux-PAM-docu-generated.diff b/Linux-PAM-docu-generated.diff new file mode 100644 index 0000000..99b7bd0 --- /dev/null +++ b/Linux-PAM-docu-generated.diff @@ -0,0 +1,1884 @@ +--- Linux-PAM-1.0.2-old/doc/man/pam_getenv.3 2008-04-16 11:09:52.000000000 +0200 ++++ Linux-PAM-1.0.2/doc/man/pam_getenv.3 2008-08-29 14:06:54.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_getenv + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GETENV" "3" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -27,8 +27,9 @@ + \fBpam_getenv\fR + function searches the PAM environment list as associated with the handle + \fIpamh\fR +-for a string that matches the string pointed to by +-\fIname\fR\. The return values are of the form: "\fIname=value\fR"\. ++for an item that matches the string pointed to by ++\fIname\fR ++and returns the value of the environment variable\. + .SH "RETURN VALUES" + .PP + The +--- Linux-PAM-1.0.2-old/doc/man/pam_prompt.3 2008-04-16 11:09:59.000000000 +0200 ++++ Linux-PAM-1.0.2/doc/man/pam_prompt.3 2008-08-29 14:06:55.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_prompt + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_PROMPT" "3" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -27,7 +27,9 @@ + .PP + The + \fBpam_prompt\fR +-function constructs a message from the specified format string and arguments and passes it to ++function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\. Upon successful return, ++\fIresponse\fR ++is set to point to a string returned from the conversation function\. This string is allocated on heap and should be freed\. + .SH "RETURN VALUES" + .PP + PAM_BUF_ERR +--- Linux-PAM-1.0.2-old/modules/pam_access/pam_access.8 2008-04-16 11:06:35.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2008-08-29 14:04:27.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_access + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ACCESS" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -64,9 +64,13 @@ + .RS 4 + The group database will not be used for tokens not identified as account name\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-All services are supported\. ++All module types (\fBauth\fR, ++\fBaccount\fR, ++\fBpassword\fR ++and ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -105,7 +109,7 @@ + .PP + + \fBaccess.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8)\. + .SH "AUTHORS" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 2008-04-16 11:06:38.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2008-08-29 14:04:30.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_cracklib + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_CRACKLIB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_CRACKLIB" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -157,7 +157,7 @@ + \fBminlen\fR + less than 10\. + .sp +-(N > 0) This is the minimum number of upper case letters that must be met for a new password\. ++(N < 0) This is the minimum number of upper case letters that must be met for a new password\. + .RE + .PP + \fBlcredit=\fR\fB\fIN\fR\fR +@@ -212,11 +212,11 @@ + .RS 4 + Path to the cracklib dictionaries\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-Only he ++Only the + \fBpassword\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -302,7 +302,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_cracklib/README 2008-04-16 11:06:39.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2008-08-29 14:04:32.000000000 +0200 +@@ -129,7 +129,7 @@ + will count +1 towards meeting the current minlen value. The default for + ucredit is 1 which is the recommended value for minlen less than 10. + +- (N > 0) This is the minimum number of upper case letters that must be met ++ (N < 0) This is the minimum number of upper case letters that must be met + for a new password. + + lcredit=N +--- Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 2008-04-16 11:06:41.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2008-08-29 14:04:34.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_debug + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_DEBUG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DEBUG" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -87,15 +87,13 @@ + Where + \fIvalue\fR + can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\. +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services +-\fBauth\fR, ++All module types (\fBauth\fR, + \fBaccount\fR, + \fBpassword\fR + and +-\fBsession\fR +-are supported\. ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -119,7 +117,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 2008-04-16 11:06:44.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2008-08-29 14:04:37.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_deny + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_DENY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DENY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -22,13 +22,13 @@ + .SH "OPTIONS" + .PP + This module does not recognise any options\. +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-All services (\fBaccount\fR, ++All module types (\fBaccount\fR, + \fBauth\fR, + \fBpassword\fR + and +-\fBsession\fR) are supported\. ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -75,7 +75,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 2008-04-16 11:06:47.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2008-08-29 14:04:40.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_echo + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_ECHO" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ECHO" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -66,9 +66,13 @@ + \fI/path/message\fR + will be printed with the PAM conversion function as PAM_TEXT_INFO\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-All services are supported\. ++All module types (\fBauth\fR, ++\fBaccount\fR, ++\fBpassword\fR ++and ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + PAM_BUF_ERR +@@ -101,7 +105,7 @@ + .PP + + \fBpam.conf\fR(8), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 2008-04-16 11:06:52.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2008-08-29 14:04:44.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_env + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_ENV" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -27,7 +27,7 @@ + .PP + This module can also parse a file with simple + \fIKEY=VAL\fR +-pairs on seperate lines (\fI/etc/environment\fR ++pairs on separate lines (\fI/etc/environment\fR + by default)\. You can change the default file to parse, with the + \fIenvfile\fR + flag and turn it on or off by setting the +@@ -59,13 +59,13 @@ + .RS 4 + Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\. By default this option is on\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + The + \fBauth\fR + and + \fBsession\fR +-services are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_ABORT +@@ -102,7 +102,7 @@ + .PP + + \fBpam_env.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8)\. + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_env/README 2008-04-16 11:06:53.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_env/README 2008-08-29 14:04:45.000000000 +0200 +@@ -11,7 +11,7 @@ + By default rules for (un)setting of variables is taken from the config file / + etc/security/pam_env.conf if no other file is specified. + +-This module can also parse a file with simple KEY=VAL pairs on seperate lines ++This module can also parse a file with simple KEY=VAL pairs on separate lines + (/etc/environment by default). You can change the default file to parse, with + the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 + respectively. +--- Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 2008-04-16 11:09:09.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2008-08-29 14:06:39.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_exec + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_EXEC" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_EXEC" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -50,15 +50,13 @@ + .RS 4 + Per default pam_exec\.so will execute the external command with the real user ID of the calling process\. Specifying this option means the command is run with the effective user ID\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services +-\fBauth\fR, ++All module types (\fBauth\fR, + \fBaccount\fR, + \fBpassword\fR + and +-\fBsession\fR +-are supported\. ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -109,7 +107,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 2008-04-16 11:09:21.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2008-08-29 14:06:50.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_faildelay + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_FAILDELAY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FAILDELAY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -34,11 +34,11 @@ + .RS 4 + Set the delay on failure to N microseconds\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBauth\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_IGNORE +@@ -66,7 +66,7 @@ + + \fBpam_fail_delay\fR(3), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 2008-04-16 11:06:56.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2008-08-29 14:04:48.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_filter + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_FILTER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FILTER" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -109,15 +109,13 @@ + .RS 4 + The full pathname of the filter to be run and any command line arguments that the filter might expect\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services +-\fBauth\fR, ++All module types (\fBauth\fR, + \fBaccount\fR, + \fBpassword\fR + and +-\fBsession\fR +-are supported\. ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -147,7 +145,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 2008-04-16 11:07:01.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2008-08-29 14:04:51.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_ftp + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_FTP" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FTP" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -56,11 +56,11 @@ + \fB\fIXXX,YYY,\.\.\.\fR\fR\. Should the applicant enter one of these usernames the returned username is set to the first in the list: + \fIXXX\fR\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBauth\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -98,7 +98,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_group/pam_group.8 2008-04-16 11:07:06.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2008-08-29 14:04:55.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_group + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_GROUP" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GROUP" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -39,11 +39,11 @@ + .SH "OPTIONS" + .PP + This module does not recognise any options\. +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBauth\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -87,7 +87,7 @@ + .PP + + \fBgroup.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8)\. + .SH "AUTHORS" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 2008-04-16 11:07:09.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2008-08-29 14:04:58.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_issue + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_ISSUE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ISSUE" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -87,11 +87,11 @@ + .RS 4 + The file to output if not using the default\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBauth\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -131,7 +131,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 2008-04-16 11:07:12.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2008-08-29 14:05:02.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_keyinit + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_KEYINIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_KEYINIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -53,11 +53,11 @@ + .RS 4 + Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -110,7 +110,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + \fBkeyctl\fR(1) + .SH "AUTHOR" +--- Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 2008-04-16 11:07:16.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2008-08-29 14:05:05.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_lastlog + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_LASTLOG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LASTLOG" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -62,11 +62,11 @@ + .RS 4 + Don\'t update the wtmp entry\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -106,7 +106,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 2008-04-16 11:07:20.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2008-08-29 14:05:09.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_limits + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_LIMITS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_LIMITS" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -56,11 +56,11 @@ + .RS 4 + Do not report exceeded maximum logins count to the audit subsystem\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_ABORT +@@ -125,7 +125,7 @@ + .PP + + \fBlimits.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8)\. + .SH "AUTHORS" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 2008-04-16 11:07:24.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2008-08-29 14:05:12.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_listfile + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_LISTFILE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LISTFILE" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -98,15 +98,13 @@ + .RS 4 + Do not treat service refusals or missing list files as errors that need to be logged\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services +-\fBauth\fR, ++All module types (\fBauth\fR, + \fBaccount\fR, + \fBpassword\fR + and +-\fBsession\fR +-are supported\. ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -182,7 +180,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 2008-04-16 11:07:27.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2008-08-29 14:05:16.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_localuser + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_LOCALUSER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOCALUSER" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -33,13 +33,13 @@ + Use a file other than + \fI/etc/passwd\fR\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-All services (\fBaccount\fR, ++All module types (\fBaccount\fR, + \fBauth\fR, + \fBpassword\fR + and +-\fBsession\fR) are supported\. ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -81,7 +81,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 2008-04-16 11:09:18.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2008-08-29 14:06:47.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_loginuid + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_LOGINUID" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOGINUID" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -24,11 +24,11 @@ + .RS 4 + This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The ++Only the + \fBsession\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -54,7 +54,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8), + \fBauditctl\fR(8), + \fBauditd\fR(8) +--- Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 2008-04-16 11:07:30.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2008-08-29 14:05:19.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_mail + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_MAIL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MAIL" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -87,13 +87,13 @@ + .RS 4 + Old style "You have\.\.\." format which doesn\'t show the mail spool being used\. This also implies "empty"\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + The +-\fBauth\fR ++\fBsession\fR + and +-\fBaccount\fR +-services are supported\. ++\fBauth\fR ++(on establishment and deletion of credentials) module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_BUF_ERR +@@ -132,7 +132,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 2008-04-16 11:07:34.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2008-08-29 14:05:22.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_mkhomedir + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_MKHOMEDIR" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_MKHOMEDIR" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -41,11 +41,11 @@ + directory to override the default + \fI/etc/skel\fR\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_BUF_ERR +@@ -102,7 +102,7 @@ + .SH "SEE ALSO" + .PP + +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8)\. + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 2008-04-16 11:07:37.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2008-08-29 14:05:26.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_motd + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_MOTD" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MOTD" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -28,11 +28,11 @@ + \fI/path/filename\fR + file is displayed as message of the day\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_IGNORE +@@ -57,7 +57,7 @@ + + \fBmotd\fR(5), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_namespace/namespace.conf.5 2008-04-16 11:09:13.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2008-08-29 14:06:43.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: namespace.conf + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "NAMESPACE\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "NAMESPACE\.CONF" "5" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -18,7 +18,7 @@ + \fIpam_namespace\.so\fR + module allows setup of private namespaces with polyinstantiated directories\. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\. If an executable script + \fI/etc/security/namespace\.init\fR +-exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path and the instance directory path as its arguments\. ++exists, it is used to initialize the namespace every time an instance directory is set up and mounted\. The script receives the polyinstantiated directory path and the instance directory path as its arguments\. + .PP + The + \fI/etc/security/namespace\.conf\fR +--- Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 2008-04-16 11:09:14.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2008-08-29 14:06:45.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_namespace + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_NAMESPACE" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_NAMESPACE" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -19,7 +19,7 @@ + .PP + The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\. If an executable script + \fI/etc/security/namespace\.init\fR +-exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\. ++exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated direcory\. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\. + .PP + The pam_namespace module disassociates the session namespace from the parent namespace\. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\.net/Articles/159077 and http://lwn\.net/Articles/159092\. + .SH "OPTIONS" +@@ -73,11 +73,11 @@ + .RS 4 + Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\. The module will use the default SELinux context of the user for the level and context polyinstantiation\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The ++Only the + \fBsession\fR +-service is supported\. The module must not be called from multithreaded processes\. ++module type is provided\. The module must not be called from multithreaded processes\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -149,7 +149,7 @@ + .PP + + \fBnamespace.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBmount\fR(8), + \fBpam\fR(8)\. + .SH "AUTHORS" +--- Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 2008-04-16 11:07:40.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2008-08-29 14:05:29.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_nologin + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_NOLOGIN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_NOLOGIN" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -34,13 +34,13 @@ + .RS 4 + Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + The + \fBauth\fR + and + \fBacct\fR +-services are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR +@@ -103,7 +103,7 @@ + + \fBnologin\fR(5), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 2008-04-16 11:07:43.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2008-08-29 14:05:32.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_permit + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_PERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_PERMIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -27,15 +27,15 @@ + .SH "OPTIONS" + .PP + This module does not recognise any options\. +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services ++The + \fBauth\fR, + \fBaccount\fR, + \fBpassword\fR + and + \fBsession\fR +-are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -57,7 +57,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 2008-04-16 11:07:46.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2008-08-29 14:05:36.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_rhosts + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_RHOSTS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_RHOSTS" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -53,11 +53,11 @@ + \fIaccount\fR + as root\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBauth\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR +@@ -101,7 +101,7 @@ + \fBhosts.equiv\fR(5), + \fBrhosts\fR(5), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 2008-04-16 11:07:49.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2008-08-29 14:05:39.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_rootok + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ROOTOK" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -31,11 +31,11 @@ + .RS 4 + Print debug information\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBauth\fR +-service is supported\. ++type is provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -76,7 +76,7 @@ + + \fBsu\fR(1), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 2008-04-16 11:07:52.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2008-08-29 14:05:42.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_securetty + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_SECURETTY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SECURETTY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -37,11 +37,11 @@ + .RS 4 + Print debug information\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBauth\fR +-service is supported\. ++module type is provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -67,7 +67,7 @@ + \fI/etc/securetty\fR\. + .RE + .PP +-PAM_IGNORE ++PAM_USER_UNKNOWN + .RS 4 + The module could not find the user name in the + \fI/etc/passwd\fR +@@ -90,7 +90,7 @@ + + \fBsecuretty\fR(5), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_selinux/pam_selinux.8 2008-04-16 11:07:56.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2008-08-29 14:05:46.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_selinux + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_SELINUX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -14,7 +14,7 @@ + pam_selinux - PAM module to set the default security context + .SH "SYNOPSIS" + .HP 15 +-\fBpam_selinux\.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [use_current_range] ++\fBpam_selinux\.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [env_params] [use_current_range] + .SH "DESCRIPTION" + .PP + In a nutshell, pam_selinux sets up the default security context for the next execed shell\. +@@ -55,9 +55,17 @@ + Attempt to ask the user for a custom security context role\. If MLS is on ask also for sensitivity level\. + .RE + .PP ++\fBenv_params\fR ++.RS 4 ++Attempt to obtain a custom security context role from PAM environment\. If MLS is on obtain also sensitivity level\. This option and the select_context option are mutually exclusive\. The respective PAM environment variables are ++\fISELINUX_ROLE_REQUESTED\fR, ++\fISELINUX_LEVEL_REQUESTED\fR, and ++\fISELINUX_USE_CURRENT_RANGE\fR\. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module\. ++.RE ++.PP + \fBuse_current_range\fR + .RS 4 +-Use the sensitivity range of the process for the user context\. This option and the select_context option are mutually exclusive\. ++Use the sensitivity level of the current process for the user context instead of the default level\. Also supresses asking of the sensitivity level from the user or obtaining it from PAM environment\. + .RE + .SH "MODULE SERVICES PROVIDED" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_selinux/README 2008-04-16 11:07:55.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_selinux/README 2008-08-29 14:05:45.000000000 +0200 +@@ -48,10 +48,21 @@ + Attempt to ask the user for a custom security context role. If MLS is on + ask also for sensitivity level. + ++env_params ++ ++ Attempt to obtain a custom security context role from PAM environment. If ++ MLS is on obtain also sensitivity level. This option and the select_context ++ option are mutually exclusive. The respective PAM environment variables are ++ SELINUX_ROLE_REQUESTED, SELINUX_LEVEL_REQUESTED, and ++ SELINUX_USE_CURRENT_RANGE. The first two variables are self describing and ++ the last one if set to 1 makes the PAM module behave as if the ++ use_current_range was specified on the command line of the module. ++ + use_current_range + +- Use the sensitivity range of the process for the user context. This option +- and the select_context option are mutually exclusive. ++ Use the sensitivity level of the current process for the user context ++ instead of the default level. Also supresses asking of the sensitivity ++ level from the user or obtaining it from PAM environment. + + EXAMPLES + +--- Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 2008-04-16 11:07:59.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2008-08-29 14:05:49.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_sepermit + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_SEPERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SEPERMIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -49,13 +49,13 @@ + .RS 4 + Path to alternative config file overriding the default\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-Only the ++The + \fBauth\fR + and + \fBaccount\fR +-services are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR +--- Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 2008-04-16 11:08:01.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2008-08-29 14:05:51.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_shells + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_SHELLS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SHELLS" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -26,13 +26,13 @@ + .SH "OPTIONS" + .PP + This module does not recognise any options\. +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services ++The + \fBauth\fR + and + \fBaccount\fR +-are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR +@@ -66,7 +66,7 @@ + + \fBshells\fR(5), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 2008-04-16 11:08:05.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2008-08-29 14:05:55.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_succeed_if + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM + .\" Source: Linux-PAM + .\" +-.TH "PAM_SUCCEED_IF" "8" "04/16/2008" "Linux-PAM" "Linux\-PAM" ++.TH "PAM_SUCCEED_IF" "8" "08/29/2008" "Linux-PAM" "Linux\-PAM" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -141,9 +141,13 @@ + .RS 4 + (user,host) is not in given netgroup\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-All services are supported\. ++All module types (\fBaccount\fR, ++\fBauth\fR, ++\fBpassword\fR ++and ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -158,7 +162,7 @@ + .PP + PAM_SERVICE_ERR + .RS 4 +-A service error occured or the arguments can\'t be parsed as numbers\. ++A service error occured or the arguments can\'t be parsed correctly\. + .RE + .SH "EXAMPLES" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 2008-04-16 11:08:10.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2008-08-29 14:05:59.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_tally + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_TALLY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TALLY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -14,7 +14,7 @@ + pam_tally - The login counter (tallying) module + .SH "SYNOPSIS" + .HP 13 +-\fBpam_tally\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] ++\fBpam_tally\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] [silent] [no_log_info] + .HP 10 + \fBpam_tally\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet] + .SH "DESCRIPTION" +@@ -45,7 +45,7 @@ + \fIauth\fR + and + \fIaccount\fR +-services\. ++module types\. + .PP + \fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR + .RS 4 +@@ -66,6 +66,17 @@ + .RS 4 + Will log the user name into the system log if the user is not found\. + .RE ++.PP ++\fBsilent\fR ++.RS 4 ++Don\'t print informative messages\. ++.RE ++.PP ++\fBno_log_info\fR ++.RS 4 ++Don\'t log informative messages via ++\fBsyslog\fR(3)\. ++.RE + .RE + .PP + AUTH OPTIONS +@@ -154,13 +165,13 @@ + Don\'t reset count on successful entry, only decrement\. + .RE + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + The + \fBauth\fR + and + \fBaccount\fR +-services are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR +@@ -214,7 +225,7 @@ + + \fBfaillog\fR(8), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_tally/README 2008-04-16 11:08:11.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tally/README 2008-08-29 14:06:00.000000000 +0200 +@@ -25,7 +25,7 @@ + + GLOBAL OPTIONS + +- This can be used for auth and account services. ++ This can be used for auth and account module types. + + onerr=[fail|succeed] + +@@ -41,6 +41,14 @@ + + Will log the user name into the system log if the user is not found. + ++ silent ++ ++ Don't print informative messages. ++ ++ no_log_info ++ ++ Don't log informative messages via syslog(3). ++ + AUTH OPTIONS + + Authentication phase first checks if user should be denied access and if +--- Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 2008-04-16 11:08:15.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2008-08-29 14:06:03.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_time + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_TIME" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_TIME" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -35,11 +35,11 @@ + .RS 4 + Do not report logins at disallowed time to the audit subsystem\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBaccount\fR +-service is supported\. ++type is provided\. + .SH "RETURN VALUES" + .PP + PAM_SUCCESS +@@ -88,7 +88,7 @@ + .PP + + \fBtime.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8)\. + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 2008-04-16 11:08:21.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2008-08-29 14:06:06.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_tty_audit + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_TTY_AUDIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TTY_AUDIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -43,11 +43,11 @@ + to run the authenticated session, such as + \fBsudo\fR\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++type is supported\. + .SH "RETURN VALUES" + .PP + PAM_SESSION_ERR +--- Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 2008-04-16 11:08:27.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2008-08-29 14:06:10.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_umask + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_UMASK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UMASK" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -70,11 +70,11 @@ + \fBmask\fR + & 0777\. The value is interpreted as Octal\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++type is provided\. + .SH "RETURN VALUES" + .PP + .PP +@@ -109,7 +109,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 2008-04-16 11:08:40.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2008-08-29 14:06:21.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_unix + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_UNIX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UNIX" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -148,9 +148,13 @@ + .PP + Invalid arguments are logged with + \fBsyslog\fR(3)\. +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-All service are supported\. ++All module types (\fBaccount\fR, ++\fBauth\fR, ++\fBpassword\fR ++and ++\fBsession\fR) are provided\. + .SH "RETURN VALUES" + .PP + PAM_IGNORE +@@ -182,7 +186,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 2008-04-16 11:08:48.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2008-08-29 14:06:25.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_userdb + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_USERDB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_USERDB" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -73,13 +73,13 @@ + .RS 4 + The username and password are concatenated together in the database hash as \'username\-password\' with a random value\. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\. this is useful in cases where the username may not be unique but the username and password pair are\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services ++The + \fBauth\fR + and + \fBaccount\fR +-are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR +@@ -129,7 +129,7 @@ + + \fBcrypt\fR(3), + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 2008-04-16 11:08:53.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2008-08-29 14:06:28.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_warn + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_WARN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WARN" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -23,15 +23,15 @@ + .SH "OPTIONS" + .PP + This module does not recognise any options\. +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP +-The services ++The + \fBauth\fR, + \fBaccount\fR, + \fBpassword\fR + and + \fBsession\fR +-are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_IGNORE +@@ -62,7 +62,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 2008-04-16 11:08:57.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2008-08-29 14:06:31.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_wheel + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WHEEL" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -60,13 +60,13 @@ + .RS 4 + The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + The + \fBauth\fR + and + \fBaccount\fR +-services are supported\. ++module types are provided\. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR +@@ -120,7 +120,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP +--- Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 2008-04-16 11:09:03.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2008-08-29 14:06:35.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_xauth + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 08/29/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_XAUTH" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_XAUTH" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -82,11 +82,11 @@ + .RS 4 + Specify a single target UID which is exempt from the systemuser check\. + .RE +-.SH "MODULE SERVICES PROVIDED" ++.SH "MODULE TYPES PROVIDED" + .PP + Only the + \fBsession\fR +-service is supported\. ++type is provided\. + .SH "RETURN VALUES" + .PP + PAM_BUF_ERR +@@ -156,7 +156,7 @@ + .PP + + \fBpam.conf\fR(5), +-\fBpam.d\fR(8), ++\fBpam.d\fR(5), + \fBpam\fR(8) + .SH "AUTHOR" + .PP diff --git a/Linux-PAM-docu.diff b/Linux-PAM-docu.diff new file mode 100644 index 0000000..d1a460a --- /dev/null +++ b/Linux-PAM-docu.diff @@ -0,0 +1,1645 @@ +--- Linux-PAM-1.0/doc/man/pam_getenv.3.xml 2006-06-25 21:01:00.000000000 +0200 ++++ Linux-PAM/doc/man/pam_getenv.3.xml 2008-06-22 09:47:28.000000000 +0200 +@@ -32,9 +32,9 @@ + + The pam_getenv function searches the + PAM environment list as associated with the handle +- pamh for a string that matches the string +- pointed to by name. The return values are +- of the form: "name=value". ++ pamh for an item that matches the string ++ pointed to by name and returns the value ++ of the environment variable. + + + +--- Linux-PAM-1.0/doc/man/pam_prompt.3.xml 2006-05-04 08:56:08.000000000 +0200 ++++ Linux-PAM/doc/man/pam_prompt.3.xml 2008-06-22 09:47:29.000000000 +0200 +@@ -44,7 +44,11 @@ + DESCRIPTION + + The pam_prompt function constructs a message +- from the specified format string and arguments and passes it to ++ from the specified format string and arguments and passes it to the ++ conversation function as set by the service. Upon successful return, ++ response is set to point to a string ++ returned from the conversation function. This string is allocated ++ on heap and should be freed. + + + +--- Linux-PAM-1.0/doc/sag/pam_access.xml 2006-10-13 13:33:18.000000000 +0200 ++++ Linux-PAM/doc/sag/pam_access.xml 2008-08-20 20:56:21.000000000 +0200 +@@ -19,9 +19,9 @@ + + +-
++
+ ++ href="../../modules/pam_access/pam_access.8.xml" xpointer='xpointer(//refsect1[@id = "pam_access-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_cracklib/pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_debug/pam_debug.8.xml" xpointer='xpointer(//refsect1[@id = "pam_debug-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_deny/pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_echo/pam_echo.8.xml" xpointer='xpointer(//refsect1[@id = "pam_echo-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_env/pam_env.8.xml" xpointer='xpointer(//refsect1[@id = "pam_env-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_exec/pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_faildelay/pam_faildelay.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faildelay-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_filter/pam_filter.8.xml" xpointer='xpointer(//refsect1[@id = "pam_filter-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_ftp/pam_ftp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_ftp-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_group/pam_group.8.xml" xpointer='xpointer(//refsect1[@id = "pam_group-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_issue/pam_issue.8.xml" xpointer='xpointer(//refsect1[@id = "pam_issue-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_keyinit/pam_keyinit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_keyinit-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_lastlog/pam_lastlog.8.xml" xpointer='xpointer(//refsect1[@id = "pam_lastlog-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_limits/pam_limits.8.xml" xpointer='xpointer(//refsect1[@id = "pam_limits-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_listfile/pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_localuser/pam_localuser.8.xml" xpointer='xpointer(//refsect1[@id = "pam_localuser-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_loginuid/pam_loginuid.8.xml" xpointer='xpointer(//refsect1[@id = "pam_loginuid-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_mail/pam_mail.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mail-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_mkhomedir/pam_mkhomedir.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mkhomedir-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_motd/pam_motd.8.xml" xpointer='xpointer(//refsect1[@id = "pam_motd-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_namespace/pam_namespace.8.xml" xpointer='xpointer(//refsect1[@id = "pam_namespace-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_nologin/pam_nologin.8.xml" xpointer='xpointer(//refsect1[@id = "pam_nologin-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_permit/pam_permit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_permit-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_rhosts/pam_rhosts.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rhosts-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_rootok/pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_securetty/pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_sepermit/pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_shells/pam_shells.8.xml" xpointer='xpointer(//refsect1[@id = "pam_shells-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_succeed_if/pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_tally/pam_tally.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_time/pam_time.8.xml" xpointer='xpointer(//refsect1[@id = "pam_time-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_tty_audit/pam_tty_audit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tty_audit-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_umask/pam_umask.8.xml" xpointer='xpointer(//refsect1[@id = "pam_umask-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_unix/pam_unix.8.xml" xpointer='xpointer(//refsect1[@id = "pam_unix-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_userdb/pam_userdb.8.xml" xpointer='xpointer(//refsect1[@id = "pam_userdb-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_warn/pam_warn.8.xml" xpointer='xpointer(//refsect1[@id = "pam_warn-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_wheel/pam_wheel.8.xml" xpointer='xpointer(//refsect1[@id = "pam_wheel-types"]/*)'/> +
+
+ +
+-
++
+ ++ href="../../modules/pam_xauth/pam_xauth.8.xml" xpointer='xpointer(//refsect1[@id = "pam_xauth-types"]/*)'/> +
+
+ + + If Linux PAM is compiled with audit support the module will report +- when it denies access based on origin (host or tty). ++ when it denies access based on origin (host or tty). + + + +@@ -159,10 +159,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- All services are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -231,7 +232,7 @@ + access.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_cracklib/pam_cracklib.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_cracklib/pam_cracklib.8.xml 2008-08-20 20:56:25.000000000 +0200 +@@ -281,7 +281,7 @@ + than 10. + + +- (N > 0) This is the minimum number of upper ++ (N < 0) This is the minimum number of upper + case letters that must be met for a new password. + + +@@ -376,10 +376,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only he service is supported. ++ Only the module type is provided. + + + +@@ -495,7 +495,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_debug/pam_debug.8.xml 2006-06-17 19:20:40.000000000 +0200 ++++ Linux-PAM/modules/pam_debug/pam_debug.8.xml 2008-08-20 20:56:25.000000000 +0200 +@@ -171,11 +171,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services , , +- and are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -213,7 +213,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_deny/pam_deny.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_deny/pam_deny.8.xml 2008-08-20 20:56:25.000000000 +0200 +@@ -38,11 +38,11 @@ + This module does not recognise any options. + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- All services (, , +- and ) are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -117,7 +117,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_echo/pam_echo.8.xml 2006-06-22 21:44:30.000000000 +0200 ++++ Linux-PAM/modules/pam_echo/pam_echo.8.xml 2008-08-20 20:56:25.000000000 +0200 +@@ -96,10 +96,12 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- All services are supported. ++ All module types (, , ++ and ) are provided. ++ + + + +@@ -154,7 +156,7 @@ + pam.conf8 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_env/environment 2006-09-01 13:37:13.000000000 +0200 ++++ Linux-PAM/modules/pam_env/environment 2008-08-01 14:10:43.000000000 +0200 +@@ -1,5 +1,5 @@ + # + # This file is parsed by pam_env module + # +-# Syntax: simple "KEY=VAL" pairs on seperate lines ++# Syntax: simple "KEY=VAL" pairs on separate lines + # +--- Linux-PAM-1.0/modules/pam_env/pam_env.8.xml 2006-06-22 21:44:30.000000000 +0200 ++++ Linux-PAM/modules/pam_env/pam_env.8.xml 2008-08-20 20:56:25.000000000 +0200 +@@ -53,7 +53,7 @@ + + + This module can also parse a file with simple +- KEY=VAL pairs on seperate lines ++ KEY=VAL pairs on separate lines + (/etc/environment by default). You can + change the default file to parse, with the envfile + flag and turn it on or off by setting the readenv +@@ -118,11 +118,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The and services +- are supported. ++ The and module ++ types are provided. + + + +@@ -189,7 +189,7 @@ + pam_env.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_exec/pam_exec.8.xml 2008-02-04 16:27:31.000000000 +0100 ++++ Linux-PAM/modules/pam_exec/pam_exec.8.xml 2008-08-20 20:56:25.000000000 +0200 +@@ -123,11 +123,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services , , +- and are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -199,7 +199,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_faildelay/pam_faildelay.8.xml 2006-12-07 13:34:00.000000000 +0100 ++++ Linux-PAM/modules/pam_faildelay/pam_faildelay.8.xml 2008-08-20 20:56:25.000000000 +0200 +@@ -68,10 +68,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -118,7 +118,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_filter/pam_filter.8.xml 2006-06-09 18:44:06.000000000 +0200 ++++ Linux-PAM/modules/pam_filter/pam_filter.8.xml 2008-08-20 20:56:26.000000000 +0200 +@@ -188,11 +188,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services , , +- and are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -243,7 +243,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_ftp/pam_ftp.8.xml 2006-06-09 18:44:06.000000000 +0200 ++++ Linux-PAM/modules/pam_ftp/pam_ftp.8.xml 2008-08-20 20:56:26.000000000 +0200 +@@ -105,10 +105,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -165,7 +165,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_group/pam_group.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_group/pam_group.8.xml 2008-08-20 20:56:26.000000000 +0200 +@@ -65,10 +65,10 @@ + This module does not recognise any options. + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -145,7 +145,7 @@ + group.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_issue/pam_issue.8.xml 2006-06-21 08:35:25.000000000 +0200 ++++ Linux-PAM/modules/pam_issue/pam_issue.8.xml 2008-08-20 20:56:26.000000000 +0200 +@@ -146,10 +146,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -216,7 +216,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_keyinit/pam_keyinit.8.xml 2006-06-27 14:34:07.000000000 +0200 ++++ Linux-PAM/modules/pam_keyinit/pam_keyinit.8.xml 2008-08-20 20:56:26.000000000 +0200 +@@ -121,10 +121,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the session service is supported. ++ Only the module type is provided. + + + +@@ -220,7 +220,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_lastlog/pam_lastlog.8.xml 2006-06-09 18:44:07.000000000 +0200 ++++ Linux-PAM/modules/pam_lastlog/pam_lastlog.8.xml 2008-08-20 20:56:26.000000000 +0200 +@@ -140,10 +140,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -213,7 +213,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_limits/pam_limits.8.xml 2007-12-07 16:40:02.000000000 +0100 ++++ Linux-PAM/modules/pam_limits/pam_limits.8.xml 2008-08-20 20:56:26.000000000 +0200 +@@ -132,10 +132,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -239,7 +239,7 @@ + limits.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_listfile/pam_listfile.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_listfile/pam_listfile.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -175,11 +175,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services , , +- and are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -278,7 +278,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_localuser/pam_localuser.8.xml 2006-12-13 11:35:49.000000000 +0100 ++++ Linux-PAM/modules/pam_localuser/pam_localuser.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -80,11 +80,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- All services (, , +- and ) are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -155,7 +155,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_loginuid/pam_loginuid.8.xml 2006-09-01 15:17:47.000000000 +0200 ++++ Linux-PAM/modules/pam_loginuid/pam_loginuid.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -57,10 +57,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The service is supported. ++ Only the module type is provided. + + + +@@ -101,7 +101,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_mail/pam_mail.8.xml 2006-06-09 18:44:07.000000000 +0200 ++++ Linux-PAM/modules/pam_mail/pam_mail.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -193,11 +193,12 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The auth and +- account services are supported. ++ The and ++ (on establishment and ++ deletion of credentials) module types are provided. + + + +@@ -261,7 +262,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_mkhomedir/pam_mkhomedir.8.xml 2006-05-30 15:03:09.000000000 +0200 ++++ Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -95,10 +95,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -186,7 +186,7 @@ + SEE ALSO + + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_motd/pam_motd.8.xml 2006-10-26 15:51:51.000000000 +0200 ++++ Linux-PAM/modules/pam_motd/pam_motd.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -55,10 +55,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -96,7 +96,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_namespace/pam_namespace.8.xml 2008-02-13 13:49:44.000000000 +0100 ++++ Linux-PAM/modules/pam_namespace/pam_namespace.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -237,11 +237,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The service is supported. The module must not +- be called from multithreaded processes. ++ Only the module type is provided. ++ The module must not be called from multithreaded processes. + + + +@@ -365,7 +365,7 @@ + namespace.conf5 + , + +- pam.d8 ++ pam.d5 + , + + mount8 +--- Linux-PAM-1.0/modules/pam_nologin/pam_nologin.8.xml 2006-06-04 03:48:34.000000000 +0200 ++++ Linux-PAM/modules/pam_nologin/pam_nologin.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -68,11 +68,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The and services are +- supported. ++ The and module ++ types are provided. + + + +@@ -156,7 +156,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_permit/pam_permit.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_permit/pam_permit.8.xml 2008-08-20 20:56:27.000000000 +0200 +@@ -47,11 +47,12 @@ + This module does not recognise any options. + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services , , +- and are supported. ++ The , , ++ and ++ module types are provided. + + + +@@ -87,7 +88,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_rhosts/pam_rhosts.8.xml 2006-06-28 09:22:43.000000000 +0200 ++++ Linux-PAM/modules/pam_rhosts/pam_rhosts.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -89,10 +89,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -153,7 +153,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_rootok/pam_rootok.8.xml 2006-06-04 14:11:16.000000000 +0200 ++++ Linux-PAM/modules/pam_rootok/pam_rootok.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -54,10 +54,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the type is provided. + + + +@@ -112,7 +112,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_securetty/pam_securetty.8.xml 2006-06-04 17:29:23.000000000 +0200 ++++ Linux-PAM/modules/pam_securetty/pam_securetty.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -64,10 +64,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -116,7 +116,7 @@ + + + +- PAM_IGNORE ++ PAM_USER_UNKNOWN + + + The module could not find the user name in the +@@ -149,7 +149,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_sepermit/pam_sepermit.8.xml 2008-01-29 16:38:35.000000000 +0100 ++++ Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -87,11 +87,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the and +- services are supported. ++ The and ++ module types are provided. + + + +--- Linux-PAM-1.0/modules/pam_shells/pam_shells.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_shells/pam_shells.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -41,11 +41,11 @@ + This module does not recognise any options. + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services and +- are supported. ++ The and ++ module types are provided. + + + +@@ -99,7 +99,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_succeed_if/pam_succeed_if.8.xml 2008-01-07 15:54:50.000000000 +0100 ++++ Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -215,10 +215,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- All services are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -249,7 +250,7 @@ + + + A service error occured or the arguments can't be +- parsed as numbers. ++ parsed correctly. + + + +--- Linux-PAM-1.0/modules/pam_tally/pam_tally.8.xml 2007-10-10 16:10:07.000000000 +0200 ++++ Linux-PAM/modules/pam_tally/pam_tally.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -113,7 +119,7 @@ + + + This can be used for auth and +- account services. ++ account module types. + + + +@@ -322,11 +348,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + + The and +- services are supported. ++ module types are provided. + + + +@@ -409,7 +435,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_time/pam_time.8.xml 2007-12-07 16:40:02.000000000 +0100 ++++ Linux-PAM/modules/pam_time/pam_time.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -49,7 +49,7 @@ + + + If Linux PAM is compiled with audit support the module will report +- when it denies access. ++ when it denies access. + + + +@@ -83,10 +83,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the type is provided. + + + +@@ -166,7 +166,7 @@ + time.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_tty_audit/pam_tty_audit.8.xml 2008-01-29 16:09:29.000000000 +0100 ++++ Linux-PAM/modules/pam_tty_audit/pam_tty_audit.8.xml 2008-08-20 20:56:29.000000000 +0200 +@@ -80,10 +80,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the session service is supported. ++ Only the session type is supported. + + + +--- Linux-PAM-1.0/modules/pam_umask/pam_umask.8.xml 2006-08-06 13:38:43.000000000 +0200 ++++ Linux-PAM/modules/pam_umask/pam_umask.8.xml 2008-08-20 20:56:29.000000000 +0200 +@@ -141,10 +141,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the type is provided. + + + +@@ -202,7 +202,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_unix/pam_unix.8.xml 2008-01-23 16:35:12.000000000 +0100 ++++ Linux-PAM/modules/pam_unix/pam_unix.8.xml 2008-08-20 20:56:29.000000000 +0200 +@@ -85,7 +85,7 @@ + + + +- The session component of this module logs when a user logins ++ The session component of this module logs when a user logins + or leave the system. + + +@@ -314,10 +314,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- All service are supported. ++ All module types (, , ++ and ) are provided. + + + +@@ -361,7 +362,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_userdb/pam_userdb.8.xml 2006-06-09 18:44:07.000000000 +0200 ++++ Linux-PAM/modules/pam_userdb/pam_userdb.8.xml 2008-08-20 20:56:29.000000000 +0200 +@@ -189,11 +189,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services and +- are supported. ++ The and module ++ types are provided. + + + +@@ -274,7 +274,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_warn/pam_warn.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_warn/pam_warn.8.xml 2008-08-20 20:56:29.000000000 +0200 +@@ -38,11 +38,12 @@ + This module does not recognise any options. + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- The services , , +- and are supported. ++ The , , ++ and module ++ types are provided. + + + +@@ -86,7 +87,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_wheel/pam_wheel.8.xml 2006-09-10 01:11:34.000000000 +0200 ++++ Linux-PAM/modules/pam_wheel/pam_wheel.8.xml 2008-08-20 20:56:29.000000000 +0200 +@@ -130,11 +130,11 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + + The auth and +- account services are supported. ++ account module types are provided. + + + +@@ -224,7 +224,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- Linux-PAM-1.0/modules/pam_xauth/pam_xauth.8.xml 2007-11-06 15:58:54.000000000 +0100 ++++ Linux-PAM/modules/pam_xauth/pam_xauth.8.xml 2008-08-20 20:56:30.000000000 +0200 +@@ -147,10 +147,10 @@ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the session service is supported. ++ Only the session type is provided. + + + +@@ -273,7 +273,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 diff --git a/pam-1.0.0-selinux-env-params.patch b/pam-1.0.0-selinux-env-params.patch new file mode 100644 index 0000000..ac4d53a --- /dev/null +++ b/pam-1.0.0-selinux-env-params.patch @@ -0,0 +1,561 @@ +Index: modules/pam_selinux/pam_selinux.8.xml +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_selinux/pam_selinux.8.xml,v +retrieving revision 1.2 +diff -u -p -r1.2 pam_selinux.8.xml +--- modules/pam_selinux/pam_selinux.8.xml 15 Jun 2007 10:17:22 -0000 1.2 ++++ modules/pam_selinux/pam_selinux.8.xml 19 May 2008 15:44:08 -0000 +@@ -37,6 +37,9 @@ + select_context + + ++ env_params ++ ++ + use_current_range + + +@@ -137,12 +140,30 @@ + + + ++ ++ ++ ++ ++ Attempt to obtain a custom security context role from PAM environment. ++ If MLS is on obtain also sensitivity level. This option and the ++ select_context option are mutually exclusive. The respective PAM ++ environment variables are SELINUX_ROLE_REQUESTED, ++ SELINUX_LEVEL_REQUESTED, and ++ SELINUX_USE_CURRENT_RANGE. The first two variables ++ are self describing and the last one if set to 1 makes the PAM module behave as ++ if the use_current_range was specified on the command line of the module. ++ ++ ++ ++ ++ + + + + +- Use the sensitivity range of the process for the user context. +- This option and the select_context option are mutually exclusive. ++ Use the sensitivity level of the current process for the user context ++ instead of the default level. Also supresses asking of the ++ sensitivity level from the user or obtaining it from PAM environment. + + + +Index: modules/pam_selinux/pam_selinux.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_selinux/pam_selinux.c,v +retrieving revision 1.16 +diff -u -p -r1.16 pam_selinux.c +--- modules/pam_selinux/pam_selinux.c 22 Apr 2008 19:21:37 -0000 1.16 ++++ modules/pam_selinux/pam_selinux.c 19 May 2008 15:44:08 -0000 +@@ -2,8 +2,9 @@ + * A module for Linux-PAM that will set the default security context after login + * via PAM. + * +- * Copyright (c) 2003 Red Hat, Inc. ++ * Copyright (c) 2003-2008 Red Hat, Inc. + * Written by Dan Walsh ++ * Additional improvements by Tomas Mraz + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -138,15 +139,22 @@ send_text (pam_handle_t *pamh, const cha + */ + static int + query_response (pam_handle_t *pamh, const char *text, const char *def, +- char **responses, int debug) ++ char **response, int debug) + { + int rc; + if (def) +- rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def); ++ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def); + else +- rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text); +- if (debug) +- pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]); ++ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text); ++ ++ if (*response == NULL) { ++ rc = PAM_CONV_ERR; ++ } ++ ++ if (rc != PAM_SUCCESS) { ++ pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text); ++ } else if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "%s %s", text, *response); + return rc; + } + +@@ -157,13 +165,15 @@ manual_context (pam_handle_t *pamh, cons + context_t new_context; + int mls_enabled = is_selinux_mls_enabled(); + char *type=NULL; +- char *responses=NULL; ++ char *response=NULL; + + while (1) { +- query_response(pamh, +- _("Would you like to enter a security context? [N] "), NULL, +- &responses,debug); +- if ((responses[0] == 'y') || (responses[0] == 'Y')) ++ if (query_response(pamh, ++ _("Would you like to enter a security context? [N] "), NULL, ++ &response, debug) != PAM_SUCCESS) ++ return NULL; ++ ++ if ((response[0] == 'y') || (response[0] == 'Y')) + { + if (mls_enabled) + new_context = context_new ("user:role:type:level"); +@@ -176,26 +186,29 @@ manual_context (pam_handle_t *pamh, cons + if (context_user_set (new_context, user)) + goto fail_set; + +- _pam_drop(responses); ++ _pam_drop(response); + /* Allow the user to enter each field of the context individually */ +- query_response(pamh,_("role:"), NULL, &responses,debug); +- if (responses[0] != '\0') { +- if (context_role_set (new_context, responses)) ++ if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS && ++ response[0] != '\0') { ++ if (context_role_set (new_context, response)) + goto fail_set; +- if (get_default_type(responses, &type)) ++ if (get_default_type(response, &type)) + goto fail_set; + if (context_type_set (new_context, type)) + goto fail_set; + } +- _pam_drop(responses); ++ _pam_drop(response); ++ + if (mls_enabled) + { +- query_response(pamh,_("level:"), NULL, &responses,debug); +- if (responses[0] != '\0') { +- if (context_range_set (new_context, responses)) ++ if (query_response(pamh, _("level:"), NULL, &response, debug) == PAM_SUCCESS && ++ response[0] != '\0') { ++ if (context_range_set (new_context, response)) + goto fail_set; + } ++ _pam_drop(response); + } ++ + /* Get the string value of the context and see if it is valid. */ + if (!security_check_context(context_str(new_context))) { + newcon = strdup(context_str(new_context)); +@@ -204,16 +217,17 @@ manual_context (pam_handle_t *pamh, cons + } + else + send_text(pamh,_("Not a valid security context"),debug); +- context_free (new_context); ++ ++ context_free (new_context); + } + else { +- _pam_drop(responses); ++ _pam_drop(response); + return NULL; + } + } /* end while */ + fail_set: + free(type); +- _pam_drop(responses); ++ _pam_drop(response); + context_free (new_context); + return NULL; + } +@@ -239,69 +253,91 @@ static int mls_range_allowed(pam_handle_ + } + + static security_context_t +-config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) ++config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug) + { + security_context_t newcon=NULL; + context_t new_context; + int mls_enabled = is_selinux_mls_enabled(); +- char *responses=NULL; ++ char *response=NULL; + char *type=NULL; + char resp_val = 0; + +- pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context); ++ pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon); + + while (1) { +- query_response(pamh, ++ if (query_response(pamh, + _("Would you like to enter a different role or level?"), "n", +- &responses,debug); +- +- resp_val = responses[0]; +- _pam_drop(responses); ++ &response, debug) == PAM_SUCCESS) { ++ resp_val = response[0]; ++ _pam_drop(response); ++ } else { ++ resp_val = 'N'; ++ } + if ((resp_val == 'y') || (resp_val == 'Y')) + { +- new_context = context_new(puser_context); +- ++ if ((new_context = context_new(defaultcon)) == NULL) ++ goto fail_set; ++ + /* Allow the user to enter role and level individually */ +- query_response(pamh,_("role:"), context_role_get(new_context), +- &responses, debug); +- if (responses[0]) { +- if (get_default_type(responses, &type)) { +- pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses); +- _pam_drop(responses); ++ if (query_response(pamh, _("role:"), context_role_get(new_context), ++ &response, debug) == PAM_SUCCESS && response[0]) { ++ if (get_default_type(response, &type)) { ++ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); ++ _pam_drop(response); + continue; + } else { +- if (context_role_set(new_context, responses)) ++ if (context_role_set(new_context, response)) + goto fail_set; + if (context_type_set (new_context, type)) + goto fail_set; + } + } +- _pam_drop(responses); ++ _pam_drop(response); ++ + if (mls_enabled) + { +- query_response(pamh,_("level:"), context_range_get(new_context), +- &responses, debug); +- if (responses[0]) { +- if (context_range_set(new_context, responses)) +- goto fail_set; ++ if (use_current_range) { ++ security_context_t mycon = NULL; ++ context_t my_context; ++ ++ if (getcon(&mycon) != 0) ++ goto fail_set; ++ my_context = context_new(mycon); ++ if (my_context == NULL) { ++ freecon(mycon); ++ goto fail_set; ++ } ++ freecon(mycon); ++ if (context_range_set(new_context, context_range_get(my_context))) { ++ context_free(my_context); ++ goto fail_set; ++ } ++ context_free(my_context); ++ } else if (query_response(pamh, _("level:"), context_range_get(new_context), ++ &response, debug) == PAM_SUCCESS && response[0]) { ++ if (context_range_set(new_context, response)) ++ goto fail_set; + } +- _pam_drop(responses); ++ _pam_drop(response); + } ++ + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context)); + + /* Get the string value of the context and see if it is valid. */ + if (!security_check_context(context_str(new_context))) { + newcon = strdup(context_str(new_context)); +- context_free (new_context); ++ if (newcon == NULL) ++ goto fail_set; ++ context_free(new_context); + + /* we have to check that this user is allowed to go into the + range they have specified ... role is tied to an seuser, so that'll + be checked at setexeccon time */ +- if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) { +- pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon); ++ if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { ++ pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); + +- send_audit_message(pamh, 0, puser_context, newcon); ++ send_audit_message(pamh, 0, defaultcon, newcon); + + free(newcon); + goto fail_range; +@@ -309,26 +345,120 @@ config_context (pam_handle_t *pamh, secu + return newcon; + } + else { +- send_audit_message(pamh, 0, puser_context, context_str(new_context)); ++ send_audit_message(pamh, 0, defaultcon, context_str(new_context)); + send_text(pamh,_("Not a valid security context"),debug); + } + context_free(new_context); /* next time around allocates another */ + } + else +- return strdup(puser_context); ++ return strdup(defaultcon); + } /* end while */ + + return NULL; + + fail_set: + free(type); +- _pam_drop(responses); ++ _pam_drop(response); + context_free (new_context); +- send_audit_message(pamh, 0, puser_context, NULL); ++ send_audit_message(pamh, 0, defaultcon, NULL); + fail_range: + return NULL; + } + ++static security_context_t ++context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug) ++{ ++ security_context_t newcon = NULL; ++ context_t new_context; ++ context_t my_context = NULL; ++ int mls_enabled = is_selinux_mls_enabled(); ++ const char *env = NULL; ++ char *type = NULL; ++ ++ if ((new_context = context_new(defaultcon)) == NULL) ++ goto fail_set; ++ ++ if (env_params && (env = pam_getenv(pamh, "SELINUX_ROLE_REQUESTED")) != NULL && env[0] != '\0') { ++ if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "Requested role: %s", env); ++ ++ if (get_default_type(env, &type)) { ++ pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env); ++ goto fail_set; ++ } else { ++ if (context_role_set(new_context, env)) ++ goto fail_set; ++ if (context_type_set(new_context, type)) ++ goto fail_set; ++ } ++ } ++ ++ if (mls_enabled) { ++ if ((env = pam_getenv(pamh, "SELINUX_USE_CURRENT_RANGE")) != NULL && env[0] == '1') { ++ if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "SELINUX_USE_CURRENT_RANGE is set"); ++ use_current_range = 1; ++ } ++ ++ if (use_current_range) { ++ security_context_t mycon = NULL; ++ ++ if (getcon(&mycon) != 0) ++ goto fail_set; ++ my_context = context_new(mycon); ++ if (my_context == NULL) { ++ freecon(mycon); ++ goto fail_set; ++ } ++ freecon(mycon); ++ env = context_range_get(my_context); ++ } else { ++ env = pam_getenv(pamh, "SELINUX_LEVEL_REQUESTED"); ++ } ++ ++ if (env != NULL && env[0] != '\0') { ++ if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "Requested level: %s", env); ++ if (context_range_set(new_context, env)) ++ goto fail_set; ++ } ++ } ++ ++ newcon = strdup(context_str(new_context)); ++ if (newcon == NULL) ++ goto fail_set; ++ ++ if (debug) ++ pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon); ++ ++ /* Get the string value of the context and see if it is valid. */ ++ if (security_check_context(newcon)) { ++ pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon); ++ send_audit_message(pamh, 0, defaultcon, newcon); ++ freecon(newcon); ++ newcon = NULL; ++ ++ goto fail_set; ++ } ++ ++ /* we have to check that this user is allowed to go into the ++ range they have specified ... role is tied to an seuser, so that'll ++ be checked at setexeccon time */ ++ if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { ++ pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); ++ send_audit_message(pamh, 0, defaultcon, newcon); ++ freecon(newcon); ++ newcon = NULL; ++ } ++ ++ fail_set: ++ free(type); ++ context_free(my_context); ++ context_free(new_context); ++ send_audit_message(pamh, 0, defaultcon, NULL); ++ return newcon; ++} ++ + static void + security_restorelabel_tty(const pam_handle_t *pamh, + const char *tty, security_context_t context) +@@ -439,13 +569,14 @@ PAM_EXTERN int + pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +- int i, debug = 0, ttys=1, has_tty=isatty(0); ++ int i, debug = 0, ttys=1; + int verbose=0, close_session=0; + int select_context = 0; + int use_current_range = 0; + int ret = 0; + security_context_t* contextlist = NULL; + int num_contexts = 0; ++ int env_params = 0; + const char *username = NULL; + const void *tty = NULL; + char *seuser=NULL; +@@ -472,13 +603,16 @@ pam_sm_open_session(pam_handle_t *pamh, + if (strcmp(argv[i], "use_current_range") == 0) { + use_current_range = 1; + } ++ if (strcmp(argv[i], "env_params") == 0) { ++ env_params = 1; ++ } + } + + if (debug) + pam_syslog(pamh, LOG_NOTICE, "Open Session"); + +- if (select_context && use_current_range) { +- pam_syslog(pamh, LOG_ERR, "select_context cannot be used with use_current_range"); ++ if (select_context && env_params) { ++ pam_syslog(pamh, LOG_ERR, "select_context cannot be used with env_params"); + select_context = 0; + } + +@@ -510,12 +644,17 @@ pam_sm_open_session(pam_handle_t *pamh, + freeconary(contextlist); + if (default_user_context == NULL) { + pam_syslog(pamh, LOG_ERR, "Out of memory"); +- return PAM_AUTH_ERR; ++ return PAM_BUF_ERR; + } ++ + user_context = default_user_context; +- if (select_context && has_tty) { +- user_context = config_context(pamh, default_user_context, debug); +- if (user_context == NULL) { ++ if (select_context) { ++ user_context = config_context(pamh, default_user_context, use_current_range, debug); ++ } else if (env_params || use_current_range) { ++ user_context = context_from_env(pamh, default_user_context, env_params, use_current_range, debug); ++ } ++ ++ if (user_context == NULL) { + freecon(default_user_context); + pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", + username); +@@ -524,11 +663,9 @@ pam_sm_open_session(pam_handle_t *pamh, + return PAM_AUTH_ERR; + else + return PAM_SUCCESS; +- } +- } ++ } + } + else { +- if (has_tty) { + user_context = manual_context(pamh,seuser,debug); + if (user_context == NULL) { + pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", +@@ -538,59 +675,6 @@ pam_sm_open_session(pam_handle_t *pamh, + else + return PAM_SUCCESS; + } +- } else { +- pam_syslog (pamh, LOG_ERR, +- "Unable to get valid context for %s, No valid tty", +- username); +- if (security_getenforce() == 1) +- return PAM_AUTH_ERR; +- else +- return PAM_SUCCESS; +- } +- } +- +- if (use_current_range && is_selinux_mls_enabled()) { +- security_context_t process_context=NULL; +- if (getcon(&process_context) == 0) { +- context_t pcon, ucon; +- char *process_level=NULL; +- security_context_t orig_context; +- +- if (user_context) +- orig_context = user_context; +- else +- orig_context = default_user_context; +- +- pcon = context_new(process_context); +- freecon(process_context); +- process_level = strdup(context_range_get(pcon)); +- context_free(pcon); +- +- if (debug) +- pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level); +- +- ucon = context_new(orig_context); +- +- context_range_set(ucon, process_level); +- free(process_level); +- +- if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) { +- send_text(pamh, _("Requested MLS level not in permitted range"), debug); +- /* even if default_user_context is NULL audit that anyway */ +- send_audit_message(pamh, 0, default_user_context, context_str(ucon)); +- context_free(ucon); +- return PAM_AUTH_ERR; +- } +- +- if (debug) +- pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon)); +- +- /* replace the user context with the level adjusted one */ +- freecon(user_context); +- user_context = strdup(context_str(ucon)); +- +- context_free(ucon); +- } + } + + if (getexeccon(&prev_user_context)<0) { +@@ -613,7 +697,7 @@ pam_sm_open_session(pam_handle_t *pamh, + } + } + } +- if(ttys && tty ) { ++ if (ttys && tty) { + ttyn=strdup(tty); + ttyn_context=security_label_tty(pamh,ttyn,user_context); + } diff --git a/pam-1.0.1-namespace-create.patch b/pam-1.0.1-namespace-create.patch new file mode 100644 index 0000000..7d12105 --- /dev/null +++ b/pam-1.0.1-namespace-create.patch @@ -0,0 +1,679 @@ +diff -up Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c.create Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c +--- Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c.create 2008-03-20 18:06:32.000000000 +0100 ++++ Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c 2008-04-03 17:32:28.000000000 +0200 +@@ -32,6 +32,8 @@ + * DEALINGS IN THE SOFTWARE. + */ + ++#define _ATFILE_SOURCE ++ + #include "pam_namespace.h" + #include "argv_parse.h" + +@@ -78,11 +80,29 @@ static void del_polydir_list(struct poly + } + } + +-static void cleanup_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) ++static void unprotect_dirs(struct protect_dir_s *dir) ++{ ++ struct protect_dir_s *next; ++ ++ while (dir != NULL) { ++ umount(dir->dir); ++ free(dir->dir); ++ next = dir->next; ++ free(dir); ++ dir = next; ++ } ++} ++ ++static void cleanup_polydir_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) + { + del_polydir_list(data); + } + ++static void cleanup_protect_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) ++{ ++ unprotect_dirs(data); ++} ++ + static char *expand_variables(const char *orig, const char *var_names[], const char *var_values[]) + { + const char *src = orig; +@@ -132,8 +152,8 @@ static char *expand_variables(const char + + static int parse_create_params(char *params, struct polydir_s *poly) + { +- char *sptr; +- struct passwd *pwd; ++ char *next; ++ struct passwd *pwd = NULL; + struct group *grp; + + poly->mode = (mode_t)ULONG_MAX; +@@ -144,28 +164,40 @@ static int parse_create_params(char *par + return 0; + params++; + +- params = strtok_r(params, ",", &sptr); +- if (params == NULL) +- return 0; ++ next = strchr(params, ','); ++ if (next != NULL) { ++ *next = '\0'; ++ next++; ++ } + +- errno = 0; +- poly->mode = (mode_t)strtoul(params, NULL, 0); +- if (errno != 0) { +- poly->mode = (mode_t)ULONG_MAX; ++ if (*params != '\0') { ++ errno = 0; ++ poly->mode = (mode_t)strtoul(params, NULL, 0); ++ if (errno != 0) { ++ poly->mode = (mode_t)ULONG_MAX; ++ } + } + +- params = strtok_r(NULL, ",", &sptr); ++ params = next; + if (params == NULL) + return 0; ++ next = strchr(params, ','); ++ if (next != NULL) { ++ *next = '\0'; ++ next++; ++ } + +- pwd = getpwnam(params); /* session modules are not reentrant */ +- if (pwd == NULL) +- return -1; +- poly->owner = pwd->pw_uid; +- +- params = strtok_r(NULL, ",", &sptr); +- if (params == NULL) { +- poly->group = pwd->pw_gid; ++ if (*params != '\0') { ++ pwd = getpwnam(params); /* session modules are not reentrant */ ++ if (pwd == NULL) ++ return -1; ++ poly->owner = pwd->pw_uid; ++ } ++ ++ params = next; ++ if (params == NULL || *params == '\0') { ++ if (pwd != NULL) ++ poly->group = pwd->pw_gid; + return 0; + } + grp = getgrnam(params); +@@ -199,7 +231,7 @@ static int parse_method(char *method, st + struct instance_data *idata) + { + enum polymethod pm; +- char *sptr; ++ char *sptr = NULL; + static const char *method_names[] = { "user", "context", "level", "tmpdir", + "tmpfs", NULL }; + static const char *flag_names[] = { "create", "noinit", "iscript", +@@ -921,10 +953,158 @@ fail: + return rc; + } + ++static int protect_mount(int dfd, const char *path, struct instance_data *idata) ++{ ++ struct protect_dir_s *dir = idata->protect_dirs; ++ char tmpbuf[64]; ++ ++ while (dir != NULL) { ++ if (strcmp(path, dir->dir) == 0) { ++ return 0; ++ } ++ dir = dir->next; ++ } ++ ++ dir = calloc(1, sizeof(*dir)); ++ ++ if (dir == NULL) { ++ return -1; ++ } ++ ++ dir->dir = strdup(path); ++ ++ if (dir->dir == NULL) { ++ free(dir); ++ return -1; ++ } ++ ++ snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd); ++ ++ if (idata->flags & PAMNS_DEBUG) { ++ pam_syslog(idata->pamh, LOG_INFO, ++ "Protect mount of %s over itself", path); ++ } ++ ++ if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { ++ int save_errno = errno; ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Protect mount of %s failed: %m", tmpbuf); ++ free(dir->dir); ++ free(dir); ++ errno = save_errno; ++ return -1; ++ } ++ ++ dir->next = idata->protect_dirs; ++ idata->protect_dirs = dir; ++ ++ return 0; ++} ++ ++static int protect_dir(const char *path, mode_t mode, int do_mkdir, ++ struct instance_data *idata) ++{ ++ char *p = strdup(path); ++ char *d; ++ char *dir = p; ++ int dfd = AT_FDCWD; ++ int dfd_next; ++ int save_errno; ++ int flags = O_RDONLY; ++ int rv = -1; ++ struct stat st; ++ ++ if (p == NULL) { ++ goto error; ++ } ++ ++ if (*dir == '/') { ++ dfd = open("/", flags); ++ if (dfd == -1) { ++ goto error; ++ } ++ dir++; /* assume / is safe */ ++ } ++ ++ while ((d=strchr(dir, '/')) != NULL) { ++ *d = '\0'; ++ dfd_next = openat(dfd, dir, flags); ++ if (dfd_next == -1) { ++ goto error; ++ } ++ ++ if (dfd != AT_FDCWD) ++ close(dfd); ++ dfd = dfd_next; ++ ++ if (fstat(dfd, &st) != 0) { ++ goto error; ++ } ++ ++ if (flags & O_NOFOLLOW) { ++ /* we are inside user-owned dir - protect */ ++ if (protect_mount(dfd, p, idata) == -1) ++ goto error; ++ } else if (st.st_uid != 0 || st.st_gid != 0 || ++ (st.st_mode & S_IWOTH)) { ++ /* do not follow symlinks on subdirectories */ ++ flags |= O_NOFOLLOW; ++ } ++ ++ *d = '/'; ++ dir = d + 1; ++ } ++ ++ rv = openat(dfd, dir, flags); ++ ++ if (rv == -1) { ++ if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { ++ goto error; ++ } ++ rv = openat(dfd, dir, flags); ++ } ++ ++ if (rv != -1) { ++ if (fstat(rv, &st) != 0) { ++ save_errno = errno; ++ close(rv); ++ rv = -1; ++ errno = save_errno; ++ goto error; ++ } ++ if (!S_ISDIR(st.st_mode)) { ++ close(rv); ++ errno = ENOTDIR; ++ rv = -1; ++ goto error; ++ } ++ } ++ ++ if (flags & O_NOFOLLOW) { ++ /* we are inside user-owned dir - protect */ ++ if (protect_mount(rv, p, idata) == -1) { ++ save_errno = errno; ++ close(rv); ++ rv = -1; ++ errno = save_errno; ++ } ++ } ++ ++error: ++ save_errno = errno; ++ free(p); ++ if (dfd != AT_FDCWD) ++ close(dfd); ++ errno = save_errno; ++ ++ return rv; ++} ++ + static int check_inst_parent(char *ipath, struct instance_data *idata) + { + struct stat instpbuf; + char *inst_parent, *trailing_slash; ++ int dfd; + /* + * stat the instance parent path to make sure it exists + * and is a directory. Check that its mode is 000 (unless the +@@ -942,30 +1122,27 @@ static int check_inst_parent(char *ipath + if (trailing_slash) + *trailing_slash = '\0'; + +- if (stat(inst_parent, &instpbuf) < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", inst_parent); +- free(inst_parent); +- return PAM_SESSION_ERR; +- } ++ dfd = protect_dir(inst_parent, 0, 1, idata); + +- /* +- * Make sure we are dealing with a directory +- */ +- if (!S_ISDIR(instpbuf.st_mode)) { +- pam_syslog(idata->pamh, LOG_ERR, "Instance parent %s is not a dir", +- inst_parent); ++ if (dfd == -1 || fstat(dfd, &instpbuf) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Error creating or accessing instance parent %s, %m", inst_parent); ++ if (dfd != -1) ++ close(dfd); + free(inst_parent); + return PAM_SESSION_ERR; + } + + if ((idata->flags & PAMNS_IGN_INST_PARENT_MODE) == 0) { +- if (instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) { +- pam_syslog(idata->pamh, LOG_ERR, "Mode of inst parent %s not 000", ++ if ((instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) || instpbuf.st_uid != 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Mode of inst parent %s not 000 or owner not root", + inst_parent); ++ close(dfd); + free(inst_parent); + return PAM_SESSION_ERR; + } + } ++ close(dfd); + free(inst_parent); + return PAM_SUCCESS; + } +@@ -1051,6 +1228,8 @@ static int create_polydir(struct polydir + security_context_t dircon, oldcon = NULL; + #endif + const char *dir = polyptr->dir; ++ uid_t uid; ++ gid_t gid; + + if (polyptr->mode != (mode_t)ULONG_MAX) + mode = polyptr->mode; +@@ -1077,8 +1256,8 @@ static int create_polydir(struct polydir + } + #endif + +- rc = mkdir(dir, mode); +- if (rc != 0) { ++ rc = protect_dir(dir, mode, 1, idata); ++ if (rc == -1) { + pam_syslog(idata->pamh, LOG_ERR, + "Error creating directory %s: %m", dir); + return PAM_SESSION_ERR; +@@ -1098,36 +1277,41 @@ static int create_polydir(struct polydir + + if (polyptr->mode != (mode_t)ULONG_MAX) { + /* explicit mode requested */ +- if (chmod(dir, mode) != 0) { ++ if (fchmod(rc, mode) != 0) { + pam_syslog(idata->pamh, LOG_ERR, + "Error changing mode of directory %s: %m", dir); ++ close(rc); ++ umount(dir); /* undo the eventual protection bind mount */ + rmdir(dir); + return PAM_SESSION_ERR; + } + } + +- if (polyptr->owner != (uid_t)ULONG_MAX) { +- if (chown(dir, polyptr->owner, polyptr->group) != 0) { +- pam_syslog(idata->pamh, LOG_ERR, +- "Unable to change owner on directory %s: %m", dir); +- rmdir(dir); +- return PAM_SESSION_ERR; +- } +- if (idata->flags & PAMNS_DEBUG) +- pam_syslog(idata->pamh, LOG_DEBUG, +- "Polydir owner %u group %u from configuration", polyptr->owner, polyptr->group); +- } else { +- if (chown(dir, idata->uid, idata->gid) != 0) { +- pam_syslog(idata->pamh, LOG_ERR, +- "Unable to change owner on directory %s: %m", dir); +- rmdir(dir); +- return PAM_SESSION_ERR; +- } +- if (idata->flags & PAMNS_DEBUG) +- pam_syslog(idata->pamh, LOG_DEBUG, +- "Polydir owner %u group %u", idata->uid, idata->gid); ++ if (polyptr->owner != (uid_t)ULONG_MAX) ++ uid = polyptr->owner; ++ else ++ uid = idata->uid; ++ ++ if (polyptr->group != (gid_t)ULONG_MAX) ++ gid = polyptr->group; ++ else ++ gid = idata->gid; ++ ++ if (fchown(rc, uid, gid) != 0) { ++ pam_syslog(idata->pamh, LOG_ERR, ++ "Unable to change owner on directory %s: %m", dir); ++ close(rc); ++ umount(dir); /* undo the eventual protection bind mount */ ++ rmdir(dir); ++ return PAM_SESSION_ERR; + } + ++ close(rc); ++ ++ if (idata->flags & PAMNS_DEBUG) ++ pam_syslog(idata->pamh, LOG_DEBUG, ++ "Polydir owner %u group %u", uid, gid); ++ + return PAM_SUCCESS; + } + +@@ -1135,17 +1319,16 @@ static int create_polydir(struct polydir + * Create polyinstantiated instance directory (ipath). + */ + #ifdef WITH_SELINUX +-static int create_dirs(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, ++static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, + security_context_t icontext, security_context_t ocontext, + struct instance_data *idata) + #else +-static int create_dirs(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, ++static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, + struct instance_data *idata) + #endif + { + struct stat newstatbuf; + int fd; +- int newdir = 0; + + /* + * Check to make sure instance parent is valid. +@@ -1171,7 +1354,7 @@ static int create_dirs(struct polydir_s + strcpy(ipath, polyptr->instance_prefix); + } else if (mkdir(ipath, S_IRUSR) < 0) { + if (errno == EEXIST) +- goto inst_init; ++ return PAM_IGNORE; + else { + pam_syslog(idata->pamh, LOG_ERR, "Error creating %s, %m", + ipath); +@@ -1179,7 +1362,6 @@ static int create_dirs(struct polydir_s + } + } + +- newdir = 1; + /* Open a descriptor to it to prevent races */ + fd = open(ipath, O_DIRECTORY | O_RDONLY); + if (fd < 0) { +@@ -1235,33 +1417,22 @@ static int create_dirs(struct polydir_s + return PAM_SESSION_ERR; + } + close(fd); +- +- /* +- * Check to see if there is a namespace initialization script in +- * the /etc/security directory. If such a script exists +- * execute it and pass directory to polyinstantiate and instance +- * directory as arguments. +- */ +- +-inst_init: +- if (polyptr->flags & POLYDIR_NOINIT) +- return PAM_SUCCESS; +- +- return inst_init(polyptr, ipath, idata, newdir); ++ return PAM_SUCCESS; + } + + + /* + * This function performs the namespace setup for a particular directory +- * that is being polyinstantiated. It creates an MD5 hash of instance +- * directory, calls create_dirs to create it with appropriate ++ * that is being polyinstantiated. It calls poly_name to create name of instance ++ * directory, calls create_instance to mkdir it with appropriate + * security attributes, and performs bind mount to setup the process + * namespace. + */ + static int ns_setup(struct polydir_s *polyptr, + struct instance_data *idata) + { +- int retval = 0; ++ int retval; ++ int newdir = 1; + char *inst_dir = NULL; + char *instname = NULL; + struct stat statbuf; +@@ -1273,37 +1444,40 @@ static int ns_setup(struct polydir_s *po + pam_syslog(idata->pamh, LOG_DEBUG, + "Set namespace for directory %s", polyptr->dir); + +- while (stat(polyptr->dir, &statbuf) < 0) { +- if (retval || !(polyptr->flags & POLYDIR_CREATE)) { +- pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", +- polyptr->dir); +- return PAM_SESSION_ERR; +- } else { +- if (create_polydir(polyptr, idata) != PAM_SUCCESS) +- return PAM_SESSION_ERR; +- retval = PAM_SESSION_ERR; /* bail out on next failed stat */ +- } +- } ++ retval = protect_dir(polyptr->dir, 0, 0, idata); + +- /* +- * Make sure we are dealing with a directory +- */ +- if (!S_ISDIR(statbuf.st_mode)) { +- pam_syslog(idata->pamh, LOG_ERR, "Polydir %s is not a dir", ++ if (retval < 0 && errno != ENOENT) { ++ pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", + polyptr->dir); +- return PAM_SESSION_ERR; ++ return PAM_SESSION_ERR; + } + ++ if (retval < 0 && (polyptr->flags & POLYDIR_CREATE)) { ++ if (create_polydir(polyptr, idata) != PAM_SUCCESS) ++ return PAM_SESSION_ERR; ++ } else { ++ close(retval); ++ } ++ + if (polyptr->method == TMPFS) { + if (mount("tmpfs", polyptr->dir, "tmpfs", 0, NULL) < 0) { + pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", + polyptr->dir); + return PAM_SESSION_ERR; + } +- /* we must call inst_init after the mount in this case */ ++ ++ if (polyptr->flags & POLYDIR_NOINIT) ++ return PAM_SUCCESS; ++ + return inst_init(polyptr, "tmpfs", idata, 1); + } + ++ if (stat(polyptr->dir, &statbuf) < 0) { ++ pam_syslog(idata->pamh, LOG_ERR, "Error stating %s: %m", ++ polyptr->dir); ++ return PAM_SESSION_ERR; ++ } ++ + /* + * Obtain the name of instance pathname based on the + * polyinstantiation method and instance context returned by +@@ -1341,14 +1515,18 @@ static int ns_setup(struct polydir_s *po + * contexts, owner, group and mode bits. + */ + #ifdef WITH_SELINUX +- retval = create_dirs(polyptr, inst_dir, &statbuf, instcontext, ++ retval = create_instance(polyptr, inst_dir, &statbuf, instcontext, + origcontext, idata); + #else +- retval = create_dirs(polyptr, inst_dir, &statbuf, idata); ++ retval = create_instance(polyptr, inst_dir, &statbuf, idata); + #endif + +- if (retval < 0) { +- pam_syslog(idata->pamh, LOG_ERR, "Error creating instance dir"); ++ if (retval == PAM_IGNORE) { ++ newdir = 0; ++ retval = PAM_SUCCESS; ++ } ++ ++ if (retval != PAM_SUCCESS) { + goto error_out; + } + +@@ -1363,6 +1541,9 @@ static int ns_setup(struct polydir_s *po + goto error_out; + } + ++ if (!(polyptr->flags & POLYDIR_NOINIT)) ++ retval = inst_init(polyptr, inst_dir, idata, newdir); ++ + goto cleanup; + + /* +@@ -1600,12 +1781,21 @@ static int setup_namespace(struct instan + } + } + out: +- if (retval != PAM_SUCCESS) ++ if (retval != PAM_SUCCESS) { ++ cleanup_tmpdirs(idata); ++ unprotect_dirs(idata->protect_dirs); ++ } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, idata->protect_dirs, ++ cleanup_protect_data) != PAM_SUCCESS) { ++ pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace protect data"); + cleanup_tmpdirs(idata); +- else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr, +- cleanup_data) != PAM_SUCCESS) { +- pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace data"); ++ unprotect_dirs(idata->protect_dirs); ++ return PAM_SYSTEM_ERR; ++ } else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr, ++ cleanup_polydir_data) != PAM_SUCCESS) { ++ pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace polydir data"); + cleanup_tmpdirs(idata); ++ pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); ++ idata->protect_dirs = NULL; + return PAM_SYSTEM_ERR; + } + return retval; +@@ -1742,6 +1932,7 @@ PAM_EXTERN int pam_sm_open_session(pam_h + /* init instance data */ + idata.flags = 0; + idata.polydirs_ptr = NULL; ++ idata.protect_dirs = NULL; + idata.pamh = pamh; + #ifdef WITH_SELINUX + if (is_selinux_enabled()) +@@ -1893,6 +2084,7 @@ PAM_EXTERN int pam_sm_close_session(pam_ + } + + pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL); ++ pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); + + return PAM_SUCCESS; + } +diff -up Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h.create Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h +--- Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h.create 2008-02-13 13:49:44.000000000 +0100 ++++ Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h 2008-03-20 18:07:29.000000000 +0100 +@@ -107,6 +107,7 @@ + + #define NAMESPACE_MAX_DIR_LEN 80 + #define NAMESPACE_POLYDIR_DATA "pam_namespace:polydir_data" ++#define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data" + + /* + * Polyinstantiation method options, based on user, security context +@@ -156,9 +157,15 @@ struct polydir_s { + struct polydir_s *next; /* pointer to the next polydir entry */ + }; + ++struct protect_dir_s { ++ char *dir; /* protected directory */ ++ struct protect_dir_s *next; /* next entry */ ++}; ++ + struct instance_data { + pam_handle_t *pamh; /* The pam handle for this instance */ + struct polydir_s *polydirs_ptr; /* The linked list pointer */ ++ struct protect_dir_s *protect_dirs; /* The pointer to stack of mount-protected dirs */ + char user[LOGIN_NAME_MAX]; /* User name */ + char ruser[LOGIN_NAME_MAX]; /* Requesting user name */ + uid_t uid; /* The uid of the user */ +@@ -166,3 +173,4 @@ struct instance_data { + uid_t ruid; /* The uid of the requesting user */ + unsigned long flags; /* Flags for debug, selinux etc */ + }; ++ +diff -up Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml.create Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml +--- Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml.create 2008-02-13 13:49:44.000000000 +0100 ++++ Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml 2008-04-18 14:38:57.000000000 +0200 +@@ -25,8 +25,8 @@ + Directories can be polyinstantiated based on user name + or, in the case of SELinux, user name, sensitivity level or complete security context. If an + executable script /etc/security/namespace.init +- exists, it is used to initialize the namespace every time a new instance +- directory is setup. The script receives the polyinstantiated ++ exists, it is used to initialize the namespace every time an instance ++ directory is set up and mounted. The script receives the polyinstantiated + directory path and the instance directory path as its arguments. + + +diff -up Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml.create Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml +--- Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml.create 2008-02-13 13:49:44.000000000 +0100 ++++ Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml 2008-04-18 14:40:54.000000000 +0200 +@@ -64,11 +64,11 @@ + provides a different instance of itself based on user name, or when + using SELinux, user name, security context or both. If an executable + script /etc/security/namespace.init exists, it +- is used to initialize the namespace every time a new instance +- directory is setup. The script receives the polyinstantiated +- directory path, the instance directory path, flag whether the instance +- directory was newly created (0 for no, 1 for yes), and the user name +- as its arguments. ++ is used to initialize the instance directory after it is set up ++ and mounted on the polyinstantiated direcory. The script receives the ++ polyinstantiated directory path, the instance directory path, flag ++ whether the instance directory was newly created (0 for no, 1 for yes), ++ and the user name as its arguments. + + + diff --git a/pam.changes b/pam.changes index 69a3532..8d55cb3 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + ------------------------------------------------------------------- Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz diff --git a/pam.spec b/pam.spec index 1960504..d631896 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.0.1) +# spec file for package pam (Version 1.0.2) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -34,12 +34,12 @@ BuildRequires: libselinux-devel License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on -Version: 1.0.1 -Release: 26 +Version: 1.0.2 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 -Source1: Linux-PAM-%{version}-docs.tar.bz2 +Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 Source2: securetty Source3: other.pamd Source4: common-auth.pamd @@ -48,6 +48,13 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch: Linux-PAM-docu.diff +Patch1: pam_tally.diff +Patch2: pam_xauth.diff +Patch3: pam_sepermit.diff +Patch4: pam-1.0.1-namespace-create.patch +Patch5: pam-1.0.0-selinux-env-params.patch +Patch6: Linux-PAM-docu-generated.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -89,6 +96,13 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 +%patch -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p0 +%patch6 -p1 %build CFLAGS="$RPM_OPT_FLAGS" \ @@ -290,6 +304,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Fri Aug 29 2008 kukuk@suse.de +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS * Wed Aug 20 2008 prusnak@suse.cz - enabled SELinux support [Fate#303662] * Wed Apr 16 2008 kukuk@suse.de diff --git a/pam_sepermit.diff b/pam_sepermit.diff new file mode 100644 index 0000000..8989421 --- /dev/null +++ b/pam_sepermit.diff @@ -0,0 +1,17 @@ + +2008-04-17 Tomas Mraz + + * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try + to lock if euid != 0. + +--- Linux-PAM-1.0/modules/pam_sepermit/pam_sepermit.c 2008-03-31 12:31:50.000000000 +0200 ++++ Linux-PAM/modules/pam_sepermit/pam_sepermit.c 2008-04-17 16:29:02.000000000 +0200 +@@ -305,7 +305,7 @@ + free(line); + fclose(f); + if (matched) +- return exclusive ? sepermit_lock(pamh, user, debug) : 0; ++ return (geteuid() == 0 && exclusive) ? sepermit_lock(pamh, user, debug) : 0; + else + return -1; + } diff --git a/pam_tally.diff b/pam_tally.diff new file mode 100644 index 0000000..2987152 --- /dev/null +++ b/pam_tally.diff @@ -0,0 +1,173 @@ + +2008-07-09 Thorsten Kukuk + + * modules/pam_tally/pam_tally.c: Add support for silent and + no_log_info options. + * modules/pam_tally/pam_tally.8.xml: Document silent and + no_log_info options. + +--- Linux-PAM-1.0/modules/pam_tally/pam_tally.8.xml 2007-10-10 16:10:07.000000000 +0200 ++++ Linux-PAM/modules/pam_tally/pam_tally.8.xml 2008-08-20 20:56:28.000000000 +0200 +@@ -51,6 +51,12 @@ + + audit + ++ ++ silent ++ ++ ++ no_log_info ++ + + + pam_tally +@@ -150,6 +156,26 @@ + + + ++ ++ ++ ++ ++ ++ ++ Don't print informative messages. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Don't log informative messages via syslog3. ++ ++ ++ + + + +--- Linux-PAM-1.0/modules/pam_tally/pam_tally.c 2007-11-20 11:58:11.000000000 +0100 ++++ Linux-PAM/modules/pam_tally/pam_tally.c 2008-07-16 10:09:02.000000000 +0200 +@@ -97,6 +97,8 @@ + #define OPT_NO_LOCK_TIME 020 + #define OPT_NO_RESET 040 + #define OPT_AUDIT 0100 ++#define OPT_SILENT 0200 ++#define OPT_NOLOGNOTICE 0400 + + + /*---------------------------------------------------------------------*/ +@@ -205,6 +207,12 @@ + else if ( ! strcmp ( *argv, "audit") ) { + opts->ctrl |= OPT_AUDIT; + } ++ else if ( ! strcmp ( *argv, "silent") ) { ++ opts->ctrl |= OPT_SILENT; ++ } ++ else if ( ! strcmp ( *argv, "no_log_info") ) { ++ opts->ctrl |= OPT_NOLOGNOTICE; ++ } + else { + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); + } +@@ -524,12 +532,17 @@ + { + if ( lock_time + oldtime > time(NULL) ) + { +- pam_syslog(pamh, LOG_NOTICE, +- "user %s (%lu) has time limit [%lds left]" +- " since last failure.", +- user, (unsigned long int) uid, +- oldtime+lock_time +- -time(NULL)); ++ if (!(opts->ctrl & OPT_SILENT)) ++ pam_info (pamh, ++ _("Account temporary locked (%lds seconds left)"), ++ oldtime+lock_time-time(NULL)); ++ ++ if (!(opts->ctrl & OPT_NOLOGNOTICE)) ++ pam_syslog (pamh, LOG_NOTICE, ++ "user %s (%lu) has time limit [%lds left]" ++ " since last failure.", ++ user, (unsigned long int) uid, ++ oldtime+lock_time-time(NULL)); + return PAM_AUTH_ERR; + } + } +@@ -545,9 +558,14 @@ + ( tally > deny ) && /* tally>deny means exceeded */ + ( ((opts->ctrl & OPT_DENY_ROOT) || uid) ) /* even_deny stops uid check */ + ) { +- pam_syslog(pamh, LOG_NOTICE, +- "user %s (%lu) tally "TALLY_FMT", deny "TALLY_FMT, +- user, (unsigned long int) uid, tally, deny); ++ if (!(opts->ctrl & OPT_SILENT)) ++ pam_info (pamh, _("Accounted locked due to "TALLY_FMT" failed login"), ++ tally); ++ ++ if (!(opts->ctrl & OPT_NOLOGNOTICE)) ++ pam_syslog(pamh, LOG_NOTICE, ++ "user %s (%lu) tally "TALLY_FMT", deny "TALLY_FMT, ++ user, (unsigned long int) uid, tally, deny); + return PAM_AUTH_ERR; /* Only unconditional failure */ + } + } +@@ -594,7 +612,7 @@ + #ifdef PAM_SM_AUTH + + PAM_EXTERN int +-pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + int +@@ -612,6 +630,9 @@ + if ( rvcheck != PAM_SUCCESS ) + RETURN_ERROR( rvcheck ); + ++ if (flags & PAM_SILENT) ++ opts->ctrl |= OPT_SILENT; ++ + rvcheck = pam_get_uid(pamh, &uid, &user, opts); + if ( rvcheck != PAM_SUCCESS ) + RETURN_ERROR( rvcheck ); +@@ -625,7 +646,7 @@ + } + + PAM_EXTERN int +-pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + int +@@ -643,6 +664,9 @@ + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); + ++ if (flags & PAM_SILENT) ++ opts->ctrl |= OPT_SILENT; ++ + rv = pam_get_uid(pamh, &uid, &user, opts); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); +@@ -667,7 +691,7 @@ + /* To reset failcount of user on successfull login */ + + PAM_EXTERN int +-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + int +@@ -685,6 +709,9 @@ + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); + ++ if (flags & PAM_SILENT) ++ opts->ctrl |= OPT_SILENT; ++ + rv = pam_get_uid(pamh, &uid, &user, opts); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); diff --git a/pam_xauth.diff b/pam_xauth.diff new file mode 100644 index 0000000..25d99c9 --- /dev/null +++ b/pam_xauth.diff @@ -0,0 +1,26 @@ + +2008-04-08 Tomas Mraz + + * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple + calls to sysconf() (based on patch by Sami Farin). + +--- Linux-PAM-1.0/modules/pam_xauth/pam_xauth.c 2007-10-01 11:41:32.000000000 +0200 ++++ Linux-PAM/modules/pam_xauth/pam_xauth.c 2008-06-22 09:47:33.000000000 +0200 +@@ -118,6 +118,7 @@ + size_t j; + char *args[10]; + const char *tmp; ++ int maxopened; + /* Drop privileges. */ + setgid(gid); + setgroups(0, NULL); +@@ -129,7 +130,8 @@ + * descriptors. */ + dup2(ipipe[0], STDIN_FILENO); + dup2(opipe[1], STDOUT_FILENO); +- for (i = 0; i < sysconf(_SC_OPEN_MAX); i++) { ++ maxopened = (int)sysconf(_SC_OPEN_MAX); ++ for (i = 0; i < maxopened; i++) { + if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { + close(i); + } -- 2.51.1 From c6e9103e10855fddefb9f25778e3a76a25685ac811a3d445d2ac647ace268bea Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 26 Sep 2008 13:07:06 +0000 Subject: [PATCH 017/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=17 --- pam.changes | 6 ++++++ pam.spec | 9 +++++++- pam_mail.diff | 49 +++++++++++++++++++++++++++++++++++++++++++ pam_tally-fdleak.diff | 37 ++++++++++++++++++++++++++++++++ 4 files changed, 100 insertions(+), 1 deletion(-) create mode 100644 pam_mail.diff create mode 100644 pam_tally-fdleak.diff diff --git a/pam.changes b/pam.changes index 8d55cb3..569c5f8 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + ------------------------------------------------------------------- Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index d631896..b0c7948 100644 --- a/pam.spec +++ b/pam.spec @@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.2 -Release: 1 +Release: 8 Summary: A Security Tool that Provides Authentication for Applications Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 @@ -55,6 +55,8 @@ Patch3: pam_sepermit.diff Patch4: pam-1.0.1-namespace-create.patch Patch5: pam-1.0.0-selinux-env-params.patch Patch6: Linux-PAM-docu-generated.diff +Patch7: pam_mail.diff +Patch8: pam_tally-fdleak.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -103,6 +105,8 @@ building both PAM-aware applications and modules for use with PAM. %patch4 -p1 %patch5 -p0 %patch6 -p1 +%patch7 -p0 +%patch8 -p0 %build CFLAGS="$RPM_OPT_FLAGS" \ @@ -304,6 +308,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Fri Sep 26 2008 kukuk@suse.de +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option * Fri Aug 29 2008 kukuk@suse.de - Update to version 1.0.2 (fix SELinux regression) - enhance pam_tally [FATE#303753] diff --git a/pam_mail.diff b/pam_mail.diff new file mode 100644 index 0000000..abeb915 --- /dev/null +++ b/pam_mail.diff @@ -0,0 +1,49 @@ +2008-09-25 Thorsten Kukuk + + * modules/pam_mail/pam_mail.c (report_mail): Fix logic of + "quiet" option (Patch from Andreas Henriksson ) + + * modules/pam_mail/pam_mail.8.xml: Fix typo. + +diff -u -r1.5 pam_mail.8.xml +--- modules/pam_mail/pam_mail.8.xml 18 Aug 2008 13:29:24 -0000 1.5 ++++ modules/pam_mail/pam_mail.8.xml 25 Sep 2008 11:51:29 -0000 +@@ -40,7 +40,7 @@ + nopen + + +- quit ++ quiet + + + standard +--- modules/pam_mail/pam_mail.c 30 Apr 2007 10:56:24 -0000 1.19 ++++ modules/pam_mail/pam_mail.c 25 Sep 2008 11:51:29 -0000 +@@ -303,8 +303,13 @@ + { + int retval; + +- if (!(ctrl & PAM_MAIL_SILENT) || +- ((ctrl & PAM_QUIET_MAIL) && type == HAVE_NEW_MAIL)) ++ if ((ctrl & PAM_MAIL_SILENT) || ++ ((ctrl & PAM_QUIET_MAIL) && type != HAVE_NEW_MAIL)) ++ { ++ D(("keeping quiet")); ++ retval = PAM_SUCCESS; ++ } ++ else + { + if (ctrl & PAM_STANDARD_MAIL) + switch (type) +@@ -345,11 +350,6 @@ + break; + } + } +- else +- { +- D(("keeping quiet")); +- retval = PAM_SUCCESS; +- } + + D(("returning %s", pam_strerror(pamh, retval))); + return retval; diff --git a/pam_tally-fdleak.diff b/pam_tally-fdleak.diff new file mode 100644 index 0000000..153256d --- /dev/null +++ b/pam_tally-fdleak.diff @@ -0,0 +1,37 @@ +2008-09-25 Tomas Mraz + + * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message. + (tally_check): Open faillog read only. Close file descriptor. + Fix typos in messages. + +--- modules/pam_tally/pam_tally.c 9 Jul 2008 12:23:23 -0000 1.30 ++++ modules/pam_tally/pam_tally.c 19 Sep 2008 12:29:21 -0000 +@@ -350,7 +350,7 @@ get_tally(pam_handle_t *pamh, tally_t *t + } + + if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) { +- pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename); ++ pam_syslog(pamh, LOG_ALERT, "Error opening %s for %s", filename, *tally!=TALLY_HI?"update":"read"); + + /* Discovering why account service fails: e/uid are target user. + * +@@ -504,7 +504,7 @@ tally_check (time_t oldtime, pam_handle_ + tally_t + deny = opts->deny; + tally_t +- tally = 0; /* !TALLY_HI --> Log opened for update */ ++ tally = TALLY_HI; + long + lock_time = opts->lock_time; + +@@ -515,6 +515,10 @@ tally_check (time_t oldtime, pam_handle_ + i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp); + if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); } + ++ if ( TALLY != NULL ) { ++ fclose(TALLY); ++ } ++ + if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) { /* magic_root skips tally check */ + + /* To deny or not to deny; that is the question */ -- 2.51.1 From 43d230bb77f2d14977cf2d060cb8351af453d5467964b56ca812f5303e478a6e Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Sat, 11 Oct 2008 22:27:19 +0000 Subject: [PATCH 018/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=18 --- Linux-PAM-1.0.2-SUSE-docs.tar.bz2 | 4 +- Linux-PAM-docu.diff | 25 - pam.changes | 6 + pam.spec | 16 +- pam_lastlog.diff | 325 ++++++ pam_pwhistory-0.1.diff | 1725 +++++++++++++++++++++++++++++ 6 files changed, 2072 insertions(+), 29 deletions(-) create mode 100644 pam_lastlog.diff create mode 100644 pam_pwhistory-0.1.diff diff --git a/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 b/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 index 13eac9b..85035f6 100644 --- a/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 +++ b/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2edaf8a8c29b7a214f99871aeb19a427c4a368604bc40281c655adfffb7852bc -size 475385 +oid sha256:bd4474f01ec6fcb5e8af676b8aa5677a8784f5a027eaca0b64875d5d1dc467f3 +size 477831 diff --git a/Linux-PAM-docu.diff b/Linux-PAM-docu.diff index d1a460a..bd2f5b3 100644 --- a/Linux-PAM-docu.diff +++ b/Linux-PAM-docu.diff @@ -944,31 +944,6 @@ , - pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_lastlog/pam_lastlog.8.xml 2006-06-09 18:44:07.000000000 +0200 -+++ Linux-PAM/modules/pam_lastlog/pam_lastlog.8.xml 2008-08-20 20:56:26.000000000 +0200 -@@ -140,10 +140,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -213,7 +213,7 @@ - pam.conf5 - , - -- pam.d8 + pam.d5 , diff --git a/pam.changes b/pam.changes index 569c5f8..a0bc560 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + ------------------------------------------------------------------- Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index b0c7948..b8d91f0 100644 --- a/pam.spec +++ b/pam.spec @@ -35,9 +35,8 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.2 -Release: 8 +Release: 9 Summary: A Security Tool that Provides Authentication for Applications -Obsoletes: pam-laus Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 Source2: securetty @@ -57,6 +56,8 @@ Patch5: pam-1.0.0-selinux-env-params.patch Patch6: Linux-PAM-docu-generated.diff Patch7: pam_mail.diff Patch8: pam_tally-fdleak.diff +Patch9: pam_pwhistory-0.1.diff +Patch10: pam_lastlog.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -107,8 +108,15 @@ building both PAM-aware applications and modules for use with PAM. %patch6 -p1 %patch7 -p0 %patch8 -p0 +%patch9 -p0 +chmod 755 modules/pam_pwhistory/tst-pam_pwhistory +%patch10 -p0 %build +aclocal -I m4 --install --force +libtoolize --force --automake --copy +automake --add-missing --copy +autoreconf CFLAGS="$RPM_OPT_FLAGS" \ ./configure \ --infodir=%{_infodir} \ @@ -263,6 +271,7 @@ rm -rf $RPM_BUILD_ROOT %endif /%{_lib}/security/pam_nologin.so /%{_lib}/security/pam_permit.so +/%{_lib}/security/pam_pwhistory.so /%{_lib}/security/pam_rhosts.so /%{_lib}/security/pam_rootok.so /%{_lib}/security/pam_securetty.so @@ -308,6 +317,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Sat Oct 11 2008 kukuk@suse.de +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview * Fri Sep 26 2008 kukuk@suse.de - pam_tally: fix fd leak - pam_mail: fix "quiet" option diff --git a/pam_lastlog.diff b/pam_lastlog.diff new file mode 100644 index 0000000..80c6de4 --- /dev/null +++ b/pam_lastlog.diff @@ -0,0 +1,325 @@ +2008-09-30 Tomas Mraz + + * modules/pam_lastlog/pam_lastlog.8.xml: Document new options + noupdate and showfailed. + * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new + options. + (last_login_read): New output parameter lltime. Do not display + the last login message if it would be empty. + (last_login_date): New output parameter lltime. Do not write the + last login info when LASTLOG_UPDATE is not set. + (last_login_failed): New function to display the last bad login + attempt from btmp. + (pam_sm_open_session): Obtain lltime from last_login_date() and + call last_login_failed() when appropriate. + +--- modules/pam_lastlog/pam_lastlog.8.xml 9 Jun 2006 16:44:07 -0000 1.2 ++++ modules/pam_lastlog/pam_lastlog.8.xml 30 Sep 2008 14:40:39 -0000 1.5 +@@ -39,6 +39,12 @@ + + nowtmp + ++ ++ noupdate ++ ++ ++ showfailed ++ + + + +@@ -137,13 +143,35 @@ + + + ++ ++ ++ ++ ++ ++ ++ Don't update any file. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Display number of failed login attempts and the date of the ++ last failed attempt from btmp. The date is not displayed ++ when is specified. ++ ++ ++ + + + +- +- MODULE SERVICES PROVIDED ++ ++ MODULE TYPES PROVIDED + +- Only the service is supported. ++ Only the module type is provided. + + + +@@ -213,7 +241,7 @@ + pam.conf5 + , + +- pam.d8 ++ pam.d5 + , + + pam8 +--- modules/pam_lastlog/pam_lastlog.c 24 Aug 2006 18:29:30 -0000 1.23 ++++ modules/pam_lastlog/pam_lastlog.c 30 Sep 2008 14:40:39 -0000 1.24 +@@ -46,6 +46,10 @@ + }; + #endif /* hpux */ + ++#ifndef _PATH_BTMP ++# define _PATH_BTMP "/var/log/btmp" ++#endif ++ + /* XXX - time before ignoring lock. Is 1 sec enough? */ + #define LASTLOG_IGNORE_LOCK_TIME 1 + +@@ -75,11 +79,13 @@ + #define LASTLOG_DEBUG 020 /* send info to syslog(3) */ + #define LASTLOG_QUIET 040 /* keep quiet about things */ + #define LASTLOG_WTMP 0100 /* log to wtmp as well as lastlog */ ++#define LASTLOG_BTMP 0200 /* display failed login info from btmp */ ++#define LASTLOG_UPDATE 0400 /* update the lastlog and wtmp files (default) */ + + static int + _pam_parse(pam_handle_t *pamh, int flags, int argc, const char **argv) + { +- int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP); ++ int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE); + + /* does the appliction require quiet? */ + if (flags & PAM_SILENT) { +@@ -105,6 +111,10 @@ + ctrl |= LASTLOG_NEVER; + } else if (!strcmp(*argv,"nowtmp")) { + ctrl &= ~LASTLOG_WTMP; ++ } else if (!strcmp(*argv,"noupdate")) { ++ ctrl &= ~(LASTLOG_WTMP|LASTLOG_UPDATE); ++ } else if (!strcmp(*argv,"showfailed")) { ++ ctrl |= LASTLOG_BTMP; + } else { + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); + } +@@ -135,7 +145,7 @@ + } + + static int +-last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid) ++last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t *lltime) + { + struct flock last_lock; + struct lastlog last_login; +@@ -166,6 +176,7 @@ + last_lock.l_type = F_UNLCK; + (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */ + ++ *lltime = last_login.ll_time; + if (!last_login.ll_time) { + if (announce & LASTLOG_DEBUG) { + pam_syslog(pamh, LOG_DEBUG, +@@ -216,8 +227,9 @@ + } + } + +- /* TRANSLATORS: "Last login: from on " */ +- retval = pam_info(pamh, _("Last login:%s%s%s"), ++ if (date != NULL || host != NULL || line != NULL) ++ /* TRANSLATORS: "Last login: from on " */ ++ retval = pam_info(pamh, _("Last login:%s%s%s"), + date ? date : "", + host ? host : "", + line ? line : ""); +@@ -320,13 +332,13 @@ + } + + static int +-last_login_date(pam_handle_t *pamh, int announce, uid_t uid, const char *user) ++last_login_date(pam_handle_t *pamh, int announce, uid_t uid, const char *user, time_t *lltime) + { + int retval; + int last_fd; + + /* obtain the last login date and all the relevant info */ +- last_fd = open(_PATH_LASTLOG, O_RDWR); ++ last_fd = open(_PATH_LASTLOG, announce&LASTLOG_UPDATE ? O_RDWR : O_RDONLY); + if (last_fd < 0) { + if (errno == ENOENT) { + last_fd = open(_PATH_LASTLOG, O_RDWR|O_CREAT, +@@ -353,7 +365,7 @@ + return PAM_SERVICE_ERR; + } + +- retval = last_login_read(pamh, announce, last_fd, uid); ++ retval = last_login_read(pamh, announce, last_fd, uid, lltime); + if (retval != PAM_SUCCESS) + { + close(last_fd); +@@ -361,7 +373,9 @@ + return retval; + } + +- retval = last_login_write(pamh, announce, last_fd, uid, user); ++ if (announce & LASTLOG_UPDATE) { ++ retval = last_login_write(pamh, announce, last_fd, uid, user); ++ } + + close(last_fd); + D(("all done with last login")); +@@ -369,6 +383,121 @@ + return retval; + } + ++static int ++last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t lltime) ++{ ++ int retval; ++ int fd; ++ struct utmp ut; ++ struct utmp utuser; ++ int failed = 0; ++ char the_time[256]; ++ char *date = NULL; ++ char *host = NULL; ++ char *line = NULL; ++ ++ if (strlen(user) > UT_NAMESIZE) { ++ pam_syslog(pamh, LOG_WARNING, "username too long, output might be inaccurate"); ++ } ++ ++ /* obtain the failed login attempt records from btmp */ ++ fd = open(_PATH_BTMP, O_RDONLY); ++ if (fd < 0) { ++ pam_syslog(pamh, LOG_ERR, "unable to open %s: %m", _PATH_BTMP); ++ D(("unable to open %s file", _PATH_BTMP)); ++ return PAM_SERVICE_ERR; ++ } ++ ++ while ((retval=pam_modutil_read(fd, (void *)&ut, ++ sizeof(ut))) == sizeof(ut)) { ++ if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { ++ memcpy(&utuser, &ut, sizeof(utuser)); ++ failed++; ++ } ++ } ++ ++ if (failed) { ++ /* we want the date? */ ++ if (announce & LASTLOG_DATE) { ++ struct tm *tm, tm_buf; ++ time_t lf_time; ++ ++ lf_time = utuser.ut_tv.tv_sec; ++ tm = localtime_r (&lf_time, &tm_buf); ++ strftime (the_time, sizeof (the_time), ++ /* TRANSLATORS: "strftime options for date of last login" */ ++ _(" %a %b %e %H:%M:%S %Z %Y"), tm); ++ ++ date = the_time; ++ } ++ ++ /* we want & have the host? */ ++ if ((announce & LASTLOG_HOST) ++ && (utuser.ut_host[0] != '\0')) { ++ /* TRANSLATORS: " from " */ ++ if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE, ++ utuser.ut_host) < 0) { ++ pam_syslog(pamh, LOG_ERR, "out of memory"); ++ retval = PAM_BUF_ERR; ++ goto cleanup; ++ } ++ } ++ ++ /* we want and have the terminal? */ ++ if ((announce & LASTLOG_LINE) ++ && (utuser.ut_line[0] != '\0')) { ++ /* TRANSLATORS: " on " */ ++ if (asprintf(&line, _(" on %.*s"), UT_LINESIZE, ++ utuser.ut_line) < 0) { ++ pam_syslog(pamh, LOG_ERR, "out of memory"); ++ retval = PAM_BUF_ERR; ++ goto cleanup; ++ } ++ } ++ ++ if (line != NULL || date != NULL || host != NULL) { ++ /* TRANSLATORS: "Last failed login: from on " */ ++ pam_info(pamh, _("Last failed login:%s%s%s"), ++ date ? date : "", ++ host ? host : "", ++ line ? line : ""); ++ } ++ ++ _pam_drop(line); ++#if defined HAVE_DNGETTEXT && defined ENABLE_NLS ++ retval = asprintf (&line, dngettext(PACKAGE, ++ "There was %d failed login attempt since the last successful login.", ++ "There were %d failed login attempts since the last successful login.", ++ failed), ++ failed); ++#else ++ if (daysleft == 1) ++ retval = asprintf(&line, ++ _("There was %d failed login attempt since the last successful login."), ++ failed); ++ else ++ retval = asprintf(&line, ++ /* TRANSLATORS: only used if dngettext is not supported */ ++ _("There were %d failed login attempts since the last successful login."), ++ failed); ++#endif ++ if (retval >= 0) ++ retval = pam_info(pamh, "%s", line); ++ else { ++ retval = PAM_BUF_ERR; ++ line = NULL; ++ } ++ } ++ ++cleanup: ++ free(host); ++ free(line); ++ close(fd); ++ D(("all done with btmp")); ++ ++ return retval; ++} ++ + /* --- authentication management functions (only) --- */ + + PAM_EXTERN int +@@ -379,6 +508,7 @@ + const void *user; + const struct passwd *pwd; + uid_t uid; ++ time_t lltime = 0; + + /* + * this module gets the uid of the PAM_USER. Uses it to display +@@ -407,7 +537,11 @@ + + /* process the current login attempt (indicate last) */ + +- retval = last_login_date(pamh, ctrl, uid, user); ++ retval = last_login_date(pamh, ctrl, uid, user, &lltime); ++ ++ if ((ctrl & LASTLOG_BTMP) && retval == PAM_SUCCESS) { ++ retval = last_login_failed(pamh, ctrl, user, lltime); ++ } + + /* indicate success or failure */ + diff --git a/pam_pwhistory-0.1.diff b/pam_pwhistory-0.1.diff new file mode 100644 index 0000000..692696b --- /dev/null +++ b/pam_pwhistory-0.1.diff @@ -0,0 +1,1725 @@ +2008-10-10 Thorsten Kukuk + + * configure.in: add modules/pam_pwhistory/Makefile. + * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. + * doc/sag/pam_pwhistory.xml: New. + * libpam/pam_static_modules.h: Add pam_pwhistory data. + * modules/Makefile.am: Add pam_pwhistory directory. + * modules/pam_pwhistory/Makefile.am: New. + * modules/pam_pwhistory/README.xml: New. + * modules/pam_pwhistory/opasswd.c: New. + * modules/pam_pwhistory/opasswd.h: New. + * modules/pam_pwhistory/pam_pwhistory.8.xml: New. + * modules/pam_pwhistory/pam_pwhistory.c: New. + * modules/pam_pwhistory/tst-pam_pwhistory: New. + * xtests/Makefile.am: New. + * xtests/run-xtests.sh: New. + * xtests/tst-pam_pwhistory1.c: New. + * xtests/tst-pam_pwhistory1.pamd: New. + * xtests/tst-pam_pwhistory1.sh: New. + * po/POTFILES.in: Add modules/pam_pwhistory/. + +--- configure.in 18 Aug 2008 13:29:21 -0000 1.126 ++++ configure.in 10 Oct 2008 06:52:40 -0000 +@@ -542,7 +542,7 @@ + modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile \ + modules/pam_namespace/Makefile \ + modules/pam_nologin/Makefile modules/pam_permit/Makefile \ +- modules/pam_rhosts/Makefile \ ++ modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile \ + modules/pam_rootok/Makefile modules/pam_exec/Makefile \ + modules/pam_securetty/Makefile modules/pam_selinux/Makefile \ + modules/pam_sepermit/Makefile \ +--- doc/sag/Linux-PAM_SAG.xml 4 Apr 2008 10:23:00 -0000 1.8 ++++ doc/sag/Linux-PAM_SAG.xml 10 Oct 2008 06:52:40 -0000 +@@ -443,6 +443,8 @@ + + ++ + +Index: doc/sag/pam_pwhistory.xml +=================================================================== +RCS file: doc/sag/pam_pwhistory.xml +diff -N doc/sag/pam_pwhistory.xml +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ doc/sag/pam_pwhistory.xml 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,38 @@ ++ ++ ++
++ pam_pwhistory - grant access using .pwhistory file ++ ++ ++ ++
++ ++
++
++ ++
++
++ ++
++
++ ++
++
++ ++
++
++ ++
++
++ ++
++
+Index: libpam/pam_static_modules.h +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_static_modules.h,v +retrieving revision 1.8 +diff -u -r1.8 pam_static_modules.h +--- libpam/pam_static_modules.h 4 Feb 2008 13:37:35 -0000 1.8 ++++ libpam/pam_static_modules.h 10 Oct 2008 06:52:40 -0000 +@@ -61,6 +61,7 @@ + #endif + extern struct pam_module _pam_nologin_modstruct; + extern struct pam_module _pam_permit_modstruct; ++extern struct pam_module _pam_pwhistory_modstruct; + extern struct pam_module _pam_rhosts_modstruct; + extern struct pam_module _pam_rhosts_auth_modstruct; + extern struct pam_module _pam_rootok_modstruct; +@@ -119,6 +120,7 @@ + #endif + &_pam_nologin_modstruct, + &_pam_permit_modstruct, ++ &_pam_pwhistory_modstruct, + &_pam_rhosts_modstruct, + &_pam_rhosts_auth_modstruct, + &_pam_rootok_modstruct, +Index: modules/Makefile.am +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/Makefile.am,v +retrieving revision 1.14 +diff -u -r1.14 Makefile.am +--- modules/Makefile.am 4 Feb 2008 14:00:20 -0000 1.14 ++++ modules/Makefile.am 10 Oct 2008 06:52:40 -0000 +@@ -1,15 +1,16 @@ + # +-# Copyright (c) 2005, 2006 Thorsten Kukuk ++# Copyright (c) 2005, 2006, 2008 Thorsten Kukuk + # + + SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ +- pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \ +- pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \ +- pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \ +- pam_securetty pam_selinux pam_sepermit pam_shells pam_stress \ ++ pam_env pam_exec pam_faildelay pam_filter pam_ftp \ ++ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ ++ pam_listfile pam_localuser pam_loginuid pam_mail \ ++ pam_mkhomedir pam_motd pam_namespace pam_nologin \ ++ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ ++ pam_selinux pam_sepermit pam_shells pam_stress \ + pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \ +- pam_unix pam_userdb pam_warn pam_wheel pam_xauth pam_exec \ +- pam_namespace pam_loginuid pam_faildelay ++ pam_unix pam_userdb pam_warn pam_wheel pam_xauth + + CLEANFILES = *~ + +Index: modules/pam_pwhistory/.cvsignore +=================================================================== +RCS file: modules/pam_pwhistory/.cvsignore +diff -N modules/pam_pwhistory/.cvsignore +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/.cvsignore 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,8 @@ ++*.la ++*.lo ++.deps ++.libs ++Makefile ++Makefile.in ++README ++pam_pwhistory.8 +Index: modules/pam_pwhistory/Makefile.am +=================================================================== +RCS file: modules/pam_pwhistory/Makefile.am +diff -N modules/pam_pwhistory/Makefile.am +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/Makefile.am 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,35 @@ ++# ++# Copyright (c) 2008 Thorsten Kukuk ++# ++ ++CLEANFILES = *~ ++ ++EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory ++ ++TESTS = tst-pam_pwhistory ++ ++man_MANS = pam_pwhistory.8 ++ ++XMLS = README.xml pam_pwhistory.8.xml ++ ++securelibdir = $(SECUREDIR) ++secureconfdir = $(SCONFIGDIR) ++ ++AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include ++AM_LDFLAGS = -no-undefined -avoid-version -module ++if HAVE_VERSIONING ++ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map ++endif ++ ++noinst_HEADERS = opasswd.h ++ ++securelib_LTLIBRARIES = pam_pwhistory.la ++pam_pwhistory_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBCRYPT@ ++pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c ++ ++if ENABLE_REGENERATE_MAN ++noinst_DATA = README ++README: pam_pwhistory.8.xml ++-include $(top_srcdir)/Make.xml.rules ++endif ++ +Index: modules/pam_pwhistory/README.xml +=================================================================== +RCS file: modules/pam_pwhistory/README.xml +diff -N modules/pam_pwhistory/README.xml +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/README.xml 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,41 @@ ++ ++ ++--> ++]> ++ ++
++ ++ ++ ++ ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="pam_pwhistory.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_pwhistory-name"]/*)'/> ++ ++ ++ ++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
+Index: modules/pam_pwhistory/opasswd.c +=================================================================== +RCS file: modules/pam_pwhistory/opasswd.c +diff -N modules/pam_pwhistory/opasswd.c +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/opasswd.c 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,473 @@ ++/* ++ * Copyright (c) 2008 Thorsten Kukuk ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#if defined(HAVE_CONFIG_H) ++#include ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#if defined (HAVE_XCRYPT_H) ++#include ++#elif defined (HAVE_CRYPT_H) ++#include ++#endif ++ ++#include ++#include ++ ++#include "opasswd.h" ++ ++#ifndef RANDOM_DEVICE ++#define RANDOM_DEVICE "/dev/urandom" ++#endif ++ ++#define OLD_PASSWORDS_FILE "/etc/security/opasswd" ++#define TMP_PASSWORDS_FILE OLD_PASSWORDS_FILE".tmpXXXXXX" ++ ++#define DEFAULT_BUFLEN 4096 ++ ++typedef struct { ++ char *user; ++ char *uid; ++ int count; ++ char *old_passwords; ++} opwd; ++ ++ ++static int ++parse_entry (char *line, opwd *data) ++{ ++ const char delimiters[] = ":"; ++ char *endptr; ++ ++ data->user = strsep (&line, delimiters); ++ data->uid = strsep (&line, delimiters); ++ data->count = strtol (strsep (&line, delimiters), &endptr, 10); ++ if (endptr != NULL && *endptr != '\0') ++ return 1; ++ ++ data->old_passwords = strsep (&line, delimiters); ++ ++ return 0; ++} ++ ++/* Check, if the new password is already in the opasswd file. */ ++int ++check_old_password (pam_handle_t *pamh, const char *user, ++ const char *newpass, int debug) ++{ ++ int retval = PAM_SUCCESS; ++ FILE *oldpf; ++ char *buf = NULL; ++ size_t buflen = 0; ++ opwd entry; ++ int found = 0; ++ ++ if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) ++ { ++ if (errno != ENOENT) ++ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", OLD_PASSWORDS_FILE); ++ return PAM_SUCCESS; ++ } ++ ++ while (!feof (oldpf)) ++ { ++ char *cp, *tmp; ++#if defined(HAVE_GETLINE) ++ ssize_t n = getline (&buf, &buflen, oldpf); ++#elif defined (HAVE_GETDELIM) ++ ssize_t n = getdelim (&buf, &buflen, '\n', oldpf); ++#else ++ ssize_t n; ++ ++ if (buf == NULL) ++ { ++ buflen = DEFAULT_BUFLEN; ++ buf = malloc (buflen); ++ if (buf == NULL) ++ return PAM_BUF_ERR; ++ } ++ buf[0] = '\0'; ++ fgets (buf, buflen - 1, oldpf); ++ n = strlen (buf); ++#endif /* HAVE_GETLINE / HAVE_GETDELIM */ ++ cp = buf; ++ ++ if (n < 1) ++ break; ++ ++ tmp = strchr (cp, '#'); /* remove comments */ ++ if (tmp) ++ *tmp = '\0'; ++ while (isspace ((int)*cp)) /* remove spaces and tabs */ ++ ++cp; ++ if (*cp == '\0') /* ignore empty lines */ ++ continue; ++ ++ if (cp[strlen (cp) - 1] == '\n') ++ cp[strlen (cp) - 1] = '\0'; ++ ++ if (strncmp (cp, user, strlen (user)) == 0 && ++ cp[strlen (user)] == ':') ++ { ++ /* We found the line we needed */ ++ if (parse_entry (cp, &entry) == 0) ++ { ++ found = 1; ++ break; ++ } ++ } ++ } ++ ++ fclose (oldpf); ++ ++ if (found) ++ { ++ const char delimiters[] = ","; ++ struct crypt_data output; ++ char *running; ++ char *oldpass; ++ ++ memset (&output, 0, sizeof (output)); ++ ++ running = strdupa (entry.old_passwords); ++ if (running == NULL) ++ return PAM_BUF_ERR; ++ ++ do { ++ oldpass = strsep (&running, delimiters); ++ if (oldpass && strlen (oldpass) > 0 && ++ strcmp (crypt_r (newpass, oldpass, &output), oldpass) == 0) ++ { ++ if (debug) ++ pam_syslog (pamh, LOG_DEBUG, "New password already used"); ++ retval = PAM_AUTHTOK_ERR; ++ break; ++ } ++ } while (oldpass != NULL); ++ } ++ ++ if (buf) ++ free (buf); ++ ++ return retval; ++} ++ ++int ++save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, ++ const char *oldpass, int howmany, int debug UNUSED) ++{ ++ char opasswd_tmp[] = TMP_PASSWORDS_FILE; ++ struct stat opasswd_stat; ++ FILE *oldpf, *newpf; ++ int newpf_fd; ++ int do_create = 0; ++ int retval = PAM_SUCCESS; ++ char *buf = NULL; ++ size_t buflen = 0; ++ int found = 0; ++ ++ if (howmany <= 0) ++ return PAM_SUCCESS; ++ ++ if (oldpass == NULL || *oldpass == '\0') ++ return PAM_SUCCESS; ++ ++ if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) ++ { ++ if (errno == ENOENT) ++ { ++ pam_syslog (pamh, LOG_NOTICE, "Creating %s", ++ OLD_PASSWORDS_FILE); ++ do_create = 1; ++ } ++ else ++ { ++ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", ++ OLD_PASSWORDS_FILE); ++ return PAM_AUTHTOK_ERR; ++ } ++ } ++ else if (fstat (fileno (oldpf), &opasswd_stat) < 0) ++ { ++ pam_syslog (pamh, LOG_ERR, "Cannot stat %s: %m", OLD_PASSWORDS_FILE); ++ fclose (oldpf); ++ return PAM_AUTHTOK_ERR; ++ } ++ ++ /* Open a temp passwd file */ ++ newpf_fd = mkstemp (opasswd_tmp); ++ if (newpf_fd == -1) ++ { ++ pam_syslog (pamh, LOG_ERR, "Cannot create %s temp file: %m", ++ OLD_PASSWORDS_FILE); ++ fclose (oldpf); ++ return PAM_AUTHTOK_ERR; ++ } ++ if (do_create) ++ { ++ if (fchmod (newpf_fd, S_IRUSR|S_IWUSR) != 0) ++ pam_syslog (pamh, LOG_ERR, ++ "Cannot set permissions of %s temp file: %m", ++ OLD_PASSWORDS_FILE); ++ if (fchown (newpf_fd, 0, 0) != 0) ++ pam_syslog (pamh, LOG_ERR, ++ "Cannot set owner/group of %s temp file: %m", ++ OLD_PASSWORDS_FILE); ++ } ++ else ++ { ++ if (fchmod (newpf_fd, opasswd_stat.st_mode) != 0) ++ pam_syslog (pamh, LOG_ERR, ++ "Cannot set permissions of %s temp file: %m", ++ OLD_PASSWORDS_FILE); ++ if (fchown (newpf_fd, opasswd_stat.st_uid, opasswd_stat.st_gid) != 0) ++ pam_syslog (pamh, LOG_ERR, ++ "Cannot set owner/group of %s temp file: %m", ++ OLD_PASSWORDS_FILE); ++ } ++ newpf = fdopen (newpf_fd, "w+"); ++ if (newpf == NULL) ++ { ++ pam_syslog (pamh, LOG_ERR, "Cannot fdopen %s: %m", opasswd_tmp); ++ fclose (oldpf); ++ close (newpf_fd); ++ retval = PAM_AUTHTOK_ERR; ++ goto error_opasswd; ++ } ++ ++ if (!do_create) ++ while (!feof (oldpf)) ++ { ++ char *cp, *tmp, *save; ++#if defined(HAVE_GETLINE) ++ ssize_t n = getline (&buf, &buflen, oldpf); ++#elif defined (HAVE_GETDELIM) ++ ssize_t n = getdelim (&buf, &buflen, '\n', oldpf); ++#else ++ ssize_t n; ++ ++ if (buf == NULL) ++ { ++ buflen = DEFAULT_BUFLEN; ++ buf = malloc (buflen); ++ if (buf == NULL) ++ return PAM_BUF_ERR; ++ ++ } ++ buf[0] = '\0'; ++ fgets (buf, buflen - 1, oldpf); ++ n = strlen (buf); ++#endif /* HAVE_GETLINE / HAVE_GETDELIM */ ++ ++ cp = buf; ++ save = strdup (buf); /* Copy to write the original data back. */ ++ if (save == NULL) ++ return PAM_BUF_ERR; ++ ++ if (n < 1) ++ break; ++ ++ tmp = strchr (cp, '#'); /* remove comments */ ++ if (tmp) ++ *tmp = '\0'; ++ while (isspace ((int)*cp)) /* remove spaces and tabs */ ++ ++cp; ++ if (*cp == '\0') /* ignore empty lines */ ++ goto write_old_data; ++ ++ if (cp[strlen (cp) - 1] == '\n') ++ cp[strlen (cp) - 1] = '\0'; ++ ++ if (strncmp (cp, user, strlen (user)) == 0 && ++ cp[strlen (user)] == ':') ++ { ++ /* We found the line we needed */ ++ opwd entry; ++ ++ if (parse_entry (cp, &entry) == 0) ++ { ++ char *out = NULL; ++ ++ found = 1; ++ ++ /* Don't save the current password twice */ ++ if (entry.old_passwords) ++ { ++ /* there is only one password */ ++ if (strcmp (entry.old_passwords, oldpass) == 0) ++ goto write_old_data; ++ else ++ { ++ /* check last entry */ ++ cp = strstr (entry.old_passwords, oldpass); ++ ++ if (cp && strcmp (cp, oldpass) == 0) ++ { /* the end is the same, check that there ++ is a "," before. */ ++ --cp; ++ if (*cp == ',') ++ goto write_old_data; ++ } ++ } ++ } ++ ++ /* increase count. */ ++ entry.count++; ++ ++ /* check that we don't remember to many passwords. */ ++ while (entry.count > howmany) ++ { ++ char *p = strpbrk (entry.old_passwords, ","); ++ if (p != NULL) ++ entry.old_passwords = ++p; ++ entry.count--; ++ } ++ ++ if (entry.old_passwords == NULL) ++ { ++ if (asprintf (&out, "%s:%s:%d:%s\n", ++ entry.user, entry.uid, entry.count, ++ oldpass) < 0) ++ { ++ retval = PAM_AUTHTOK_ERR; ++ fclose (oldpf); ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ } ++ else ++ { ++ if (asprintf (&out, "%s:%si%d:%s,%s\n", ++ entry.user, entry.uid, entry.count, ++ entry.old_passwords, oldpass) < 0) ++ { ++ retval = PAM_AUTHTOK_ERR; ++ fclose (oldpf); ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ } ++ ++ if (fputs (out, newpf) < 0) ++ { ++ free (out); ++ free (save); ++ retval = PAM_AUTHTOK_ERR; ++ fclose (oldpf); ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ free (out); ++ } ++ } ++ else ++ { ++ write_old_data: ++ if (fputs (save, newpf) < 0) ++ { ++ free (save); ++ retval = PAM_AUTHTOK_ERR; ++ fclose (oldpf); ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ } ++ free (save); ++ } ++ ++ if (!found) ++ { ++ char *out; ++ ++ if (asprintf (&out, "%s:%d:1:%s\n", user, uid, oldpass) < 0) ++ { ++ retval = PAM_AUTHTOK_ERR; ++ if (oldpf) ++ fclose (oldpf); ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ if (fputs (out, newpf) < 0) ++ { ++ free (out); ++ retval = PAM_AUTHTOK_ERR; ++ if (oldpf) ++ fclose (oldpf); ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ free (out); ++ } ++ ++ if (oldpf) ++ if (fclose (oldpf) != 0) ++ { ++ pam_syslog (pamh, LOG_ERR, "Error while closing old opasswd file: %m"); ++ retval = PAM_AUTHTOK_ERR; ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ ++ if (fclose (newpf) != 0) ++ { ++ pam_syslog (pamh, LOG_ERR, ++ "Error while closing temporary opasswd file: %m"); ++ retval = PAM_AUTHTOK_ERR; ++ goto error_opasswd; ++ } ++ ++ unlink (OLD_PASSWORDS_FILE".old"); ++ if (link (OLD_PASSWORDS_FILE, OLD_PASSWORDS_FILE".old") != 0 && ++ errno != ENOENT) ++ pam_syslog (pamh, LOG_ERR, "Cannot create backup file of %s: %m", ++ OLD_PASSWORDS_FILE); ++ rename (opasswd_tmp, OLD_PASSWORDS_FILE); ++ error_opasswd: ++ unlink (opasswd_tmp); ++ ++ return retval; ++} +Index: modules/pam_pwhistory/opasswd.h +=================================================================== +RCS file: modules/pam_pwhistory/opasswd.h +diff -N modules/pam_pwhistory/opasswd.h +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/opasswd.h 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,45 @@ ++/* ++ * Copyright (c) 2008 Thorsten Kukuk ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef __OPASSWD_H__ ++#define __OPASSWD_H__ ++ ++extern int check_old_password (pam_handle_t *pamh, const char *user, ++ const char *newpass, int debug); ++extern int save_old_password (pam_handle_t *pamh, const char *user, ++ uid_t uid, const char *oldpass, ++ int howmany, int debug); ++ ++#endif /* __OPASSWD_H__ */ +Index: modules/pam_pwhistory/pam_pwhistory.8.xml +=================================================================== +RCS file: modules/pam_pwhistory/pam_pwhistory.8.xml +diff -N modules/pam_pwhistory/pam_pwhistory.8.xml +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/pam_pwhistory.8.xml 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,226 @@ ++ ++ ++ ++ ++ ++ ++ pam_pwhistory ++ 8 ++ Linux-PAM Manual ++ ++ ++ ++ pam_pwhistory ++ PAM module to remember last passwords ++ ++ ++ ++ ++ pam_pwhistory.so ++ ++ debug ++ ++ ++ use_authtok ++ ++ ++ enforce_for_root ++ ++ ++ remember=N ++ ++ ++ retry=N ++ ++ ++ ++ ++ ++ ++ ++ DESCRIPTION ++ ++ ++ This module saves the last passwords for each user in order ++ to force password change history and keep the user from ++ alternating between the same password too frequently. ++ ++ ++ This module does not work togehter with kerberos. In general, ++ it does not make much sense to use this module in conjuction ++ with NIS or LDAP, since the old passwords are stored on the ++ local machine and are not available on another machine for ++ password history checking. ++ ++ ++ ++ ++ OPTIONS ++ ++ ++ ++ ++ ++ ++ ++ Turns on debugging via ++ ++ syslog3 ++ . ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ When password changing enforce the module to use the new password ++ provided by a previously stacked ++ module (this is used in the example of the stacking of the ++ pam_cracklib module documented below). ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ If this option is set, the check is enforced for root, too. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ The last N passwords for each ++ user are saved in /etc/security/opasswd. ++ The default is 10. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Prompt user at most N times ++ before returning with error. The default is ++ 1. ++ ++ ++ ++ ++ ++ ++ ++ ++ MODULE TYPES PROVIDED ++ ++ Only the module type is provided. ++ ++ ++ ++ ++ RETURN VALUES ++ ++ ++ PAM_AUTHTOK_ERR ++ ++ ++ No new password was entered, the user aborted password ++ change or new password couldn't be set. ++ ++ ++ ++ ++ PAM_IGNORE ++ ++ ++ Password history was disabled. ++ ++ ++ ++ ++ PAM_MAXTRIES ++ ++ ++ Password was rejected too often. ++ ++ ++ ++ ++ PAM_USER_UNKNOWN ++ ++ ++ User is not known to system. ++ ++ ++ ++ ++ ++ ++ ++ EXAMPLES ++ ++ An example password section would be: ++ ++#%PAM-1.0 ++password required pam_pwhistory.so ++password required pam_unix.so use_authtok ++ ++ ++ ++ In combination with pam_cracklib: ++ ++#%PAM-1.0 ++password required pam_cracklib.so retry=3 ++password required pam_pwhistory.so use_authtok ++password required pam_unix.so use_authtok ++ ++ ++ ++ ++ ++ FILES ++ ++ ++ /etc/security/opasswd ++ ++ File with password history ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ pam.conf5 ++ , ++ ++ pam.d5 ++ , ++ ++ pam8 ++ ++ ++ ++ ++ ++ AUTHOR ++ ++ pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> ++ ++ ++ ++ +Index: modules/pam_pwhistory/pam_pwhistory.c +=================================================================== +RCS file: modules/pam_pwhistory/pam_pwhistory.c +diff -N modules/pam_pwhistory/pam_pwhistory.c +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/pam_pwhistory.c 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,319 @@ ++/* ++ * Copyright (c) 2008 Thorsten Kukuk ++ * Author: Thorsten Kukuk ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#if defined(HAVE_CONFIG_H) ++#include ++#endif ++ ++#define PAM_SM_PASSWORD ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++ ++#include "opasswd.h" ++ ++#define NEW_PASSWORD_PROMPT _("New %s%spassword: ") ++#define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ") ++#define MISTYPED_PASSWORD _("Sorry, passwords do not match.") ++ ++#define DEFAULT_BUFLEN 2048 ++ ++struct options_t { ++ int debug; ++ int use_authtok; ++ int enforce_for_root; ++ int remember; ++ int tries; ++}; ++typedef struct options_t options_t; ++ ++ ++static void ++parse_option (pam_handle_t *pamh, const char *argv, options_t *options) ++{ ++ if (strcasecmp (argv, "use_first_pass") == 0) ++ /* ignore */; ++ else if (strcasecmp (argv, "use_first_pass") == 0) ++ /* ignore */; ++ else if (strcasecmp (argv, "use_authtok") == 0) ++ options->use_authtok = 1; ++ else if (strcasecmp (argv, "debug") == 0) ++ options->debug = 1; ++ else if (strncasecmp (argv, "remember=", 9) == 0) ++ { ++ options->remember = strtol(&argv[9], NULL, 10); ++ if (options->remember < 0) ++ options->remember = 0; ++ if (options->remember > 400) ++ options->remember = 400; ++ } ++ else if (strncasecmp (argv, "retry=", 6) == 0) ++ { ++ options->tries = strtol(&argv[6], NULL, 10); ++ if (options->tries < 0) ++ options->tries = 1; ++ } ++ else if (strcasecmp (argv, "enforce_for_root") == 0) ++ options->enforce_for_root = 1; ++ else ++ pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); ++} ++ ++ ++PAM_EXTERN int ++pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) ++{ ++ struct passwd *pwd; ++ char *newpass; ++ const char *user; ++ void *newpass_void; ++ int retval, tries; ++ options_t options; ++ ++ memset (&options, 0, sizeof (options)); ++ ++ /* Set some default values, which could be overwritten later. */ ++ options.remember = 10; ++ options.tries = 1; ++ ++ /* Parse parameters for module */ ++ for ( ; argc-- > 0; argv++) ++ parse_option (pamh, *argv, &options); ++ ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, "pam_sm_chauthtok entered"); ++ ++ ++ if (options.remember == 0) ++ return PAM_IGNORE; ++ ++ retval = pam_get_user (pamh, &user, NULL); ++ if (retval != PAM_SUCCESS) ++ return retval; ++ ++ if (user == NULL || strlen (user) == 0) ++ { ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "User is not known to system"); ++ ++ return PAM_USER_UNKNOWN; ++ } ++ ++ if (flags & PAM_PRELIM_CHECK) ++ { ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "pam_sm_chauthtok(PAM_PRELIM_CHECK)"); ++ ++ return PAM_SUCCESS; ++ } ++ ++ pwd = pam_modutil_getpwnam (pamh, user); ++ if (pwd == NULL) ++ return PAM_USER_UNKNOWN; ++ ++ /* Ignore root if not enforced */ ++ if (pwd->pw_uid == 0 && !options.enforce_for_root) ++ return PAM_SUCCESS; ++ ++ if ((strcmp(pwd->pw_passwd, "x") == 0) || ++ ((pwd->pw_passwd[0] == '#') && ++ (pwd->pw_passwd[1] == '#') && ++ (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0))) ++ { ++ struct spwd *spw = pam_modutil_getspnam (pamh, user); ++ if (spw == NULL) ++ return PAM_USER_UNKNOWN; ++ ++ retval = save_old_password (pamh, user, pwd->pw_uid, spw->sp_pwdp, ++ options.remember, options.debug); ++ if (retval != PAM_SUCCESS) ++ return retval; ++ } ++ else ++ { ++ retval = save_old_password (pamh, user, pwd->pw_uid, pwd->pw_passwd, ++ options.remember, options.debug); ++ if (retval != PAM_SUCCESS) ++ return retval; ++ } ++ ++ retval = pam_get_item (pamh, PAM_AUTHTOK, (const void **) &newpass_void); ++ newpass = (char *) newpass_void; ++ if (retval != PAM_SUCCESS) ++ return retval; ++ if (options.debug) ++ { ++ if (newpass) ++ pam_syslog (pamh, LOG_DEBUG, "got new auth token"); ++ else ++ pam_syslog (pamh, LOG_DEBUG, "new auth token not set"); ++ } ++ ++ /* If we haven't been given a password yet, prompt for one... */ ++ if (newpass == NULL) ++ { ++ if (options.use_authtok) ++ /* We are not allowed to ask for a new password */ ++ return PAM_AUTHTOK_ERR; ++ ++ tries = 0; ++ ++ while ((newpass == NULL) && (tries++ < options.tries)) ++ { ++ retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass, ++ NEW_PASSWORD_PROMPT, "UNIX", " "); ++ if (retval != PAM_SUCCESS) ++ { ++ _pam_drop (newpass); ++ if (retval == PAM_CONV_AGAIN) ++ retval = PAM_INCOMPLETE; ++ return retval; ++ } ++ ++ if (newpass == NULL) ++ { ++ /* We want to abort the password change */ ++ pam_error (pamh, _("Password change aborted.")); ++ return PAM_AUTHTOK_ERR; ++ } ++ ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, "check against old password file"); ++ ++ if (check_old_password (pamh, user, newpass, ++ options.debug) != PAM_SUCCESS) ++ { ++ pam_error (pamh, ++ _("Password has been already used. Choose another.")); ++ _pam_overwrite (newpass); ++ _pam_drop (newpass); ++ if (tries >= options.tries) ++ { ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "Aborted, too many tries"); ++ return PAM_MAXTRIES; ++ } ++ } ++ else ++ { ++ int failed; ++ char *new2; ++ ++ retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2, ++ AGAIN_PASSWORD_PROMPT, "UNIX", " "); ++ if (retval != PAM_SUCCESS) ++ return retval; ++ ++ if (new2 == NULL) ++ { /* Aborting password change... */ ++ pam_error (pamh, _("Password change aborted.")); ++ return PAM_AUTHTOK_ERR; ++ } ++ ++ failed = (strcmp (newpass, new2) != 0); ++ ++ _pam_overwrite (new2); ++ _pam_drop (new2); ++ ++ if (failed) ++ { ++ pam_error (pamh, MISTYPED_PASSWORD); ++ _pam_overwrite (newpass); ++ _pam_drop (newpass); ++ if (tries >= options.tries) ++ { ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "Aborted, too many tries"); ++ return PAM_MAXTRIES; ++ } ++ } ++ } ++ } ++ ++ /* Remember new password */ ++ pam_set_item (pamh, PAM_AUTHTOK, (void *) newpass); ++ } ++ else /* newpass != NULL, we found an old password */ ++ { ++ if (options.debug) ++ pam_syslog (pamh, LOG_DEBUG, "look in old password file"); ++ ++ if (check_old_password (pamh, user, newpass, ++ options.debug) != PAM_SUCCESS) ++ { ++ pam_error (pamh, ++ _("Password has been already used. Choose another.")); ++ /* We are only here, because old password was set. ++ So overwrite it, else it will be stored! */ ++ pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL); ++ ++ return PAM_AUTHTOK_ERR; ++ } ++ } ++ ++ return PAM_SUCCESS; ++} ++ ++ ++#ifdef PAM_STATIC ++/* static module data */ ++struct pam_module _pam_pwhistory_modstruct = { ++ "pam_pwhistory", ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ pam_sm_chauthtok ++}; ++#endif +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ modules/pam_pwhistory/tst-pam_pwhistory 10 Oct 2008 06:52:40 -0000 +@@ -0,0 +1,2 @@ ++#!/bin/sh ++../../tests/tst-dlopen .libs/pam_pwhistory.so +--- po/POTFILES.in 13 Feb 2008 14:39:41 -0000 1.15 ++++ po/POTFILES.in 10 Oct 2008 06:52:40 -0000 +@@ -58,6 +58,8 @@ + ./modules/pam_namespace/pam_namespace.c + ./modules/pam_nologin/pam_nologin.c + ./modules/pam_permit/pam_permit.c ++./modules/pam_pwhistory/opasswd.c ++./modules/pam_pwhistory/pam_pwhistory.c + ./modules/pam_rhosts/pam_rhosts.c + ./modules/pam_rootok/pam_rootok.c + ./modules/pam_securetty/pam_securetty.c +--- xtests/Makefile.am 18 Feb 2008 17:57:34 -0000 1.18 ++++ xtests/Makefile.am 10 Oct 2008 06:52:42 -0000 +@@ -28,7 +28,8 @@ + tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \ + tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \ + tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \ +- tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh ++ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \ ++ tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh + + XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ + tst-pam_dispatch4 tst-pam_dispatch5 \ +@@ -36,7 +37,8 @@ + tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \ + tst-pam_access1 tst-pam_access2 tst-pam_access3 \ + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ +- tst-pam_group1 tst-pam_authfail tst-pam_authsucceed ++ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ ++ tst-pam_pwhistory1 + + NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ + tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 +--- xtests/run-xtests.sh 19 Oct 2007 17:06:29 -0000 1.8 ++++ xtests/run-xtests.sh 10 Oct 2008 06:52:42 -0000 +@@ -23,6 +23,8 @@ + install -m 644 "${SRCDIR}"/group.conf /etc/security/group.conf + cp /etc/security/limits.conf /etc/security/limits.conf-pam-xtests + install -m 644 "${SRCDIR}"/limits.conf /etc/security/limits.conf ++mv /etc/security/opasswd /etc/security/opasswd-pam-xtests ++ + for testname in $XTESTS ; do + for cfg in "${SRCDIR}"/$testname*.pamd ; do + install -m 644 $cfg /etc/pam.d/$(basename $cfg .pamd) +@@ -49,6 +51,7 @@ + mv /etc/security/access.conf-pam-xtests /etc/security/access.conf + mv /etc/security/group.conf-pam-xtests /etc/security/group.conf + mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf ++mv /etc/security/opasswd-pam-xtests /etc/security/opasswd + if test "$failed" -ne 0; then + echo "===================" + echo "$failed of $all tests failed" +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ xtests/tst-pam_pwhistory1.c 10 Oct 2008 06:52:42 -0000 +@@ -0,0 +1,169 @@ ++/* ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++/* ++ * Check remember handling ++ * Change ten times the password ++ * Try the ten passwords again, should always be rejected ++ * Try a new password, should succeed ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include ++#endif ++ ++#include ++#include ++#include ++#include ++ ++static int in_test; ++ ++static const char *passwords[] = { ++ "pamhistory01", "pamhistory02", "pamhistory03", ++ "pamhistory04", "pamhistory05", "pamhistory06", ++ "pamhistory07", "pamhistory08", "pamhistory09", ++ "pamhistory10", ++ "pamhistory01", "pamhistory02", "pamhistory03", ++ "pamhistory04", "pamhistory05", "pamhistory06", ++ "pamhistory07", "pamhistory08", "pamhistory09", ++ "pamhistory10", ++ "pamhistory11", ++ "pamhistory01", "pamhistory02", "pamhistory03", ++ "pamhistory04", "pamhistory05", "pamhistory06", ++ "pamhistory07", "pamhistory08", "pamhistory09", ++ "pamhistory10"}; ++ ++static int debug; ++ ++/* A conversation function which uses an internally-stored value for ++ the responses. */ ++static int ++fake_conv (int num_msg, const struct pam_message **msgm, ++ struct pam_response **response, void *appdata_ptr UNUSED) ++{ ++ struct pam_response *reply; ++ int count; ++ ++ /* Sanity test. */ ++ if (num_msg <= 0) ++ return PAM_CONV_ERR; ++ ++ if (debug) ++ fprintf (stderr, "msg_style=%d, msg=%s\n", msgm[0]->msg_style, ++ msgm[0]->msg); ++ ++ if (msgm[0]->msg_style != 1) ++ return PAM_SUCCESS; ++ ++ /* Allocate memory for the responses. */ ++ reply = calloc (num_msg, sizeof (struct pam_response)); ++ if (reply == NULL) ++ return PAM_CONV_ERR; ++ ++ /* Each prompt elicits the same response. */ ++ for (count = 0; count < num_msg; ++count) ++ { ++ reply[count].resp_retcode = 0; ++ reply[count].resp = strdup (passwords[in_test]); ++ if (debug) ++ fprintf (stderr, "send password %s\n", reply[count].resp); ++ } ++ ++ /* Set the pointers in the response structure and return. */ ++ *response = reply; ++ return PAM_SUCCESS; ++} ++ ++static struct pam_conv conv = { ++ fake_conv, ++ NULL ++}; ++ ++ ++int ++main(int argc, char *argv[]) ++{ ++ pam_handle_t *pamh=NULL; ++ const char *user="tstpampwhistory"; ++ int retval; ++ ++ if (argc > 1 && strcmp (argv[1], "-d") == 0) ++ debug = 1; ++ ++ for (in_test = 0; ++ in_test < (int)(sizeof (passwords)/sizeof (char *)); in_test++) ++ { ++ ++ retval = pam_start("tst-pam_pwhistory1", user, &conv, &pamh); ++ if (retval != PAM_SUCCESS) ++ { ++ if (debug) ++ fprintf (stderr, "pwhistory1-%d: pam_start returned %d\n", ++ in_test, retval); ++ return 1; ++ } ++ ++ retval = pam_chauthtok (pamh, 0); ++ if (in_test < 10 || in_test == 20) ++ { ++ if (retval != PAM_SUCCESS) ++ { ++ if (debug) ++ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n", ++ in_test, retval); ++ return 1; ++ } ++ } ++ else if (in_test < 20) ++ { ++ if (retval != PAM_MAXTRIES) ++ { ++ if (debug) ++ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n", ++ in_test, retval); ++ return 1; ++ } ++ } ++ ++ retval = pam_end (pamh,retval); ++ if (retval != PAM_SUCCESS) ++ { ++ if (debug) ++ fprintf (stderr, "pwhistory1: pam_end returned %d\n", retval); ++ return 1; ++ } ++ } ++ ++ return 0; ++} +Index: xtests/tst-pam_pwhistory1.pamd +=================================================================== +RCS file: xtests/tst-pam_pwhistory1.pamd +diff -N xtests/tst-pam_pwhistory1.pamd +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ xtests/tst-pam_pwhistory1.pamd 10 Oct 2008 06:52:42 -0000 +@@ -0,0 +1,7 @@ ++#%PAM-1.0 ++auth required pam_permit.so ++account required pam_permit.so ++password required pam_pwhistory.so remember=10 retry=1 debug ++password required pam_unix.so use_authtok md5 ++session required pam_permit.so ++ +Index: xtests/tst-pam_pwhistory1.sh +=================================================================== +RCS file: xtests/tst-pam_pwhistory1.sh +diff -N xtests/tst-pam_pwhistory1.sh +--- /dev/null 1 Jan 1970 00:00:00 -0000 ++++ xtests/tst-pam_pwhistory1.sh 10 Oct 2008 06:52:42 -0000 +@@ -0,0 +1,7 @@ ++#!/bin/bash ++ ++/usr/sbin/useradd tstpampwhistory ++./tst-pam_pwhistory1 ++RET=$? ++/usr/sbin/userdel -r tstpampwhistory 2> /dev/null ++exit $RET +--- /dev/null 2008-06-06 22:36:48.000000000 +0200 ++++ modules/pam_pwhistory/pam_pwhistory.8 2008-10-11 16:23:45.000000000 +0200 +@@ -0,0 +1,127 @@ ++.\" Title: pam_pwhistory ++.\" Author: ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 10/11/2008 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM Manual ++.\" ++.TH "PAM_PWHISTORY" "8" "10/11/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" disable hyphenation ++.nh ++.\" disable justification (adjust text to left margin only) ++.ad l ++.SH "NAME" ++pam_pwhistory - PAM module to remember last passwords ++.SH "SYNOPSIS" ++.HP 17 ++\fBpam_pwhistory\.so\fR [debug] [use_authtok] [enforce_for_root] [remember=\fIN\fR] [retry=\fIN\fR] ++.SH "DESCRIPTION" ++.PP ++This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently\. ++.PP ++This module does not work togehter with kerberos\. In general, it does not make much sense to use this module in conjuction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking\. ++.SH "OPTIONS" ++.PP ++\fBdebug\fR ++.RS 4 ++Turns on debugging via ++\fBsyslog\fR(3)\. ++.RE ++.PP ++\fBuse_authtok\fR ++.RS 4 ++When password changing enforce the module to use the new password provided by a previously stacked ++\fBpassword\fR ++module (this is used in the example of the stacking of the ++\fBpam_cracklib\fR ++module documented below)\. ++.RE ++.PP ++\fBenforce_for_root\fR ++.RS 4 ++If this option is set, the check is enforced for root, too\. ++.RE ++.PP ++\fBremember=\fR\fB\fIN\fR\fR ++.RS 4 ++The last ++\fIN\fR ++passwords for each user are saved in ++\fI/etc/security/opasswd\fR\. The default is ++\fI10\fR\. ++.RE ++.PP ++\fBretry=\fR\fB\fIN\fR\fR ++.RS 4 ++Prompt user at most ++\fIN\fR ++times before returning with error\. The default is ++\fI1\fR\. ++.RE ++.SH "MODULE TYPES PROVIDED" ++.PP ++Only the ++\fBpassword\fR ++module type is provided\. ++.SH "RETURN VALUES" ++.PP ++PAM_AUTHTOK_ERR ++.RS 4 ++No new password was entered, the user aborted password change or new password couldn\'t be set\. ++.RE ++.PP ++PAM_IGNORE ++.RS 4 ++Password history was disabled\. ++.RE ++.PP ++PAM_MAXTRIES ++.RS 4 ++Password was rejected too often\. ++.RE ++.PP ++PAM_USER_UNKNOWN ++.RS 4 ++User is not known to system\. ++.RE ++.SH "EXAMPLES" ++.PP ++An example password section would be: ++.sp ++.RS 4 ++.nf ++#%PAM\-1\.0 ++password required pam_pwhistory\.so ++password required pam_unix\.so use_authtok ++ ++.fi ++.RE ++.PP ++In combination with ++\fBpam_cracklib\fR: ++.sp ++.RS 4 ++.nf ++#%PAM\-1\.0 ++password required pam_cracklib\.so retry=3 ++password required pam_pwhistory\.so use_authtok ++password required pam_unix\.so use_authtok ++ ++.fi ++.RE ++.sp ++.SH "FILES" ++.PP ++\fI/etc/security/opasswd\fR ++.RS 4 ++File with password history ++.RE ++.SH "SEE ALSO" ++.PP ++ ++\fBpam.conf\fR(5), ++\fBpam.d\fR(5), ++\fBpam\fR(8) ++.SH "AUTHOR" ++.PP ++pam_pwhistory was written by Thorsten Kukuk -- 2.51.1 From 0467e7f0da660ca3bcb2ac099700e483bcc870b892149a2d1ef885aa3f7a18a4 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 22 Oct 2008 16:33:56 +0000 Subject: [PATCH 019/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=19 --- Linux-PAM-docu-generated.diff | 943 +++++++++++++++---- pam.changes | 6 + pam.spec | 12 +- pam_cracklib-no-pwhistory.diff | 88 ++ pam_tally2.diff | 1622 ++++++++++++++++++++++++++++++++ 5 files changed, 2480 insertions(+), 191 deletions(-) create mode 100644 pam_cracklib-no-pwhistory.diff create mode 100644 pam_tally2.diff diff --git a/Linux-PAM-docu-generated.diff b/Linux-PAM-docu-generated.diff index 99b7bd0..cb7870f 100644 --- a/Linux-PAM-docu-generated.diff +++ b/Linux-PAM-docu-generated.diff @@ -1,74 +1,17 @@ ---- Linux-PAM-1.0.2-old/doc/man/pam_getenv.3 2008-04-16 11:09:52.000000000 +0200 -+++ Linux-PAM-1.0.2/doc/man/pam_getenv.3 2008-08-29 14:06:54.000000000 +0200 -@@ -1,11 +1,11 @@ - .\" Title: pam_getenv - .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" --.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GETENV" "3" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) -@@ -27,8 +27,9 @@ - \fBpam_getenv\fR - function searches the PAM environment list as associated with the handle - \fIpamh\fR --for a string that matches the string pointed to by --\fIname\fR\. The return values are of the form: "\fIname=value\fR"\. -+for an item that matches the string pointed to by -+\fIname\fR -+and returns the value of the environment variable\. - .SH "RETURN VALUES" - .PP - The ---- Linux-PAM-1.0.2-old/doc/man/pam_prompt.3 2008-04-16 11:09:59.000000000 +0200 -+++ Linux-PAM-1.0.2/doc/man/pam_prompt.3 2008-08-29 14:06:55.000000000 +0200 -@@ -1,11 +1,11 @@ - .\" Title: pam_prompt - .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" --.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_PROMPT" "3" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) -@@ -27,7 +27,9 @@ - .PP - The - \fBpam_prompt\fR --function constructs a message from the specified format string and arguments and passes it to -+function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\. Upon successful return, -+\fIresponse\fR -+is set to point to a string returned from the conversation function\. This string is allocated on heap and should be freed\. - .SH "RETURN VALUES" - .PP - PAM_BUF_ERR --- Linux-PAM-1.0.2-old/modules/pam_access/pam_access.8 2008-04-16 11:06:35.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2008-08-29 14:04:27.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2008-10-17 13:01:19.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_access .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ACCESS" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ACCESS" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -97,24 +40,38 @@ \fBpam\fR(8)\. .SH "AUTHORS" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 --- Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 2008-04-16 11:06:38.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2008-08-29 14:04:30.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2008-10-17 13:01:23.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_cracklib .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_CRACKLIB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_CRACKLIB" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_CRACKLIB" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -157,7 +157,7 @@ +@@ -69,12 +69,6 @@ + Is the new password a rotated version of the old password? + .RE + .PP +-Already used +-.RS 4 +-Was the password used in the past? Previously used passwords are to be found in +-\fI/etc/security/opasswd\fR\. +-.RE +-.PP + This module with no arguments will work well for standard unix password encryption\. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\.\.\. In addition, the default action is to allow passwords as small as 5 characters in length\. For a md5 systems it can be a good idea to increase the required minimum size of a password\. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\. + .SH "OPTIONS" + .PP +@@ -157,7 +151,7 @@ \fBminlen\fR less than 10\. .sp @@ -123,7 +80,7 @@ .RE .PP \fBlcredit=\fR\fB\fIN\fR\fR -@@ -212,11 +212,11 @@ +@@ -212,11 +206,11 @@ .RS 4 Path to the cracklib dictionaries\. .RE @@ -138,7 +95,7 @@ .SH "RETURN VALUES" .PP .PP -@@ -302,7 +302,7 @@ +@@ -302,7 +296,7 @@ .PP \fBpam.conf\fR(5), @@ -147,9 +104,22 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/README Linux-PAM-1.0.2/modules/pam_cracklib/README --- Linux-PAM-1.0.2-old/modules/pam_cracklib/README 2008-04-16 11:06:39.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2008-08-29 14:04:32.000000000 +0200 -@@ -129,7 +129,7 @@ ++++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2008-10-17 13:01:24.000000000 +0200 +@@ -51,11 +51,6 @@ + + Is the new password a rotated version of the old password? + +-Already used +- +- Was the password used in the past? Previously used passwords are to be +- found in /etc/security/opasswd. +- + This module with no arguments will work well for standard unix password + encryption. With md5 encryption, passwords can be longer than 8 characters and + the default settings for this module can make it hard for the user to choose a +@@ -129,7 +124,7 @@ will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10. @@ -158,20 +128,21 @@ for a new password. lcredit=N +diff -urN Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 --- Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 2008-04-16 11:06:41.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2008-08-29 14:04:34.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2008-10-17 13:01:26.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_debug .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_DEBUG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DEBUG" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DEBUG" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -203,20 +174,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 --- Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 2008-04-16 11:06:44.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2008-08-29 14:04:37.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2008-10-17 13:01:29.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_deny .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_DENY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DENY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DENY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -246,20 +218,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 --- Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 2008-04-16 11:06:47.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2008-08-29 14:04:40.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2008-10-17 13:01:31.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_echo .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_ECHO" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ECHO" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ECHO" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -288,20 +261,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 Linux-PAM-1.0.2/modules/pam_env/pam_env.8 --- Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 2008-04-16 11:06:52.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2008-08-29 14:04:44.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2008-10-17 13:01:34.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_env .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_ENV" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -339,8 +313,9 @@ \fBpam\fR(8)\. .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_env/README Linux-PAM-1.0.2/modules/pam_env/README --- Linux-PAM-1.0.2-old/modules/pam_env/README 2008-04-16 11:06:53.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_env/README 2008-08-29 14:04:45.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_env/README 2008-10-17 13:01:36.000000000 +0200 @@ -11,7 +11,7 @@ By default rules for (un)setting of variables is taken from the config file / etc/security/pam_env.conf if no other file is specified. @@ -350,20 +325,21 @@ (/etc/environment by default). You can change the default file to parse, with the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 respectively. +diff -urN Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 --- Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 2008-04-16 11:09:09.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2008-08-29 14:06:39.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2008-10-17 13:01:38.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_exec .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_EXEC" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_EXEC" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_EXEC" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -395,20 +371,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 --- Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 2008-04-16 11:09:21.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2008-08-29 14:06:50.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2008-10-17 13:01:41.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_faildelay .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_FAILDELAY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FAILDELAY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FAILDELAY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -435,20 +412,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 --- Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 2008-04-16 11:06:56.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2008-08-29 14:04:48.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2008-10-17 13:01:45.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_filter .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_FILTER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FILTER" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FILTER" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -480,20 +458,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 --- Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 2008-04-16 11:07:01.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2008-08-29 14:04:51.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2008-10-17 13:01:47.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_ftp .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_FTP" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FTP" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FTP" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -520,20 +499,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_group/pam_group.8 Linux-PAM-1.0.2/modules/pam_group/pam_group.8 --- Linux-PAM-1.0.2-old/modules/pam_group/pam_group.8 2008-04-16 11:07:06.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2008-08-29 14:04:55.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2008-10-17 13:01:50.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_group .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_GROUP" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GROUP" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GROUP" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -560,20 +540,21 @@ \fBpam\fR(8)\. .SH "AUTHORS" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 --- Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 2008-04-16 11:07:09.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2008-08-29 14:04:58.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2008-10-17 13:01:54.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_issue .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_ISSUE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ISSUE" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ISSUE" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -600,20 +581,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 --- Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 2008-04-16 11:07:12.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2008-08-29 14:05:02.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2008-10-17 13:01:57.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_keyinit .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_KEYINIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_KEYINIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_KEYINIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -640,28 +622,50 @@ \fBpam\fR(8) \fBkeyctl\fR(1) .SH "AUTHOR" +diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 --- Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 2008-04-16 11:07:16.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2008-08-29 14:05:05.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2008-10-17 13:02:00.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_lastlog .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_LASTLOG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LASTLOG" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LASTLOG" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -62,11 +62,11 @@ +@@ -14,7 +14,7 @@ + pam_lastlog - PAM module to display date of last login + .SH "SYNOPSIS" + .HP 15 +-\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] ++\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] + .SH "DESCRIPTION" + .PP + pam_lastlog is a PAM module to display a line of information about the last login of the user\. In addition, the module maintains the +@@ -62,11 +62,23 @@ .RS 4 Don\'t update the wtmp entry\. .RE -.SH "MODULE SERVICES PROVIDED" ++.PP ++\fBnoupdate\fR ++.RS 4 ++Don\'t update any file\. ++.RE ++.PP ++\fBshowfailed\fR ++.RS 4 ++Display number of failed login attempts and the date of the last failed attempt from btmp\. The date is not displayed when ++\fBnodate\fR ++is specified\. ++.RE +.SH "MODULE TYPES PROVIDED" .PP Only the @@ -671,7 +675,7 @@ .SH "RETURN VALUES" .PP .PP -@@ -106,7 +106,7 @@ +@@ -106,7 +118,7 @@ .PP \fBpam.conf\fR(5), @@ -680,20 +684,40 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/README Linux-PAM-1.0.2/modules/pam_lastlog/README +--- Linux-PAM-1.0.2-old/modules/pam_lastlog/README 2008-04-16 11:07:17.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_lastlog/README 2008-10-17 13:02:01.000000000 +0200 +@@ -43,6 +43,15 @@ + + Don't update the wtmp entry. + ++noupdate ++ ++ Don't update any file. ++ ++showfailed ++ ++ Display number of failed login attempts and the date of the last failed ++ attempt from btmp. The date is not displayed when nodate is specified. ++ + EXAMPLES + + Add the following line to /etc/pam.d/login to display the last login time of an +diff -urN Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 --- Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 2008-04-16 11:07:20.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2008-08-29 14:05:09.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2008-10-17 13:02:03.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_limits .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_LIMITS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_LIMITS" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_LIMITS" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -720,20 +744,21 @@ \fBpam\fR(8)\. .SH "AUTHORS" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 --- Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 2008-04-16 11:07:24.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2008-08-29 14:05:12.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2008-10-17 13:02:06.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_listfile .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_LISTFILE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LISTFILE" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LISTFILE" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -765,20 +790,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 --- Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 2008-04-16 11:07:27.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2008-08-29 14:05:16.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2008-10-17 13:02:09.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_localuser .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_LOCALUSER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOCALUSER" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOCALUSER" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -808,20 +834,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 --- Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 2008-04-16 11:09:18.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2008-08-29 14:06:47.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2008-10-17 13:02:11.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_loginuid .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_LOGINUID" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOGINUID" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOGINUID" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -849,23 +876,33 @@ \fBpam\fR(8), \fBauditctl\fR(8), \fBauditd\fR(8) +diff -urN Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 --- Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 2008-04-16 11:07:30.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2008-08-29 14:05:19.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2008-10-17 13:02:14.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_mail .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_MAIL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MAIL" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MAIL" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) +@@ -14,7 +14,7 @@ + pam_mail - Inform about available mail + .SH "SYNOPSIS" + .HP 12 +-\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quit] [standard] ++\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quiet] [standard] + .SH "DESCRIPTION" + .PP + The pam_mail PAM module provides the "you have new mail" service to the user\. It can be plugged into any application that has credential or session hooks\. It gives a single message indicating the @@ -87,13 +87,13 @@ .RS 4 Old style "You have\.\.\." format which doesn\'t show the mail spool being used\. This also implies "empty"\. @@ -893,20 +930,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 --- Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 2008-04-16 11:07:34.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2008-08-29 14:05:22.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2008-10-17 13:02:17.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_mkhomedir .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_MKHOMEDIR" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_MKHOMEDIR" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_MKHOMEDIR" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -933,20 +971,21 @@ \fBpam\fR(8)\. .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 --- Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 2008-04-16 11:07:37.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2008-08-29 14:05:26.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2008-10-17 13:02:20.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_motd .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_MOTD" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MOTD" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MOTD" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -973,20 +1012,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_namespace/namespace.conf.5 Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 --- Linux-PAM-1.0.2-old/modules/pam_namespace/namespace.conf.5 2008-04-16 11:09:13.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2008-08-29 14:06:43.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2008-10-17 13:02:24.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: namespace.conf .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "NAMESPACE\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "NAMESPACE\.CONF" "5" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "NAMESPACE\.CONF" "5" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -999,20 +1039,21 @@ .PP The \fI/etc/security/namespace\.conf\fR +diff -urN Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 --- Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 2008-04-16 11:09:14.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2008-08-29 14:06:45.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2008-10-17 13:02:25.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_namespace .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_NAMESPACE" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_NAMESPACE" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_NAMESPACE" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1049,20 +1090,21 @@ \fBmount\fR(8), \fBpam\fR(8)\. .SH "AUTHORS" +diff -urN Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 --- Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 2008-04-16 11:07:40.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2008-08-29 14:05:29.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2008-10-17 13:02:27.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_nologin .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_NOLOGIN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_NOLOGIN" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_NOLOGIN" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1091,20 +1133,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 --- Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 2008-04-16 11:07:43.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2008-08-29 14:05:32.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2008-10-17 13:02:30.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_permit .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_PERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_PERMIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_PERMIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1136,20 +1179,86 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_pwhistory/README Linux-PAM-1.0.2/modules/pam_pwhistory/README +--- Linux-PAM-1.0.2-old/modules/pam_pwhistory/README 1970-01-01 01:00:00.000000000 +0100 ++++ Linux-PAM-1.0.2/modules/pam_pwhistory/README 2008-10-17 13:02:33.000000000 +0200 +@@ -0,0 +1,61 @@ ++pam_pwhistory — PAM module to remember last passwords ++ ++━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ++ ++DESCRIPTION ++ ++This module saves the last passwords for each user in order to force password ++change history and keep the user from alternating between the same password too ++frequently. ++ ++This module does not work togehter with kerberos. In general, it does not make ++much sense to use this module in conjuction with NIS or LDAP, since the old ++passwords are stored on the local machine and are not available on another ++machine for password history checking. ++ ++OPTIONS ++ ++debug ++ ++ Turns on debugging via syslog(3). ++ ++use_authtok ++ ++ When password changing enforce the module to use the new password provided ++ by a previously stacked password module (this is used in the example of the ++ stacking of the pam_cracklib module documented below). ++ ++enforce_for_root ++ ++ If this option is set, the check is enforced for root, too. ++ ++remember=N ++ ++ The last N passwords for each user are saved in /etc/security/opasswd. The ++ default is 10. ++ ++retry=N ++ ++ Prompt user at most N times before returning with error. The default is 1. ++ ++EXAMPLES ++ ++An example password section would be: ++ ++#%PAM-1.0 ++password required pam_pwhistory.so ++password required pam_unix.so use_authtok ++ ++ ++In combination with pam_cracklib: ++ ++#%PAM-1.0 ++password required pam_cracklib.so retry=3 ++password required pam_pwhistory.so use_authtok ++password required pam_unix.so use_authtok ++ ++ ++AUTHOR ++ ++pam_pwhistory was written by Thorsten Kukuk ++ +diff -urN Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 --- Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 2008-04-16 11:07:46.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2008-08-29 14:05:36.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2008-10-17 13:02:34.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_rhosts .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_RHOSTS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_RHOSTS" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_RHOSTS" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1176,20 +1285,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 --- Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 2008-04-16 11:07:49.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2008-08-29 14:05:39.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2008-10-17 13:02:37.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_rootok .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ROOTOK" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ROOTOK" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1216,20 +1326,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 --- Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 2008-04-16 11:07:52.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2008-08-29 14:05:42.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2008-10-17 13:02:40.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_securetty .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_SECURETTY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SECURETTY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SECURETTY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1265,20 +1376,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_selinux/pam_selinux.8 Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 --- Linux-PAM-1.0.2-old/modules/pam_selinux/pam_selinux.8 2008-04-16 11:07:56.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2008-08-29 14:05:46.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2008-10-17 13:02:43.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_selinux .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_SELINUX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1310,8 +1422,9 @@ .RE .SH "MODULE SERVICES PROVIDED" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_selinux/README Linux-PAM-1.0.2/modules/pam_selinux/README --- Linux-PAM-1.0.2-old/modules/pam_selinux/README 2008-04-16 11:07:55.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_selinux/README 2008-08-29 14:05:45.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_selinux/README 2008-10-17 13:02:42.000000000 +0200 @@ -48,10 +48,21 @@ Attempt to ask the user for a custom security context role. If MLS is on ask also for sensitivity level. @@ -1336,20 +1449,21 @@ EXAMPLES +diff -urN Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 --- Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 2008-04-16 11:07:59.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2008-08-29 14:05:49.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2008-10-17 13:02:46.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_sepermit .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_SEPERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SEPERMIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SEPERMIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1370,20 +1484,21 @@ .SH "RETURN VALUES" .PP PAM_AUTH_ERR +diff -urN Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 --- Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 2008-04-16 11:08:01.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2008-08-29 14:05:51.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2008-10-17 13:02:48.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_shells .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_SHELLS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SHELLS" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SHELLS" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1413,20 +1528,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 --- Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 2008-04-16 11:08:05.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2008-08-29 14:05:55.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2008-10-17 13:02:51.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_succeed_if .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM .\" Source: Linux-PAM .\" -.TH "PAM_SUCCEED_IF" "8" "04/16/2008" "Linux-PAM" "Linux\-PAM" -+.TH "PAM_SUCCEED_IF" "8" "08/29/2008" "Linux-PAM" "Linux\-PAM" ++.TH "PAM_SUCCEED_IF" "8" "10/17/2008" "Linux-PAM" "Linux\-PAM" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1455,20 +1571,21 @@ .RE .SH "EXAMPLES" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 --- Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 2008-04-16 11:08:10.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2008-08-29 14:05:59.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2008-10-17 13:02:55.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_tally .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_TALLY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TALLY" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TALLY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1533,8 +1650,9 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/README Linux-PAM-1.0.2/modules/pam_tally/README --- Linux-PAM-1.0.2-old/modules/pam_tally/README 2008-04-16 11:08:11.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tally/README 2008-08-29 14:06:00.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tally/README 2008-10-17 13:02:56.000000000 +0200 @@ -25,7 +25,7 @@ GLOBAL OPTIONS @@ -1559,20 +1677,399 @@ AUTH OPTIONS Authentication phase first checks if user should be denied access and if +diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8 +--- Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 1970-01-01 01:00:00.000000000 +0100 ++++ Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8 2008-10-17 13:02:59.000000000 +0200 +@@ -0,0 +1,224 @@ ++.\" Title: pam_tally2 ++.\" Author: ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 10/17/2008 ++.\" Manual: Linux-PAM Manual ++.\" Source: Linux-PAM Manual ++.\" ++.TH "PAM_TALLY2" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" disable hyphenation ++.nh ++.\" disable justification (adjust text to left margin only) ++.ad l ++.SH "NAME" ++pam_tally2 - The login counter (tallying) module ++.SH "SYNOPSIS" ++.HP 14 ++\fBpam_tally2\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [audit] [silent] [no_log_info] ++.HP 11 ++\fBpam_tally2\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet] ++.SH "DESCRIPTION" ++.PP ++This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\. ++.PP ++pam_tally2 comes in two parts: ++\fBpam_tally2\.so\fR ++and ++\fBpam_tally2\fR\. The former is the PAM module and the latter, a stand\-alone program\. ++\fBpam_tally2\fR ++is an (optional) application which can be used to interrogate and manipulate the counter file\. It can display users\' counts, set individual counts, or clear all counts\. Setting artificially high counts may be useful for blocking users without changing their passwords\. For example, one might find it useful to clear all counts every midnight from a cron job\. ++.PP ++Normally, failed attempts to access ++\fIroot\fR ++will ++\fBnot\fR ++cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\'t given shell accounts and root may only login via ++\fBsu\fR ++or at the machine console (not telnet/rsh, etc), this is safe\. ++.SH "OPTIONS" ++.PP ++GLOBAL OPTIONS ++.RS 4 ++This can be used for ++\fIauth\fR ++and ++\fIaccount\fR ++module types\. ++.PP ++\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR ++.RS 4 ++If something weird happens (like unable to open the file), return with ++\fBPAM_SUCESS\fR ++if ++\fBonerr=\fR\fB\fIsucceed\fR\fR ++is given, else with the corresponding PAM error code\. ++.RE ++.PP ++\fBfile=\fR\fB\fI/path/to/counter\fR\fR ++.RS 4 ++File where to keep counts\. Default is ++\fI/var/log/tallylog\fR\. ++.RE ++.PP ++\fBaudit\fR ++.RS 4 ++Will log the user name into the system log if the user is not found\. ++.RE ++.PP ++\fBsilent\fR ++.RS 4 ++Don\'t print informative messages\. ++.RE ++.PP ++\fBno_log_info\fR ++.RS 4 ++Don\'t log informative messages via ++\fBsyslog\fR(3)\. ++.RE ++.RE ++.PP ++AUTH OPTIONS ++.RS 4 ++Authentication phase first increments attempted login counter and checks if user should be denied access\. If the user is authenticated and the login process continues on call to ++\fBpam_setcred\fR(3) ++it resets the attempts counter\. ++.PP ++\fBdeny=\fR\fB\fIn\fR\fR ++.RS 4 ++Deny access if tally for this user exceeds ++\fIn\fR\. ++.RE ++.PP ++\fBlock_time=\fR\fB\fIn\fR\fR ++.RS 4 ++Always deny for ++\fIn\fR ++seconds after failed attempt\. ++.RE ++.PP ++\fBunlock_time=\fR\fB\fIn\fR\fR ++.RS 4 ++Allow access after ++\fIn\fR ++seconds after failed attempt\. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\. ++.RE ++.PP ++\fBmagic_root\fR ++.RS 4 ++If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like ++\fBsu\fR, otherwise this argument should be omitted\. ++.RE ++.PP ++\fBno_lock_time\fR ++.RS 4 ++Do not use the \.fail_locktime field in ++\fI/var/log/faillog\fR ++for this user\. ++.RE ++.PP ++\fBno_reset\fR ++.RS 4 ++Don\'t reset count on successful entry, only decrement\. ++.RE ++.PP ++\fBeven_deny_root\fR ++.RS 4 ++Root account can become unavailable\. ++.RE ++.PP ++\fBroot_unlock_time=\fR\fB\fIn\fR\fR ++.RS 4 ++This option implies ++\fBeven_deny_root\fR ++option\. Allow access after ++\fIn\fR ++seconds to root acccount after failed attempt\. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. ++.RE ++.RE ++.PP ++ACCOUNT OPTIONS ++.RS 4 ++Account phase resets attempts counter if the user is ++\fBnot\fR ++magic root\. This phase can be used optionaly for services which don\'t call ++\fBpam_setcred\fR(3) ++correctly or if the reset should be done regardless of the failure of the account phase of other modules\. ++.PP ++\fBmagic_root\fR ++.RS 4 ++If the module is invoked by a user with uid=0 the counter is not changed\. The sys\-admin should use this for user launched services, like ++\fBsu\fR, otherwise this argument should be omitted\. ++.RE ++.RE ++.SH "MODULE TYPES PROVIDED" ++.PP ++The ++\fBauth\fR ++and ++\fBaccount\fR ++module types are provided\. ++.SH "RETURN VALUES" ++.PP ++PAM_AUTH_ERR ++.RS 4 ++A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\. ++.RE ++.PP ++PAM_SUCCESS ++.RS 4 ++Everything was successfull\. ++.RE ++.PP ++PAM_USER_UNKNOWN ++.RS 4 ++User not known\. ++.RE ++.SH "NOTES" ++.PP ++pam_tally2 is not compatible with the old pam_tally faillog file format\. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\. ++.PP ++There is no setuid wrapper for access to the data file such as when the ++\fBpam_tally2\.so\fR ++module is called from xscreensaver\. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEPERM\fR) the module returns ++\fBPAM_IGNORE\fR\. ++.SH "EXAMPLES" ++.PP ++Add the following line to ++\fI/etc/pam\.d/login\fR ++to lock the account after 4 failed logins\. Root account will be locked as well\. The accounts will be automatically unlocked after 20 minutes\. The module does not have to be called in the account phase because the ++\fBlogin\fR ++calls ++\fBpam_setcred\fR(3) ++correctly\. ++.sp ++.RS 4 ++.nf ++auth required pam_securetty\.so ++auth required pam_tally2\.so deny=4 even_deny_root unlock_time=1200 ++auth required pam_env\.so ++auth required pam_unix\.so ++auth required pam_nologin\.so ++account required pam_unix\.so ++password required pam_unix\.so ++session required pam_limits\.so ++session required pam_unix\.so ++session required pam_lastlog\.so nowtmp ++session optional pam_mail\.so standard ++ ++.fi ++.RE ++.SH "FILES" ++.PP ++\fI/var/log/tallylog\fR ++.RS 4 ++failure count logging file ++.RE ++.SH "SEE ALSO" ++.PP ++ ++\fBpam.conf\fR(5), ++\fBpam.d\fR(5), ++\fBpam\fR(8) ++.SH "AUTHOR" ++.PP ++pam_tally was written by Tim Baverstock and Tomas Mraz\. +diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/README Linux-PAM-1.0.2/modules/pam_tally2/README +--- Linux-PAM-1.0.2-old/modules/pam_tally2/README 1970-01-01 01:00:00.000000000 +0100 ++++ Linux-PAM-1.0.2/modules/pam_tally2/README 2008-10-17 13:03:00.000000000 +0200 +@@ -0,0 +1,146 @@ ++pam_tally2 — The login counter (tallying) module ++ ++━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ ++ ++DESCRIPTION ++ ++This module maintains a count of attempted accesses, can reset count on ++success, can deny access if too many attempts fail. ++ ++pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the ++PAM module and the latter, a stand-alone program. pam_tally2 is an (optional) ++application which can be used to interrogate and manipulate the counter file. ++It can display users' counts, set individual counts, or clear all counts. ++Setting artificially high counts may be useful for blocking users without ++changing their passwords. For example, one might find it useful to clear all ++counts every midnight from a cron job. ++ ++Normally, failed attempts to access root will not cause the root account to ++become blocked, to prevent denial-of-service: if your users aren't given shell ++accounts and root may only login via su or at the machine console (not telnet/ ++rsh, etc), this is safe. ++ ++OPTIONS ++ ++GLOBAL OPTIONS ++ ++ This can be used for auth and account module types. ++ ++ onerr=[fail|succeed] ++ ++ If something weird happens (like unable to open the file), return with ++ PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM ++ error code. ++ ++ file=/path/to/counter ++ ++ File where to keep counts. Default is /var/log/tallylog. ++ ++ audit ++ ++ Will log the user name into the system log if the user is not found. ++ ++ silent ++ ++ Don't print informative messages. ++ ++ no_log_info ++ ++ Don't log informative messages via syslog(3). ++ ++AUTH OPTIONS ++ ++ Authentication phase first increments attempted login counter and checks if ++ user should be denied access. If the user is authenticated and the login ++ process continues on call to pam_setcred(3) it resets the attempts counter. ++ ++ deny=n ++ ++ Deny access if tally for this user exceeds n. ++ ++ lock_time=n ++ ++ Always deny for n seconds after failed attempt. ++ ++ unlock_time=n ++ ++ Allow access after n seconds after failed attempt. If this option is ++ used the user will be locked out for the specified amount of time after ++ he exceeded his maximum allowed attempts. Otherwise the account is ++ locked until the lock is removed by a manual intervention of the system ++ administrator. ++ ++ magic_root ++ ++ If the module is invoked by a user with uid=0 the counter is not ++ incremented. The sys-admin should use this for user launched services, ++ like su, otherwise this argument should be omitted. ++ ++ no_lock_time ++ ++ Do not use the .fail_locktime field in /var/log/faillog for this user. ++ ++ no_reset ++ ++ Don't reset count on successful entry, only decrement. ++ ++ even_deny_root ++ ++ Root account can become unavailable. ++ ++ root_unlock_time=n ++ ++ This option implies even_deny_root option. Allow access after n seconds ++ to root acccount after failed attempt. If this option is used the root ++ user will be locked out for the specified amount of time after he ++ exceeded his maximum allowed attempts. ++ ++ACCOUNT OPTIONS ++ ++ Account phase resets attempts counter if the user is not magic root. This ++ phase can be used optionaly for services which don't call pam_setcred(3) ++ correctly or if the reset should be done regardless of the failure of the ++ account phase of other modules. ++ ++ magic_root ++ ++ If the module is invoked by a user with uid=0 the counter is not ++ changed. The sys-admin should use this for user launched services, like ++ su, otherwise this argument should be omitted. ++ ++NOTES ++ ++pam_tally2 is not compatible with the old pam_tally faillog file format. This ++is caused by requirement of compatibility of the tallylog file format between ++32bit and 64bit architectures on multiarch systems. ++ ++There is no setuid wrapper for access to the data file such as when the ++pam_tally2.so module is called from xscreensaver. As this would make it ++impossible to share PAM configuration with such services the following ++workaround is used: If the data file cannot be opened because of insufficient ++permissions (EPERM) the module returns PAM_IGNORE. ++ ++EXAMPLES ++ ++Add the following line to /etc/pam.d/login to lock the account after 4 failed ++logins. Root account will be locked as well. The accounts will be automatically ++unlocked after 20 minutes. The module does not have to be called in the account ++phase because the login calls pam_setcred(3) correctly. ++ ++auth required pam_securetty.so ++auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200 ++auth required pam_env.so ++auth required pam_unix.so ++auth required pam_nologin.so ++account required pam_unix.so ++password required pam_unix.so ++session required pam_limits.so ++session required pam_unix.so ++session required pam_lastlog.so nowtmp ++session optional pam_mail.so standard ++ ++ ++AUTHOR ++ ++pam_tally was written by Tim Baverstock and Tomas Mraz. ++ +diff -urN Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 Linux-PAM-1.0.2/modules/pam_time/pam_time.8 --- Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 2008-04-16 11:08:15.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2008-08-29 14:06:03.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2008-10-17 13:03:02.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_time .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_TIME" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_TIME" "8" "08/29/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_TIME" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1599,20 +2096,21 @@ \fBpam\fR(8)\. .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 --- Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 2008-04-16 11:08:21.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2008-08-29 14:06:06.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2008-10-17 13:03:05.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_tty_audit .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_TTY_AUDIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TTY_AUDIT" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TTY_AUDIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1630,20 +2128,21 @@ .SH "RETURN VALUES" .PP PAM_SESSION_ERR +diff -urN Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 --- Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 2008-04-16 11:08:27.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2008-08-29 14:06:10.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2008-10-17 13:03:08.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_umask .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_UMASK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UMASK" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UMASK" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1670,20 +2169,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 --- Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 2008-04-16 11:08:40.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2008-08-29 14:06:21.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2008-10-17 13:03:17.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_unix .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_UNIX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UNIX" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UNIX" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1712,20 +2212,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 --- Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 2008-04-16 11:08:48.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2008-08-29 14:06:25.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2008-10-17 13:03:20.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_userdb .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_USERDB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_USERDB" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_USERDB" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1755,20 +2256,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 --- Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 2008-04-16 11:08:53.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2008-08-29 14:06:28.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2008-10-17 13:03:23.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_warn .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_WARN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WARN" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WARN" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1800,20 +2302,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 --- Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 2008-04-16 11:08:57.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2008-08-29 14:06:31.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2008-10-17 13:03:26.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_wheel .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WHEEL" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WHEEL" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1842,20 +2345,21 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 --- Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 2008-04-16 11:09:03.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2008-08-29 14:06:35.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2008-10-17 13:03:30.000000000 +0200 @@ -1,11 +1,11 @@ .\" Title: pam_xauth .\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 +.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 08/29/2008 ++.\" Date: 10/17/2008 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" -.TH "PAM_XAUTH" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_XAUTH" "8" "08/29/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_XAUTH" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) @@ -1882,3 +2386,62 @@ \fBpam\fR(8) .SH "AUTHOR" .PP +diff -urN Linux-PAM-1.0.2-old/doc/man//pam_getenv.3 Linux-PAM-1.0.2/doc/man//pam_getenv.3 +--- Linux-PAM-1.0.2-old/doc/man//pam_getenv.3 2008-04-16 11:09:52.000000000 +0200 ++++ Linux-PAM-1.0.2/doc/man//pam_getenv.3 2008-10-17 13:03:34.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_getenv + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 10/17/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GETENV" "3" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -27,8 +27,9 @@ + \fBpam_getenv\fR + function searches the PAM environment list as associated with the handle + \fIpamh\fR +-for a string that matches the string pointed to by +-\fIname\fR\. The return values are of the form: "\fIname=value\fR"\. ++for an item that matches the string pointed to by ++\fIname\fR ++and returns the value of the environment variable\. + .SH "RETURN VALUES" + .PP + The +diff -urN Linux-PAM-1.0.2-old/doc/man//pam_prompt.3 Linux-PAM-1.0.2/doc/man//pam_prompt.3 +--- Linux-PAM-1.0.2-old/doc/man//pam_prompt.3 2008-04-16 11:09:59.000000000 +0200 ++++ Linux-PAM-1.0.2/doc/man//pam_prompt.3 2008-10-17 13:03:35.000000000 +0200 +@@ -1,11 +1,11 @@ + .\" Title: pam_prompt + .\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Generator: DocBook XSL Stylesheets v1.73.2 ++.\" Date: 10/17/2008 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" +-.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_PROMPT" "3" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) +@@ -27,7 +27,9 @@ + .PP + The + \fBpam_prompt\fR +-function constructs a message from the specified format string and arguments and passes it to ++function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\. Upon successful return, ++\fIresponse\fR ++is set to point to a string returned from the conversation function\. This string is allocated on heap and should be freed\. + .SH "RETURN VALUES" + .PP + PAM_BUF_ERR diff --git a/pam.changes b/pam.changes index a0bc560..a432f7a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + ------------------------------------------------------------------- Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index b8d91f0..9c0bee6 100644 --- a/pam.spec +++ b/pam.spec @@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.2 -Release: 9 +Release: 10 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -58,6 +58,8 @@ Patch7: pam_mail.diff Patch8: pam_tally-fdleak.diff Patch9: pam_pwhistory-0.1.diff Patch10: pam_lastlog.diff +Patch11: pam_tally2.diff +Patch12: pam_cracklib-no-pwhistory.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -111,6 +113,9 @@ building both PAM-aware applications and modules for use with PAM. %patch9 -p0 chmod 755 modules/pam_pwhistory/tst-pam_pwhistory %patch10 -p0 +%patch11 -p1 +chmod 755 modules/pam_tally2/tst-pam_tally2 +%patch12 -p0 %build aclocal -I m4 --install --force @@ -283,6 +288,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so /%{_lib}/security/pam_tally.so +/%{_lib}/security/pam_tally2.so /%{_lib}/security/pam_time.so /%{_lib}/security/pam_tty_audit.so /%{_lib}/security/pam_umask.so @@ -296,6 +302,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so /sbin/pam_tally +/sbin/pam_tally2 %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %attr(0700,root,root) /sbin/unix_update @@ -317,6 +324,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Fri Oct 17 2008 kukuk@suse.de +- Add pam_tally2 +- Regenerate Documentation * Sat Oct 11 2008 kukuk@suse.de - Enhance pam_lastlog with status output - Add pam_pwhistory as tech preview diff --git a/pam_cracklib-no-pwhistory.diff b/pam_cracklib-no-pwhistory.diff new file mode 100644 index 0000000..174cef5 --- /dev/null +++ b/pam_cracklib-no-pwhistory.diff @@ -0,0 +1,88 @@ +--- modules/pam_cracklib/pam_cracklib.8.xml ++++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35 +@@ -111,15 +111,6 @@ + + + +- +- Already used +- +- +- Was the password used in the past? Previously used passwords +- are to be found in /etc/security/opasswd. +- +- +- + + + This module with no arguments will work well for standard unix +--- modules/pam_cracklib/pam_cracklib.c ++++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56 +@@ -472,43 +472,6 @@ + } + + +-#define OLD_PASSWORDS_FILE "/etc/security/opasswd" +- +-static const char * check_old_password(const char *forwho, const char *newpass) +-{ +- static char buf[16384]; +- char *s_luser, *s_uid, *s_npas, *s_pas; +- const char *msg = NULL; +- FILE *opwfile; +- +- opwfile = fopen(OLD_PASSWORDS_FILE, "r"); +- if (opwfile == NULL) +- return NULL; +- +- while (fgets(buf, 16380, opwfile)) { +- if (!strncmp(buf, forwho, strlen(forwho))) { +- char *sptr; +- buf[strlen(buf)-1] = '\0'; +- s_luser = strtok_r(buf, ":,", &sptr); +- s_uid = strtok_r(NULL, ":,", &sptr); +- s_npas = strtok_r(NULL, ":,", &sptr); +- s_pas = strtok_r(NULL, ":,", &sptr); +- while (s_pas != NULL) { +- if (!strcmp(crypt(newpass, s_pas), s_pas)) { +- msg = _("has been already used"); +- break; +- } +- s_pas = strtok_r(NULL, ":,", &sptr); +- } +- break; +- } +- } +- fclose(opwfile); +- +- return msg; +-} +- +- + static int _pam_unix_approve_pass(pam_handle_t *pamh, + unsigned int ctrl, + struct cracklib_options *opt, +@@ -516,7 +479,6 @@ + const char *pass_new) + { + const char *msg = NULL; +- const void *user; + int retval; + + if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { +@@ -532,15 +494,6 @@ + * checking this would be the place + */ + msg = password_check(opt, pass_old, pass_new); +- if (!msg) { +- retval = pam_get_item(pamh, PAM_USER, &user); +- if (retval != PAM_SUCCESS || user == NULL) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh,LOG_ERR,"Can not get username"); +- return PAM_AUTHTOK_ERR; +- } +- msg = check_old_password(user, pass_new); +- } + + if (msg) { + if (ctrl & PAM_DEBUG_ARG) diff --git a/pam_tally2.diff b/pam_tally2.diff new file mode 100644 index 0000000..ef6a93c --- /dev/null +++ b/pam_tally2.diff @@ -0,0 +1,1622 @@ +diff -up pam/configure.in.pt2 pam/configure.in +--- pam/configure.in.pt2 2008-10-16 16:12:18.000000000 +0200 ++++ pam/configure.in 2008-10-15 10:28:46.000000000 +0200 +@@ -548,6 +548,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil + modules/pam_sepermit/Makefile \ + modules/pam_shells/Makefile modules/pam_stress/Makefile \ + modules/pam_succeed_if/Makefile modules/pam_tally/Makefile \ ++ modules/pam_tally2/Makefile \ + modules/pam_time/Makefile modules/pam_tty_audit/Makefile \ + modules/pam_umask/Makefile \ + modules/pam_unix/Makefile modules/pam_userdb/Makefile \ +diff -up pam/modules/Makefile.am.pt2 pam/modules/Makefile.am +--- pam/modules/Makefile.am.pt2 2008-10-16 16:12:18.000000000 +0200 ++++ pam/modules/Makefile.am 2008-10-15 10:28:13.000000000 +0200 +@@ -9,7 +9,7 @@ SUBDIRS = pam_access pam_cracklib pam_de + pam_mkhomedir pam_motd pam_namespace pam_nologin \ + pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ + pam_selinux pam_sepermit pam_shells pam_stress \ +- pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \ ++ pam_succeed_if pam_tally pam_tally2 pam_time pam_tty_audit pam_umask \ + pam_unix pam_userdb pam_warn pam_wheel pam_xauth + + CLEANFILES = *~ +diff -up pam/modules/pam_tally2/tallylog.h.pt2 pam/modules/pam_tally2/tallylog.h +--- pam/modules/pam_tally2/tallylog.h.pt2 2008-10-15 12:14:21.000000000 +0200 ++++ pam/modules/pam_tally2/tallylog.h 2008-02-27 17:08:50.000000000 +0100 +@@ -0,0 +1,52 @@ ++/* ++ * Copyright 2006, Red Hat, Inc. ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of Red Hat, Inc. nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++/* ++ * tallylog.h - login failure data file format ++ * ++ * The new login failure file is not compatible with the old faillog(8) format ++ * Each record in the file represents a separate UID and the file ++ * is indexed in that fashion. ++ */ ++ ++ ++#ifndef _TALLYLOG_H ++#define _TALLYLOG_H ++ ++#include ++ ++struct tallylog { ++ char fail_line[52]; /* rhost or tty of last failure */ ++ uint16_t reserved; /* reserved for future use */ ++ uint16_t fail_cnt; /* failures since last success */ ++ uint64_t fail_time; /* time of last failure */ ++}; ++/* 64 bytes / entry */ ++ ++#endif +diff -up pam/modules/pam_tally2/pam_tally.c.pt2 pam/modules/pam_tally2/pam_tally.c +--- pam/modules/pam_tally2/pam_tally.c.pt2 2008-10-15 12:14:21.000000000 +0200 ++++ pam/modules/pam_tally2/pam_tally.c 2008-10-15 12:07:54.000000000 +0200 +@@ -0,0 +1,985 @@ ++/* ++ * pam_tally.c ++ * ++ */ ++ ++ ++/* By Tim Baverstock , Multi Media Machine Ltd. ++ * 5 March 1997 ++ * ++ * Stuff stolen from pam_rootok and pam_listfile ++ * ++ * Changes by Tomas Mraz 5 January 2005, 26 January 2006 ++ * Audit option added for Tomas patch by Sebastien Tricaud 13 January 2005 ++ * Portions Copyright 2006, Red Hat, Inc. ++ * Portions Copyright 1989 - 1993, Julianne Frances Haugh ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors ++ * may be used to endorse or promote products derived from this software ++ * without specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#include "config.h" ++ ++#if defined(MAIN) && defined(MEMORY_DEBUG) ++# undef exit ++#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#ifdef HAVE_LIBAUDIT ++#include ++#endif ++ ++#include ++#include ++#include ++#include "tallylog.h" ++ ++#ifndef TRUE ++#define TRUE 1L ++#define FALSE 0L ++#endif ++ ++#ifndef HAVE_FSEEKO ++#define fseeko fseek ++#endif ++ ++/* ++ * here, we make a definition for the externally accessible function ++ * in this file (this definition is required for static a module ++ * but strongly encouraged generally) it is used to instruct the ++ * modules include file to define the function prototypes. ++ */ ++ ++#ifndef MAIN ++#define PAM_SM_AUTH ++#define PAM_SM_ACCOUNT ++/* #define PAM_SM_SESSION */ ++/* #define PAM_SM_PASSWORD */ ++ ++#include ++#include ++#endif ++#include ++ ++/*---------------------------------------------------------------------*/ ++ ++#define DEFAULT_LOGFILE "/var/log/tallylog" ++#define MODULE_NAME "pam_tally2" ++ ++#define tally_t uint16_t ++#define TALLY_HI ((tally_t)~0L) ++ ++struct tally_options { ++ const char *filename; ++ tally_t deny; ++ long lock_time; ++ long unlock_time; ++ long root_unlock_time; ++ unsigned int ctrl; ++}; ++ ++#define PHASE_UNKNOWN 0 ++#define PHASE_AUTH 1 ++#define PHASE_ACCOUNT 2 ++#define PHASE_SESSION 3 ++ ++#define OPT_MAGIC_ROOT 01 ++#define OPT_FAIL_ON_ERROR 02 ++#define OPT_DENY_ROOT 04 ++#define OPT_QUIET 040 ++#define OPT_AUDIT 0100 ++#define OPT_NOLOGNOTICE 0400 ++ ++ ++/*---------------------------------------------------------------------*/ ++ ++/* some syslogging */ ++ ++#ifdef MAIN ++#define pam_syslog tally_log ++static void ++tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED, ++ const char *fmt, ...) ++{ ++ va_list args; ++ ++ va_start(args, fmt); ++ fprintf(stderr, "%s: ", MODULE_NAME); ++ vfprintf(stderr, fmt, args); ++ fprintf(stderr,"\n"); ++ va_end(args); ++} ++ ++#define pam_modutil_getpwnam(pamh, user) getpwnam(user) ++#endif ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- Support function: parse arguments --- */ ++ ++#ifndef MAIN ++ ++static void ++log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) ++{ ++ if ( phase != PHASE_AUTH ) { ++ pam_syslog(pamh, LOG_ERR, ++ "option %s allowed in auth phase only", argv); ++ } ++} ++ ++static int ++tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, ++ int phase, int argc, const char **argv) ++{ ++ memset(opts, 0, sizeof(*opts)); ++ opts->filename = DEFAULT_LOGFILE; ++ opts->ctrl = OPT_FAIL_ON_ERROR; ++ opts->root_unlock_time = -1; ++ ++ for ( ; argc-- > 0; ++argv ) { ++ ++ if ( ! strncmp( *argv, "file=", 5 ) ) { ++ const char *from = *argv + 5; ++ if ( *from!='/' ) { ++ pam_syslog(pamh, LOG_ERR, ++ "filename not /rooted; %s", *argv); ++ return PAM_AUTH_ERR; ++ } ++ opts->filename = from; ++ } ++ else if ( ! strcmp( *argv, "onerr=fail" ) ) { ++ opts->ctrl |= OPT_FAIL_ON_ERROR; ++ } ++ else if ( ! strcmp( *argv, "onerr=succeed" ) ) { ++ opts->ctrl &= ~OPT_FAIL_ON_ERROR; ++ } ++ else if ( ! strcmp( *argv, "magic_root" ) ) { ++ opts->ctrl |= OPT_MAGIC_ROOT; ++ } ++ else if ( ! strcmp( *argv, "even_deny_root_account" ) || ++ ! strcmp( *argv, "even_deny_root" ) ) { ++ log_phase_no_auth(pamh, phase, *argv); ++ opts->ctrl |= OPT_DENY_ROOT; ++ } ++ else if ( ! strncmp( *argv, "deny=", 5 ) ) { ++ log_phase_no_auth(pamh, phase, *argv); ++ if ( sscanf((*argv)+5,"%hu",&opts->deny) != 1 ) { ++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); ++ return PAM_AUTH_ERR; ++ } ++ } ++ else if ( ! strncmp( *argv, "lock_time=", 10 ) ) { ++ log_phase_no_auth(pamh, phase, *argv); ++ if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) { ++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); ++ return PAM_AUTH_ERR; ++ } ++ } ++ else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) { ++ log_phase_no_auth(pamh, phase, *argv); ++ if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) { ++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); ++ return PAM_AUTH_ERR; ++ } ++ } ++ else if ( ! strncmp( *argv, "root_unlock_time=", 17 ) ) { ++ log_phase_no_auth(pamh, phase, *argv); ++ if ( sscanf((*argv)+17,"%ld",&opts->root_unlock_time) != 1 ) { ++ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); ++ return PAM_AUTH_ERR; ++ } ++ opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */ ++ } ++ else if ( ! strcmp( *argv, "quiet" ) || ++ ! strcmp ( *argv, "silent")) { ++ opts->ctrl |= OPT_QUIET; ++ } ++ else if ( ! strcmp ( *argv, "no_log_info") ) { ++ opts->ctrl |= OPT_NOLOGNOTICE; ++ } ++ else if ( ! strcmp ( *argv, "audit") ) { ++ opts->ctrl |= OPT_AUDIT; ++ } ++ else { ++ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); ++ } ++ } ++ ++ if (opts->root_unlock_time == -1) ++ opts->root_unlock_time = opts->unlock_time; ++ ++ return PAM_SUCCESS; ++} ++ ++#endif /* #ifndef MAIN */ ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- Support function: get uid (and optionally username) from PAM or ++ cline_user --- */ ++ ++#ifdef MAIN ++static char *cline_user=0; /* cline_user is used in the administration prog */ ++#endif ++ ++static int ++pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) ++{ ++ const char *user = NULL; ++ struct passwd *pw; ++ ++#ifdef MAIN ++ user = cline_user; ++#else ++ if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { ++ user = NULL; ++ } ++#endif ++ ++ if ( !user || !*user ) { ++ pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); ++ return PAM_AUTH_ERR; ++ } ++ ++ if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { ++ opts->ctrl & OPT_AUDIT ? ++ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) : ++ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user"); ++ return PAM_USER_UNKNOWN; ++ } ++ ++ if ( uid ) *uid = pw->pw_uid; ++ if ( userp ) *userp = user; ++ return PAM_SUCCESS; ++} ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- Support functions: set/get tally data --- */ ++ ++#ifndef MAIN ++ ++static void ++_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) ++{ ++ free(data); ++} ++ ++ ++static void ++tally_set_data( pam_handle_t *pamh, time_t oldtime ) ++{ ++ time_t *data; ++ ++ if ( (data=malloc(sizeof(time_t))) != NULL ) { ++ *data = oldtime; ++ pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); ++ } ++} ++ ++static int ++tally_get_data( pam_handle_t *pamh, time_t *oldtime ) ++{ ++ int rv; ++ const void *data; ++ ++ rv = pam_get_data(pamh, MODULE_NAME, &data); ++ if ( rv == PAM_SUCCESS && data != NULL && oldtime != NULL ) { ++ *oldtime = *(const time_t *)data; ++ pam_set_data(pamh, MODULE_NAME, NULL, NULL); ++ } ++ else { ++ rv = -1; ++ *oldtime = 0; ++ } ++ return rv; ++} ++#endif /* #ifndef MAIN */ ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- Support function: open/create tallyfile and return tally for uid --- */ ++ ++/* If on entry tallyfile doesn't exist, creation is attempted. */ ++ ++static int ++get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, ++ FILE **tfile, struct tallylog *tally) ++{ ++ struct stat fileinfo; ++ int lstat_ret; ++ ++ lstat_ret = lstat(filename, &fileinfo); ++ if (lstat_ret) { ++ int save_errno; ++ int oldmask = umask(077); ++ *tfile=fopen(filename, "a"); ++ save_errno = errno; ++ /* Create file, or append-open in pathological case. */ ++ umask(oldmask); ++ if ( !*tfile ) { ++#ifndef MAIN ++ if (save_errno == EPERM) { ++ return PAM_IGNORE; /* called with insufficient access rights */ ++ } ++#endif ++ errno = save_errno; ++ pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename); ++ return PAM_AUTH_ERR; ++ } ++ lstat_ret = fstat(fileno(*tfile),&fileinfo); ++ fclose(*tfile); ++ *tfile = NULL; ++ } ++ ++ if ( lstat_ret ) { ++ pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); ++ return PAM_AUTH_ERR; ++ } ++ ++ if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) { ++ /* If the file is world writable or is not a ++ normal file, return error */ ++ pam_syslog(pamh, LOG_ALERT, ++ "%s is either world writable or not a normal file", ++ filename); ++ return PAM_AUTH_ERR; ++ } ++ ++ if (!(*tfile = fopen(filename, "r+"))) { ++#ifndef MAIN ++ if (errno == EPERM) /* called with insufficient access rights */ ++ return PAM_IGNORE; ++#endif ++ pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename); ++ ++ return PAM_AUTH_ERR; ++ } ++ ++ if (fseeko(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET)) { ++ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); ++ fclose(*tfile); ++ *tfile = NULL; ++ return PAM_AUTH_ERR; ++ } ++ ++ if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) { ++ memset(tally, 0, sizeof(*tally)); ++ } else if (fread(tally, sizeof(*tally), 1, *tfile) == 0) { ++ memset(tally, 0, sizeof(*tally)); ++ /* Shouldn't happen */ ++ } ++ ++ tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; ++ ++ return PAM_SUCCESS; ++} ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */ ++ ++static int ++set_tally(pam_handle_t *pamh, uid_t uid, ++ const char *filename, FILE **tfile, struct tallylog *tally) ++{ ++ if (tally->fail_cnt != TALLY_HI) { ++ if (fseeko(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET)) { ++ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); ++ return PAM_AUTH_ERR; ++ } ++ if (fwrite(tally, sizeof(*tally), 1, *tfile) == 0) { ++ pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s: %m", filename); ++ return PAM_AUTH_ERR; ++ } ++ } ++ ++ if (fclose(*tfile)) { ++ *tfile = NULL; ++ pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s: %m", filename); ++ return PAM_AUTH_ERR; ++ } ++ *tfile=NULL; ++ return PAM_SUCCESS; ++} ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- PAM bits --- */ ++ ++#ifndef MAIN ++ ++#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS)) ++ ++/*---------------------------------------------------------------------*/ ++ ++static int ++tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, ++ const char *user, struct tally_options *opts, ++ struct tallylog *tally) ++{ ++ int rv = PAM_SUCCESS; ++#ifdef HAVE_LIBAUDIT ++ char buf[64]; ++ int audit_fd = -1; ++#endif ++ ++ if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { ++ return PAM_SUCCESS; ++ } ++ /* magic_root skips tally check */ ++#ifdef HAVE_LIBAUDIT ++ audit_fd = audit_open(); ++ /* If there is an error & audit support is in the kernel report error */ ++ if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || ++ errno == EAFNOSUPPORT)) ++ return PAM_SYSTEM_ERR; ++#endif ++ if (opts->deny != 0 && /* deny==0 means no deny */ ++ tally->fail_cnt > opts->deny && /* tally>deny means exceeded */ ++ ((opts->ctrl & OPT_DENY_ROOT) || uid)) { /* even_deny stops uid check */ ++#ifdef HAVE_LIBAUDIT ++ if (tally->fail_cnt == opts->deny+1) { ++ /* First say that max number was hit. */ ++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); ++ audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf, ++ NULL, NULL, NULL, 1); ++ } ++#endif ++ if (uid) { ++ /* Unlock time check */ ++ if (opts->unlock_time && oldtime) { ++ if (opts->unlock_time + oldtime <= time(NULL)) { ++ /* ignore deny check after unlock_time elapsed */ ++#ifdef HAVE_LIBAUDIT ++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); ++ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, ++ NULL, NULL, NULL, 1); ++#endif ++ rv = PAM_SUCCESS; ++ goto cleanup; ++ } ++ } ++ } else { ++ /* Root unlock time check */ ++ if (opts->root_unlock_time && oldtime) { ++ if (opts->root_unlock_time + oldtime <= time(NULL)) { ++ /* ignore deny check after unlock_time elapsed */ ++#ifdef HAVE_LIBAUDIT ++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); ++ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, ++ NULL, NULL, NULL, 1); ++#endif ++ rv = PAM_SUCCESS; ++ goto cleanup; ++ } ++ } ++ } ++ ++#ifdef HAVE_LIBAUDIT ++ if (tally->fail_cnt == opts->deny+1) { ++ /* First say that max number was hit. */ ++ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf, ++ NULL, NULL, NULL, 1); ++ } ++#endif ++ ++ if (!(opts->ctrl & OPT_QUIET)) { ++ pam_info(pamh, _("Account locked due to %hu failed logins"), ++ tally->fail_cnt); ++ } ++ if (!(opts->ctrl & OPT_NOLOGNOTICE)) { ++ pam_syslog(pamh, LOG_NOTICE, ++ "user %s (%lu) tally %hu, deny %hu", ++ user, (unsigned long)uid, tally->fail_cnt, opts->deny); ++ } ++ rv = PAM_AUTH_ERR; /* Only unconditional failure */ ++ goto cleanup; ++ } ++ ++ /* Lock time check */ ++ if (opts->lock_time && oldtime) { ++ if (opts->lock_time + oldtime > time(NULL)) { ++ /* don't increase fail_cnt or update fail_time when ++ lock_time applies */ ++ tally->fail_cnt = oldcnt; ++ tally->fail_time = oldtime; ++ ++ if (!(opts->ctrl & OPT_QUIET)) { ++ pam_info(pamh, _("Account temporary locked (%ld seconds left)"), ++ oldtime+opts->lock_time-time(NULL)); ++ } ++ if (!(opts->ctrl & OPT_NOLOGNOTICE)) { ++ pam_syslog(pamh, LOG_NOTICE, ++ "user %s (%lu) has time limit [%lds left]" ++ " since last failure.", ++ user, (unsigned long)uid, ++ oldtime+opts->lock_time-time(NULL)); ++ } ++ rv = PAM_AUTH_ERR; ++ goto cleanup; ++ } ++ } ++ ++cleanup: ++#ifdef HAVE_LIBAUDIT ++ if (audit_fd != -1) { ++ close(audit_fd); ++ } ++#endif ++ return rv; ++} ++ ++/* --- tally bump function: bump tally for uid by (signed) inc --- */ ++ ++static int ++tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, ++ uid_t uid, const char *user, struct tally_options *opts) ++{ ++ struct tallylog tally; ++ tally_t oldcnt; ++ FILE *tfile = NULL; ++ const void *remote_host = NULL; ++ int i, rv; ++ ++ tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ ++ ++ i = get_tally(pamh, uid, opts->filename, &tfile, &tally); ++ if (i != PAM_SUCCESS) { ++ if (tfile) ++ fclose(tfile); ++ RETURN_ERROR(i); ++ } ++ ++ /* to remember old fail time (for locktime) */ ++ if (oldtime) { ++ *oldtime = (time_t)tally.fail_time; ++ } ++ ++ tally.fail_time = time(NULL); ++ ++ (void) pam_get_item(pamh, PAM_RHOST, &remote_host); ++ if (!remote_host) { ++ (void) pam_get_item(pamh, PAM_TTY, &remote_host); ++ if (!remote_host) { ++ remote_host = "unknown"; ++ } ++ } ++ ++ strncpy(tally.fail_line, remote_host, ++ sizeof(tally.fail_line)-1); ++ tally.fail_line[sizeof(tally.fail_line)-1] = 0; ++ ++ oldcnt = tally.fail_cnt; ++ ++ if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) { ++ /* magic_root doesn't change tally */ ++ tally.fail_cnt += inc; ++ ++ if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */ ++ tally.fail_cnt -= inc; ++ pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s", ++ (inc<0)?"under":"over",user); ++ } ++ } ++ ++ rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally); ++ ++ i = set_tally(pamh, uid, opts->filename, &tfile, &tally); ++ if (i != PAM_SUCCESS) { ++ if (tfile) ++ fclose(tfile); ++ if (rv == PAM_SUCCESS) ++ RETURN_ERROR( i ); ++ /* fallthrough */ ++ } ++ ++ return rv; ++} ++ ++static int ++tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) ++{ ++ struct tallylog tally; ++ FILE *tfile = NULL; ++ int i; ++ ++ /* resets only if not magic root */ ++ ++ if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { ++ return PAM_SUCCESS; ++ } ++ ++ tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ ++ ++ i=get_tally(pamh, uid, opts->filename, &tfile, &tally); ++ if (i != PAM_SUCCESS) { ++ if (tfile) ++ fclose(tfile); ++ RETURN_ERROR(i); ++ } ++ ++ memset(&tally, 0, sizeof(tally)); ++ ++ i=set_tally(pamh, uid, opts->filename, &tfile, &tally); ++ if (i != PAM_SUCCESS) { ++ if (tfile) ++ fclose(tfile); ++ RETURN_ERROR(i); ++ } ++ ++ return PAM_SUCCESS; ++} ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- authentication management functions (only) --- */ ++ ++PAM_EXTERN int ++pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, ++ int argc, const char **argv) ++{ ++ int ++ rv; ++ time_t ++ oldtime = 0; ++ struct tally_options ++ options, *opts = &options; ++ uid_t ++ uid; ++ const char ++ *user; ++ ++ rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); ++ if (rv != PAM_SUCCESS) ++ RETURN_ERROR(rv); ++ ++ if (flags & PAM_SILENT) ++ opts->ctrl |= OPT_QUIET; ++ ++ rv = pam_get_uid(pamh, &uid, &user, opts); ++ if (rv != PAM_SUCCESS) ++ RETURN_ERROR(rv); ++ ++ rv = tally_bump(1, &oldtime, pamh, uid, user, opts); ++ ++ tally_set_data(pamh, oldtime); ++ ++ return rv; ++} ++ ++PAM_EXTERN int ++pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, ++ int argc, const char **argv) ++{ ++ int ++ rv; ++ time_t ++ oldtime = 0; ++ struct tally_options ++ options, *opts = &options; ++ uid_t ++ uid; ++ const char ++ *user; ++ ++ rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); ++ if ( rv != PAM_SUCCESS ) ++ RETURN_ERROR( rv ); ++ ++ rv = pam_get_uid(pamh, &uid, &user, opts); ++ if ( rv != PAM_SUCCESS ) ++ RETURN_ERROR( rv ); ++ ++ if ( tally_get_data(pamh, &oldtime) != 0 ) ++ /* no data found */ ++ return PAM_SUCCESS; ++ ++ return tally_reset(pamh, uid, opts); ++} ++ ++/*---------------------------------------------------------------------*/ ++ ++/* --- authentication management functions (only) --- */ ++ ++/* To reset failcount of user on successfull login */ ++ ++PAM_EXTERN int ++pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, ++ int argc, const char **argv) ++{ ++ int ++ rv; ++ time_t ++ oldtime = 0; ++ struct tally_options ++ options, *opts = &options; ++ uid_t ++ uid; ++ const char ++ *user; ++ ++ rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); ++ if ( rv != PAM_SUCCESS ) ++ RETURN_ERROR( rv ); ++ ++ rv = pam_get_uid(pamh, &uid, &user, opts); ++ if ( rv != PAM_SUCCESS ) ++ RETURN_ERROR( rv ); ++ ++ if ( tally_get_data(pamh, &oldtime) != 0 ) ++ /* no data found */ ++ return PAM_SUCCESS; ++ ++ return tally_reset(pamh, uid, opts); ++} ++ ++/*-----------------------------------------------------------------------*/ ++ ++#ifdef PAM_STATIC ++ ++/* static module data */ ++ ++struct pam_module _pam_tally_modstruct = { ++ MODULE_NAME, ++#ifdef PAM_SM_AUTH ++ pam_sm_authenticate, ++ pam_sm_setcred, ++#else ++ NULL, ++ NULL, ++#endif ++#ifdef PAM_SM_ACCOUNT ++ pam_sm_acct_mgmt, ++#else ++ NULL, ++#endif ++ NULL, ++ NULL, ++ NULL, ++}; ++ ++#endif /* #ifdef PAM_STATIC */ ++ ++/*-----------------------------------------------------------------------*/ ++ ++#else /* #ifndef MAIN */ ++ ++static const char *cline_filename = DEFAULT_LOGFILE; ++static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */ ++static int cline_quiet = 0; ++ ++/* ++ * Not going to link with pamlib just for these.. :) ++ */ ++ ++static const char * ++pam_errors( int i ) ++{ ++ switch (i) { ++ case PAM_AUTH_ERR: return _("Authentication error"); ++ case PAM_SERVICE_ERR: return _("Service error"); ++ case PAM_USER_UNKNOWN: return _("Unknown user"); ++ default: return _("Unknown error"); ++ } ++} ++ ++static int ++getopts( char **argv ) ++{ ++ const char *pname = *argv; ++ for ( ; *argv ; (void)(*argv && ++argv) ) { ++ if ( !strcmp (*argv,"--file") ) cline_filename=*++argv; ++ else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv; ++ else if ( !strncmp(*argv,"--file=",7) ) cline_filename=*argv+7; ++ else if ( !strcmp (*argv,"--user") ) cline_user=*++argv; ++ else if ( !strcmp (*argv,"-u") ) cline_user=*++argv; ++ else if ( !strncmp(*argv,"--user=",7) ) cline_user=*argv+7; ++ else if ( !strcmp (*argv,"--reset") ) cline_reset=0; ++ else if ( !strcmp (*argv,"-r") ) cline_reset=0; ++ else if ( !strncmp(*argv,"--reset=",8)) { ++ if ( sscanf(*argv+8,"%hu",&cline_reset) != 1 ) ++ fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0); ++ } ++ else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1; ++ else { ++ fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv); ++ return FALSE; ++ } ++ } ++ return TRUE; ++} ++ ++static void ++print_one(const struct tallylog *tally, uid_t uid) ++{ ++ static int once; ++ char *cp; ++ time_t fail_time; ++ struct tm *tm; ++ struct passwd *pwent; ++ const char *username = "[NONAME]"; ++ char ptime[80]; ++ ++ pwent = getpwuid(uid); ++ fail_time = tally->fail_time; ++ tm = localtime(&fail_time); ++ strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm); ++ cp = ptime; ++ if (pwent) { ++ username = pwent->pw_name; ++ } ++ if (!once) { ++ printf (_("Login Failures Latest failure From\n")); ++ once++; ++ } ++ printf ("%-15.15s %5hu ", username, tally->fail_cnt); ++ if (tally->fail_time) { ++ printf ("%-17.17s %s", cp, tally->fail_line); ++ } ++ putchar ('\n'); ++} ++ ++int ++main( int argc UNUSED, char **argv ) ++{ ++ struct tallylog tally; ++ ++ if ( ! getopts( argv+1 ) ) { ++ printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n" ++ " [-u username] [--user username]\n" ++ " [-r] [--reset[=n]] [--quiet]\n"), ++ *argv); ++ exit(2); ++ } ++ ++ umask(077); ++ ++ /* ++ * Major difference between individual user and all users: ++ * --user just handles one user, just like PAM. ++ * without --user it handles all users, sniffing cline_filename for nonzeros ++ */ ++ ++ if ( cline_user ) { ++ uid_t uid; ++ FILE *tfile=0; ++ struct tally_options opts; ++ int i; ++ ++ memset(&opts, 0, sizeof(opts)); ++ opts.ctrl = OPT_AUDIT; ++ i=pam_get_uid(NULL, &uid, NULL, &opts); ++ if ( i != PAM_SUCCESS ) { ++ fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); ++ exit(1); ++ } ++ ++ i=get_tally(NULL, uid, cline_filename, &tfile, &tally); ++ if ( i != PAM_SUCCESS ) { ++ if (tfile) ++ fclose(tfile); ++ fprintf(stderr, "%s: %s\n", *argv, pam_errors(i)); ++ exit(1); ++ } ++ ++ if ( !cline_quiet ) ++ print_one(&tally, uid); ++ ++ if (cline_reset != TALLY_HI) { ++#ifdef HAVE_LIBAUDIT ++ char buf[64]; ++ int audit_fd = audit_open(); ++ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); ++ audit_log_user_message(audit_fd, AUDIT_USER_ACCT, ++ buf, NULL, NULL, NULL, 1); ++ if (audit_fd >=0) ++ close(audit_fd); ++#endif ++ if (cline_reset == 0) { ++ memset(&tally, 0, sizeof(tally)); ++ } else { ++ tally.fail_cnt = cline_reset; ++ } ++ i=set_tally(NULL, uid, cline_filename, &tfile, &tally); ++ if (i != PAM_SUCCESS) { ++ if (tfile) fclose(tfile); ++ fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); ++ exit(1); ++ } ++ } else { ++ fclose(tfile); ++ } ++ } ++ else /* !cline_user (ie, operate on all users) */ { ++ FILE *tfile=fopen(cline_filename, "r"); ++ uid_t uid=0; ++ if (!tfile && cline_reset != 0) { ++ perror(*argv); ++ exit(1); ++ } ++ ++ for ( ; tfile && !feof(tfile); uid++ ) { ++ if ( !fread(&tally, sizeof(tally), 1, tfile) ++ || !tally.fail_cnt ) { ++ continue; ++ } ++ print_one(&tally, uid); ++ } ++ if (tfile) ++ fclose(tfile); ++ if ( cline_reset!=0 && cline_reset!=TALLY_HI ) { ++ fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv); ++ } ++ else if ( !cline_reset ) { ++#ifdef HAVE_LIBAUDIT ++ char buf[64]; ++ int audit_fd = audit_open(); ++ snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); ++ audit_log_user_message(audit_fd, AUDIT_USER_ACCT, ++ buf, NULL, NULL, NULL, 1); ++ if (audit_fd >=0) ++ close(audit_fd); ++#endif ++ tfile=fopen(cline_filename, "w"); ++ if ( !tfile ) perror(*argv), exit(0); ++ fclose(tfile); ++ } ++ } ++ return 0; ++} ++ ++ ++#endif /* #ifndef MAIN */ +diff -up pam/modules/pam_tally2/README.xml.pt2 pam/modules/pam_tally2/README.xml +--- pam/modules/pam_tally2/README.xml.pt2 2008-10-15 12:14:21.000000000 +0200 ++++ pam/modules/pam_tally2/README.xml 2008-10-15 11:14:27.000000000 +0200 +@@ -0,0 +1,46 @@ ++ ++ ++--> ++]> ++ ++
++ ++ ++ ++ ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" ++ href="pam_tally2.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tally2-name"]/*)'/> ++ ++ ++ ++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
++ ++
+diff -up pam/modules/pam_tally2/tst-pam_tally2.pt2 pam/modules/pam_tally2/tst-pam_tally2 +--- pam/modules/pam_tally2/tst-pam_tally2.pt2 2008-10-15 12:14:21.000000000 +0200 ++++ pam/modules/pam_tally2/tst-pam_tally2 2008-10-15 10:23:18.000000000 +0200 +@@ -0,0 +1,2 @@ ++#!/bin/sh ++../../tests/tst-dlopen .libs/pam_tally2.so +diff -up pam/modules/pam_tally2/pam_tally2.8.xml.pt2 pam/modules/pam_tally2/pam_tally2.8.xml +--- pam/modules/pam_tally2/pam_tally2.8.xml.pt2 2008-10-15 12:14:21.000000000 +0200 ++++ pam/modules/pam_tally2/pam_tally2.8.xml 2008-10-15 11:36:00.000000000 +0200 +@@ -0,0 +1,439 @@ ++ ++ ++ ++ ++ ++ ++ pam_tally2 ++ 8 ++ Linux-PAM Manual ++ ++ ++ ++ pam_tally2 ++ The login counter (tallying) module ++ ++ ++ ++ ++ pam_tally2.so ++ ++ file=/path/to/counter ++ ++ ++ onerr=[fail|succeed] ++ ++ ++ magic_root ++ ++ ++ even_deny_root ++ ++ ++ deny=n ++ ++ ++ lock_time=n ++ ++ ++ unlock_time=n ++ ++ ++ root_unlock_time=n ++ ++ ++ audit ++ ++ ++ silent ++ ++ ++ no_log_info ++ ++ ++ ++ pam_tally2 ++ ++ --file /path/to/counter ++ ++ ++ --user username ++ ++ ++ --reset[=n] ++ ++ ++ --quiet ++ ++ ++ ++ ++ ++ ++ DESCRIPTION ++ ++ ++ This module maintains a count of attempted accesses, can ++ reset count on success, can deny access if too many attempts fail. ++ ++ ++ pam_tally2 comes in two parts: ++ pam_tally2.so and ++ pam_tally2. The former is the PAM module and ++ the latter, a stand-alone program. pam_tally2 ++ is an (optional) application which can be used to interrogate and ++ manipulate the counter file. It can display users' counts, set ++ individual counts, or clear all counts. Setting artificially high ++ counts may be useful for blocking users without changing their ++ passwords. For example, one might find it useful to clear all counts ++ every midnight from a cron job. ++ ++ ++ Normally, failed attempts to access root will ++ not cause the root account to become ++ blocked, to prevent denial-of-service: if your users aren't given ++ shell accounts and root may only login via su or ++ at the machine console (not telnet/rsh, etc), this is safe. ++ ++ ++ ++ ++ ++ OPTIONS ++ ++ ++ ++ GLOBAL OPTIONS ++ ++ ++ ++ This can be used for auth and ++ account module types. ++ ++ ++ ++ ++ ++ ++ ++ ++ If something weird happens (like unable to open the file), ++ return with PAM_SUCESS if ++ ++ is given, else with the corresponding PAM error code. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ File where to keep counts. Default is ++ /var/log/tallylog. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Will log the user name into the system log if the user is not found. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Don't print informative messages. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Don't log informative messages via syslog3. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ AUTH OPTIONS ++ ++ ++ ++ Authentication phase first increments attempted login counter and ++ checks if user should be denied access. If the user is authenticated ++ and the login process continues on call to ++ pam_setcred3 ++ it resets the attempts counter. ++ ++ ++ ++ ++ ++ ++ ++ ++ Deny access if tally for this user exceeds ++ n. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Always deny for n seconds ++ after failed attempt. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Allow access after n seconds ++ after failed attempt. If this option is used the user will ++ be locked out for the specified amount of time after he ++ exceeded his maximum allowed attempts. Otherwise the ++ account is locked until the lock is removed by a manual ++ intervention of the system administrator. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ If the module is invoked by a user with uid=0 the ++ counter is not incremented. The sys-admin should use this ++ for user launched services, like su, ++ otherwise this argument should be omitted. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Do not use the .fail_locktime field in ++ /var/log/faillog for this user. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Don't reset count on successful entry, only decrement. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Root account can become unavailable. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ This option implies option. ++ Allow access after n seconds ++ to root acccount after failed attempt. If this option is used ++ the root user will be locked out for the specified amount of ++ time after he exceeded his maximum allowed attempts. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ACCOUNT OPTIONS ++ ++ ++ ++ Account phase resets attempts counter if the user is ++ not magic root. ++ This phase can be used optionaly for services which don't call ++ ++ pam_setcred3 ++ correctly or if the reset should be done regardless ++ of the failure of the account phase of other modules. ++ ++ ++ ++ ++ ++ ++ ++ ++ If the module is invoked by a user with uid=0 the ++ counter is not changed. The sys-admin should use this ++ for user launched services, like su, ++ otherwise this argument should be omitted. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ MODULE TYPES PROVIDED ++ ++ The and ++ module types are provided. ++ ++ ++ ++ ++ RETURN VALUES ++ ++ ++ PAM_AUTH_ERR ++ ++ ++ A invalid option was given, the module was not able ++ to retrive the user name, no valid counter file ++ was found, or too many failed logins. ++ ++ ++ ++ ++ PAM_SUCCESS ++ ++ ++ Everything was successfull. ++ ++ ++ ++ ++ PAM_USER_UNKNOWN ++ ++ ++ User not known. ++ ++ ++ ++ ++ ++ ++ ++ NOTES ++ ++ pam_tally2 is not compatible with the old pam_tally faillog file format. ++ This is caused by requirement of compatibility of the tallylog file ++ format between 32bit and 64bit architectures on multiarch systems. ++ ++ ++ There is no setuid wrapper for access to the data file such as when the ++ pam_tally2.so module is called from ++ xscreensaver. As this would make it impossible to share PAM configuration ++ with such services the following workaround is used: If the data file ++ cannot be opened because of insufficient permissions ++ (EPERM) the module returns ++ PAM_IGNORE. ++ ++ ++ ++ ++ EXAMPLES ++ ++ Add the following line to /etc/pam.d/login to ++ lock the account after 4 failed logins. Root account will be locked ++ as well. The accounts will be automatically unlocked after 20 minutes. ++ The module does not have to be called in the account phase because the ++ login calls ++ pam_setcred3 ++ correctly. ++ ++ ++auth required pam_securetty.so ++auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200 ++auth required pam_env.so ++auth required pam_unix.so ++auth required pam_nologin.so ++account required pam_unix.so ++password required pam_unix.so ++session required pam_limits.so ++session required pam_unix.so ++session required pam_lastlog.so nowtmp ++session optional pam_mail.so standard ++ ++ ++ ++ ++ FILES ++ ++ ++ /var/log/tallylog ++ ++ failure count logging file ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ pam.conf5 ++ , ++ ++ pam.d5 ++ , ++ ++ pam8 ++ ++ ++ ++ ++ ++ AUTHOR ++ ++ pam_tally was written by Tim Baverstock and Tomas Mraz. ++ ++ ++ ++ ++ +diff -up pam/modules/pam_tally2/Makefile.am.pt2 pam/modules/pam_tally2/Makefile.am +--- pam/modules/pam_tally2/Makefile.am.pt2 2008-10-15 12:13:43.000000000 +0200 ++++ pam/modules/pam_tally2/Makefile.am 2008-10-15 11:31:41.000000000 +0200 +@@ -0,0 +1,40 @@ ++# ++# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk ++# Copyright (c) 2008 Red Hat, Inc. ++# ++ ++CLEANFILES = *~ ++ ++EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_tally2 ++ ++man_MANS = pam_tally2.8 ++XMLS = README.xml pam_tally2.8.xml ++ ++TESTS = tst-pam_tally2 ++ ++securelibdir = $(SECUREDIR) ++secureconfdir = $(SCONFIGDIR) ++ ++noinst_HEADERS = tallylog.h ++ ++AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include ++ ++pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module ++pam_tally2_la_LIBADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT) ++if HAVE_VERSIONING ++ pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map ++endif ++ ++pam_tally2_LDADD = $(LIBAUDIT) ++ ++securelib_LTLIBRARIES = pam_tally2.la ++sbin_PROGRAMS = pam_tally2 ++ ++pam_tally2_la_SOURCES = pam_tally.c ++pam_tally2_SOURCES = pam_tally_app.c ++ ++if ENABLE_REGENERATE_MAN ++noinst_DATA = README ++README: pam_tally2.8.xml ++-include $(top_srcdir)/Make.xml.rules ++endif +diff -up pam/modules/pam_tally2/pam_tally_app.c.pt2 pam/modules/pam_tally2/pam_tally_app.c +--- pam/modules/pam_tally2/pam_tally_app.c.pt2 2008-10-15 12:14:21.000000000 +0200 ++++ pam/modules/pam_tally2/pam_tally_app.c 2008-02-27 17:08:50.000000000 +0100 +@@ -0,0 +1,7 @@ ++/* ++ # This seemed like such a good idea at the time. :) ++ */ ++ ++#define MAIN ++#include "pam_tally.c" ++ -- 2.51.1 From 144e487040d14f8208281ac0b6a0e986d66ad9442766a737106f92d447ed3046 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 7 Nov 2008 14:38:48 +0000 Subject: [PATCH 020/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=20 --- pam.changes | 6 ++++++ pam.spec | 17 ++++++++++------ pam_xauth-XAUTHLOCALHOSTNAME.diff | 32 +++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 6 deletions(-) create mode 100644 pam_xauth-XAUTHLOCALHOSTNAME.diff diff --git a/pam.changes b/pam.changes index a432f7a..f4661e0 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + ------------------------------------------------------------------- Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 9c0bee6..a3b1dcc 100644 --- a/pam.spec +++ b/pam.spec @@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.2 -Release: 10 +Release: 11 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -60,6 +60,7 @@ Patch9: pam_pwhistory-0.1.diff Patch10: pam_lastlog.diff Patch11: pam_tally2.diff Patch12: pam_cracklib-no-pwhistory.diff +Patch13: pam_xauth-XAUTHLOCALHOSTNAME.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -116,6 +117,7 @@ chmod 755 modules/pam_pwhistory/tst-pam_pwhistory %patch11 -p1 chmod 755 modules/pam_tally2/tst-pam_tally2 %patch12 -p0 +%patch13 -p0 %build aclocal -I m4 --install --force @@ -324,6 +326,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Tue Nov 04 2008 mc@suse.de +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) * Fri Oct 17 2008 kukuk@suse.de - Add pam_tally2 - Regenerate Documentation @@ -481,7 +486,7 @@ rm -rf $RPM_BUILD_ROOT - Add all services to pam_listfile * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Sat Jan 14 2006 kukuk@suse.de +* Fri Jan 13 2006 kukuk@suse.de - Update to Linux-PAM 0.99.3.0 release candiate tar balls (new translations) * Mon Jan 09 2006 kukuk@suse.de @@ -581,7 +586,7 @@ rm -rf $RPM_BUILD_ROOT * Sun Jan 18 2004 meissner@suse.de - We no longer have pam in the buildsystem, so we need some buildroot magic flags for the dlopen tests. -* Fri Jan 16 2004 kukuk@suse.de +* Thu Jan 15 2004 kukuk@suse.de - Cleanup neededforbuild * Fri Dec 05 2003 kukuk@suse.de - Add manual pages from SLES8 @@ -638,14 +643,14 @@ rm -rf $RPM_BUILD_ROOT - Fix to not own /usr/shar/man/man3 * Wed Mar 13 2002 kukuk@suse.de - Add /usr/include/security to pam-devel filelist -* Tue Feb 12 2002 ro@suse.de +* Mon Feb 11 2002 ro@suse.de - tar option for bz2 is "j" * Fri Jan 25 2002 kukuk@suse.de - Fix last pam_securetty patch * Thu Jan 24 2002 kukuk@suse.de - Use reentrant getpwnam functions for most modules - Fix unresolved symbols in pam_access and pam_userdb -* Mon Jan 21 2002 kukuk@suse.de +* Sun Jan 20 2002 kukuk@suse.de - libpam_misc: Don't handle Ctrl-D as error. * Wed Jan 16 2002 kukuk@suse.de - Remove SuSEconfig.pam @@ -686,7 +691,7 @@ rm -rf $RPM_BUILD_ROOT - pam_unix2: Create temp files with permission 0600 * Tue Feb 06 2001 ro@suse.de - pam_issue.c: include time.h to make it compile -* Sat Jan 06 2001 kukuk@suse.de +* Fri Jan 05 2001 kukuk@suse.de - Don't print error message about failed initialization from pam_limits with kernel 2.2 [Bug #5198] * Thu Jan 04 2001 kukuk@suse.de diff --git a/pam_xauth-XAUTHLOCALHOSTNAME.diff b/pam_xauth-XAUTHLOCALHOSTNAME.diff new file mode 100644 index 0000000..c12ac41 --- /dev/null +++ b/pam_xauth-XAUTHLOCALHOSTNAME.diff @@ -0,0 +1,32 @@ +--- modules/pam_xauth/pam_xauth.c ++++ modules/pam_xauth/pam_xauth.c 2008/11/04 10:59:23 +@@ -600,6 +600,29 @@ + free (d); + } + ++ /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */ ++ if (getenv("XAUTHLOCALHOSTNAME") != NULL) { ++ char *d, *xauthlocalhostname; ++ ++ xauthlocalhostname = strdup(getenv("XAUTHLOCALHOSTNAME")); ++ ++ if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) ++ { ++ pam_syslog(pamh, LOG_DEBUG, "out of memory"); ++ free(xauthlocalhostname); ++ xauthlocalhostname = NULL; ++ retval = PAM_SESSION_ERR; ++ goto cleanup; ++ } ++ ++ if (pam_putenv (pamh, d) != PAM_SUCCESS) ++ pam_syslog (pamh, LOG_DEBUG, ++ "can't set environment variable '%s'", d); ++ free (d); ++ free(xauthlocalhostname); ++ xauthlocalhostname = NULL; ++ } ++ + /* Merge the cookie we read before into the new file. */ + if (debug) { + pam_syslog(pamh, LOG_DEBUG, -- 2.51.1 From 3bf1d7f7d254a5d0ef3c1e9cf63642199c1b159b105cd69359e0b2fcea05ef1a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 20 Nov 2008 15:45:35 +0000 Subject: [PATCH 021/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=21 --- pam.changes | 6 ++ pam.spec | 7 +- pam_pwhistory-type.diff | 102 ++++++++++++++++++++++++++++++ pam_xauth-XAUTHLOCALHOSTNAME.diff | 82 +++++++++++++++--------- 4 files changed, 166 insertions(+), 31 deletions(-) create mode 100644 pam_pwhistory-type.diff diff --git a/pam.changes b/pam.changes index f4661e0..262e452 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + ------------------------------------------------------------------- Tue Nov 4 13:42:03 CET 2008 - mc@suse.de diff --git a/pam.spec b/pam.spec index a3b1dcc..0674874 100644 --- a/pam.spec +++ b/pam.spec @@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.2 -Release: 11 +Release: 12 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -61,6 +61,7 @@ Patch10: pam_lastlog.diff Patch11: pam_tally2.diff Patch12: pam_cracklib-no-pwhistory.diff Patch13: pam_xauth-XAUTHLOCALHOSTNAME.diff +Patch14: pam_pwhistory-type.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -118,6 +119,7 @@ chmod 755 modules/pam_pwhistory/tst-pam_pwhistory chmod 755 modules/pam_tally2/tst-pam_tally2 %patch12 -p0 %patch13 -p0 +%patch14 -p0 %build aclocal -I m4 --install --force @@ -326,6 +328,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Wed Nov 19 2008 kukuk@suse.de +- pam_xauth: update last patch +- pam_pwhistory: add missing type option * Tue Nov 04 2008 mc@suse.de - pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment (bnc#441314) diff --git a/pam_pwhistory-type.diff b/pam_pwhistory-type.diff new file mode 100644 index 0000000..0fe7a01 --- /dev/null +++ b/pam_pwhistory-type.diff @@ -0,0 +1,102 @@ +Index: modules/pam_pwhistory/pam_pwhistory.8.xml +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.8.xml,v +retrieving revision 1.1 +diff -u -r1.1 pam_pwhistory.8.xml +--- modules/pam_pwhistory/pam_pwhistory.8.xml 10 Oct 2008 06:53:45 -0000 1.1 ++++ modules/pam_pwhistory/pam_pwhistory.8.xml 19 Nov 2008 14:24:00 -0000 +@@ -33,6 +33,9 @@ + + retry=N + ++ ++ type=STRING ++ + + + +@@ -119,6 +122,21 @@ + + + ++ ++ ++ ++ ++ ++ ++ The default action is for the module to use the ++ following prompts when requesting passwords: ++ "New UNIX password: " and "Retype UNIX password: ". ++ The default word UNIX can ++ be replaced with this option. ++ ++ ++ ++ + + + +Index: modules/pam_pwhistory/pam_pwhistory.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.c,v +retrieving revision 1.1 +diff -u -r1.1 pam_pwhistory.c +--- modules/pam_pwhistory/pam_pwhistory.c 10 Oct 2008 06:53:45 -0000 1.1 ++++ modules/pam_pwhistory/pam_pwhistory.c 19 Nov 2008 14:24:00 -0000 +@@ -58,7 +58,9 @@ + + #include "opasswd.h" + ++/* For Translators: "%s%s" could be replaced with " " or "". */ + #define NEW_PASSWORD_PROMPT _("New %s%spassword: ") ++/* For Translators: "%s%s" could be replaced with " " or "". */ + #define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ") + #define MISTYPED_PASSWORD _("Sorry, passwords do not match.") + +@@ -70,6 +72,7 @@ + int enforce_for_root; + int remember; + int tries; ++ const char *prompt_type; + }; + typedef struct options_t options_t; + +@@ -101,6 +104,8 @@ + } + else if (strcasecmp (argv, "enforce_for_root") == 0) + options->enforce_for_root = 1; ++ else if (strncasecmp (argv, "type=", 5) == 0) ++ options->prompt_type = &argv[5]; + else + pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); + } +@@ -121,6 +126,7 @@ + /* Set some default values, which could be overwritten later. */ + options.remember = 10; + options.tries = 1; ++ options.prompt_type = "UNIX"; + + /* Parse parameters for module */ + for ( ; argc-- > 0; argv++) +@@ -209,7 +215,8 @@ + while ((newpass == NULL) && (tries++ < options.tries)) + { + retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass, +- NEW_PASSWORD_PROMPT, "UNIX", " "); ++ NEW_PASSWORD_PROMPT, options.prompt_type, ++ strlen (options.prompt_type) > 0?" ":""); + if (retval != PAM_SUCCESS) + { + _pam_drop (newpass); +@@ -249,7 +256,9 @@ + char *new2; + + retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2, +- AGAIN_PASSWORD_PROMPT, "UNIX", " "); ++ AGAIN_PASSWORD_PROMPT, ++ options.prompt_type, ++ strlen (options.prompt_type) > 0?" ":""); + if (retval != PAM_SUCCESS) + return retval; + diff --git a/pam_xauth-XAUTHLOCALHOSTNAME.diff b/pam_xauth-XAUTHLOCALHOSTNAME.diff index c12ac41..42a71c8 100644 --- a/pam_xauth-XAUTHLOCALHOSTNAME.diff +++ b/pam_xauth-XAUTHLOCALHOSTNAME.diff @@ -1,32 +1,54 @@ ---- modules/pam_xauth/pam_xauth.c -+++ modules/pam_xauth/pam_xauth.c 2008/11/04 10:59:23 -@@ -600,6 +600,29 @@ +--- modules/pam_xauth/pam_xauth.c 8 Apr 2008 07:01:41 -0000 1.16 ++++ modules/pam_xauth/pam_xauth.c 18 Nov 2008 12:30:58 -0000 +@@ -280,7 +280,7 @@ + return noent_code; + default: + if (debug) { +- pam_syslog(pamh, LOG_ERR, ++ pam_syslog(pamh, LOG_DEBUG, + "error opening %s: %m", path); + } + return PAM_PERM_DENIED; +@@ -293,7 +293,8 @@ + int argc, const char **argv) + { + char *cookiefile = NULL, *xauthority = NULL, +- *cookie = NULL, *display = NULL, *tmp = NULL; ++ *cookie = NULL, *display = NULL, *tmp = NULL, ++ *xauthlocalhostname = NULL; + const char *user, *xauth = NULL; + struct passwd *tpwd, *rpwd; + int fd, i, debug = 0; +@@ -588,14 +589,30 @@ + + if (asprintf(&d, "DISPLAY=%s", display) < 0) + { +- pam_syslog(pamh, LOG_DEBUG, "out of memory"); ++ pam_syslog(pamh, LOG_ERR, "out of memory"); + cookiefile = NULL; + retval = PAM_SESSION_ERR; + goto cleanup; + } + + if (pam_putenv (pamh, d) != PAM_SUCCESS) +- pam_syslog (pamh, LOG_DEBUG, ++ pam_syslog (pamh, LOG_ERR, ++ "can't set environment variable '%s'", d); ++ free (d); ++ } ++ ++ /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */ ++ if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) { ++ char *d; ++ ++ if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) { ++ pam_syslog(pamh, LOG_ERR, "out of memory"); ++ retval = PAM_SESSION_ERR; ++ goto cleanup; ++ } ++ ++ if (pam_putenv (pamh, d) != PAM_SUCCESS) ++ pam_syslog (pamh, LOG_ERR, + "can't set environment variable '%s'", d); free (d); } - -+ /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */ -+ if (getenv("XAUTHLOCALHOSTNAME") != NULL) { -+ char *d, *xauthlocalhostname; -+ -+ xauthlocalhostname = strdup(getenv("XAUTHLOCALHOSTNAME")); -+ -+ if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) -+ { -+ pam_syslog(pamh, LOG_DEBUG, "out of memory"); -+ free(xauthlocalhostname); -+ xauthlocalhostname = NULL; -+ retval = PAM_SESSION_ERR; -+ goto cleanup; -+ } -+ -+ if (pam_putenv (pamh, d) != PAM_SUCCESS) -+ pam_syslog (pamh, LOG_DEBUG, -+ "can't set environment variable '%s'", d); -+ free (d); -+ free(xauthlocalhostname); -+ xauthlocalhostname = NULL; -+ } -+ - /* Merge the cookie we read before into the new file. */ - if (debug) { - pam_syslog(pamh, LOG_DEBUG, -- 2.51.1 From ce00661e7844be372a9b141465c5cf3ba763ab7d3d30e870ed19dcd2fabc10b6 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 28 Nov 2008 14:44:50 +0000 Subject: [PATCH 022/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=22 --- pam.changes | 10 ++++++++++ pam.spec | 10 +++++++++- pam_limits-doc.diff | 23 +++++++++++++++++++++++ pam_pwhistory-0.1.diff | 2 +- pam_time.diff | 18 ++++++++++++++++++ 5 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 pam_limits-doc.diff create mode 100644 pam_time.diff diff --git a/pam.changes b/pam.changes index 262e452..87ac646 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + ------------------------------------------------------------------- Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 0674874..fb4bccf 100644 --- a/pam.spec +++ b/pam.spec @@ -35,7 +35,7 @@ License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on Version: 1.0.2 -Release: 12 +Release: 13 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -62,6 +62,8 @@ Patch11: pam_tally2.diff Patch12: pam_cracklib-no-pwhistory.diff Patch13: pam_xauth-XAUTHLOCALHOSTNAME.diff Patch14: pam_pwhistory-type.diff +Patch15: pam_time.diff +Patch16: pam_limits-doc.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -120,6 +122,8 @@ chmod 755 modules/pam_tally2/tst-pam_tally2 %patch12 -p0 %patch13 -p0 %patch14 -p0 +%patch15 -p0 +%patch16 -p0 %build aclocal -I m4 --install --force @@ -328,6 +332,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Thu Nov 27 2008 mc@suse.de +- enhance the man page for limits.conf (bnc#448314) +* Mon Nov 24 2008 kukuk@suse.de +- pam_time: fix parsing if '|' is used [bdo#326407] * Wed Nov 19 2008 kukuk@suse.de - pam_xauth: update last patch - pam_pwhistory: add missing type option diff --git a/pam_limits-doc.diff b/pam_limits-doc.diff new file mode 100644 index 0000000..de00437 --- /dev/null +++ b/pam_limits-doc.diff @@ -0,0 +1,23 @@ +--- modules/pam_limits/limits.conf.5.xml ++++ modules/pam_limits/limits.conf.5.xml 2008/11/27 14:25:16 +@@ -230,6 +230,11 @@ + + + ++ All items support the values -1, ++ unlimited or infinity indicating no limit, ++ except for priority and nice. ++ ++ + In general, individual limits have priority over group limits, so if + you impose no limits for admin group, but one of + the members in this group have a limits line, the user will have its +@@ -275,6 +280,7 @@ + pam_limits8, + pam.d5, +- pam8 ++ pam8, ++ getrlimit2 + + + diff --git a/pam_pwhistory-0.1.diff b/pam_pwhistory-0.1.diff index 692696b..db71aa6 100644 --- a/pam_pwhistory-0.1.diff +++ b/pam_pwhistory-0.1.diff @@ -635,7 +635,7 @@ diff -N modules/pam_pwhistory/opasswd.c + } + else + { -+ if (asprintf (&out, "%s:%si%d:%s,%s\n", ++ if (asprintf (&out, "%s:%s:%d:%s,%s\n", + entry.user, entry.uid, entry.count, + entry.old_passwords, oldpass) < 0) + { diff --git a/pam_time.diff b/pam_time.diff new file mode 100644 index 0000000..8e158a0 --- /dev/null +++ b/pam_time.diff @@ -0,0 +1,18 @@ +2008-11-25 Thorsten Kukuk + + * modules/pam_time/pam_time.c (is_same): Fix check + of correct string length (debian bug #326407). + +--- modules/pam_time/pam_time.c 7 Dec 2007 15:40:02 -0000 1.16 ++++ modules/pam_time/pam_time.c 25 Nov 2008 13:37:12 -0000 +@@ -358,8 +358,8 @@ + + /* Ok, we know that b is a substring from A and does not contain + wildcards, but now the length of both strings must be the same, +- too. */ +- if (strlen (a) != strlen(b)) ++ too. In this case it means, a[i] has to be the end of the string. */ ++ if (a[i] != '\0') + return FALSE; + + return ( !len ); -- 2.51.1 From 4a4dd4027573a089975bb8b370a2654ac2c2214336df596ff75087292abb10fe Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 5 Dec 2008 14:53:33 +0000 Subject: [PATCH 023/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=23 --- pam.changes | 5 +++++ pam.spec | 20 +++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index 87ac646..bd564c5 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + ------------------------------------------------------------------- Thu Nov 27 15:56:51 CET 2008 - mc@suse.de diff --git a/pam.spec b/pam.spec index fb4bccf..b39a511 100644 --- a/pam.spec +++ b/pam.spec @@ -34,8 +34,16 @@ BuildRequires: libselinux-devel License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on +# bug437293 +%ifarch ppc64 +Obsoletes: pam-64bit +%endif +%ifarch %ix86 ppc +Obsoletes: pam-32bit +%endif +# Version: 1.0.2 -Release: 13 +Release: 14 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -92,6 +100,14 @@ Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: pam = %{version} glibc-devel AutoReqProv: on +# bug437293 +%ifarch ppc64 +Obsoletes: pam-devel-64bit +%endif +%ifarch %ix86 ppc +Obsoletes: pam-devel-32bit +%endif +# %description devel PAM (Pluggable Authentication Modules) is a system security tool which @@ -332,6 +348,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Thu Dec 04 2008 olh@suse.de +- obsolete old -XXbit packages (bnc#437293) * Thu Nov 27 2008 mc@suse.de - enhance the man page for limits.conf (bnc#448314) * Mon Nov 24 2008 kukuk@suse.de -- 2.51.1 From 94997f1885b3cc2c3edcddd5608950d788442c802709ebc1acc886aa14d6a5b4 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 15 Dec 2008 12:07:20 +0000 Subject: [PATCH 024/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=24 --- pam.changes | 6 ++++++ pam.spec | 11 ++++------- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/pam.changes b/pam.changes index bd564c5..0596ab9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + ------------------------------------------------------------------- Thu Dec 4 12:34:56 CET 2008 - olh@suse.de diff --git a/pam.spec b/pam.spec index b39a511..3d3cd9c 100644 --- a/pam.spec +++ b/pam.spec @@ -38,12 +38,9 @@ AutoReqProv: on %ifarch ppc64 Obsoletes: pam-64bit %endif -%ifarch %ix86 ppc -Obsoletes: pam-32bit -%endif # Version: 1.0.2 -Release: 14 +Release: 15 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -104,9 +101,6 @@ AutoReqProv: on %ifarch ppc64 Obsoletes: pam-devel-64bit %endif -%ifarch %ix86 ppc -Obsoletes: pam-devel-32bit -%endif # %description devel @@ -348,6 +342,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Wed Dec 10 2008 olh@suse.de +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) * Thu Dec 04 2008 olh@suse.de - obsolete old -XXbit packages (bnc#437293) * Thu Nov 27 2008 mc@suse.de -- 2.51.1 From bcc46d9105f4307c233aad9fd7f425cbf89ad89532f8b1889ab8cde7bba2bb32 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 6 Feb 2009 15:59:38 +0000 Subject: [PATCH 025/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=25 --- Linux-PAM-1.0.2-SUSE-docs.tar.bz2 | 4 +- Linux-PAM-docu-generated.diff | 14299 ++++++++++++++++++++++++++-- libpam-password-requisite.diff | 49 + pam.changes | 11 + pam.spec | 13 +- pam_limits-logging.diff | 125 + 6 files changed, 13783 insertions(+), 718 deletions(-) create mode 100644 libpam-password-requisite.diff create mode 100644 pam_limits-logging.diff diff --git a/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 b/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 index 85035f6..28cfd32 100644 --- a/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 +++ b/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:bd4474f01ec6fcb5e8af676b8aa5677a8784f5a027eaca0b64875d5d1dc467f3 -size 477831 +oid sha256:82a4195effbfd56af6eb3dd80de9690c1fef3fa8b9c25457037d3d591d15dcd9 +size 468691 diff --git a/Linux-PAM-docu-generated.diff b/Linux-PAM-docu-generated.diff index cb7870f..40ae346 100644 --- a/Linux-PAM-docu-generated.diff +++ b/Linux-PAM-docu-generated.diff @@ -1,23 +1,714 @@ ---- Linux-PAM-1.0.2-old/modules/pam_access/pam_access.8 2008-04-16 11:06:35.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2008-10-17 13:01:19.000000000 +0200 -@@ -1,11 +1,11 @@ - .\" Title: pam_access - .\" Author: +--- Linux-PAM-1.0.2-orig/doc/man/pam_getenv.3 2008-04-16 11:09:52.000000000 +0200 ++++ Linux-PAM-1.0.2/doc/man/pam_getenv.3 2009-01-20 12:00:42.000000000 +0100 +@@ -1,39 +1,202 @@ + .\" Title: pam_getenv +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" --.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ACCESS" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GETENV" "3" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -64,9 +64,13 @@ + .ad l +-.SH "NAME" +-pam_getenv - get a PAM environment variable +-.SH "SYNOPSIS" ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_getenv \- get a PAM environment variable ++.SH "Synopsis" + .sp + .ft B ++.fam C ++.ps -1 + .nf +-#include ++#include + .fi ++.fam ++.ps +1 + .ft +-.HP 23 ++.fam C ++.HP \w'const\ char\ *pam_getenv('u + .BI "const char *pam_getenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name" ");" ++.fam + .SH "DESCRIPTION" + .PP + The + \fBpam_getenv\fR + function searches the PAM environment list as associated with the handle + \fIpamh\fR +-for a string that matches the string pointed to by +-\fIname\fR\. The return values are of the form: "\fIname=value\fR"\. ++for an item that matches the string pointed to by ++\fIname\fR ++and returns the value of the environment variable\&. + .SH "RETURN VALUES" + .PP + The + \fBpam_getenv\fR +-function returns NULL on failure\. ++function returns NULL on failure\&. + .SH "SEE ALSO" + .PP + +--- Linux-PAM-1.0.2-orig/doc/man/pam_prompt.3 2008-04-16 11:09:59.000000000 +0200 ++++ Linux-PAM-1.0.2/doc/man/pam_prompt.3 2009-01-20 12:00:43.000000000 +0100 +@@ -1,53 +1,219 @@ + .\" Title: pam_prompt +-.\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual ++.\" Language: English + .\" +-.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_PROMPT" "3" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) + .ad l +-.SH "NAME" +-pam_prompt, pam_vprompt - interface to conversation function +-.SH "SYNOPSIS" ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_prompt, pam_vprompt \- interface to conversation function ++.SH "Synopsis" + .sp + .ft B ++.fam C ++.ps -1 + .nf +-#include ++#include + .fi ++.fam ++.ps +1 + .ft +-.HP 16 +-.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\.\.\." ");" +-.HP 17 ++.fam C ++.HP \w'void\ pam_prompt('u ++.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" ++.fam ++.fam C ++.HP \w'void\ pam_vprompt('u + .BI "void pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" ++.fam + .SH "DESCRIPTION" + .PP + The + \fBpam_prompt\fR +-function constructs a message from the specified format string and arguments and passes it to ++function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\&. Upon successful return, ++\fIresponse\fR ++is set to point to a string returned from the conversation function\&. This string is allocated on heap and should be freed\&. + .SH "RETURN VALUES" + .PP + PAM_BUF_ERR .RS 4 - The group database will not be used for tokens not identified as account name\. +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_CONV_ERR + .RS 4 +-Conversation failure\. ++Conversation failure\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Transaction was successful created\. ++Transaction was successful created\&. + .RE + .PP + PAM_SYSTEM_ERR + .RS 4 +-System error\. ++System error\&. + .RE + .SH "SEE ALSO" + .PP +@@ -60,4 +226,4 @@ + \fBpam_prompt\fR + and + \fBpam_vprompt\fR +-functions are Linux\-PAM extensions\. ++functions are Linux\-PAM extensions\&. +--- Linux-PAM-1.0.2-orig/modules/pam_access/pam_access.8 2008-04-16 11:06:35.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2009-01-20 11:58:09.000000000 +0100 +@@ -1,103 +1,265 @@ + .\" Title: pam_access +-.\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Author: [see the "AUTHORS" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual ++.\" Language: English + .\" +-.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ACCESS" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) + .ad l +-.SH "NAME" +-pam_access - PAM module for logdaemon style login access control +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_access\.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_access \- PAM module for logdaemon style login access control ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_access\&.so\fR\ 'u ++\fBpam_access\&.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_access PAM module is mainly for access management\. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\. ++The pam_access PAM module is mainly for access management\&. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\&. + .PP + By default rules for access management are taken from config file +-\fI/etc/security/access\.conf\fR +-if you don\'t specify another file\. ++\FC/etc/security/access\&.conf\F[] ++if you don\'t specify another file\&. + .PP +-If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\. ++If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\&. + .SH "OPTIONS" + .PP +-\fBaccessfile=\fR\fB\fI/path/to/access\.conf\fR\fR ++\fBaccessfile=\fR\fB\fI/path/to/access\&.conf\fR\fR + .RS 4 + Indicate an alternative +-\fIaccess\.conf\fR +-style configuration file to override the default\. This can be useful when different services need different access lists\. ++\FCaccess\&.conf\F[] ++style configuration file to override the default\&. This can be useful when different services need different access lists\&. + .RE + .PP + \fBdebug\fR + .RS 4 + A lot of debug informations are printed with +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .RE + .PP + \fBnoaudit\fR + .RS 4 +-Do not report logins from disallowed hosts and ttys to the audit subsystem\. ++Do not report logins from disallowed hosts and ttys to the audit subsystem\&. + .RE + .PP + \fBfieldsep=\fR\fB\fIseparators\fR\fR + .RS 4 +-This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\. For example: ++This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\&. For example: + \fBfieldsep=|\fR +-will cause the default `:\' character to be treated as part of a field value and `|\' becomes the field separator\. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the ++will cause the default `:\' character to be treated as part of a field value and `|\' becomes the field separator\&. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the + \fBPAM_TTY\fR +-item is likely to be of the form "hostname:0" which includes a `:\' character in its value\. But you should not need this\. ++item is likely to be of the form "hostname:0" which includes a `:\' character in its value\&. But you should not need this\&. + .RE + .PP + \fBlistsep=\fR\fB\fIseparators\fR\fR + .RS 4 +-This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\. For example: ++This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\&. For example: + \fBlistsep=,\fR +-will cause the default ` \' (space) and `\et\' (tab) characters to be treated as part of a list element value and `,\' becomes the only list element separator\. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\. ++will cause the default ` \' (space) and `\et\' (tab) characters to be treated as part of a list element value and `,\' becomes the only list element separator\&. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\&. + .RE + .PP + \fBnodefgroup\fR + .RS 4 +-The group database will not be used for tokens not identified as account name\. ++The group database will not be used for tokens not identified as account name\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -27,38 +718,296 @@ +\fBaccount\fR, +\fBpassword\fR +and -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -105,7 +109,7 @@ + .RS 4 +-Access was granted\. ++Access was granted\&. + .RE + .PP + PAM_PERM_DENIED + .RS 4 +-Access was not granted\. ++Access was not granted\&. + .RE + .PP + PAM_IGNORE + .RS 4 + + \fBpam_setcred\fR +-was called which does nothing\. ++was called which does nothing\&. + .RE + .PP + PAM_ABORT + .RS 4 +-Not all relevant data or options could be gotten\. ++Not all relevant data or options could be gotten\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-The user is not known to the system\. ++The user is not known to the system\&. + .RE + .SH "FILES" + .PP +-\fI/etc/security/access\.conf\fR ++\FC/etc/security/access\&.conf\F[] + .RS 4 + Default configuration file + .RE +@@ -105,8 +267,8 @@ .PP \fBaccess.conf\fR(5), -\fBpam.d\fR(8), +-\fBpam\fR(8)\. +\fBpam.d\fR(5), - \fBpam\fR(8)\. ++\fBpam\fR(8)\&. .SH "AUTHORS" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 ---- Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 2008-04-16 11:06:38.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2008-10-17 13:01:23.000000000 +0200 -@@ -1,11 +1,11 @@ +-The logdaemon style login access control scheme was designed and implemented by Wietse Venema\. The pam_access PAM module was developed by Alexei Nogin \. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher \. ++The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin \&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher \&. +--- Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.8 2008-04-16 11:06:38.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2009-01-20 11:58:12.000000000 +0100 +@@ -1,33 +1,191 @@ .\" Title: pam_cracklib - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_CRACKLIB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_CRACKLIB" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_CRACKLIB" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -69,12 +69,6 @@ + .ad l +-.SH "NAME" +-pam_cracklib - PAM module to check the password against dictionary words +-.SH "SYNOPSIS" +-.HP 16 +-\fBpam_cracklib\.so\fR [\fI\.\.\.\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_cracklib \- PAM module to check the password against dictionary words ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_cracklib\&.so\fR\ 'u ++\fBpam_cracklib\&.so\fR [\fI\&.\&.\&.\fR] ++.fam + .SH "DESCRIPTION" + .PP + This module can be plugged into the + \fIpassword\fR +-stack of a given application to provide some plug\-in strength\-checking for passwords\. ++stack of a given application to provide some plug\-in strength\-checking for passwords\&. + .PP +-The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\. ++The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\&. + .PP +-The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\. ++The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\&. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\&. + .PP + The strength checks works in the following manner: at first the + \fBCracklib\fR +-routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\. These checks are: ++routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\&. These checks are: + .PP + Palindrome + .RS 4 +@@ -43,15 +201,15 @@ + .RS 4 + Is the new password too much like the old one? This is primarily controlled by one argument, + \fBdifok\fR +-which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller\. ++which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller\&. + .sp + To avoid the lockup associated with trying to change a long and complicated password, + \fBdifignore\fR +-is available\. This argument can be used to specify the minimum length a new password needs to be before the ++is available\&. This argument can be used to specify the minimum length a new password needs to be before the + \fBdifok\fR +-value is ignored\. The default value for ++value is ignored\&. The default value for + \fBdifignore\fR +-is 23\. ++is 23\&. + .RE + .PP + Simple +@@ -61,7 +219,7 @@ + \fBdcredit\fR, + \fBucredit\fR, + \fBlcredit\fR, and +-\fBocredit\fR\. See the section on the arguments for the details of how these work and there defaults\. ++\fBocredit\fR\&. See the section on the arguments for the details of how these work and there defaults\&. + .RE + .PP + Rotated +@@ -69,13 +227,7 @@ Is the new password a rotated version of the old password? .RE .PP @@ -68,21 +1017,174 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 Linux-PAM-1.0. -\fI/etc/security/opasswd\fR\. -.RE -.PP - This module with no arguments will work well for standard unix password encryption\. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\.\.\. In addition, the default action is to allow passwords as small as 5 characters in length\. For a md5 systems it can be a good idea to increase the required minimum size of a password\. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\. +-This module with no arguments will work well for standard unix password encryption\. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\.\.\. In addition, the default action is to allow passwords as small as 5 characters in length\. For a md5 systems it can be a good idea to increase the required minimum size of a password\. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\. ++This module with no arguments will work well for standard unix password encryption\&. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\&. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\&. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\&.\&.\&. In addition, the default action is to allow passwords as small as 5 characters in length\&. For a md5 systems it can be a good idea to increase the required minimum size of a password\&. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\&. .SH "OPTIONS" .PP -@@ -157,7 +151,7 @@ + .PP +@@ -83,21 +235,21 @@ + .RS 4 + This option makes the module write information to + \fBsyslog\fR(3) +-indicating the behavior of the module (this option does not write password information to the log file)\. ++indicating the behavior of the module (this option does not write password information to the log file)\&. + .RE + .PP + \fBtype=\fR\fB\fIXXX\fR\fR + .RS 4 +-The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\. The default word ++The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The default word + \fIUNIX\fR +-can be replaced with this option\. ++can be replaced with this option\&. + .RE + .PP + \fBretry=\fR\fB\fIN\fR\fR + .RS 4 + Prompt user at most + \fIN\fR +-times before returning with error\. The default is ++times before returning with error\&. The default is + \fI1\fR + .RE + .PP +@@ -105,98 +257,98 @@ + .RS 4 + This argument will change the default of + \fI5\fR +-for the number of characters in the new password that must not be present in the old password\. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway\. ++for the number of characters in the new password that must not be present in the old password\&. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway\&. + .RE + .PP + \fBdifignore=\fR\fB\fIN\fR\fR + .RS 4 +-How many characters should the password have before difok will be ignored\. The default is +-\fI23\fR\. ++How many characters should the password have before difok will be ignored\&. The default is ++\fI23\fR\&. + .RE + .PP + \fBminlen=\fR\fB\fIN\fR\fR + .RS 4 +-The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR, ++The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\&. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR, + \fIupper\fR, + \fIlower\fR + and +-\fIdigit\fR)\. The default for this parameter is ++\fIdigit\fR)\&. The default for this parameter is + \fI9\fR +-which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\. Note that there is a pair of length limits in ++which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\&. Note that there is a pair of length limits in + \fICracklib\fR + itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to +-\fBminlen\fR\. If you want to allow passwords as short as 5 characters you should not use this module\. ++\fBminlen\fR\&. If you want to allow passwords as short as 5 characters you should not use this module\&. + .RE + .PP + \fBdcredit=\fR\fB\fIN\fR\fR + .RS 4 +-(N >= 0) This is the maximum credit for having digits in the new password\. If you have less than or ++(N >= 0) This is the maximum credit for having digits in the new password\&. If you have less than or + \fIN\fR + digits, each digit will count +1 towards meeting the current \fBminlen\fR - less than 10\. +-value\. The default for ++value\&. The default for + \fBdcredit\fR + is 1 which is the recommended value for + \fBminlen\fR +-less than 10\. ++less than 10\&. + .sp +-(N < 0) This is the minimum number of digits that must be met for a new password\. ++(N < 0) This is the minimum number of digits that must be met for a new password\&. + .RE + .PP + \fBucredit=\fR\fB\fIN\fR\fR + .RS 4 +-(N >= 0) This is the maximum credit for having upper case letters in the new password\. If you have less than or ++(N >= 0) This is the maximum credit for having upper case letters in the new password\&. If you have less than or + \fIN\fR + upper case letters each letter will count +1 towards meeting the current + \fBminlen\fR +-value\. The default for ++value\&. The default for + \fBucredit\fR + is + \fI1\fR + which is the recommended value for + \fBminlen\fR +-less than 10\. ++less than 10\&. .sp -(N > 0) This is the minimum number of upper case letters that must be met for a new password\. -+(N < 0) This is the minimum number of upper case letters that must be met for a new password\. ++(N < 0) This is the minimum number of upper case letters that must be met for a new password\&. .RE .PP \fBlcredit=\fR\fB\fIN\fR\fR -@@ -212,11 +206,11 @@ .RS 4 - Path to the cracklib dictionaries\. +-(N >= 0) This is the maximum credit for having lower case letters in the new password\. If you have less than or ++(N >= 0) This is the maximum credit for having lower case letters in the new password\&. If you have less than or + \fIN\fR + lower case letters, each letter will count +1 towards meeting the current + \fBminlen\fR +-value\. The default for ++value\&. The default for + \fBlcredit\fR + is 1 which is the recommended value for + \fBminlen\fR +-less than 10\. ++less than 10\&. + .sp +-(N < 0) This is the minimum number of lower case letters that must be met for a new password\. ++(N < 0) This is the minimum number of lower case letters that must be met for a new password\&. + .RE + .PP + \fBocredit=\fR\fB\fIN\fR\fR + .RS 4 +-(N >= 0) This is the maximum credit for having other characters in the new password\. If you have less than or ++(N >= 0) This is the maximum credit for having other characters in the new password\&. If you have less than or + \fIN\fR + other characters, each character will count +1 towards meeting the current + \fBminlen\fR +-value\. The default for ++value\&. The default for + \fBocredit\fR + is 1 which is the recommended value for + \fBminlen\fR +-less than 10\. ++less than 10\&. + .sp +-(N < 0) This is the minimum number of other characters that must be met for a new password\. ++(N < 0) This is the minimum number of other characters that must be met for a new password\&. + .RE + .PP + \fBminclass=\fR\fB\fIN\fR\fR + .RS 4 +-The minimum number of required classes of characters for the new password\. The default number is zero\. The four classes are digits, upper and lower letters and other characters\. The difference to the ++The minimum number of required classes of characters for the new password\&. The default number is zero\&. The four classes are digits, upper and lower letters and other characters\&. The difference to the + \fBcredit\fR +-check is that a specific class if of characters is not required\. Instead ++check is that a specific class if of characters is not required\&. Instead + \fIN\fR +-out of four of the classes are required\. ++out of four of the classes are required\&. + .RE + .PP + \fBuse_authtok\fR +@@ -205,105 +357,159 @@ + \fIforce\fR + the module to not prompt the user for a new password but use the one provided by the previously stacked + \fIpassword\fR +-module\. ++module\&. + .RE + .PP + \fBdictpath=\fR\fB\fI/path/to/dict\fR\fR + .RS 4 +-Path to the cracklib dictionaries\. ++Path to the cracklib dictionaries\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -91,11 +1193,160 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 Linux-PAM-1.0. +Only the \fBpassword\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP .PP -@@ -302,7 +296,7 @@ + PAM_SUCCESS + .RS 4 +-The new password passes all checks\. ++The new password passes all checks\&. + .RE + .PP + PAM_AUTHTOK_ERR + .RS 4 +-No new password was entered, the username could not be determined or the new password fails the strength checks\. ++No new password was entered, the username could not be determined or the new password fails the strength checks\&. + .RE + .PP + PAM_AUTHTOK_RECOVERY_ERR + .RS 4 +-The old password was not supplied by a previous stacked module or got not requested from the user\. The first error can happen if ++The old password was not supplied by a previous stacked module or got not requested from the user\&. The first error can happen if + \fBuse_authtok\fR +-is specified\. ++is specified\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-A internal error occured\. ++A internal error occured\&. + .RE + .SH "EXAMPLES" + .PP + For an example of the use of this module, we show how it may be stacked with the password component of + \fBpam_unix\fR(8) + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ + # +-# These lines stack two password type modules\. In this example the +-# user is given 3 opportunities to enter a strong password\. The ++# These lines stack two password type modules\&. In this example the ++# user is given 3 opportunities to enter a strong password\&. The + # "use_authtok" argument ensures that the pam_unix module does not + # prompt for a password, but instead uses the one provided by +-# pam_cracklib\. ++# pam_cracklib\&. + # +-passwd password required pam_cracklib\.so retry=3 +-passwd password required pam_unix\.so use_authtok ++passwd password required pam_cracklib\&.so retry=3 ++passwd password required pam_unix\&.so use_authtok + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .PP + Another example (in the +-\fI/etc/pam\.d/passwd\fR ++\FC/etc/pam\&.d/passwd\F[] + format) is for the case that you want to use md5 password encryption: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 + # + # These lines allow a md5 systems to support passwords of at least 14 + # bytes with extra credit of 2 for digits and 2 for others the new + # password must have at least three bytes that are not present in the + # old password + # +-password required pam_cracklib\.so \e ++password required pam_cracklib\&.so \e + difok=3 minlen=15 dcredit= 2 ocredit=2 +-password required pam_unix\.so use_authtok nullok md5 ++password required pam_unix\&.so use_authtok nullok md5 + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .PP + And here is another example in case you don\'t want to use credits: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 + # + # These lines require the user to select a password with a minimum + # length of 8 and with at least 1 digit number, 1 upper case letter, + # and 1 other character + # +-password required pam_cracklib\.so \e ++password required pam_cracklib\&.so \e + dcredit=\-1 ucredit=\-1 ocredit=\-1 lcredit=0 minlen=8 +-password required pam_unix\.so use_authtok nullok md5 ++password required pam_unix\&.so use_authtok nullok md5 + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -104,9 +1355,10 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/pam_cracklib.8 Linux-PAM-1.0. \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/README Linux-PAM-1.0.2/modules/pam_cracklib/README ---- Linux-PAM-1.0.2-old/modules/pam_cracklib/README 2008-04-16 11:06:39.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2008-10-17 13:01:24.000000000 +0200 +-pam_cracklib was written by Cristian Gafton ++pam_cracklib was written by Cristian Gafton +--- Linux-PAM-1.0.2-orig/modules/pam_cracklib/README 2008-04-16 11:06:39.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2009-01-20 11:58:14.000000000 +0100 @@ -51,11 +51,6 @@ Is the new password a rotated version of the old password? @@ -128,29 +1380,267 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_cracklib/README Linux-PAM-1.0.2/module for a new password. lcredit=N -diff -urN Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 ---- Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 2008-04-16 11:06:41.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2008-10-17 13:01:26.000000000 +0200 -@@ -1,11 +1,11 @@ +--- Linux-PAM-1.0.2-orig/modules/pam_debug/pam_debug.8 2008-04-16 11:06:41.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2009-01-20 11:58:16.000000000 +0100 +@@ -1,23 +1,181 @@ .\" Title: pam_debug - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_DEBUG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DEBUG" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DEBUG" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -87,15 +87,13 @@ + .ad l +-.SH "NAME" +-pam_debug - PAM module to debug the PAM stack +-.SH "SYNOPSIS" +-.HP 13 +-\fBpam_debug\.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_debug \- PAM module to debug the PAM stack ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_debug\&.so\fR\ 'u ++\fBpam_debug\&.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\. This module returns what its module arguments tell it to return\. ++The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\&. This module returns what its module arguments tell it to return\&. + .SH "OPTIONS" + .PP + \fBauth=\fR\fB\fIvalue\fR\fR +@@ -25,7 +183,7 @@ + The + \fBpam_sm_authenticate\fR(3) + function will return +-\fIvalue\fR\. ++\fIvalue\fR\&. + .RE + .PP + \fBcred=\fR\fB\fIvalue\fR\fR +@@ -33,7 +191,7 @@ + The + \fBpam_sm_setcred\fR(3) + function will return +-\fIvalue\fR\. ++\fIvalue\fR\&. + .RE + .PP + \fBacct=\fR\fB\fIvalue\fR\fR +@@ -41,7 +199,7 @@ + The + \fBpam_sm_acct_mgmt\fR(3) + function will return +-\fIvalue\fR\. ++\fIvalue\fR\&. + .RE + .PP + \fBprechauthtok=\fR\fB\fIvalue\fR\fR +@@ -52,7 +210,7 @@ + \fIvalue\fR + if the + \fIPAM_PRELIM_CHECK\fR +-flag is set\. ++flag is set\&. + .RE + .PP + \fBchauthtok=\fR\fB\fIvalue\fR\fR +@@ -65,7 +223,7 @@ + \fIPAM_PRELIM_CHECK\fR + flag is + \fBnot\fR +-set\. ++set\&. + .RE + .PP + \fBopen_session=\fR\fB\fIvalue\fR\fR +@@ -73,7 +231,7 @@ + The + \fBpam_sm_open_session\fR(3) + function will return +-\fIvalue\fR\. ++\fIvalue\fR\&. + .RE + .PP + \fBclose_session=\fR\fB\fIvalue\fR\fR +@@ -81,46 +239,62 @@ + The + \fBpam_sm_close_session\fR(3) + function will return +-\fIvalue\fR\. ++\fIvalue\fR\&. + .RE + .PP Where \fIvalue\fR - can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\. +-can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\. -.SH "MODULE SERVICES PROVIDED" ++can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\&. +.SH "MODULE TYPES PROVIDED" .PP -The services @@ -161,11 +1651,52 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 Linux-PAM-1.0.2/modu and -\fBsession\fR -are supported\. -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -119,7 +117,7 @@ + .RS 4 +-Default return code if no other value was specified, else specified return value\. ++Default return code if no other value was specified, else specified return value\&. + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth requisite pam_permit\.so +-auth [success=2 default=ok] pam_debug\.so auth=perm_denied cred=success +-auth [default=reset] pam_debug\.so auth=success cred=perm_denied +-auth [success=done default=die] pam_debug\.so +-auth optional pam_debug\.so auth=perm_denied cred=perm_denied +-auth sufficient pam_debug\.so auth=success cred=success ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth requisite pam_permit\&.so ++auth [success=2 default=ok] pam_debug\&.so auth=perm_denied cred=success ++auth [default=reset] pam_debug\&.so auth=success cred=perm_denied ++auth [success=done default=die] pam_debug\&.so ++auth optional pam_debug\&.so auth=perm_denied cred=perm_denied ++auth sufficient pam_debug\&.so auth=success cred=success + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -174,29 +1705,206 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_debug/pam_debug.8 Linux-PAM-1.0.2/modu \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 ---- Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 2008-04-16 11:06:44.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2008-10-17 13:01:29.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_debug was written by Andrew G\. Morgan \. ++pam_debug was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_deny/pam_deny.8 2008-04-16 11:06:44.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2009-01-20 11:58:19.000000000 +0100 +@@ -1,82 +1,258 @@ .\" Title: pam_deny - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_DENY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DENY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DENY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -22,13 +22,13 @@ + .ad l +-.SH "NAME" +-pam_deny - The locking-out PAM module +-.SH "SYNOPSIS" +-.HP 12 +-\fBpam_deny\.so\fR ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_deny \- The locking\-out PAM module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_deny\&.so\fR\ 'u ++\fBpam_deny\&.so\fR ++.fam + .SH "DESCRIPTION" + .PP +-This module can be used to deny access\. It always indicates a failure to the application through the PAM framework\. It might be suitable for using for default (the +-\fIOTHER\fR) entries\. ++This module can be used to deny access\&. It always indicates a failure to the application through the PAM framework\&. It might be suitable for using for default (the ++\fIOTHER\fR) entries\&. .SH "OPTIONS" .PP - This module does not recognise any options\. +-This module does not recognise any options\. -.SH "MODULE SERVICES PROVIDED" ++This module does not recognise any options\&. +.SH "MODULE TYPES PROVIDED" .PP -All services (\fBaccount\fR, @@ -205,11 +1913,83 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 Linux-PAM-1.0.2/module \fBpassword\fR and -\fBsession\fR) are supported\. -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP -@@ -75,7 +75,7 @@ + PAM_AUTH_ERR + .RS 4 +-This is returned by the account and auth services\. ++This is returned by the account and auth services\&. + .RE + .PP + PAM_CRED_ERR + .RS 4 +-This is returned by the setcred function\. ++This is returned by the setcred function\&. + .RE + .PP + PAM_AUTHTOK_ERR + .RS 4 +-This is returned by the password service\. ++This is returned by the password service\&. + .RE + .PP + PAM_SESSION_ERR + .RS 4 +-This is returned by the session service\. ++This is returned by the session service\&. + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 + # + # If we don\'t have config entries for a service, the +-# OTHER entries are used\. To be secure, warn and deny +-# access to everything\. +-other auth required pam_warn\.so +-other auth required pam_deny\.so +-other account required pam_warn\.so +-other account required pam_deny\.so +-other password required pam_warn\.so +-other password required pam_deny\.so +-other session required pam_warn\.so +-other session required pam_deny\.so ++# OTHER entries are used\&. To be secure, warn and deny ++# access to everything\&. ++other auth required pam_warn\&.so ++other auth required pam_deny\&.so ++other account required pam_warn\&.so ++other account required pam_deny\&.so ++other password required pam_warn\&.so ++other password required pam_deny\&.so ++other session required pam_warn\&.so ++other session required pam_deny\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -218,27 +1998,255 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_deny/pam_deny.8 Linux-PAM-1.0.2/module \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 ---- Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 2008-04-16 11:06:47.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2008-10-17 13:01:31.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_deny was written by Andrew G\. Morgan ++pam_deny was written by Andrew G\&. Morgan +--- Linux-PAM-1.0.2-orig/modules/pam_echo/pam_echo.8 2008-04-16 11:06:47.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2009-01-20 11:58:22.000000000 +0100 +@@ -1,108 +1,288 @@ .\" Title: pam_echo - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_ECHO" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ECHO" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ECHO" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -66,9 +66,13 @@ - \fI/path/message\fR - will be printed with the PAM conversion function as PAM_TEXT_INFO\. + .ad l +-.SH "NAME" +-pam_echo - PAM module for printing text messages +-.SH "SYNOPSIS" +-.HP 12 +-\fBpam_echo\.so\fR [file=\fI/path/message\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_echo \- PAM module for printing text messages ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_echo\&.so\fR\ 'u ++\fBpam_echo\&.so\fR [file=\fI/path/message\fR] ++.fam + .SH "DESCRIPTION" + .PP + The + \fIpam_echo\fR +-PAM module is for printing text messages to inform user about special things\. Sequences starting with the ++PAM module is for printing text messages to inform user about special things\&. Sequences starting with the + \fI%\fR + character are interpreted in the following way: + .PP + \fI%H\fR + .RS 4 +-The name of the remote host (PAM_RHOST)\. ++The name of the remote host (PAM_RHOST)\&. + .RE + .PP + \fB%h\fR + .RS 4 +-The name of the local host\. ++The name of the local host\&. + .RE + .PP + \fI%s\fR + .RS 4 +-The service name (PAM_SERVICE)\. ++The service name (PAM_SERVICE)\&. + .RE + .PP + \fI%t\fR + .RS 4 +-The name of the controlling terminal (PAM_TTY)\. ++The name of the controlling terminal (PAM_TTY)\&. + .RE + .PP + \fI%U\fR + .RS 4 +-The remote user name (PAM_RUSER)\. ++The remote user name (PAM_RUSER)\&. + .RE + .PP + \fI%u\fR + .RS 4 +-The local user name (PAM_USER)\. ++The local user name (PAM_USER)\&. + .RE + .PP + All other sequences beginning with + \fI%\fR + expands to the characters following the + \fI%\fR +-character\. ++character\&. + .SH "OPTIONS" + .PP + \fBfile=\fR\fB\fI/path/message\fR\fR + .RS 4 + The content of the file +-\fI/path/message\fR +-will be printed with the PAM conversion function as PAM_TEXT_INFO\. ++\FC/path/message\F[] ++will be printed with the PAM conversion function as PAM_TEXT_INFO\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -248,11 +2256,59 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 Linux-PAM-1.0.2/module +\fBaccount\fR, +\fBpassword\fR +and -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR -@@ -101,7 +105,7 @@ + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Message was successful printed\. ++Message was successful printed\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-PAM_SILENT flag was given or message file does not exist, no message printed\. ++PAM_SILENT flag was given or message file does not exist, no message printed\&. + .RE + .SH "EXAMPLES" + .PP + For an example of the use of this module, we show how it may be used to print informations about good passwords: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-password optional pam_echo\.so file=/usr/share/doc/good\-password\.txt +-password required pam_unix\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++password optional pam_echo\&.so file=/usr/share/doc/good\-password\&.txt ++password required pam_unix\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(8), @@ -261,36 +2317,252 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_echo/pam_echo.8 Linux-PAM-1.0.2/module \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 Linux-PAM-1.0.2/modules/pam_env/pam_env.8 ---- Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 2008-04-16 11:06:52.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2008-10-17 13:01:34.000000000 +0200 -@@ -1,11 +1,11 @@ +-Thorsten Kukuk ++Thorsten Kukuk +--- Linux-PAM-1.0.2-orig/modules/pam_env/pam_env.8 2008-04-16 11:06:52.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2009-01-20 11:58:25.000000000 +0100 +@@ -1,100 +1,258 @@ .\" Title: pam_env - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_ENV" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -27,7 +27,7 @@ + .ad l +-.SH "NAME" +-pam_env - PAM module to set/unset environment variables +-.SH "SYNOPSIS" +-.HP 11 +-\fBpam_env\.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_env \- PAM module to set/unset environment variables ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_env\&.so\fR\ 'u ++\fBpam_env\&.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_env PAM module allows the (un)setting of environment variables\. Supported is the use of previously set environment variables as well as ++The pam_env PAM module allows the (un)setting of environment variables\&. Supported is the use of previously set environment variables as well as + \fIPAM_ITEM\fRs such as +-\fIPAM_RHOST\fR\. ++\fIPAM_RHOST\fR\&. + .PP + By default rules for (un)setting of variables is taken from the config file +-\fI/etc/security/pam_env\.conf\fR +-if no other file is specified\. ++\FC/etc/security/pam_env\&.conf\F[] ++if no other file is specified\&. .PP This module can also parse a file with simple \fIKEY=VAL\fR -pairs on seperate lines (\fI/etc/environment\fR -+pairs on separate lines (\fI/etc/environment\fR - by default)\. You can change the default file to parse, with the +-by default)\. You can change the default file to parse, with the ++pairs on separate lines (\FC/etc/environment\F[] ++by default)\&. You can change the default file to parse, with the \fIenvfile\fR flag and turn it on or off by setting the -@@ -59,13 +59,13 @@ + \fIreadenv\fR +-flag to 1 or 0 respectively\. ++flag to 1 or 0 respectively\&. + .SH "OPTIONS" + .PP +-\fBconffile=\fR\fB\fI/path/to/pam_env\.conf\fR\fR ++\fBconffile=\fR\fB\fI/path/to/pam_env\&.conf\fR\fR .RS 4 - Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\. By default this option is on\. + Indicate an alternative +-\fIpam_env\.conf\fR +-style configuration file to override the default\. This can be useful when different services need different environments\. ++\FCpam_env\&.conf\F[] ++style configuration file to override the default\&. This can be useful when different services need different environments\&. + .RE + .PP + \fBdebug\fR + .RS 4 + A lot of debug informations are printed with +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .RE + .PP + \fBenvfile=\fR\fB\fI/path/to/environment\fR\fR + .RS 4 + Indicate an alternative +-\fIenvironment\fR +-file to override the default\. This can be useful when different services need different environments\. ++\FCenvironment\F[] ++file to override the default\&. This can be useful when different services need different environments\&. + .RE + .PP + \fBreadenv=\fR\fB\fI0|1\fR\fR + .RS 4 +-Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\. By default this option is on\. ++Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\&. By default this option is on\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -300,22 +2572,59 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_env/pam_env.8 Linux-PAM-1.0.2/modules/ and \fBsession\fR -services are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_ABORT -@@ -102,7 +102,7 @@ + .RS 4 +-Not all relevant data or options could be gotten\. ++Not all relevant data or options could be gotten\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-No pam_env\.conf and environment file was found\. ++No pam_env\&.conf and environment file was found\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Environment variables were set\. ++Environment variables were set\&. + .RE + .SH "FILES" + .PP +-\fI/etc/security/pam_env\.conf\fR ++\FC/etc/security/pam_env\&.conf\F[] + .RS 4 + Default configuration file + .RE + .PP +-\fI/etc/environment\fR ++\FC/etc/environment\F[] + .RS 4 + Default environment file + .RE +@@ -102,8 +260,8 @@ .PP \fBpam_env.conf\fR(5), -\fBpam.d\fR(8), +-\fBpam\fR(8)\. +\fBpam.d\fR(5), - \fBpam\fR(8)\. ++\fBpam\fR(8)\&. .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_env/README Linux-PAM-1.0.2/modules/pam_env/README ---- Linux-PAM-1.0.2-old/modules/pam_env/README 2008-04-16 11:06:53.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_env/README 2008-10-17 13:01:36.000000000 +0200 +-pam_env was written by Dave Kinchlea \. ++pam_env was written by Dave Kinchlea \&. +--- Linux-PAM-1.0.2-orig/modules/pam_env/README 2008-04-16 11:06:53.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_env/README 2009-01-20 11:58:27.000000000 +0100 @@ -11,7 +11,7 @@ By default rules for (un)setting of variables is taken from the config file / etc/security/pam_env.conf if no other file is specified. @@ -325,27 +2634,232 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_env/README Linux-PAM-1.0.2/modules/pam (/etc/environment by default). You can change the default file to parse, with the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 respectively. -diff -urN Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 ---- Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 2008-04-16 11:09:09.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2008-10-17 13:01:38.000000000 +0200 -@@ -1,11 +1,11 @@ +--- Linux-PAM-1.0.2-orig/modules/pam_exec/pam_exec.8 2008-04-16 11:09:09.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2009-01-20 11:58:29.000000000 +0100 +@@ -1,23 +1,181 @@ .\" Title: pam_exec - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_EXEC" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_EXEC" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_EXEC" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -50,15 +50,13 @@ + .ad l +-.SH "NAME" +-pam_exec - PAM module which calls an external command +-.SH "SYNOPSIS" +-.HP 12 +-\fBpam_exec\.so\fR [debug] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\.\.\.\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_exec \- PAM module which calls an external command ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_exec\&.so\fR\ 'u ++\fBpam_exec\&.so\fR [debug] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\&.\&.\&.\fR] ++.fam + .SH "DESCRIPTION" + .PP +-pam_exec is a PAM module that can be used to run an external command\. ++pam_exec is a PAM module that can be used to run an external command\&. + .PP + The child\'s environment is set to the current PAM environment list, as returned by + \fBpam_getenvlist\fR(3) +@@ -26,91 +184,117 @@ + \fIPAM_RUSER\fR, + \fIPAM_SERVICE\fR, + \fIPAM_TTY\fR, and +-\fIPAM_USER\fR\. ++\fIPAM_USER\fR\&. + .SH "OPTIONS" + .PP + .PP + \fBdebug\fR .RS 4 - Per default pam_exec\.so will execute the external command with the real user ID of the calling process\. Specifying this option means the command is run with the effective user ID\. +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBlog=\fR\fB\fIfile\fR\fR + .RS 4 + The output of the command is appended to +-\fIfile\fR ++\FCfile\F[] + .RE + .PP + \fBquiet\fR + .RS 4 +-Per default pam_exec\.so will echo the exit status of the external command if it fails\. Specifying this option will suppress the message\. ++Per default pam_exec\&.so will echo the exit status of the external command if it fails\&. Specifying this option will suppress the message\&. + .RE + .PP + \fBseteuid\fR + .RS 4 +-Per default pam_exec\.so will execute the external command with the real user ID of the calling process\. Specifying this option means the command is run with the effective user ID\. ++Per default pam_exec\&.so will execute the external command with the real user ID of the calling process\&. Specifying this option means the command is run with the effective user ID\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -358,11 +2872,89 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 Linux-PAM-1.0.2/module and -\fBsession\fR -are supported\. -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP -@@ -109,7 +107,7 @@ + PAM_SUCCESS + .RS 4 +-The external command runs successfull\. ++The external command runs successfull\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-No argument or a wrong number of arguments were given\. ++No argument or a wrong number of arguments were given\&. + .RE + .PP + PAM_SYSTEM_ERR + .RS 4 +-A system error occured or the command to execute failed\. ++A system error occured or the command to execute failed\&. + .RE + .PP + PAM_IGNORE + .RS 4 + + \fBpam_setcred\fR +-was called, which does not execute the command\. ++was called, which does not execute the command\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/passwd\fR ++\FC/etc/pam\&.d/passwd\F[] + to rebuild the NIS database after each local password change: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +- passwd optional pam_exec\.so seteuid make \-C /var/yp ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++ passwd optional pam_exec\&.so seteuid make \-C /var/yp + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + This will execute the command + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.BB lightgray + make \-C /var/yp ++.EB lightgray + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp +-with effective user ID\. ++with effective user ID\&. + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -371,27 +2963,217 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_exec/pam_exec.8 Linux-PAM-1.0.2/module \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 ---- Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 2008-04-16 11:09:21.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2008-10-17 13:01:41.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_exec was written by Thorsten Kukuk \. ++pam_exec was written by Thorsten Kukuk \&. +--- Linux-PAM-1.0.2-orig/modules/pam_faildelay/pam_faildelay.8 2008-04-16 11:09:21.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2009-01-20 11:58:33.000000000 +0100 +@@ -1,73 +1,249 @@ .\" Title: pam_faildelay - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_FAILDELAY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FAILDELAY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FAILDELAY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -34,11 +34,11 @@ + .ad l +-.SH "NAME" +-pam_faildelay - Change the delay on failure per-application +-.SH "SYNOPSIS" +-.HP 17 +-\fBpam_faildelay\.so\fR [debug] [delay=\fImicroseconds\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_faildelay \- Change the delay on failure per\-application ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_faildelay\&.so\fR\ 'u ++\fBpam_faildelay\&.so\fR [debug] [delay=\fImicroseconds\fR] ++.fam + .SH "DESCRIPTION" + .PP +-pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\. ++pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\&. + .PP + If no + \fBdelay\fR + is given, pam_faildelay will use the value of FAIL_DELAY from +-\fI/etc/login\.defs\fR\. ++\FC/etc/login\&.defs\F[]\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Set the delay on failure to N microseconds\. +-Turns on debugging messages sent to syslog\. ++Turns on debugging messages sent to syslog\&. + .RE + .PP + \fBdelay=\fR\fB\fIN\fR\fR + .RS 4 +-Set the delay on failure to N microseconds\. ++Set the delay on failure to N microseconds\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -399,11 +3181,52 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 Linux-PAM-1. Only the \fBauth\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_IGNORE -@@ -66,7 +66,7 @@ + .RS 4 +-Delay was successful adjusted\. ++Delay was successful adjusted\&. + .RE + .PP + PAM_SYSTEM_ERR + .RS 4 +-The specified delay was not valid\. ++The specified delay was not valid\&. + .RE + .SH "EXAMPLES" + .PP + The following example will set the delay on failure to 10 seconds: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth optional pam_faildelay\.so delay=10000000 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth optional pam_faildelay\&.so delay=10000000 + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" + .PP \fBpam_fail_delay\fR(3), \fBpam.conf\fR(5), @@ -412,27 +3235,300 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_faildelay/pam_faildelay.8 Linux-PAM-1. \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 ---- Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 2008-04-16 11:06:56.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2008-10-17 13:01:45.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_faildelay was written by Darren Tucker \. ++pam_faildelay was written by Darren Tucker \&. +--- Linux-PAM-1.0.2-orig/modules/pam_filter/pam_filter.8 2008-04-16 11:06:56.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2009-01-20 11:58:36.000000000 +0100 +@@ -1,73 +1,231 @@ .\" Title: pam_filter - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_FILTER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FILTER" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FILTER" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -109,15 +109,13 @@ + .ad l +-.SH "NAME" +-pam_filter - PAM filter module +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_filter\.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\.\.\.\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_filter \- PAM filter module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_filter\&.so\fR\ 'u ++\fBpam_filter\&.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\&.\&.\&.\fR] ++.fam + .SH "DESCRIPTION" + .PP +-This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\. It is only suitable for tty\-based and (stdin/stdout) applications\. ++This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\&. It is only suitable for tty\-based and (stdin/stdout) applications\&. + .PP + To function this module requires + \fIfilters\fR +-to be installed on the system\. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\. (This can be very annoying and is not kind to termcap based editors)\. ++to be installed on the system\&. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\&. (This can be very annoying and is not kind to termcap based editors)\&. + .PP +-Each component of the module has the potential to invoke the desired filter\. The filter is always ++Each component of the module has the potential to invoke the desired filter\&. The filter is always + \fBexecv\fR(2) + with the privilege of the calling application and + \fInot\fR +-that of the user\. For this reason it cannot usually be killed by the user without closing their session\. ++that of the user\&. For this reason it cannot usually be killed by the user without closing their session\&. + .SH "OPTIONS" + .PP + .PP + \fBdebug\fR .RS 4 - The full pathname of the filter to be run and any command line arguments that the filter might expect\. +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBnew_term\fR + .RS 4 + The default action of the filter is to set the + \fIPAM_TTY\fR +-item to indicate the terminal that the user is using to connect to the application\. This argument indicates that the filter should set ++item to indicate the terminal that the user is using to connect to the application\&. This argument indicates that the filter should set + \fIPAM_TTY\fR +-to the filtered pseudo\-terminal\. ++to the filtered pseudo\-terminal\&. + .RE + .PP + \fBnon_term\fR + .RS 4 + don\'t try to set the + \fIPAM_TTY\fR +-item\. ++item\&. + .RE + .PP + \fBrunX\fR + .RS 4 +-In order that the module can invoke a filter it should know when to invoke it\. This argument is required to tell the filter when to do this\. ++In order that the module can invoke a filter it should know when to invoke it\&. This argument is required to tell the filter when to do this\&. + .sp + Permitted values for + \fIX\fR + are + \fI1\fR + and +-\fI2\fR\. These indicate the precise time that the filter is to be run\. To understand this concept it will be useful to have read the ++\fI2\fR\&. These indicate the precise time that the filter is to be run\&. To understand this concept it will be useful to have read the + \fBpam\fR(3) +-manual page\. Basically, for each management group there are up to two ways of calling the module\'s functions\. In the case of the ++manual page\&. Basically, for each management group there are up to two ways of calling the module\'s functions\&. In the case of the + \fIauthentication\fR + and + \fIsession\fR +-components there are actually two separate functions\. For the case of authentication, these functions are ++components there are actually two separate functions\&. For the case of authentication, these functions are + \fBpam_authenticate\fR(3) + and + \fBpam_setcred\fR(3), here +@@ -77,20 +235,20 @@ + function and + \fBrun2\fR + means run the filter from +-\fBpam_setcred\fR\. In the case of the session modules, ++\fBpam_setcred\fR\&. In the case of the session modules, + \fIrun1\fR + implies that the filter is invoked at the + \fBpam_open_session\fR(3) + stage, and + \fIrun2\fR + for +-\fBpam_close_session\fR(3)\. ++\fBpam_close_session\fR(3)\&. + .sp +-For the case of the account component\. Either ++For the case of the account component\&. Either + \fIrun1\fR + or + \fIrun2\fR +-may be used\. ++may be used\&. + .sp + For the case of the password component, + \fIrun1\fR +@@ -102,53 +260,69 @@ + \fIrun2\fR + is used to indicate that the filter is run on the second occasion (the + \fIPAM_UPDATE_AUTHTOK\fR +-phase)\. ++phase)\&. + .RE + .PP + \fBfilter\fR + .RS 4 +-The full pathname of the filter to be run and any command line arguments that the filter might expect\. ++The full pathname of the filter to be run and any command line arguments that the filter might expect\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -445,11 +3541,55 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 Linux-PAM-1.0.2/mo and -\fBsession\fR -are supported\. -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP -@@ -147,7 +145,7 @@ + PAM_SUCCESS + .RS 4 +-The new filter was set successfull\. ++The new filter was set successfull\&. + .RE + .PP + PAM_ABORT + .RS 4 +-Critical error, immediate abort\. ++Critical error, immediate abort\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + to see how to configure login to transpose upper and lower case letters once the user has logged in: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +- session required pam_filter\.so run1 /lib/security/pam_filter/upperLOWER ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++ session required pam_filter\&.so run1 /lib/security/pam_filter/upperLOWER + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -458,27 +3598,245 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_filter/pam_filter.8 Linux-PAM-1.0.2/mo \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 ---- Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 2008-04-16 11:07:01.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2008-10-17 13:01:47.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_filter was written by Andrew G\. Morgan \. ++pam_filter was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_ftp/pam_ftp.8 2008-04-16 11:07:01.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2009-01-20 11:58:39.000000000 +0100 +@@ -1,25 +1,183 @@ .\" Title: pam_ftp - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_FTP" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FTP" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FTP" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -56,11 +56,11 @@ - \fB\fIXXX,YYY,\.\.\.\fR\fR\. Should the applicant enter one of these usernames the returned username is set to the first in the list: - \fIXXX\fR\. + .ad l +-.SH "NAME" +-pam_ftp - PAM module for anonymous access module +-.SH "SYNOPSIS" +-.HP 11 +-\fBpam_ftp\.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_ftp \- PAM module for anonymous access module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_ftp\&.so\fR\ 'u ++\fBpam_ftp\&.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...] ++.fam + .SH "DESCRIPTION" + .PP +-pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\. ++pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\&. + .PP +-This module intercepts the user\'s name and password\. If the name is ++This module intercepts the user\'s name and password\&. If the name is + \fIftp\fR + or + \fIanonymous\fR, the user\'s password is broken up at the +@@ -28,78 +186,96 @@ + \fIPAM_RUSER\fR + and a + \fIPAM_RHOST\fR +-part; these pam\-items being set accordingly\. The username (\fIPAM_USER\fR) is set to +-\fIftp\fR\. In this case the module succeeds\. Alternatively, the module sets the ++part; these pam\-items being set accordingly\&. The username (\fIPAM_USER\fR) is set to ++\fIftp\fR\&. In this case the module succeeds\&. Alternatively, the module sets the + \fIPAM_AUTHTOK\fR +-item with the entered password and fails\. ++item with the entered password and fails\&. + .PP +-This module is not safe and easily spoofable\. ++This module is not safe and easily spoofable\&. + .SH "OPTIONS" + .PP + .PP + \fBdebug\fR + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBignore\fR + .RS 4 +-Pay no attention to the email address of the user (if supplied)\. ++Pay no attention to the email address of the user (if supplied)\&. + .RE + .PP +-\fBftp=\fR\fB\fIXXX,YYY,\.\.\.\fR\fR ++\fBftp=\fR\fB\fIXXX,YYY,\&.\&.\&.\fR\fR + .RS 4 + Instead of + \fIftp\fR + or + \fIanonymous\fR, provide anonymous login to the comma separated list of users: +-\fB\fIXXX,YYY,\.\.\.\fR\fR\. Should the applicant enter one of these usernames the returned username is set to the first in the list: +-\fIXXX\fR\. ++\fB\fIXXX,YYY,\&.\&.\&.\fR\fR\&. Should the applicant enter one of these usernames the returned username is set to the first in the list: ++\fIXXX\fR\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -486,11 +3844,66 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 Linux-PAM-1.0.2/modules/ Only the \fBauth\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP .PP -@@ -98,7 +98,7 @@ + PAM_SUCCESS + .RS 4 +-The authentication was successfull\. ++The authentication was successfull\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/ftpd\fR ++\FC/etc/pam\&.d/ftpd\F[] + to handle ftp style anonymous login: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ + # +-# ftpd; add ftp\-specifics\. These lines enable anonymous ftp over ++# ftpd; add ftp\-specifics\&. These lines enable anonymous ftp over + # standard UN*X access (the listfile entry blocks access to + # users listed in /etc/ftpusers) + # +-auth sufficient pam_ftp\.so +-auth required pam_unix\.so use_first_pass +-auth required pam_listfile\.so \e ++auth sufficient pam_ftp\&.so ++auth required pam_unix\&.so use_first_pass ++auth required pam_listfile\&.so \e + onerr=succeed item=user sense=deny file=/etc/ftpusers + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -499,68 +3912,510 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_ftp/pam_ftp.8 Linux-PAM-1.0.2/modules/ \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_group/pam_group.8 Linux-PAM-1.0.2/modules/pam_group/pam_group.8 ---- Linux-PAM-1.0.2-old/modules/pam_group/pam_group.8 2008-04-16 11:07:06.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2008-10-17 13:01:50.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_ftp was written by Andrew G\. Morgan \. ++pam_ftp was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_group/pam_group.8 2008-04-16 11:07:06.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2009-01-20 11:58:43.000000000 +0100 +@@ -1,85 +1,243 @@ .\" Title: pam_group - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHORS" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_GROUP" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GROUP" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GROUP" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -39,11 +39,11 @@ + .ad l +-.SH "NAME" +-pam_group - PAM module for group access +-.SH "SYNOPSIS" +-.HP 13 +-\fBpam_group\.so\fR ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_group \- PAM module for group access ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_group\&.so\fR\ 'u ++\fBpam_group\&.so\fR ++.fam + .SH "DESCRIPTION" + .PP +-The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\. Such memberships are based on the service they are applying for\. ++The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&. + .PP + By default rules for group memberships are taken from config file +-\fI/etc/security/group\.conf\fR\. ++\FC/etc/security/group\&.conf\F[]\&. + .PP +-This module\'s usefulness relies on the file\-systems accessible to the user\. The point being that once granted the membership of a group, the user may attempt to create a ++This module\'s usefulness relies on the file\-systems accessible to the user\&. The point being that once granted the membership of a group, the user may attempt to create a + \fBsetgid\fR +-binary with a restricted group ownership\. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted ++binary with a restricted group ownership\&. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\&. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted + \fInosuid\fR +-the user is unable to create or execute such a binary file\. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted +-\fInosuid\fR\. ++the user is unable to create or execute such a binary file\&. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted ++\fInosuid\fR\&. + .PP + The pam_group module fuctions in parallel with the +-\fI/etc/group\fR +-file\. If the user is granted any groups based on the behavior of this module, they are granted ++\FC/etc/group\F[] ++file\&. If the user is granted any groups based on the behavior of this module, they are granted + \fIin addition\fR + to those entries +-\fI/etc/group\fR +-(or equivalent)\. ++\FC/etc/group\F[] ++(or equivalent)\&. .SH "OPTIONS" .PP - This module does not recognise any options\. +-This module does not recognise any options\. -.SH "MODULE SERVICES PROVIDED" ++This module does not recognise any options\&. +.SH "MODULE TYPES PROVIDED" .PP Only the \fBauth\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -87,7 +87,7 @@ + .RS 4 +-group membership was granted\. ++group membership was granted\&. + .RE + .PP + PAM_ABORT + .RS 4 +-Not all relevant data could be gotten\. ++Not all relevant data could be gotten\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_CRED_ERR + .RS 4 +-Group membership was not granted\. ++Group membership was not granted\&. + .RE + .PP + PAM_IGNORE + .RS 4 + + \fBpam_sm_authenticate\fR +-was called which does nothing\. ++was called which does nothing\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-The user is not known to the system\. ++The user is not known to the system\&. + .RE + .SH "FILES" + .PP +-\fI/etc/security/group\.conf\fR ++\FC/etc/security/group\&.conf\F[] + .RS 4 + Default configuration file + .RE +@@ -87,8 +245,8 @@ .PP \fBgroup.conf\fR(5), -\fBpam.d\fR(8), +-\fBpam\fR(8)\. +\fBpam.d\fR(5), - \fBpam\fR(8)\. ++\fBpam\fR(8)\&. .SH "AUTHORS" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 ---- Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 2008-04-16 11:07:09.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2008-10-17 13:01:54.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_group was written by Andrew G\. Morgan \. ++pam_group was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_issue/pam_issue.8 2008-04-16 11:07:09.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2009-01-20 11:58:46.000000000 +0100 +@@ -1,23 +1,181 @@ .\" Title: pam_issue - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_ISSUE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ISSUE" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ISSUE" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -87,11 +87,11 @@ + .ad l +-.SH "NAME" +-pam_issue - PAM module to add issue file to user prompt +-.SH "SYNOPSIS" +-.HP 13 +-\fBpam_issue\.so\fR [noesc] [issue=\fIissue\-file\-name\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_issue \- PAM module to add issue file to user prompt ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_issue\&.so\fR\ 'u ++\fBpam_issue\&.so\fR [noesc] [issue=\fIissue\-file\-name\fR] ++.fam + .SH "DESCRIPTION" + .PP +-pam_issue is a PAM module to prepend an issue file to the username prompt\. It also by default parses escape codes in the issue file similar to some common getty\'s (using \ex format)\. ++pam_issue is a PAM module to prepend an issue file to the username prompt\&. It also by default parses escape codes in the issue file similar to some common getty\'s (using \ex format)\&. + .PP + Recognized escapes: + .PP +@@ -68,7 +226,7 @@ + .PP + \fB\eU\fR .RS 4 - The file to output if not using the default\. +-same as \eu except it is suffixed with "user" or "users" (eg\. "1 user" or "10 users") ++same as \eu except it is suffixed with "user" or "users" (eg\&. "1 user" or "10 users") + .RE + .PP + \fB\ev\fR +@@ -80,59 +238,77 @@ + .PP + \fBnoesc\fR + .RS 4 +-Turns off escape code parsing\. ++Turns off escape code parsing\&. + .RE + .PP + \fBissue=\fR\fB\fIissue\-file\-name\fR\fR + .RS 4 +-The file to output if not using the default\. ++The file to output if not using the default\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -568,11 +4423,67 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 Linux-PAM-1.0.2/modu Only the \fBauth\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP .PP -@@ -131,7 +131,7 @@ + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-The prompt was already changed\. ++The prompt was already changed\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-A service module error occured\. ++A service module error occured\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-The new prompt was set successfull\. ++The new prompt was set successfull\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + to set the user specific issue at login: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +- auth optional pam_issue\.so issue=/etc/issue ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++ auth optional pam_issue\&.so issue=/etc/issue + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -581,27 +4492,244 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_issue/pam_issue.8 Linux-PAM-1.0.2/modu \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 ---- Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 2008-04-16 11:07:12.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2008-10-17 13:01:57.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_issue was written by Ben Collins \. ++pam_issue was written by Ben Collins \&. +--- Linux-PAM-1.0.2-orig/modules/pam_keyinit/pam_keyinit.8 2008-04-16 11:07:12.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2009-01-20 11:58:50.000000000 +0100 +@@ -1,63 +1,221 @@ .\" Title: pam_keyinit - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_KEYINIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_KEYINIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_KEYINIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -53,11 +53,11 @@ + .ad l +-.SH "NAME" +-pam_keyinit - Kernel session keyring initialiser module +-.SH "SYNOPSIS" +-.HP 15 +-\fBpam_keyinit\.so\fR [debug] [force] [revoke] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_keyinit \- Kernel session keyring initialiser module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_keyinit\&.so\fR\ 'u ++\fBpam_keyinit\&.so\fR [debug] [force] [revoke] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\. ++The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\&. + .PP +-The session component of the module checks to see if the process\'s session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\. ++The session component of the module checks to see if the process\'s session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\&. + .PP +-If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\. ++If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\&. + .PP +-The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\. ++The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&. + .PP +-This module is intended primarily for use by login processes\. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\. ++This module is intended primarily for use by login processes\&. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\&. + .PP + This module should not, generally, be invoked by programs like +-\fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\. The keys have their own permissions system to manage this\. ++\fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\&. The keys have their own permissions system to manage this\&. + .PP +-This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\. ++This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\&. + .PP +-The keyutils package is used to manipulate keys more directly\. This can be obtained from: ++The keyutils package is used to manipulate keys more directly\&. This can be obtained from: + .PP + +-\fI Keyutils \fR\&[1] ++\m[blue]\fB Keyutils \fR\m[]\&\s-2\u[1]\d\s+2 + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\. + Log debug information with +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .RE + .PP + \fBforce\fR + .RS 4 +-Causes the session keyring of the invoking process to be replaced unconditionally\. ++Causes the session keyring of the invoking process to be replaced unconditionally\&. + .RE + .PP + \fBrevoke\fR + .RS 4 +-Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\. ++Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -609,11 +4737,80 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 Linux-PAM-1.0.2/ Only the \fBsession\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -110,7 +110,7 @@ +@@ -67,56 +225,74 @@ + .PP + PAM_AUTH_ERR + .RS 4 +-Authentication failure\. ++Authentication failure\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-The return value should be ignored by PAM dispatch\. ++The return value should be ignored by PAM dispatch\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Cannot determine the user name\. ++Cannot determine the user name\&. + .RE + .PP + PAM_SESSION_ERR + .RS 4 +-This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs\. ++This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add this line to your login entries to start each login session with its own session keyring: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-session required pam_keyinit\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++session required pam_keyinit\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .PP +-This will prevent keys from one session leaking into another session for the same user\. ++This will prevent keys from one session leaking into another session for the same user\&. + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -622,60 +4819,340 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_keyinit/pam_keyinit.8 Linux-PAM-1.0.2/ \fBpam\fR(8) \fBkeyctl\fR(1) .SH "AUTHOR" -diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 ---- Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 2008-04-16 11:07:16.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2008-10-17 13:02:00.000000000 +0200 -@@ -1,11 +1,11 @@ + .PP +-pam_keyinit was written by David Howells, \. +-.SH "NOTES" ++pam_keyinit was written by David Howells, \&. ++.SH "Notes" + .IP " 1." 4 + Keyutils + .RS 4 +--- Linux-PAM-1.0.2-orig/modules/pam_lastlog/pam_lastlog.8 2008-04-16 11:07:16.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2009-01-20 11:58:53.000000000 +0100 +@@ -1,104 +1,292 @@ .\" Title: pam_lastlog - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_LASTLOG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LASTLOG" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LASTLOG" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -14,7 +14,7 @@ - pam_lastlog - PAM module to display date of last login - .SH "SYNOPSIS" - .HP 15 + .ad l +-.SH "NAME" +-pam_lastlog - PAM module to display date of last login +-.SH "SYNOPSIS" +-.HP 15 -\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] -+\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_lastlog \- PAM module to display date of last login ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_lastlog\&.so\fR\ 'u ++\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] ++.fam .SH "DESCRIPTION" .PP - pam_lastlog is a PAM module to display a line of information about the last login of the user\. In addition, the module maintains the -@@ -62,11 +62,23 @@ +-pam_lastlog is a PAM module to display a line of information about the last login of the user\. In addition, the module maintains the +-\fI/var/log/lastlog\fR +-file\. ++pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the ++\FC/var/log/lastlog\F[] ++file\&. + .PP +-Some applications may perform this function themselves\. In such cases, this module is not necessary\. ++Some applications may perform this function themselves\&. In such cases, this module is not necessary\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Don\'t update the wtmp entry\. +-Print debug information\. ++Print debug information\&. .RE --.SH "MODULE SERVICES PROVIDED" + .PP + \fBsilent\fR + .RS 4 + Don\'t inform the user about any previous login, just upate the +-\fI/var/log/lastlog\fR +-file\. ++\FC/var/log/lastlog\F[] ++file\&. + .RE + .PP + \fBnever\fR + .RS 4 + If the +-\fI/var/log/lastlog\fR +-file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\. ++\FC/var/log/lastlog\F[] ++file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\&. + .RE + .PP + \fBnodate\fR + .RS 4 +-Don\'t display the date of the last login\. ++Don\'t display the date of the last login\&. + .RE + .PP + \fBnoterm\fR + .RS 4 +-Don\'t display the terminal name on which the last login was attempted\. ++Don\'t display the terminal name on which the last login was attempted\&. + .RE + .PP + \fBnohost\fR + .RS 4 +-Don\'t indicate from which host the last login was attempted\. ++Don\'t indicate from which host the last login was attempted\&. + .RE + .PP + \fBnowtmp\fR + .RS 4 +-Don\'t update the wtmp entry\. ++Don\'t update the wtmp entry\&. ++.RE +.PP +\fBnoupdate\fR +.RS 4 -+Don\'t update any file\. -+.RE ++Don\'t update any file\&. + .RE +-.SH "MODULE SERVICES PROVIDED" +.PP +\fBshowfailed\fR +.RS 4 -+Display number of failed login attempts and the date of the last failed attempt from btmp\. The date is not displayed when ++Display number of failed login attempts and the date of the last failed attempt from btmp\&. The date is not displayed when +\fBnodate\fR -+is specified\. ++is specified\&. +.RE +.SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP .PP -@@ -106,7 +118,7 @@ + PAM_SUCCESS + .RS 4 +-Everything was successfull\. ++Everything was successfull\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Internal service module error\. ++Internal service module error\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + to display the last login time of an user: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +- session required pam_lastlog\.so nowtmp ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++ session required pam_lastlog\&.so nowtmp + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "FILES" + .PP +-\fI/var/log/lastlog\fR ++\FC/var/log/lastlog\F[] + .RS 4 + Lastlog logging file + .RE +@@ -106,8 +294,8 @@ .PP \fBpam.conf\fR(5), @@ -684,9 +5161,10 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/pam_lastlog.8 Linux-PAM-1.0.2/ \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/README Linux-PAM-1.0.2/modules/pam_lastlog/README ---- Linux-PAM-1.0.2-old/modules/pam_lastlog/README 2008-04-16 11:07:17.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_lastlog/README 2008-10-17 13:02:01.000000000 +0200 +-pam_lastlog was written by Andrew G\. Morgan \. ++pam_lastlog was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_lastlog/README 2008-04-16 11:07:17.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_lastlog/README 2009-01-20 11:58:55.000000000 +0100 @@ -43,6 +43,15 @@ Don't update the wtmp entry. @@ -703,27 +5181,632 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_lastlog/README Linux-PAM-1.0.2/modules EXAMPLES Add the following line to /etc/pam.d/login to display the last login time of an -diff -urN Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 ---- Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 2008-04-16 11:07:20.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2008-10-17 13:02:03.000000000 +0200 -@@ -1,11 +1,11 @@ - .\" Title: pam_limits - .\" Author: +--- Linux-PAM-1.0.2-orig/modules/pam_limits/limits.conf.5 2008-04-16 11:07:19.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_limits/limits.conf.5 2009-01-20 11:58:57.000000000 +0100 +@@ -1,17 +1,173 @@ + .\" Title: limits.conf +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" --.TH "PAM_LIMITS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_LIMITS" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" +-.TH "LIMITS\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "LIMITS\&.CONF" "5" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -56,11 +56,11 @@ + .ad l +-.SH "NAME" +-limits.conf - configuration file for the pam_limits module ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++limits.conf \- configuration file for the pam_limits module + .SH "DESCRIPTION" + .PP + The syntax of the lines is as follows: +@@ -28,25 +184,53 @@ .RS 4 - Do not report exceeded maximum logins count to the audit subsystem\. + .sp + .RS 4 +-\h'-04'\(bu\h'+03'a username ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++a username + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'a groupname, with ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++a groupname, with + \fB@group\fR +-syntax\. This should not be confused with netgroups\. ++syntax\&. This should not be confused with netgroups\&. + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'the wildcard +-\fB*\fR, for default entry\. ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++the wildcard ++\fB*\fR, for default entry\&. + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'the wildcard ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++the wildcard + \fB%\fR, for maxlogins limit only, can also be used with + \fI%group\fR +-syntax\. ++syntax\&. + .RE + .RE + .PP +@@ -57,18 +241,18 @@ + .RS 4 + for enforcing + \fBhard\fR +-resource limits\. These limits are set by the superuser and enforced by the Kernel\. The user cannot raise his requirement of system resources above such values\. ++resource limits\&. These limits are set by the superuser and enforced by the Kernel\&. The user cannot raise his requirement of system resources above such values\&. + .RE + .PP + \fBsoft\fR + .RS 4 + for enforcing + \fBsoft\fR +-resource limits\. These limits are ones that the user can move up or down within the permitted range by any pre\-existing ++resource limits\&. These limits are ones that the user can move up or down within the permitted range by any pre\-existing + \fBhard\fR +-limits\. The values specified with this token can be thought of as ++limits\&. The values specified with this token can be thought of as + \fIdefault\fR +-values, for normal system usage\. ++values, for normal system usage\&. + .RE + .PP + \fB\-\fR +@@ -77,9 +261,9 @@ + \fBsoft\fR + and + \fBhard\fR +-resource limits together\. ++resource limits together\&. + .sp +-Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\. \. ++Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\&. \&. + .RE + .RE + .PP +@@ -154,50 +338,70 @@ + .PP + \fBlocks\fR + .RS 4 +-maximum locked files (Linux 2\.4 and higher) ++maximum locked files (Linux 2\&.4 and higher) + .RE + .PP + \fBsigpending\fR + .RS 4 +-maximum number of pending signals (Linux 2\.6 and higher) ++maximum number of pending signals (Linux 2\&.6 and higher) + .RE + .PP + \fBmsqqueue\fR + .RS 4 +-maximum memory used by POSIX message queues (bytes) (Linux 2\.6 and higher) ++maximum memory used by POSIX message queues (bytes) (Linux 2\&.6 and higher) + .RE + .PP + \fBnice\fR + .RS 4 +-maximum nice priority allowed to raise to (Linux 2\.6\.12 and higher) values: [\-20,19] ++maximum nice priority allowed to raise to (Linux 2\&.6\&.12 and higher) values: [\-20,19] + .RE + .PP + \fBrtprio\fR + .RS 4 +-maximum realtime priority allowed for non\-privileged processes (Linux 2\.6\.12 and higher) ++maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) + .RE + .RE + .PP ++All items support the values ++\fI\-1\fR, ++\fIunlimited\fR ++or ++\fIinfinity\fR ++indicating no limit, except for ++\fBpriority\fR ++and ++\fBnice\fR\&. ++.PP + In general, individual limits have priority over group limits, so if you impose no limits for + \fIadmin\fR +-group, but one of the members in this group have a limits line, the user will have its limits set according to this line\. ++group, but one of the members in this group have a limits line, the user will have its limits set according to this line\&. + .PP + Also, please note that all limit settings are set +-\fIper login\fR\. They are not global, nor are they permanent; existing only for the duration of the session\. ++\fIper login\fR\&. They are not global, nor are they permanent; existing only for the duration of the session\&. + .PP + In the + \fIlimits\fR +-configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\. ++configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\&. + .PP + The pam_limits module does its best to report configuration problems found in its configuration file via +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .SH "EXAMPLES" + .PP + These are some example lines which might be specified in +-\fI/etc/security/limits\.conf\fR\. ++\FC/etc/security/limits\&.conf\F[]\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ + * soft core 0 + * hard rss 10000 + @student hard nproc 20 +@@ -206,14 +410,23 @@ + ftp hard nproc 0 + @student \- maxlogins 4 + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" + .PP + + \fBpam_limits\fR(8), + \fBpam.d\fR(5), +-\fBpam\fR(8) ++\fBpam\fR(8), ++\fBgetrlimit\fR(2) + .SH "AUTHOR" + .PP +-pam_limits was initially written by Cristian Gafton ++pam_limits was initially written by Cristian Gafton +--- Linux-PAM-1.0.2-orig/modules/pam_limits/pam_limits.8 2008-04-16 11:07:20.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2009-01-20 11:58:58.000000000 +0100 +@@ -1,132 +1,308 @@ + .\" Title: pam_limits +-.\" Author: +-.\" Generator: DocBook XSL Stylesheets v1.73.1 +-.\" Date: 04/16/2008 ++.\" Author: [see the "AUTHORS" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual ++.\" Language: English + .\" +-.TH "PAM_LIMITS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_LIMITS" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- + .\" disable hyphenation + .nh + .\" disable justification (adjust text to left margin only) + .ad l +-.SH "NAME" +-pam_limits - PAM module to limit resources +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_limits\.so\fR [change_uid] [conf=\fI/path/to/limits\.conf\fR] [debug] [utmp_early] [noaudit] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_limits \- PAM module to limit resources ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_limits\&.so\fR\ 'u ++\fBpam_limits\&.so\fR [change_uid] [conf=\fI/path/to/limits\&.conf\fR] [debug] [utmp_early] [noaudit] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\. Users of ++The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\&. Users of + \fIuid=0\fR +-are affected by this limits, too\. ++are affected by this limits, too\&. + .PP + By default limits are taken from the +-\fI/etc/security/limits\.conf\fR +-config file\. Then individual files from the +-\fI/etc/security/limits\.d/\fR +-directory are read\. The files are parsed one after another in the order of "C" locale\. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\. If a config file is explicitely specified with a module option then the files in the above directory are not parsed\. ++\FC/etc/security/limits\&.conf\F[] ++config file\&. Then individual files from the ++\FC/etc/security/limits\&.d/\F[] ++directory are read\&. The files are parsed one after another in the order of "C" locale\&. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\&. If a config file is explicitely specified with a module option then the files in the above directory are not parsed\&. + .PP +-The module must not be called by a multithreaded application\. ++The module must not be called by a multithreaded application\&. + .PP +-If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\. ++If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\&. + .SH "OPTIONS" + .PP + \fBchange_uid\fR + .RS 4 +-Change real uid to the user for who the limits are set up\. Use this option if you have problems like login not forking a shell for user who has no processes\. Be warned that something else may break when you do this\. ++Change real uid to the user for who the limits are set up\&. Use this option if you have problems like login not forking a shell for user who has no processes\&. Be warned that something else may break when you do this\&. + .RE + .PP +-\fBconf=\fR\fB\fI/path/to/limits\.conf\fR\fR ++\fBconf=\fR\fB\fI/path/to/limits\&.conf\fR\fR + .RS 4 +-Indicate an alternative limits\.conf style configuration file to override the default\. ++Indicate an alternative limits\&.conf style configuration file to override the default\&. + .RE + .PP + \fBdebug\fR + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fButmp_early\fR + .RS 4 +-Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\.conf file\. ++Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\&. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\&.conf file\&. + .RE + .PP + \fBnoaudit\fR + .RS 4 +-Do not report exceeded maximum logins count to the audit subsystem\. ++Do not report exceeded maximum logins count to the audit subsystem\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -731,40 +5814,391 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_limits/pam_limits.8 Linux-PAM-1.0.2/mo Only the \fBsession\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_ABORT -@@ -125,7 +125,7 @@ + .RS 4 +-Cannot get current limits\. ++Cannot get current limits\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-No limits found for this user\. ++No limits found for this user\&. + .RE + .PP + PAM_PERM_DENIED + .RS 4 +-New limits could not be set\. ++New limits could not be set\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Cannot read config file\. ++Cannot read config file\&. + .RE + .PP + PAM_SESSEION_ERR + .RS 4 +-Error recovering account name\. ++Error recovering account name\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Limits were changed\. ++Limits were changed\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-The user is not known to the system\. ++The user is not known to the system\&. + .RE + .SH "FILES" + .PP +-\fI/etc/security/limits\.conf\fR ++\FC/etc/security/limits\&.conf\F[] + .RS 4 + Default configuration file + .RE + .SH "EXAMPLES" + .PP + For the services you need resources limits (login for example) put a the following line in +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + as the last line for that service (usually after the pam_unix session line): + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 + # + # Resource limits imposed on login sessions via pam_limits + # +-session required pam_limits\.so ++session required pam_limits\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .PP +-Replace "login" for each service you are using this module\. ++Replace "login" for each service you are using this module\&. + .SH "SEE ALSO" .PP \fBlimits.conf\fR(5), -\fBpam.d\fR(8), +-\fBpam\fR(8)\. +\fBpam.d\fR(5), - \fBpam\fR(8)\. ++\fBpam\fR(8)\&. .SH "AUTHORS" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 ---- Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 2008-04-16 11:07:24.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2008-10-17 13:02:06.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_limits was initially written by Cristian Gafton ++pam_limits was initially written by Cristian Gafton +--- Linux-PAM-1.0.2-orig/modules/pam_listfile/pam_listfile.8 2008-04-16 11:07:24.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2009-01-20 11:59:02.000000000 +0100 +@@ -1,23 +1,181 @@ .\" Title: pam_listfile - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_LISTFILE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LISTFILE" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LISTFILE" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -98,15 +98,13 @@ + .ad l +-.SH "NAME" +-pam_listfile - deny or allow services based on an arbitrary file +-.SH "SYNOPSIS" +-.HP 16 +-\fBpam_listfile\.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_listfile \- deny or allow services based on an arbitrary file ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_listfile\&.so\fR\ 'u ++\fBpam_listfile\&.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] ++.fam + .SH "DESCRIPTION" + .PP +-pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\. ++pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\&. + .PP + The module gets the + \fBitem\fR +@@ -29,18 +187,18 @@ + \fIPAM_RHOST\fR; and ruser specifies the name of the remote user (if available) who made the request, + \fIPAM_RUSER\fR + \-\- and looks for an instance of that item in the +-\fBfile=\fR\fB\fIfilename\fR\fR\. +-\fIfilename\fR +-contains one line per item listed\. If the item is found, then if ++\fBfile=\fR\fB\fIfilename\fR\fR\&. ++\FCfilename\F[] ++contains one line per item listed\&. If the item is found, then if + \fBsense=\fR\fB\fIallow\fR\fR, + \fIPAM_SUCCESS\fR + is returned, causing the authorization request to succeed; else if + \fBsense=\fR\fB\fIdeny\fR\fR, + \fIPAM_AUTH_ERR\fR +-is returned, causing the authorization request to fail\. ++is returned, causing the authorization request to fail\&. + .PP + If an error is encountered (for instance, if +-\fIfilename\fR ++\FCfilename\F[] + does not exist, or a poorly\-constructed argument is encountered), then if + \fIonerr=succeed\fR, + \fIPAM_SUCCESS\fR +@@ -49,141 +207,175 @@ + \fIPAM_AUTH_ERR\fR + or + \fIPAM_SERVICE_ERR\fR +-(as appropriate) will be returned\. ++(as appropriate) will be returned\&. + .PP + An additional argument, +-\fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR)\. This added restriction is only meaningful when used with the ++\fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR)\&. This added restriction is only meaningful when used with the + \fItty\fR, + \fIrhost\fR + and + \fIshell\fR +-items\. ++items\&. + .PP +-Besides this last one, all arguments should be specified; do not count on any default behavior\. ++Besides this last one, all arguments should be specified; do not count on any default behavior\&. + .PP +-No credentials are awarded by this module\. ++No credentials are awarded by this module\&. + .SH "OPTIONS" + .PP + .PP + \fBitem=[tty|user|rhost|ruser|group|shell]\fR .RS 4 - Do not treat service refusals or missing list files as errors that need to be logged\. +-What is listed in the file and should be checked for\. ++What is listed in the file and should be checked for\&. + .RE + .PP + \fBsense=[allow|deny]\fR + .RS 4 +-Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested\. ++Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested\&. + .RE + .PP + \fBfile=\fR\fB\fI/path/filename\fR\fR + .RS 4 +-File containing one item per line\. The file needs to be a plain file and not world writeable\. ++File containing one item per line\&. The file needs to be a plain file and not world writeable\&. + .RE + .PP + \fBonerr=[succeed|fail]\fR + .RS 4 +-What to do if something weird happens like being unable to open the file\. ++What to do if something weird happens like being unable to open the file\&. + .RE + .PP + \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR + .RS 4 +-Restrict the user class for which the restriction apply\. Note that with ++Restrict the user class for which the restriction apply\&. Note that with + \fBitem=[user|ruser|group]\fR + this does not make sense, but for + \fBitem=[tty|rhost|shell]\fR +-it have a meaning\. ++it have a meaning\&. + .RE + .PP + \fBquiet\fR + .RS 4 +-Do not treat service refusals or missing list files as errors that need to be logged\. ++Do not treat service refusals or missing list files as errors that need to be logged\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -777,11 +6211,129 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 Linux-PAM-1.0. and -\fBsession\fR -are supported\. -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP -@@ -182,7 +180,7 @@ + PAM_AUTH_ERR + .RS 4 +-Authentication failure\. ++Authentication failure\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_IGNORE + .RS 4 + The rule does not apply to the + \fBapply\fR +-option\. ++option\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Error in service module\. ++Error in service module\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Success\. ++Success\&. + .RE + .SH "EXAMPLES" + .PP + Classic \'ftpusers\' authentication can be implemented with this entry in +-\fI/etc/pam\.d/ftpd\fR: ++\FC/etc/pam\&.d/ftpd\F[]: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ + # + # deny ftp\-access to users listed in the /etc/ftpusers file + # +-auth required pam_listfile\.so \e ++auth required pam_listfile\&.so \e + onerr=succeed item=user sense=deny file=/etc/ftpusers + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + Note, users listed in +-\fI/etc/ftpusers\fR ++\FC/etc/ftpusers\F[] + file are (counterintuitively) + \fInot\fR +-allowed access to the ftp service\. ++allowed access to the ftp service\&. + .PP + To allow login access only for certain users, you can use a +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + entry like this: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ + # + # permit login to users listed in /etc/loginusers + # +-auth required pam_listfile\.so \e ++auth required pam_listfile\&.so \e + onerr=fail item=user sense=allow file=/etc/loginusers + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + For this example to work, all users who are allowed to use the login service should be listed in the file +-\fI/etc/loginusers\fR\. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in +-\fI/etc/loginusers\fR, or by listing a user who is able to ++\FC/etc/loginusers\F[]\&. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in ++\FC/etc/loginusers\F[], or by listing a user who is able to + \fIsu\fR +-to the root account\. ++to the root account\&. + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -790,27 +6342,216 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_listfile/pam_listfile.8 Linux-PAM-1.0. \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 ---- Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 2008-04-16 11:07:27.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2008-10-17 13:02:09.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_listfile was written by Michael K\. Johnson and Elliot Lee \. ++pam_listfile was written by Michael K\&. Johnson and Elliot Lee \&. +--- Linux-PAM-1.0.2-orig/modules/pam_localuser/pam_localuser.8 2008-04-16 11:07:27.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2009-01-20 11:59:06.000000000 +0100 +@@ -1,88 +1,264 @@ .\" Title: pam_localuser - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_LOCALUSER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOCALUSER" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOCALUSER" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -33,13 +33,13 @@ + .ad l +-.SH "NAME" +-pam_localuser - require users to be listed in /etc/passwd +-.SH "SYNOPSIS" +-.HP 17 +-\fBpam_localuser\.so\fR [debug] [file=\fI/path/passwd\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_localuser \- require users to be listed in /etc/passwd ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_localuser\&.so\fR\ 'u ++\fBpam_localuser\&.so\fR [debug] [file=\fI/path/passwd\fR] ++.fam + .SH "DESCRIPTION" + .PP +-pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\'s users and a few accounts that are local to a particular workstation\. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\'s users\. ++pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\'s users and a few accounts that are local to a particular workstation\&. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\'s users\&. + .PP +-This could also be implemented using pam_listfile\.so and a very short awk script invoked by cron, but it\'s common enough to have been separated out\. ++This could also be implemented using pam_listfile\&.so and a very short awk script invoked by cron, but it\'s common enough to have been separated out\&. + .SH "OPTIONS" + .PP + .PP + \fBdebug\fR + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBfile=\fR\fB\fI/path/passwd\fR\fR + .RS 4 Use a file other than - \fI/etc/passwd\fR\. +-\fI/etc/passwd\fR\. ++\FC/etc/passwd\F[]\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -821,11 +6562,72 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 Linux-PAM-1. \fBpassword\fR and -\fBsession\fR) are supported\. -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP -@@ -81,7 +81,7 @@ + PAM_SUCCESS + .RS 4 +-The new localuser was set successfull\. ++The new localuser was set successfull\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-No username was given\. ++No username was given\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/su\fR +-to allow only local users in group wheel to use su\. ++\FC/etc/pam\&.d/su\F[] ++to allow only local users in group wheel to use su\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-account sufficient pam_localuser\.so +-account required pam_wheel\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++account sufficient pam_localuser\&.so ++account required pam_wheel\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "FILES" + .PP +-\fI/etc/passwd\fR ++\FC/etc/passwd\F[] + .RS 4 +-Local user account information\. ++Local user account information\&. + .RE + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -834,27 +6636,205 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_localuser/pam_localuser.8 Linux-PAM-1. \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 ---- Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 2008-04-16 11:09:18.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2008-10-17 13:02:11.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_localuser was written by Nalin Dahyabhai \. ++pam_localuser was written by Nalin Dahyabhai \&. +--- Linux-PAM-1.0.2-orig/modules/pam_loginuid/pam_loginuid.8 2008-04-16 11:09:18.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2009-01-20 11:59:09.000000000 +0100 +@@ -1,63 +1,239 @@ .\" Title: pam_loginuid - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_LOGINUID" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOGINUID" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOGINUID" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -24,11 +24,11 @@ + .ad l +-.SH "NAME" +-pam_loginuid - Record user's login uid to the process attribute +-.SH "SYNOPSIS" +-.HP 16 +-\fBpam_loginuid\.so\fR [require_auditd] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_loginuid \- Record user\'s login uid to the process attribute ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_loginuid\&.so\fR\ 'u ++\fBpam_loginuid\&.so\fR [require_auditd] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\. This is necessary for applications to be correctly audited\. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\. There are probably other entry point applications besides these\. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\. ++The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\&. This is necessary for applications to be correctly audited\&. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\&. There are probably other entry point applications besides these\&. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\&. + .SH "OPTIONS" + .PP + \fBrequire_auditd\fR .RS 4 - This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\. +-This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\. ++This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -863,11 +6843,55 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 Linux-PAM-1.0. +Only the \fBsession\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP .PP -@@ -54,7 +54,7 @@ + PAM_SESSION_ERR + .RS 4 +-An error occured during session management\. ++An error occured during session management\&. + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 +-auth required pam_unix\.so +-auth required pam_nologin\.so +-account required pam_unix\.so +-password required pam_unix\.so +-session required pam_unix\.so +-session required pam_loginuid\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 ++auth required pam_unix\&.so ++auth required pam_nologin\&.so ++account required pam_unix\&.so ++password required pam_unix\&.so ++session required pam_unix\&.so ++session required pam_loginuid\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -876,36 +6900,287 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_loginuid/pam_loginuid.8 Linux-PAM-1.0. \fBpam\fR(8), \fBauditctl\fR(8), \fBauditd\fR(8) -diff -urN Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 ---- Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 2008-04-16 11:07:30.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2008-10-17 13:02:14.000000000 +0200 -@@ -1,11 +1,11 @@ + .SH "AUTHOR" + .PP +-pam_loginuid was written by Steve Grubb ++pam_loginuid was written by Steve Grubb +--- Linux-PAM-1.0.2-orig/modules/pam_mail/pam_mail.8 2008-04-16 11:07:30.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2009-01-20 11:59:12.000000000 +0100 +@@ -1,139 +1,315 @@ .\" Title: pam_mail - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_MAIL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MAIL" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MAIL" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -14,7 +14,7 @@ - pam_mail - Inform about available mail - .SH "SYNOPSIS" - .HP 12 + .ad l +-.SH "NAME" +-pam_mail - Inform about available mail +-.SH "SYNOPSIS" +-.HP 12 -\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quit] [standard] -+\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quiet] [standard] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_mail \- Inform about available mail ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_mail\&.so\fR\ 'u ++\fBpam_mail\&.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quiet] [standard] ++.fam .SH "DESCRIPTION" .PP - The pam_mail PAM module provides the "you have new mail" service to the user\. It can be plugged into any application that has credential or session hooks\. It gives a single message indicating the -@@ -87,13 +87,13 @@ +-The pam_mail PAM module provides the "you have new mail" service to the user\. It can be plugged into any application that has credential or session hooks\. It gives a single message indicating the ++The pam_mail PAM module provides the "you have new mail" service to the user\&. It can be plugged into any application that has credential or session hooks\&. It gives a single message indicating the + \fInewness\fR +-of any mail it finds in the user\'s mail folder\. This module also sets the PAM environment variable, +-\fBMAIL\fR, to the user\'s mail directory\. ++of any mail it finds in the user\'s mail folder\&. This module also sets the PAM environment variable, ++\fBMAIL\fR, to the user\'s mail directory\&. + .PP + If the mail spool file (be it +-\fI/var/mail/$USER\fR ++\FC/var/mail/$USER\F[] + or a pathname given with the + \fBdir=\fR + parameter) is a directory then pam_mail assumes it is in the + \fIMaildir\fR +-format\. ++format\&. + .SH "OPTIONS" + .PP + .PP + \fBclose\fR .RS 4 - Old style "You have\.\.\." format which doesn\'t show the mail spool being used\. This also implies "empty"\. +-Indicate if the user has any mail also on logout\. ++Indicate if the user has any mail also on logout\&. + .RE + .PP + \fBdebug\fR + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBdir=\fR\fB\fImaildir\fR\fR + .RS 4 + Look for the users\' mail in an alternative location defined by +-\fImaildir/\fR\. The default location for mail is +-\fI/var/mail/\fR\. Note, if the supplied +-\fImaildir\fR +-is prefixed by a \'~\', the directory is interpreted as indicating a file in the user\'s home directory\. ++\FCmaildir/\F[]\&. The default location for mail is ++\FC/var/mail/\F[]\&. Note, if the supplied ++\FCmaildir\F[] ++is prefixed by a \'~\', the directory is interpreted as indicating a file in the user\'s home directory\&. + .RE + .PP + \fBempty\fR + .RS 4 +-Also print message if user has no mail\. ++Also print message if user has no mail\&. + .RE + .PP + \fBhash=\fR\fB\fIcount\fR\fR + .RS 4 +-Mail directory hash depth\. For example, a ++Mail directory hash depth\&. For example, a + \fIhashcount\fR + of 2 would make the mail file be +-\fI/var/spool/mail/u/s/user\fR\. ++\FC/var/spool/mail/u/s/user\F[]\&. + .RE + .PP + \fBnoenv\fR + .RS 4 + Do not set the + \fBMAIL\fR +-environment variable\. ++environment variable\&. + .RE + .PP + \fBnopen\fR + .RS 4 +-Don\'t print any mail information on login\. This flag is useful to get the ++Don\'t print any mail information on login\&. This flag is useful to get the + \fBMAIL\fR +-environment variable set, but to not display any information about it\. ++environment variable set, but to not display any information about it\&. + .RE + .PP + \fBquiet\fR + .RS 4 +-Only report when there is new mail\. ++Only report when there is new mail\&. + .RE + .PP + \fBstandard\fR + .RS 4 +-Old style "You have\.\.\." format which doesn\'t show the mail spool being used\. This also implies "empty"\. ++Old style "You have\&.\&.\&." format which doesn\'t show the mail spool being used\&. This also implies "empty"\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -917,11 +7192,67 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 Linux-PAM-1.0.2/module -\fBaccount\fR -services are supported\. +\fBauth\fR -+(on establishment and deletion of credentials) module types are provided\. ++(on establishment and deletion of credentials) module types are provided\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR -@@ -132,7 +132,7 @@ + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Badly formed arguments\. ++Badly formed arguments\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Success\. ++Success\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/login\fR +-to indicate that the user has new mail when they login to the system\. ++\FC/etc/pam\&.d/login\F[] ++to indicate that the user has new mail when they login to the system\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-session optional pam_mail\.so standard ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++session optional pam_mail\&.so standard + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -930,27 +7261,227 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_mail/pam_mail.8 Linux-PAM-1.0.2/module \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 ---- Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 2008-04-16 11:07:34.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2008-10-17 13:02:17.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_mail was written by Andrew G\. Morgan \. ++pam_mail was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_mkhomedir/pam_mkhomedir.8 2008-04-16 11:07:34.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2009-01-20 11:59:15.000000000 +0100 +@@ -1,109 +1,285 @@ .\" Title: pam_mkhomedir - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_MKHOMEDIR" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_MKHOMEDIR" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_MKHOMEDIR" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -41,11 +41,11 @@ + .ad l +-.SH "NAME" +-pam_mkhomedir - PAM module to create users home directory +-.SH "SYNOPSIS" +-.HP 17 +-\fBpam_mkhomedir\.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_mkhomedir \- PAM module to create users home directory ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_mkhomedir\&.so\fR\ 'u ++\fBpam_mkhomedir\&.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\. The skeleton directory (usually +-\fI/etc/skel/\fR) is used to copy default files and also set\'s a umask for the creation\. ++The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\&. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\&. The skeleton directory (usually ++\FC/etc/skel/\F[]) is used to copy default files and also set\'s a umask for the creation\&. + .PP +-The new users home directory will not be removed after logout of the user\. ++The new users home directory will not be removed after logout of the user\&. + .SH "OPTIONS" + .PP + \fBsilent\fR + .RS 4 +-Don\'t print informative messages\. ++Don\'t print informative messages\&. + .RE + .PP + \fBumask=\fR\fB\fImask\fR\fR + .RS 4 + The user file\-creation mask is set to +-\fImask\fR\. The default value of mask is 0022\. ++\fImask\fR\&. The default value of mask is 0022\&. + .RE + .PP + \fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR + .RS 4 + Indicate an alternative +-\fIskel\fR ++\FCskel\F[] directory to override the default - \fI/etc/skel\fR\. +-\fI/etc/skel\fR\. ++\FC/etc/skel\F[]\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -958,40 +7489,311 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_mkhomedir/pam_mkhomedir.8 Linux-PAM-1. Only the \fBsession\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR -@@ -102,7 +102,7 @@ + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_CRED_INSUFFICIENT + .RS 4 +-Insufficient credentials to access authentication data\. ++Insufficient credentials to access authentication data\&. + .RE + .PP + PAM_PERM_DENIED + .RS 4 +-Not enough permissions to create the new directory or read the skel directory\. ++Not enough permissions to create the new directory or read the skel directory\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known to the underlying authentication module\. ++User not known to the underlying authentication module\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Environment variables were set\. ++Environment variables were set\&. + .RE + .SH "FILES" + .PP +-\fI/etc/skel\fR ++\FC/etc/skel\F[] + .RS 4 + Default skel directory + .RE + .SH "EXAMPLES" + .PP +-A sample /etc/pam\.d/login file: ++A sample /etc/pam\&.d/login file: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +- auth requisite pam_securetty\.so +- auth sufficient pam_ldap\.so +- auth required pam_unix\.so +- auth required pam_nologin\.so +- account sufficient pam_ldap\.so +- account required pam_unix\.so +- password required pam_unix\.so +- session required pam_mkhomedir\.so skel=/etc/skel/ umask=0022 +- session required pam_unix\.so +- session optional pam_lastlog\.so +- session optional pam_mail\.so standard ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++ auth requisite pam_securetty\&.so ++ auth sufficient pam_ldap\&.so ++ auth required pam_unix\&.so ++ auth required pam_nologin\&.so ++ account sufficient pam_ldap\&.so ++ account required pam_unix\&.so ++ password required pam_unix\&.so ++ session required pam_mkhomedir\&.so skel=/etc/skel/ umask=0022 ++ session required pam_unix\&.so ++ session optional pam_lastlog\&.so ++ session optional pam_mail\&.so standard + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp .SH "SEE ALSO" .PP -\fBpam.d\fR(8), +-\fBpam\fR(8)\. +\fBpam.d\fR(5), - \fBpam\fR(8)\. ++\fBpam\fR(8)\&. .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 ---- Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 2008-04-16 11:07:37.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2008-10-17 13:02:20.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_mkhomedir was written by Jason Gunthorpe \. ++pam_mkhomedir was written by Jason Gunthorpe \&. +--- Linux-PAM-1.0.2-orig/modules/pam_motd/pam_motd.8 2008-04-16 11:07:37.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2009-01-20 11:59:18.000000000 +0100 +@@ -1,64 +1,240 @@ .\" Title: pam_motd - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_MOTD" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MOTD" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MOTD" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -28,11 +28,11 @@ - \fI/path/filename\fR - file is displayed as message of the day\. + .ad l +-.SH "NAME" +-pam_motd - Display the motd file +-.SH "SYNOPSIS" +-.HP 12 +-\fBpam_motd\.so\fR [motd=\fI/path/filename\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_motd \- Display the motd file ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_motd\&.so\fR\ 'u ++\fBpam_motd\&.so\fR [motd=\fI/path/filename\fR] ++.fam + .SH "DESCRIPTION" + .PP +-pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a succesful login\. By default the +-\fI/etc/motd\fR +-file is shown\. The message size is limited to 64KB\. ++pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a succesful login\&. By default the ++\FC/etc/motd\F[] ++file is shown\&. The message size is limited to 64KB\&. + .SH "OPTIONS" + .PP + \fBmotd=\fR\fB\fI/path/filename\fR\fR + .RS 4 + The +-\fI/path/filename\fR +-file is displayed as message of the day\. ++\FC/path/filename\F[] ++file is displayed as message of the day\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -999,11 +7801,49 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 Linux-PAM-1.0.2/module Only the \fBsession\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_IGNORE -@@ -57,7 +57,7 @@ + .RS 4 +-This is the only return value of this module\. ++This is the only return value of this module\&. + .RE + .SH "EXAMPLES" + .PP + The suggested usage for +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + is: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-session optional pam_motd\.so motd=/etc/motd ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++session optional pam_motd\&.so motd=/etc/motd + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" + .PP \fBmotd\fR(5), \fBpam.conf\fR(5), @@ -1012,63 +7852,615 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_motd/pam_motd.8 Linux-PAM-1.0.2/module \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_namespace/namespace.conf.5 Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 ---- Linux-PAM-1.0.2-old/modules/pam_namespace/namespace.conf.5 2008-04-16 11:09:13.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2008-10-17 13:02:24.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_motd was written by Ben Collins \. ++pam_motd was written by Ben Collins \&. +--- Linux-PAM-1.0.2-orig/modules/pam_namespace/namespace.conf.5 2008-04-16 11:09:13.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2009-01-20 11:59:23.000000000 +0100 +@@ -1,40 +1,196 @@ .\" Title: namespace.conf - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHORS" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "NAMESPACE\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "NAMESPACE\.CONF" "5" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "NAMESPACE\&.CONF" "5" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -18,7 +18,7 @@ - \fIpam_namespace\.so\fR - module allows setup of private namespaces with polyinstantiated directories\. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\. If an executable script - \fI/etc/security/namespace\.init\fR --exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path and the instance directory path as its arguments\. -+exists, it is used to initialize the namespace every time an instance directory is set up and mounted\. The script receives the polyinstantiated directory path and the instance directory path as its arguments\. + .ad l +-.SH "NAME" +-namespace.conf - the namespace configuration file ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++namespace.conf \- the namespace configuration file + .SH "DESCRIPTION" .PP The - \fI/etc/security/namespace\.conf\fR -diff -urN Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 ---- Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 2008-04-16 11:09:14.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2008-10-17 13:02:25.000000000 +0200 -@@ -1,11 +1,11 @@ +-\fIpam_namespace\.so\fR +-module allows setup of private namespaces with polyinstantiated directories\. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\. If an executable script +-\fI/etc/security/namespace\.init\fR +-exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path and the instance directory path as its arguments\. ++\fIpam_namespace\&.so\fR ++module allows setup of private namespaces with polyinstantiated directories\&. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\&. If an executable script ++\FC/etc/security/namespace\&.init\F[] ++exists, it is used to initialize the namespace every time an instance directory is set up and mounted\&. The script receives the polyinstantiated directory path and the instance directory path as its arguments\&. + .PP + The +-\fI/etc/security/namespace\.conf\fR +-file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\. ++\FC/etc/security/namespace\&.conf\F[] ++file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\&. + .PP + When someone logs in, the file +-\fInamespace\.conf\fR +-is scanned\. Comments are marked by ++\FCnamespace\&.conf\F[] ++is scanned\&. Comments are marked by + \fI#\fR +-characters\. Each non comment line represents one polyinstantiated directory\. The fields are separated by spaces but can be quoted by ++characters\&. Each non comment line represents one polyinstantiated directory\&. The fields are separated by spaces but can be quoted by + \fI"\fR + characters also escape sequences + \fI\eb\fR, + \fI\en\fR, and + \fI\et\fR +-are recognized\. The fields are as follows: ++are recognized\&. The fields are as follows: + .PP + \fIpolydir\fR + \fIinstance_prefix\fR +@@ -42,92 +198,110 @@ + \fIlist_of_uids\fR + .PP + The first field, +-\fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\. The special string ++\fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\&. The special string + \fI$HOME\fR + is replaced with the user\'s home directory, and + \fI$USER\fR +-with the username\. This field cannot be blank\. ++with the username\&. This field cannot be blank\&. + .PP + The second field, + \fIinstance_prefix\fR +-is the string prefix used to build the pathname for the instantiation of \. Depending on the polyinstantiation ++is the string prefix used to build the pathname for the instantiation of \&. Depending on the polyinstantiation + \fImethod\fR +-it is then appended with "instance differentiation string" to generate the final instance directory path\. This directory is created if it did not exist already, and is then bind mounted on the to provide an instance of based on the column\. The special string ++it is then appended with "instance differentiation string" to generate the final instance directory path\&. This directory is created if it did not exist already, and is then bind mounted on the to provide an instance of based on the column\&. The special string + \fI$HOME\fR + is replaced with the user\'s home directory, and + \fI$USER\fR +-with the username\. This field cannot be blank\. ++with the username\&. This field cannot be blank\&. + .PP + The third field, +-\fImethod\fR, is the method used for polyinstantiation\. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user\'s session is closed\. Methods "context" and "level" are only available with SELinux\. This field cannot be blank\. ++\fImethod\fR, is the method used for polyinstantiation\&. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user\'s session is closed\&. Methods "context" and "level" are only available with SELinux\&. This field cannot be blank\&. + .PP + The fourth field, +-\fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\. If left blank, polyinstantiation will be performed for all users\. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list\. ++\fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\&. If left blank, polyinstantiation will be performed for all users\&. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list\&. + .PP + The + \fImethod\fR + field can contain also following optional flags separated by + \fI:\fR +-characters\. ++characters\&. + .PP + \fIcreate\fR=\fImode\fR,\fIowner\fR,\fIgroup\fR +-\- create the polyinstantiated directory\. The mode, owner and group parameters are optional\. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user\. ++\- create the polyinstantiated directory\&. The mode, owner and group parameters are optional\&. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user\&. + .PP + \fIiscript\fR=\fIpath\fR +-\- path to the instance directory init script\. The base directory for relative paths is +-\fI/etc/security/namespace\.d\fR\. ++\- path to the instance directory init script\&. The base directory for relative paths is ++\FC/etc/security/namespace\&.d\F[]\&. + .PP + \fInoinit\fR +-\- instance directory init script will not be executed\. ++\- instance directory init script will not be executed\&. + .PP + \fIshared\fR +-\- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\. ++\- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\&. + .PP +-The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\. The requirement that the instance parent be of mode 0000 can be overridden with the command line option ++The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\&. The requirement that the instance parent be of mode 0000 can be overridden with the command line option + \fIignore_instance_parent_mode\fR + .PP +-In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\. This context must be set by the calling application or +-\fIpam_selinux\.so\fR +-module\. If this context is not set the polyinstatiation will be based just on user name\. ++In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\&. This context must be set by the calling application or ++\FCpam_selinux\&.so\F[] ++module\&. If this context is not set the polyinstatiation will be based just on user name\&. + .PP +-The "instance differentiation string" is for "user" method and _ for "context" and "level" methods\. If the whole string is too long the end of it is replaced with md5sum of itself\. Also when command line option ++The "instance differentiation string" is for "user" method and _ for "context" and "level" methods\&. If the whole string is too long the end of it is replaced with md5sum of itself\&. Also when command line option + \fIgen_hash\fR +-is used the whole string is replaced with md5sum of itself\. ++is used the whole string is replaced with md5sum of itself\&. + .SH "EXAMPLES" + .PP + These are some example lines which might be specified in +-\fI/etc/security/namespace\.conf\fR\. ++\FC/etc/security/namespace\&.conf\F[]\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ + # The following three lines will polyinstantiate /tmp, +- # /var/tmp and user\'s home directories\. /tmp and /var/tmp ++ # /var/tmp and user\'s home directories\&. /tmp and /var/tmp + # will be polyinstantiated based on the security level + # as well as user name, whereas home directory will be +- # polyinstantiated based on the full security context and user name\. ++ # polyinstantiated based on the full security context and user name\&. + # Polyinstantiation will not be performed for user root + # and adm for directories /tmp and /var/tmp, whereas home +- # directories will be polyinstantiated for all users\. ++ # directories will be polyinstantiated for all users\&. + # + # Note that instance directories do not have to reside inside +- # the polyinstantiated directory\. In the examples below, ++ # the polyinstantiated directory\&. In the examples below, + # instances of /tmp will be created in /tmp\-inst directory, + # where as instances of /var/tmp and users home directories + # will reside within the directories that are being +- # polyinstantiated\. ++ # polyinstantiated\&. + # + /tmp /tmp\-inst/ level root,adm + /var/tmp /var/tmp/tmp\-inst/ level root,adm +- $HOME $HOME/$USER\.inst/inst\- context ++ $HOME $HOME/$USER\&.inst/inst\- context + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .PP +-For the s you need polyinstantiation (login for example) put the following line in /etc/pam\.d/ as the last line for session group: ++For the s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/ as the last line for session group: + .PP +-session required pam_namespace\.so [arguments] ++session required pam_namespace\&.so [arguments] + .PP +-This module also depends on pam_selinux\.so setting the context\. ++This module also depends on pam_selinux\&.so setting the context\&. + .SH "SEE ALSO" + .PP + +@@ -136,4 +310,4 @@ + \fBpam\fR(8) + .SH "AUTHORS" + .PP +-The namespace\.conf manual page was written by Janak Desai \. More features added by Tomas Mraz \. ++The namespace\&.conf manual page was written by Janak Desai \&. More features added by Tomas Mraz \&. +--- Linux-PAM-1.0.2-orig/modules/pam_namespace/pam_namespace.8 2008-04-16 11:09:14.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2009-01-20 11:59:24.000000000 +0100 +@@ -1,27 +1,185 @@ .\" Title: pam_namespace - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHORS" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_NAMESPACE" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_NAMESPACE" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_NAMESPACE" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -19,7 +19,7 @@ + .ad l +-.SH "NAME" +-pam_namespace - PAM module for configuring namespace for a session +-.SH "SYNOPSIS" +-.HP 17 +-\fBpam_namespace\.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close] [use_current_context] [use_default_context] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_namespace \- PAM module for configuring namespace for a session ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_namespace\&.so\fR\ 'u ++\fBpam_namespace\&.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close] [use_current_context] [use_default_context] ++.fam + .SH "DESCRIPTION" .PP - The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\. If an executable script - \fI/etc/security/namespace\.init\fR +-The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\. If an executable script +-\fI/etc/security/namespace\.init\fR -exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\. -+exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated direcory\. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\. ++The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\&. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\&. If an executable script ++\FC/etc/security/namespace\&.init\F[] ++exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated direcory\&. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\&. .PP - The pam_namespace module disassociates the session namespace from the parent namespace\. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\.net/Articles/159077 and http://lwn\.net/Articles/159092\. +-The pam_namespace module disassociates the session namespace from the parent namespace\. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\.net/Articles/159077 and http://lwn\.net/Articles/159092\. ++The pam_namespace module disassociates the session namespace from the parent namespace\&. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\&. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\&. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\&.net/Articles/159077 and http://lwn\&.net/Articles/159092\&. .SH "OPTIONS" -@@ -73,11 +73,11 @@ + .PP + \fBdebug\fR +@@ -31,7 +189,7 @@ + .PP + \fBunmnt_remnt\fR .RS 4 - Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\. The module will use the default SELinux context of the user for the level and context polyinstantiation\. +-For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context ++For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\&. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\&. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context + .RE + .PP + \fBunmnt_only\fR +@@ -46,112 +204,130 @@ + .PP + \fBgen_hash\fR + .RS 4 +-Instead of using the security context string for the instance name, generate and use its md5 hash\. ++Instead of using the security context string for the instance name, generate and use its md5 hash\&. + .RE + .PP + \fBignore_config_error\fR + .RS 4 +-If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\. Without this option, pam will return an error to the calling program resulting in termination of the session\. ++If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\&. Without this option, pam will return an error to the calling program resulting in termination of the session\&. + .RE + .PP + \fBignore_instance_parent_mode\fR + .RS 4 +-Instance parent directories by default are expected to have the restrictive mode of 000\. Using this option, an administrator can choose to ignore the mode of the instance parent\. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\. ++Instance parent directories by default are expected to have the restrictive mode of 000\&. Using this option, an administrator can choose to ignore the mode of the instance parent\&. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\&. + .RE + .PP + \fBno_unmount_on_close\fR + .RS 4 +-For certain trusted programs such as newrole, open session is called from a child process while the parent perfoms close session and pam end functions\. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the parent\. ++For certain trusted programs such as newrole, open session is called from a child process while the parent perfoms close session and pam end functions\&. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the parent\&. + .RE + .PP + \fBuse_current_context\fR + .RS 4 +-Useful for services which do not change the SELinux context with setexeccon call\. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\. ++Useful for services which do not change the SELinux context with setexeccon call\&. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\&. + .RE + .PP + \fBuse_default_context\fR + .RS 4 +-Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\. The module will use the default SELinux context of the user for the level and context polyinstantiation\. ++Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\&. The module will use the default SELinux context of the user for the level and context polyinstantiation\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -1077,40 +8469,338 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_namespace/pam_namespace.8 Linux-PAM-1. +Only the \fBsession\fR -service is supported\. The module must not be called from multithreaded processes\. -+module type is provided\. The module must not be called from multithreaded processes\. ++module type is provided\&. The module must not be called from multithreaded processes\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -149,7 +149,7 @@ + .RS 4 +-Namespace setup was successful\. ++Namespace setup was successful\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Unexpected system error occurred while setting up namespace\. ++Unexpected system error occurred while setting up namespace\&. + .RE + .PP + PAM_SESSION_ERR + .RS 4 +-Unexpected namespace configuration error occurred\. ++Unexpected namespace configuration error occurred\&. + .RE + .SH "FILES" + .PP +-\fI/etc/security/namespace\.conf\fR ++\FC/etc/security/namespace\&.conf\F[] + .RS 4 + Main configuration file + .RE + .PP +-\fI/etc/security/namespace\.d\fR ++\FC/etc/security/namespace\&.d\F[] + .RS 4 + Directory for additional configuration files + .RE + .PP +-\fI/etc/security/namespace\.init\fR ++\FC/etc/security/namespace\&.init\F[] + .RS 4 + Init script for instance directories + .RE + .SH "EXAMPLES" + .PP +-For the s you need polyinstantiation (login for example) put the following line in /etc/pam\.d/ as the last line for session group: ++For the s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/ as the last line for session group: + .PP +-session required pam_namespace\.so [arguments] ++session required pam_namespace\&.so [arguments] + .PP + To use polyinstantiation with graphical display manager gdm, insert the following line, before exit 0, in /etc/gdm/PostSession/Default: + .PP + /usr/sbin/gdm\-safe\-restart + .PP +-This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\. Please use the initialization script +-\fI/etc/security/namespace\.init\fR +-to ensure that the X server and its clients can appropriately access the communication socket X0\. Please refer to the sample instructions provided in the comment section of the instance initialization script +-\fI/etc/security/namespace\.init\fR\. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp: ++This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\&. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\&. Please use the initialization script ++\FC/etc/security/namespace\&.init\F[] ++to ensure that the X server and its clients can appropriately access the communication socket X0\&. Please refer to the sample instructions provided in the comment section of the instance initialization script ++\FC/etc/security/namespace\&.init\F[]\&. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp: + .PP + + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +- 1\. Disable the use of font server by commenting out "FontPath" +- line in /etc/X11/xorg\.conf\. If you do want to use the font server ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++ 1\&. Disable the use of font server by commenting out "FontPath" ++ line in /etc/X11/xorg\&.conf\&. If you do want to use the font server + then you will have to augment the instance initialization +- script to appropriately provide /tmp/\.font\-unix from the +- polyinstantiated /tmp\. +- 2\. Ensure that the gdm service is setup to use pam_namespace, +- as described above, by modifying /etc/pam\.d/gdm\. +- 3\. Ensure that the display manager is configured to restart X server +- with each new session\. This default setup can be verified by +- making sure that /usr/share/gdm/defaults\.conf contains ++ script to appropriately provide /tmp/\&.font\-unix from the ++ polyinstantiated /tmp\&. ++ 2\&. Ensure that the gdm service is setup to use pam_namespace, ++ as described above, by modifying /etc/pam\&.d/gdm\&. ++ 3\&. Ensure that the display manager is configured to restart X server ++ with each new session\&. This default setup can be verified by ++ making sure that /usr/share/gdm/defaults\&.conf contains + "AlwaysRestartServer=true", and it is not overridden by +- /etc/gdm/custom\.conf\. ++ /etc/gdm/custom\&.conf\&. + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBnamespace.conf\fR(5), -\fBpam.d\fR(8), +\fBpam.d\fR(5), \fBmount\fR(8), - \fBpam\fR(8)\. +-\fBpam\fR(8)\. ++\fBpam\fR(8)\&. .SH "AUTHORS" -diff -urN Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 ---- Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 2008-04-16 11:07:40.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2008-10-17 13:02:27.000000000 +0200 -@@ -1,11 +1,11 @@ + .PP +-The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\. The pam_namespace PAM module was developed by Janak Desai , Chad Sellers and Steve Grubb \. Additional improvements by Xavier Toth and Tomas Mraz \. ++The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai , Chad Sellers and Steve Grubb \&. Additional improvements by Xavier Toth and Tomas Mraz \&. +--- Linux-PAM-1.0.2-orig/modules/pam_nologin/pam_nologin.8 2008-04-16 11:07:40.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2009-01-20 11:59:26.000000000 +0100 +@@ -1,110 +1,286 @@ .\" Title: pam_nologin - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_NOLOGIN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_NOLOGIN" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_NOLOGIN" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -34,13 +34,13 @@ + .ad l +-.SH "NAME" +-pam_nologin - Prevent non-root users from login +-.SH "SYNOPSIS" +-.HP 15 +-\fBpam_nologin\.so\fR [file=\fI/path/nologin\fR] [successok] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_nologin \- Prevent non\-root users from login ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_nologin\&.so\fR\ 'u ++\fBpam_nologin\&.so\fR [file=\fI/path/nologin\fR] [successok] ++.fam + .SH "DESCRIPTION" + .PP + pam_nologin is a PAM module that prevents users from logging into the system when +-\fI/etc/nologin\fR +-exists\. The contents of the +-\fI/etc/nologin\fR +-file are displayed to the user\. The pam_nologin module has no effect on the root user\'s ability to log in\. ++\FC/etc/nologin\F[] ++exists\&. The contents of the ++\FC/etc/nologin\F[] ++file are displayed to the user\&. The pam_nologin module has no effect on the root user\'s ability to log in\&. + .SH "OPTIONS" + .PP + \fBfile=\fR\fB\fI/path/nologin\fR\fR .RS 4 - Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\. + Use this file instead the default +-\fI/etc/nologin\fR\. ++\FC/etc/nologin\F[]\&. + .RE + .PP + \fBsuccessok\fR + .RS 4 +-Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\. ++Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -1120,11 +8810,96 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 Linux-PAM-1.0.2/ and \fBacct\fR -services are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR -@@ -103,7 +103,7 @@ + .RS 4 + The user is not root and +-\fI/etc/nologin\fR +-exists, so the user is not permitted to log in\. ++\FC/etc/nologin\F[] ++exists, so the user is not permitted to log in\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-This is the default return value\. ++This is the default return value\&. + .RE + .PP + PAM_SUCCESS + .RS 4 + Success: either the user is root or the +-\fI/etc/nologin\fR +-file does not exist\. ++\FC/etc/nologin\F[] ++file does not exist\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known to the underlying authentication module\. ++User not known to the underlying authentication module\&. + .RE + .SH "EXAMPLES" + .PP + The suggested usage for +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + is: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth required pam_nologin\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth required pam_nologin\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "NOTES" + .PP +-In order to make this module effective, all login methods should be secured by it\. It should be used as a ++In order to make this module effective, all login methods should be secured by it\&. It should be used as a + \fIrequired\fR + method listed before any + \fIsufficient\fR +-methods in order to get standard Unix nologin semantics\. Note, the use of ++methods in order to get standard Unix nologin semantics\&. Note, the use of + \fBsuccessok\fR + module argument causes the module to return + \fIPAM_SUCCESS\fR + and as such would break such a configuration \- failing + \fIsufficient\fR + modules would lead to a successful login because the nologin module +-\fIsucceeded\fR\. ++\fIsucceeded\fR\&. + .SH "SEE ALSO" + .PP \fBnologin\fR(5), \fBpam.conf\fR(5), @@ -1133,29 +8908,212 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_nologin/pam_nologin.8 Linux-PAM-1.0.2/ \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 ---- Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 2008-04-16 11:07:43.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2008-10-17 13:02:30.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_nologin was written by Michael K\. Johnson \. ++pam_nologin was written by Michael K\&. Johnson \&. +--- Linux-PAM-1.0.2-orig/modules/pam_permit/pam_permit.8 2008-04-16 11:07:43.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2009-01-20 11:59:29.000000000 +0100 +@@ -1,64 +1,240 @@ .\" Title: pam_permit - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_PERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_PERMIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_PERMIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -27,15 +27,15 @@ + .ad l +-.SH "NAME" +-pam_permit - The promiscuous module +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_permit\.so\fR ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_permit \- The promiscuous module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_permit\&.so\fR\ 'u ++\fBpam_permit\&.so\fR ++.fam + .SH "DESCRIPTION" + .PP +-pam_permit is a PAM module that always permit access\. It does nothing else\. ++pam_permit is a PAM module that always permit access\&. It does nothing else\&. + .PP + In the case of authentication, the user\'s name will be set to + \fInobody\fR +-if the application didn\'t set one\. Many applications and PAM modules become confused if this name is unknown\. ++if the application didn\'t set one\&. Many applications and PAM modules become confused if this name is unknown\&. + .PP +-This module is very dangerous\. It should be used with extreme caution\. ++This module is very dangerous\&. It should be used with extreme caution\&. .SH "OPTIONS" .PP - This module does not recognise any options\. +-This module does not recognise any options\. -.SH "MODULE SERVICES PROVIDED" ++This module does not recognise any options\&. +.SH "MODULE TYPES PROVIDED" .PP -The services @@ -1166,11 +9124,46 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 Linux-PAM-1.0.2/mo and \fBsession\fR -are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -57,7 +57,7 @@ + .RS 4 +-This module always returns this value\. ++This module always returns this value\&. + .RE + .SH "EXAMPLES" + .PP +-Add this line to your other login entries to disable account management, but continue to permit users to log in\. ++Add this line to your other login entries to disable account management, but continue to permit users to log in\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-account required pam_permit\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++account required pam_permit\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -1179,10 +9172,11 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_permit/pam_permit.8 Linux-PAM-1.0.2/mo \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_pwhistory/README Linux-PAM-1.0.2/modules/pam_pwhistory/README ---- Linux-PAM-1.0.2-old/modules/pam_pwhistory/README 1970-01-01 01:00:00.000000000 +0100 -+++ Linux-PAM-1.0.2/modules/pam_pwhistory/README 2008-10-17 13:02:33.000000000 +0200 -@@ -0,0 +1,61 @@ +-pam_permit was written by Andrew G\. Morgan, \. ++pam_permit was written by Andrew G\&. Morgan, \&. +--- Linux-PAM-1.0.2-orig/modules/pam_pwhistory/README 1970-01-01 01:00:00.000000000 +0100 ++++ Linux-PAM-1.0.2/modules/pam_pwhistory/README 2009-01-20 11:59:33.000000000 +0100 +@@ -0,0 +1,67 @@ +pam_pwhistory — PAM module to remember last passwords + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ @@ -1223,6 +9217,12 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_pwhistory/README Linux-PAM-1.0.2/modul + + Prompt user at most N times before returning with error. The default is 1. + ++type=STRING ++ ++ The default action is for the module to use the following prompts when ++ requesting passwords: "New UNIX password: " and "Retype UNIX password: ". ++ The default word UNIX can be replaced with this option. ++ +EXAMPLES + +An example password section would be: @@ -1244,27 +9244,240 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_pwhistory/README Linux-PAM-1.0.2/modul + +pam_pwhistory was written by Thorsten Kukuk + -diff -urN Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 ---- Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 2008-04-16 11:07:46.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2008-10-17 13:02:34.000000000 +0200 -@@ -1,11 +1,11 @@ +--- Linux-PAM-1.0.2-orig/modules/pam_rhosts/pam_rhosts.8 2008-04-16 11:07:46.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2009-01-20 11:59:35.000000000 +0100 +@@ -1,98 +1,274 @@ .\" Title: pam_rhosts - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_RHOSTS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_RHOSTS" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_RHOSTS" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -53,11 +53,11 @@ + .ad l +-.SH "NAME" +-pam_rhosts - The rhosts PAM module +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_rhosts\.so\fR ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_rhosts \- The rhosts PAM module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_rhosts\&.so\fR\ 'u ++\fBpam_rhosts\&.so\fR ++.fam + .SH "DESCRIPTION" + .PP + This module performs the standard network authentication for services, as used by traditional implementations of + \fBrlogin\fR + and + \fBrsh\fR +-etc\. ++etc\&. + .PP + The authentication mechanism of this module is based on the contents of two files; +-\fI/etc/hosts\.equiv\fR ++\FC/etc/hosts\&.equiv\F[] + (or and +-\fI~/\.rhosts\fR\. Firstly, hosts listed in the former file are treated as equivalent to the localhost\. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\. Access is granted to the user if their host is present in +-\fI/etc/hosts\.equiv\fR +-and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\. ++\FC~/\&.rhosts\F[]\&. Firstly, hosts listed in the former file are treated as equivalent to the localhost\&. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\&. Access is granted to the user if their host is present in ++\FC/etc/hosts\&.equiv\F[] ++and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\&. + .PP + The module authenticates a remote user (internally specified by the item + \fIPAM_RUSER\fR + connecting from the remote host (internally specified by the item +-\fBPAM_RHOST\fR)\. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling +-\fBpam_authenticate()\fR\. The module is not capable of independently probing the network connection for such information\. ++\fBPAM_RHOST\fR)\&. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling ++\fBpam_authenticate()\fR\&. The module is not capable of independently probing the network connection for such information\&. + .SH "OPTIONS" + .PP + \fBdebug\fR + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBsilent\fR + .RS 4 +-Don\'t print informative messages\. ++Don\'t print informative messages\&. + .RE + .PP + \fBsuperuser=\fR\fB\fIaccount\fR\fR + .RS 4 + Handle \fIaccount\fR - as root\. +-as root\. ++as root\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -1272,11 +9485,75 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 Linux-PAM-1.0.2/mo Only the \fBauth\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR -@@ -101,7 +101,7 @@ + .RS 4 + The remote host, remote user name or the local user name couldn\'t be determined or access was denied by +-\fI\.rhosts\fR +-file\. ++\FC\&.rhosts\F[] ++file\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User is not known to system\. ++User is not known to system\&. + .RE + .SH "EXAMPLES" + .PP + To grant a remote user access by +-\fI/etc/hosts\.equiv\fR ++\FC/etc/hosts\&.equiv\F[] + or +-\fI\.rhosts\fR ++\FC\&.rhosts\F[] + for + \fBrsh\fR + add the following lines to +-\fI/etc/pam\.d/rsh\fR: ++\FC/etc/pam\&.d/rsh\F[]: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 + # +-auth required pam_rhosts\.so +-auth required pam_nologin\.so +-auth required pam_env\.so +-auth required pam_unix\.so ++auth required pam_rhosts\&.so ++auth required pam_nologin\&.so ++auth required pam_env\&.so ++auth required pam_unix\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" + .PP +@@ -101,8 +277,8 @@ \fBhosts.equiv\fR(5), \fBrhosts\fR(5), \fBpam.conf\fR(5), @@ -1285,27 +9562,214 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_rhosts/pam_rhosts.8 Linux-PAM-1.0.2/mo \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 ---- Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 2008-04-16 11:07:49.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2008-10-17 13:02:37.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_rhosts was written by Thorsten Kukuk ++pam_rhosts was written by Thorsten Kukuk +--- Linux-PAM-1.0.2-orig/modules/pam_rootok/pam_rootok.8 2008-04-16 11:07:49.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2009-01-20 11:59:38.000000000 +0100 +@@ -1,41 +1,199 @@ .\" Title: pam_rootok - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ROOTOK" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ROOTOK" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -31,11 +31,11 @@ + .ad l +-.SH "NAME" +-pam_rootok - Gain only root access +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_rootok\.so\fR [debug] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_rootok \- Gain only root access ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_rootok\&.so\fR\ 'u ++\fBpam_rootok\&.so\fR [debug] ++.fam + .SH "DESCRIPTION" + .PP + pam_rootok is a PAM module that authenticates the user if their + \fIUID\fR + is +-\fI0\fR\. Applications that are created setuid\-root generally retain the ++\fI0\fR\&. Applications that are created setuid\-root generally retain the + \fIUID\fR +-of the user but run with the authority of an enhanced effective\-UID\. It is the real ++of the user but run with the authority of an enhanced effective\-UID\&. It is the real + \fIUID\fR +-that is checked\. ++that is checked\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Print debug information\. +-Print debug information\. ++Print debug information\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -1313,11 +9777,68 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 Linux-PAM-1.0.2/mo Only the \fBauth\fR -service is supported\. -+type is provided\. ++type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -76,7 +76,7 @@ +@@ -43,7 +201,7 @@ + The + \fIUID\fR + is +-\fI0\fR\. ++\fI0\fR\&. + .RE + .PP + PAM_AUTH_ERR +@@ -52,32 +210,50 @@ + \fIUID\fR + is + \fBnot\fR +-\fI0\fR\. ++\fI0\fR\&. + .RE + .SH "EXAMPLES" + .PP + In the case of the + \fBsu\fR(1) +-application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the +-\fI/etc/pam\.d/su\fR ++application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\&. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the ++\FC/etc/pam\&.d/su\F[] + configuration file: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-# su authentication\. Root is granted access by default\. +-auth sufficient pam_rootok\.so +-auth required pam_unix\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++# su authentication\&. Root is granted access by default\&. ++auth sufficient pam_rootok\&.so ++auth required pam_unix\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" + .PP \fBsu\fR(1), \fBpam.conf\fR(5), @@ -1326,27 +9847,222 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_rootok/pam_rootok.8 Linux-PAM-1.0.2/mo \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 ---- Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 2008-04-16 11:07:52.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2008-10-17 13:02:40.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_rootok was written by Andrew G\. Morgan, \. ++pam_rootok was written by Andrew G\&. Morgan, \&. +--- Linux-PAM-1.0.2-orig/modules/pam_securetty/pam_securetty.8 2008-04-16 11:07:52.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2009-01-20 11:59:41.000000000 +0100 +@@ -1,97 +1,273 @@ .\" Title: pam_securetty - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_SECURETTY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SECURETTY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SECURETTY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -37,11 +37,11 @@ + .ad l +-.SH "NAME" +-pam_securetty - Limit root login to special devices +-.SH "SYNOPSIS" +-.HP 17 +-\fBpam_securetty\.so\fR [debug] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_securetty \- Limit root login to special devices ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_securetty\&.so\fR\ 'u ++\fBpam_securetty\&.so\fR [debug] ++.fam + .SH "DESCRIPTION" + .PP + pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in +-\fI/etc/securetty\fR\. pam_securetty also checks to make sure that +-\fI/etc/securetty\fR +-is a plain file and not world writable\. ++\FC/etc/securetty\F[]\&. pam_securetty also checks to make sure that ++\FC/etc/securetty\F[] ++is a plain file and not world writable\&. + .PP + This module has no effect on non\-root users and requires that the application fills in the + \fBPAM_TTY\fR +-item correctly\. ++item correctly\&. + .PP + For canonical usage, should be listed as a + \fBrequired\fR + authentication method before any + \fBsufficient\fR +-authentication methods\. ++authentication methods\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Print debug information\. +-Print debug information\. ++Print debug information\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -1354,20 +10070,81 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 Linux-PAM-1. Only the \fBauth\fR -service is supported\. -+module type is provided\. ++module type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -67,7 +67,7 @@ - \fI/etc/securetty\fR\. + .RS 4 +-The user is allowed to continue authentication\. Either the user is not root, or the root user is trying to log in on an acceptable device\. ++The user is allowed to continue authentication\&. Either the user is not root, or the root user is trying to log in on an acceptable device\&. + .RE + .PP + PAM_AUTH_ERR + .RS 4 +-Authentication is rejected\. Either root is attempting to log in via an unacceptable device, or the +-\fI/etc/securetty\fR +-file is world writable or not a normal file\. ++Authentication is rejected\&. Either root is attempting to log in via an unacceptable device, or the ++\FC/etc/securetty\F[] ++file is world writable or not a normal file\&. + .RE + .PP + PAM_INCOMPLETE + .RS 4 +-An application error occurred\. pam_securetty was not able to get information it required from the application that called it\. ++An application error occurred\&. pam_securetty was not able to get information it required from the application that called it\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 + An error occurred while the module was determining the user\'s name or tty, or the module could not open +-\fI/etc/securetty\fR\. ++\FC/etc/securetty\F[]\&. .RE .PP -PAM_IGNORE +PAM_USER_UNKNOWN .RS 4 The module could not find the user name in the - \fI/etc/passwd\fR -@@ -90,7 +90,7 @@ +-\fI/etc/passwd\fR +-file to verify whether the user had a UID of 0\. Therefore, the results of running this module are ignored\. ++\FC/etc/passwd\F[] ++file to verify whether the user had a UID of 0\&. Therefore, the results of running this module are ignored\&. + .RE + .SH "EXAMPLES" + .PP + + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth required pam_securetty\.so +-auth required pam_unix\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth required pam_securetty\&.so ++auth required pam_unix\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" + .PP \fBsecuretty\fR(5), \fBpam.conf\fR(5), @@ -1376,55 +10153,324 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_securetty/pam_securetty.8 Linux-PAM-1. \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_selinux/pam_selinux.8 Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 ---- Linux-PAM-1.0.2-old/modules/pam_selinux/pam_selinux.8 2008-04-16 11:07:56.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2008-10-17 13:02:43.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_securetty was written by Elliot Lee \. ++pam_securetty was written by Elliot Lee \&. +--- Linux-PAM-1.0.2-orig/modules/pam_selinux/pam_selinux.8 2008-04-16 11:07:56.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2009-01-20 11:59:45.000000000 +0100 +@@ -1,95 +1,279 @@ .\" Title: pam_selinux - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_SELINUX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -14,7 +14,7 @@ - pam_selinux - PAM module to set the default security context - .SH "SYNOPSIS" - .HP 15 + .ad l +-.SH "NAME" +-pam_selinux - PAM module to set the default security context +-.SH "SYNOPSIS" +-.HP 15 -\fBpam_selinux\.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [use_current_range] -+\fBpam_selinux\.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [env_params] [use_current_range] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_selinux \- PAM module to set the default security context ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_selinux\&.so\fR\ 'u ++\fBpam_selinux\&.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [env_params] [use_current_range] ++.fam .SH "DESCRIPTION" .PP - In a nutshell, pam_selinux sets up the default security context for the next execed shell\. -@@ -55,9 +55,17 @@ - Attempt to ask the user for a custom security context role\. If MLS is on ask also for sensitivity level\. +-In a nutshell, pam_selinux sets up the default security context for the next execed shell\. ++In a nutshell, pam_selinux sets up the default security context for the next execed shell\&. + .PP +-When an application opens a session using pam_selinux, the shell that gets executed will be run in the default security context, or if the user chooses and the pam file allows the selected security context\. Also the controlling tty will have it\'s security context modified to match the users\. ++When an application opens a session using pam_selinux, the shell that gets executed will be run in the default security context, or if the user chooses and the pam file allows the selected security context\&. Also the controlling tty will have it\'s security context modified to match the users\&. + .PP +-Adding pam_selinux into a pam file could cause other pam modules to change their behavior if the exec another application\. The close and open option help mitigate this problem\. close option will only cause the close portion of the pam_selinux to execute, and open will only cause the open portion to run\. You can add pam_selinux to the config file twice\. Add the pam_selinux close as the executes the open pass through the modules, pam_selinux open_session will happen last\. When PAM executes the close pass through the modules pam_selinux close_session will happen first\. ++Adding pam_selinux into a pam file could cause other pam modules to change their behavior if the exec another application\&. The close and open option help mitigate this problem\&. close option will only cause the close portion of the pam_selinux to execute, and open will only cause the open portion to run\&. You can add pam_selinux to the config file twice\&. Add the pam_selinux close as the executes the open pass through the modules, pam_selinux open_session will happen last\&. When PAM executes the close pass through the modules pam_selinux close_session will happen first\&. + .SH "OPTIONS" + .PP + \fBclose\fR + .RS 4 +-Only execute the close_session portion of the module\. ++Only execute the close_session portion of the module\&. .RE .PP -+\fBenv_params\fR -+.RS 4 -+Attempt to obtain a custom security context role from PAM environment\. If MLS is on obtain also sensitivity level\. This option and the select_context option are mutually exclusive\. The respective PAM environment variables are -+\fISELINUX_ROLE_REQUESTED\fR, -+\fISELINUX_LEVEL_REQUESTED\fR, and -+\fISELINUX_USE_CURRENT_RANGE\fR\. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module\. + \fBdebug\fR + .RS 4 + Turns on debugging via +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .RE + .PP + \fBopen\fR + .RS 4 +-Only execute the open_session portion of the module\. ++Only execute the open_session portion of the module\&. + .RE + .PP + \fBnottys\fR + .RS 4 +-Do not try to setup the ttys security context\. ++Do not try to setup the ttys security context\&. + .RE + .PP + \fBverbose\fR + .RS 4 +-attempt to inform the user when security context is set\. ++attempt to inform the user when security context is set\&. + .RE + .PP + \fBselect_context\fR + .RS 4 +-Attempt to ask the user for a custom security context role\. If MLS is on ask also for sensitivity level\. ++Attempt to ask the user for a custom security context role\&. If MLS is on ask also for sensitivity level\&. +.RE +.PP ++\fBenv_params\fR ++.RS 4 ++Attempt to obtain a custom security context role from PAM environment\&. If MLS is on obtain also sensitivity level\&. This option and the select_context option are mutually exclusive\&. The respective PAM environment variables are ++\fISELINUX_ROLE_REQUESTED\fR, ++\fISELINUX_LEVEL_REQUESTED\fR, and ++\fISELINUX_USE_CURRENT_RANGE\fR\&. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module\&. + .RE + .PP \fBuse_current_range\fR .RS 4 -Use the sensitivity range of the process for the user context\. This option and the select_context option are mutually exclusive\. -+Use the sensitivity level of the current process for the user context instead of the default level\. Also supresses asking of the sensitivity level from the user or obtaining it from PAM environment\. ++Use the sensitivity level of the current process for the user context instead of the default level\&. Also supresses asking of the sensitivity level from the user or obtaining it from PAM environment\&. .RE .SH "MODULE SERVICES PROVIDED" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_selinux/README Linux-PAM-1.0.2/modules/pam_selinux/README ---- Linux-PAM-1.0.2-old/modules/pam_selinux/README 2008-04-16 11:07:55.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_selinux/README 2008-10-17 13:02:42.000000000 +0200 + Only the + \fBsession\fR +-service is supported\. ++service is supported\&. + .SH "RETURN VALUES" + .PP + PAM_AUTH_ERR + .RS 4 +-Unable to get or set a valid context\. ++Unable to get or set a valid context\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-The security context was set successfull\. ++The security context was set successfull\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-The user is not known to the system\. ++The user is not known to the system\&. + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth required pam_unix\.so +-session required pam_permit\.so +-session optional pam_selinux\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth required pam_unix\&.so ++session required pam_permit\&.so ++session optional pam_selinux\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" + .PP + +@@ -98,4 +282,4 @@ + \fBpam\fR(8) + .SH "AUTHOR" + .PP +-pam_selinux was written by Dan Walsh \. ++pam_selinux was written by Dan Walsh \&. +--- Linux-PAM-1.0.2-orig/modules/pam_selinux/README 2008-04-16 11:07:55.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_selinux/README 2009-01-20 11:59:47.000000000 +0100 @@ -48,10 +48,21 @@ Attempt to ask the user for a custom security context role. If MLS is on ask also for sensitivity level. @@ -1449,27 +10495,235 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_selinux/README Linux-PAM-1.0.2/modules EXAMPLES -diff -urN Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 ---- Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 2008-04-16 11:07:59.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2008-10-17 13:02:46.000000000 +0200 -@@ -1,11 +1,11 @@ +--- Linux-PAM-1.0.2-orig/modules/pam_sepermit/pam_sepermit.8 2008-04-16 11:07:59.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2009-01-20 11:59:49.000000000 +0100 +@@ -1,104 +1,280 @@ .\" Title: pam_sepermit - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_SEPERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SEPERMIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SEPERMIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -49,13 +49,13 @@ + .ad l +-.SH "NAME" +-pam_sepermit - PAM module to allow/deny login depending on SELinux enforcement state +-.SH "SYNOPSIS" +-.HP 16 +-\fBpam_sepermit\.so\fR [debug] [conf=\fI/path/to/config/file\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_sepermit \- PAM module to allow/deny login depending on SELinux enforcement state ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_sepermit\&.so\fR\ 'u ++\fBpam_sepermit\&.so\fR [debug] [conf=\fI/path/to/config/file\fR] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_sepermit module allows or denies login depending on SELinux enforcement state\. ++The pam_sepermit module allows or denies login depending on SELinux enforcement state\&. + .PP +-When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\. Otherwise he is denied access\. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\. ++When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\&. Otherwise he is denied access\&. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\&. + .PP +-The config file contains a simple list of user names one per line\. If the ++The config file contains a simple list of user names one per line\&. If the + \fIname\fR + is prefixed with + \fI@\fR + character it means that all users in the group + \fIname\fR +-match\. If it is prefixed with a ++match\&. If it is prefixed with a + \fI%\fR + character the SELinux user is used to match against the + \fIname\fR +-instead of the account name\. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\. ++instead of the account name\&. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\&. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\&. + .PP + Each user name in the configuration file can have optional arguments separated by + \fI:\fR +-character\. The only currently recognized argument is +-\fIexclusive\fR\. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\. ++character\&. The only currently recognized argument is ++\fIexclusive\fR\&. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Path to alternative config file overriding the default\. + Turns on debugging via +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .RE + .PP + \fBconf=\fR\fB\fI/path/to/config/file\fR\fR + .RS 4 +-Path to alternative config file overriding the default\. ++Path to alternative config file overriding the default\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -1480,33 +10734,290 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_sepermit/pam_sepermit.8 Linux-PAM-1.0. and \fBaccount\fR -services are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR -diff -urN Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 ---- Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 2008-04-16 11:08:01.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2008-10-17 13:02:48.000000000 +0200 -@@ -1,11 +1,11 @@ + .RS 4 +-SELinux is disabled or in the permissive mode and the user matches\. ++SELinux is disabled or in the permissive mode and the user matches\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-SELinux is in the enforcing mode and the user matches\. ++SELinux is in the enforcing mode and the user matches\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-The user does not match any entry in the config file\. ++The user does not match any entry in the config file\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-The module was unable to determine the user\'s name\. ++The module was unable to determine the user\'s name\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Error during reading or parsing the config file\. ++Error during reading or parsing the config file\&. + .RE + .SH "FILES" + .PP +-\fI/etc/security/sepermit\.conf\fR ++\FC/etc/security/sepermit\&.conf\F[] + .RS 4 + Default configuration file + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth [success=done ignore=ignore default=bad] pam_sepermit\.so +-auth required pam_unix\.so +-account required pam_unix\.so +-session required pam_permit\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth [success=done ignore=ignore default=bad] pam_sepermit\&.so ++auth required pam_unix\&.so ++account required pam_unix\&.so ++session required pam_permit\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" + .PP + +@@ -107,4 +283,4 @@ + \fBpam\fR(8) + .SH "AUTHOR" + .PP +-pam_sepermit was written by Tomas Mraz \. ++pam_sepermit was written by Tomas Mraz \&. +--- Linux-PAM-1.0.2-orig/modules/pam_shells/pam_shells.8 2008-04-16 11:08:01.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2009-01-20 11:59:52.000000000 +0100 +@@ -1,73 +1,249 @@ .\" Title: pam_shells - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_SHELLS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SHELLS" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SHELLS" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -26,13 +26,13 @@ + .ad l +-.SH "NAME" +-pam_shells - PAM module to check for valid login shell +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_shells\.so\fR ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_shells \- PAM module to check for valid login shell ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_shells\&.so\fR\ 'u ++\fBpam_shells\&.so\fR ++.fam + .SH "DESCRIPTION" + .PP + pam_shells is a PAM module that only allows access to the system if the users shell is listed in +-\fI/etc/shells\fR\. ++\FC/etc/shells\F[]\&. + .PP + It also checks if +-\fI/etc/shells\fR +-is a plain file and not world writable\. ++\FC/etc/shells\F[] ++is a plain file and not world writable\&. .SH "OPTIONS" .PP - This module does not recognise any options\. +-This module does not recognise any options\. -.SH "MODULE SERVICES PROVIDED" ++This module does not recognise any options\&. +.SH "MODULE TYPES PROVIDED" .PP -The services @@ -1515,11 +11026,59 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 Linux-PAM-1.0.2/mo and \fBaccount\fR -are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR -@@ -66,7 +66,7 @@ + .RS 4 +-Access to the system was denied\. ++Access to the system was denied\&. + .RE + .PP + PAM_SUCCESS + .RS 4 + The users login shell was listed as valid shell in +-\fI/etc/shells\fR\. ++\FC/etc/shells\F[]\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-The module was not able to get the name of the user\. ++The module was not able to get the name of the user\&. + .RE + .SH "EXAMPLES" + .PP + + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth required pam_shells\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth required pam_shells\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" + .PP \fBshells\fR(5), \fBpam.conf\fR(5), @@ -1528,27 +11087,341 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_shells/pam_shells.8 Linux-PAM-1.0.2/mo \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 ---- Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 2008-04-16 11:08:05.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2008-10-17 13:02:51.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_shells was written by Erik Troan \. ++pam_shells was written by Erik Troan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_succeed_if/pam_succeed_if.8 2008-04-16 11:08:05.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2009-01-20 11:59:56.000000000 +0100 +@@ -1,25 +1,183 @@ .\" Title: pam_succeed_if - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM .\" Source: Linux-PAM ++.\" Language: English .\" -.TH "PAM_SUCCEED_IF" "8" "04/16/2008" "Linux-PAM" "Linux\-PAM" -+.TH "PAM_SUCCEED_IF" "8" "10/17/2008" "Linux-PAM" "Linux\-PAM" ++.TH "PAM_SUCCEED_IF" "8" "01/20/2009" "Linux-PAM" "Linux\-PAM" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -141,9 +141,13 @@ + .ad l +-.SH "NAME" +-pam_succeed_if - test account characteristics +-.SH "SYNOPSIS" +-.HP 18 +-\fBpam_succeed_if\.so\fR [\fIflag\fR...] [\fIcondition\fR...] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_succeed_if \- test account characteristics ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_succeed_if\&.so\fR\ 'u ++\fBpam_succeed_if\&.so\fR [\fIflag\fR...] [\fIcondition\fR...] ++.fam + .SH "DESCRIPTION" + .PP +-pam_succeed_if\.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\. One use is to select whether to load other modules based on this test\. ++pam_succeed_if\&.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\&. One use is to select whether to load other modules based on this test\&. + .PP +-The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\. ++The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\&. + .SH "OPTIONS" + .PP + The following +@@ -27,31 +185,31 @@ + .PP + \fBdebug\fR .RS 4 - (user,host) is not in given netgroup\. +-Turns on debugging messages sent to syslog\. ++Turns on debugging messages sent to syslog\&. + .RE + .PP + \fBuse_uid\fR + .RS 4 +-Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\. ++Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&. + .RE + .PP + \fBquiet\fR + .RS 4 +-Don\'t log failure or success to the system log\. ++Don\'t log failure or success to the system log\&. + .RE + .PP + \fBquiet_fail\fR + .RS 4 +-Don\'t log failure to the system log\. ++Don\'t log failure to the system log\&. + .RE + .PP + \fBquiet_success\fR + .RS 4 +-Don\'t log success to the system log\. ++Don\'t log success to the system log\&. + .RE + .PP + +-\fICondition\fRs are three words: a field, a test, and a value to test for\. ++\fICondition\fRs are three words: a field, a test, and a value to test for\&. + .PP + Available fields are + \fIuser\fR, +@@ -64,123 +222,163 @@ + .PP + \fBfield < number\fR + .RS 4 +-Field has a value numerically less than number\. ++Field has a value numerically less than number\&. + .RE + .PP + \fBfield <= number\fR + .RS 4 +-Field has a value numerically less than or equal to number\. ++Field has a value numerically less than or equal to number\&. + .RE + .PP + \fBfield eq number\fR + .RS 4 +-Field has a value numerically equal to number\. ++Field has a value numerically equal to number\&. + .RE + .PP + \fBfield >= number\fR + .RS 4 +-Field has a value numerically greater than or equal to number\. ++Field has a value numerically greater than or equal to number\&. + .RE + .PP + \fBfield > number\fR + .RS 4 +-Field has a value numerically greater than number\. ++Field has a value numerically greater than number\&. + .RE + .PP + \fBfield ne number\fR + .RS 4 +-Field has a value numerically different from number\. ++Field has a value numerically different from number\&. + .RE + .PP + \fBfield = string\fR + .RS 4 +-Field exactly matches the given string\. ++Field exactly matches the given string\&. + .RE + .PP + \fBfield != string\fR + .RS 4 +-Field does not match the given string\. ++Field does not match the given string\&. + .RE + .PP + \fBfield =~ glob\fR + .RS 4 +-Field matches the given glob\. ++Field matches the given glob\&. + .RE + .PP + \fBfield !~ glob\fR + .RS 4 +-Field does not match the given glob\. ++Field does not match the given glob\&. + .RE + .PP +-\fBfield in item:item:\.\.\.\fR ++\fBfield in item:item:\&.\&.\&.\fR + .RS 4 +-Field is contained in the list of items separated by colons\. ++Field is contained in the list of items separated by colons\&. + .RE + .PP +-\fBfield notin item:item:\.\.\.\fR ++\fBfield notin item:item:\&.\&.\&.\fR + .RS 4 +-Field is not contained in the list of items separated by colons\. ++Field is not contained in the list of items separated by colons\&. + .RE + .PP + \fBuser ingroup group\fR + .RS 4 +-User is in given group\. ++User is in given group\&. + .RE + .PP + \fBuser notingroup group\fR + .RS 4 +-User is not in given group\. ++User is not in given group\&. + .RE + .PP + \fBuser innetgr netgroup\fR + .RS 4 +-(user,host) is in given netgroup\. ++(user,host) is in given netgroup\&. + .RE + .PP + \fBuser notinnetgr group\fR + .RS 4 +-(user,host) is not in given netgroup\. ++(user,host) is not in given netgroup\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -1558,75 +11431,467 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_succeed_if/pam_succeed_if.8 Linux-PAM- +\fBauth\fR, +\fBpassword\fR +and -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -158,7 +162,7 @@ + .RS 4 +-The condition was true\. ++The condition was true\&. + .RE + .PP + PAM_AUTH_ERR + .RS 4 +-The condition was false\. ++The condition was false\&. + .RE .PP PAM_SERVICE_ERR .RS 4 -A service error occured or the arguments can\'t be parsed as numbers\. -+A service error occured or the arguments can\'t be parsed correctly\. ++A service error occured or the arguments can\'t be parsed correctly\&. .RE .SH "EXAMPLES" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 ---- Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 2008-04-16 11:08:10.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2008-10-17 13:02:55.000000000 +0200 -@@ -1,11 +1,11 @@ + To emulate the behaviour of + \fIpam_wheel\fR, except there is no fallback to group 0: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth required pam_succeed_if\.so quiet user ingroup wheel ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth required pam_succeed_if\&.so quiet user ingroup wheel + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .PP +-Given that the type matches, only loads the othermodule rule if the UID is over 500\. Adjust the number after default to skip several rules\. ++Given that the type matches, only loads the othermodule rule if the UID is over 500\&. Adjust the number after default to skip several rules\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-type [default=1 success=ignore] pam_succeed_if\.so quiet uid > 500 +-type required othermodule\.so arguments\.\.\. ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++type [default=1 success=ignore] pam_succeed_if\&.so quiet uid > 500 ++type required othermodule\&.so arguments\&.\&.\&. + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" + .PP + +@@ -188,4 +386,4 @@ + \fBpam\fR(8) + .SH "AUTHOR" + .PP +-Nalin Dahyabhai ++Nalin Dahyabhai +--- Linux-PAM-1.0.2-orig/modules/pam_tally/pam_tally.8 2008-04-16 11:08:10.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2009-01-20 11:59:59.000000000 +0100 +@@ -1,34 +1,194 @@ .\" Title: pam_tally - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_TALLY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TALLY" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TALLY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -14,7 +14,7 @@ - pam_tally - The login counter (tallying) module - .SH "SYNOPSIS" - .HP 13 + .ad l +-.SH "NAME" +-pam_tally - The login counter (tallying) module +-.SH "SYNOPSIS" +-.HP 13 -\fBpam_tally\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] -+\fBpam_tally\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] [silent] [no_log_info] - .HP 10 +-.HP 10 ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_tally \- The login counter (tallying) module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_tally\&.so\fR\ 'u ++\fBpam_tally\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] [silent] [no_log_info] ++.fam ++.fam C ++.HP \w'\fBpam_tally\fR\ 'u \fBpam_tally\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet] ++.fam .SH "DESCRIPTION" -@@ -45,7 +45,7 @@ + .PP +-This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\. ++This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&. + .PP + pam_tally comes in two parts: +-\fBpam_tally\.so\fR ++\fBpam_tally\&.so\fR + and +-\fBpam_tally\fR\. The former is the PAM module and the latter, a stand\-alone program\. ++\fBpam_tally\fR\&. The former is the PAM module and the latter, a stand\-alone program\&. + \fBpam_tally\fR +-is an (optional) application which can be used to interrogate and manipulate the counter file\. It can display users\' counts, set individual counts, or clear all counts\. Setting artificially high counts may be useful for blocking users without changing their passwords\. For example, one might find it useful to clear all counts every midnight from a cron job\. The ++is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display users\' counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&. The + \fBfaillog\fR(8) +-command can be used instead of pam_tally to to maintain the counter file\. ++command can be used instead of pam_tally to to maintain the counter file\&. + .PP + Normally, failed attempts to access + \fIroot\fR +@@ -36,7 +196,7 @@ + \fBnot\fR + cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\'t given shell accounts and root may only login via + \fBsu\fR +-or at the machine console (not telnet/rsh, etc), this is safe\. ++or at the machine console (not telnet/rsh, etc), this is safe\&. + .SH "OPTIONS" + .PP + GLOBAL OPTIONS +@@ -45,7 +205,7 @@ \fIauth\fR and \fIaccount\fR -services\. -+module types\. ++module types\&. .PP \fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR .RS 4 -@@ -66,6 +66,17 @@ - .RS 4 - Will log the user name into the system log if the user is not found\. +@@ -53,85 +213,96 @@ + \fBPAM_SUCESS\fR + if + \fBonerr=\fR\fB\fIsucceed\fR\fR +-is given, else with the corresponding PAM error code\. ++is given, else with the corresponding PAM error code\&. .RE + .PP + \fBfile=\fR\fB\fI/path/to/counter\fR\fR + .RS 4 +-File where to keep counts\. Default is +-\fI/var/log/faillog\fR\. ++File where to keep counts\&. Default is ++\FC/var/log/faillog\F[]\&. + .RE + .PP + \fBaudit\fR + .RS 4 +-Will log the user name into the system log if the user is not found\. ++Will log the user name into the system log if the user is not found\&. ++.RE +.PP +\fBsilent\fR +.RS 4 -+Don\'t print informative messages\. ++Don\'t print informative messages\&. +.RE +.PP +\fBno_log_info\fR +.RS 4 +Don\'t log informative messages via -+\fBsyslog\fR(3)\. -+.RE ++\fBsyslog\fR(3)\&. + .RE .RE .PP AUTH OPTIONS -@@ -154,13 +165,13 @@ - Don\'t reset count on successful entry, only decrement\. + .RS 4 +-Authentication phase first checks if user should be denied access and if not it increments attempted login counter\. Then on call to ++Authentication phase first checks if user should be denied access and if not it increments attempted login counter\&. Then on call to + \fBpam_setcred\fR(3) +-it resets the attempts counter\. ++it resets the attempts counter\&. + .PP + \fBdeny=\fR\fB\fIn\fR\fR + .RS 4 + Deny access if tally for this user exceeds +-\fIn\fR\. ++\fIn\fR\&. + .RE + .PP + \fBlock_time=\fR\fB\fIn\fR\fR + .RS 4 + Always deny for + \fIn\fR +-seconds after failed attempt\. ++seconds after failed attempt\&. + .RE + .PP + \fBunlock_time=\fR\fB\fIn\fR\fR + .RS 4 + Allow access after + \fIn\fR +-seconds after failed attempt\. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\. ++seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&. + .RE + .PP + \fBmagic_root\fR + .RS 4 +-If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like +-\fBsu\fR, otherwise this argument should be omitted\. ++If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like ++\fBsu\fR, otherwise this argument should be omitted\&. + .RE + .PP + \fBno_lock_time\fR + .RS 4 +-Do not use the \.fail_locktime field in +-\fI/var/log/faillog\fR +-for this user\. ++Do not use the \&.fail_locktime field in ++\FC/var/log/faillog\F[] ++for this user\&. + .RE + .PP + \fBno_reset\fR + .RS 4 +-Don\'t reset count on successful entry, only decrement\. ++Don\'t reset count on successful entry, only decrement\&. + .RE + .PP + \fBeven_deny_root_account\fR + .RS 4 +-Root account can become unavailable\. ++Root account can become unavailable\&. + .RE + .PP + \fBper_user\fR + .RS 4 + If +-\fI/var/log/faillog\fR +-contains a non\-zero \.fail_max/\.fail_locktime field for this user then use it instead of ++\FC/var/log/faillog\F[] ++contains a non\-zero \&.fail_max/\&.fail_locktime field for this user then use it instead of + \fBdeny=\fR\fB\fIn\fR\fR/ + \fBlock_time=\fR\fB\fIn\fR\fR +-parameter\. ++parameter\&. + .RE + .PP + \fBno_lock_time\fR + .RS 4 +-Don\'t use \.fail_locktime filed in +-\fI/var/log/faillog\fR +-for this user\. ++Don\'t use \&.fail_locktime filed in ++\FC/var/log/faillog\F[] ++for this user\&. + .RE + .RE + .PP +@@ -139,73 +310,91 @@ + .RS 4 + Account phase resets attempts counter if the user is + \fBnot\fR +-magic root\. This phase can be used optionaly for services which don\'t call ++magic root\&. This phase can be used optionaly for services which don\'t call + \fBpam_setcred\fR(3) +-correctly or if the reset should be done regardless of the failure of the account phase of other modules\. ++correctly or if the reset should be done regardless of the failure of the account phase of other modules\&. + .PP + \fBmagic_root\fR + .RS 4 +-If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like +-\fBsu\fR, otherwise this argument should be omitted\. ++If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like ++\fBsu\fR, otherwise this argument should be omitted\&. + .RE + .PP + \fBno_reset\fR + .RS 4 +-Don\'t reset count on successful entry, only decrement\. ++Don\'t reset count on successful entry, only decrement\&. .RE .RE -.SH "MODULE SERVICES PROVIDED" @@ -1637,11 +11902,93 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 Linux-PAM-1.0.2/modu and \fBaccount\fR -services are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR -@@ -214,7 +225,7 @@ + .RS 4 +-A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\. ++A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Everything was successfull\. ++Everything was successfull\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/login\fR +-to lock the account after too many failed logins\. The number of allowed fails is specified by +-\fI/var/log/faillog\fR ++\FC/etc/pam\&.d/login\F[] ++to lock the account after too many failed logins\&. The number of allowed fails is specified by ++\FC/var/log/faillog\F[] + and needs to be set with pam_tally or + \fBfaillog\fR(8) +-before\. ++before\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth required pam_securetty\.so +-auth required pam_tally\.so per_user +-auth required pam_env\.so +-auth required pam_unix\.so +-auth required pam_nologin\.so +-account required pam_unix\.so +-password required pam_unix\.so +-session required pam_limits\.so +-session required pam_unix\.so +-session required pam_lastlog\.so nowtmp +-session optional pam_mail\.so standard ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth required pam_securetty\&.so ++auth required pam_tally\&.so per_user ++auth required pam_env\&.so ++auth required pam_unix\&.so ++auth required pam_nologin\&.so ++account required pam_unix\&.so ++password required pam_unix\&.so ++session required pam_limits\&.so ++session required pam_unix\&.so ++session required pam_lastlog\&.so nowtmp ++session optional pam_mail\&.so standard + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "FILES" + .PP +-\fI/var/log/faillog\fR ++\FC/var/log/faillog\F[] + .RS 4 + failure logging file + .RE +@@ -214,8 +403,8 @@ \fBfaillog\fR(8), \fBpam.conf\fR(5), @@ -1650,9 +11997,10 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/pam_tally.8 Linux-PAM-1.0.2/modu \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/README Linux-PAM-1.0.2/modules/pam_tally/README ---- Linux-PAM-1.0.2-old/modules/pam_tally/README 2008-04-16 11:08:11.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tally/README 2008-10-17 13:02:56.000000000 +0200 +-pam_tally was written by Tim Baverstock and Tomas Mraz\. ++pam_tally was written by Tim Baverstock and Tomas Mraz\&. +--- Linux-PAM-1.0.2-orig/modules/pam_tally/README 2008-04-16 11:08:11.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tally/README 2009-01-20 12:00:01.000000000 +0100 @@ -25,7 +25,7 @@ GLOBAL OPTIONS @@ -1677,39 +12025,198 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally/README Linux-PAM-1.0.2/modules/p AUTH OPTIONS Authentication phase first checks if user should be denied access and if -diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8 ---- Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 1970-01-01 01:00:00.000000000 +0100 -+++ Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8 2008-10-17 13:02:59.000000000 +0200 -@@ -0,0 +1,224 @@ +--- Linux-PAM-1.0.2-orig/modules/pam_tally2/pam_tally2.8 1970-01-01 01:00:00.000000000 +0100 ++++ Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8 2009-01-20 12:00:03.000000000 +0100 +@@ -0,0 +1,402 @@ +.\" Title: pam_tally2 -+.\" Author: -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual ++.\" Language: English +.\" -+.TH "PAM_TALLY2" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TALLY2" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l -+.SH "NAME" -+pam_tally2 - The login counter (tallying) module -+.SH "SYNOPSIS" -+.HP 14 -+\fBpam_tally2\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [audit] [silent] [no_log_info] -+.HP 11 ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_tally2 \- The login counter (tallying) module ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_tally2\&.so\fR\ 'u ++\fBpam_tally2\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [audit] [silent] [no_log_info] ++.fam ++.fam C ++.HP \w'\fBpam_tally2\fR\ 'u +\fBpam_tally2\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet] ++.fam +.SH "DESCRIPTION" +.PP -+This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\. ++This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&. +.PP +pam_tally2 comes in two parts: -+\fBpam_tally2\.so\fR ++\fBpam_tally2\&.so\fR +and -+\fBpam_tally2\fR\. The former is the PAM module and the latter, a stand\-alone program\. ++\fBpam_tally2\fR\&. The former is the PAM module and the latter, a stand\-alone program\&. +\fBpam_tally2\fR -+is an (optional) application which can be used to interrogate and manipulate the counter file\. It can display users\' counts, set individual counts, or clear all counts\. Setting artificially high counts may be useful for blocking users without changing their passwords\. For example, one might find it useful to clear all counts every midnight from a cron job\. ++is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display users\' counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&. +.PP +Normally, failed attempts to access +\fIroot\fR @@ -1717,7 +12224,7 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/mo +\fBnot\fR +cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\'t given shell accounts and root may only login via +\fBsu\fR -+or at the machine console (not telnet/rsh, etc), this is safe\. ++or at the machine console (not telnet/rsh, etc), this is safe\&. +.SH "OPTIONS" +.PP +GLOBAL OPTIONS @@ -1726,7 +12233,7 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/mo +\fIauth\fR +and +\fIaccount\fR -+module types\. ++module types\&. +.PP +\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR +.RS 4 @@ -1734,88 +12241,88 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/mo +\fBPAM_SUCESS\fR +if +\fBonerr=\fR\fB\fIsucceed\fR\fR -+is given, else with the corresponding PAM error code\. ++is given, else with the corresponding PAM error code\&. +.RE +.PP +\fBfile=\fR\fB\fI/path/to/counter\fR\fR +.RS 4 -+File where to keep counts\. Default is -+\fI/var/log/tallylog\fR\. ++File where to keep counts\&. Default is ++\FC/var/log/tallylog\F[]\&. +.RE +.PP +\fBaudit\fR +.RS 4 -+Will log the user name into the system log if the user is not found\. ++Will log the user name into the system log if the user is not found\&. +.RE +.PP +\fBsilent\fR +.RS 4 -+Don\'t print informative messages\. ++Don\'t print informative messages\&. +.RE +.PP +\fBno_log_info\fR +.RS 4 +Don\'t log informative messages via -+\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. +.RE +.RE +.PP +AUTH OPTIONS +.RS 4 -+Authentication phase first increments attempted login counter and checks if user should be denied access\. If the user is authenticated and the login process continues on call to ++Authentication phase first increments attempted login counter and checks if user should be denied access\&. If the user is authenticated and the login process continues on call to +\fBpam_setcred\fR(3) -+it resets the attempts counter\. ++it resets the attempts counter\&. +.PP +\fBdeny=\fR\fB\fIn\fR\fR +.RS 4 +Deny access if tally for this user exceeds -+\fIn\fR\. ++\fIn\fR\&. +.RE +.PP +\fBlock_time=\fR\fB\fIn\fR\fR +.RS 4 +Always deny for +\fIn\fR -+seconds after failed attempt\. ++seconds after failed attempt\&. +.RE +.PP +\fBunlock_time=\fR\fB\fIn\fR\fR +.RS 4 +Allow access after +\fIn\fR -+seconds after failed attempt\. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\. ++seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&. +.RE +.PP +\fBmagic_root\fR +.RS 4 -+If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like -+\fBsu\fR, otherwise this argument should be omitted\. ++If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like ++\fBsu\fR, otherwise this argument should be omitted\&. +.RE +.PP +\fBno_lock_time\fR +.RS 4 -+Do not use the \.fail_locktime field in -+\fI/var/log/faillog\fR -+for this user\. ++Do not use the \&.fail_locktime field in ++\FC/var/log/faillog\F[] ++for this user\&. +.RE +.PP +\fBno_reset\fR +.RS 4 -+Don\'t reset count on successful entry, only decrement\. ++Don\'t reset count on successful entry, only decrement\&. +.RE +.PP +\fBeven_deny_root\fR +.RS 4 -+Root account can become unavailable\. ++Root account can become unavailable\&. +.RE +.PP +\fBroot_unlock_time=\fR\fB\fIn\fR\fR +.RS 4 +This option implies +\fBeven_deny_root\fR -+option\. Allow access after ++option\&. Allow access after +\fIn\fR -+seconds to root acccount after failed attempt\. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. ++seconds to root acccount after failed attempt\&. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. +.RE +.RE +.PP @@ -1823,14 +12330,14 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/mo +.RS 4 +Account phase resets attempts counter if the user is +\fBnot\fR -+magic root\. This phase can be used optionaly for services which don\'t call ++magic root\&. This phase can be used optionaly for services which don\'t call +\fBpam_setcred\fR(3) -+correctly or if the reset should be done regardless of the failure of the account phase of other modules\. ++correctly or if the reset should be done regardless of the failure of the account phase of other modules\&. +.PP +\fBmagic_root\fR +.RS 4 -+If the module is invoked by a user with uid=0 the counter is not changed\. The sys\-admin should use this for user launched services, like -+\fBsu\fR, otherwise this argument should be omitted\. ++If the module is invoked by a user with uid=0 the counter is not changed\&. The sys\-admin should use this for user launched services, like ++\fBsu\fR, otherwise this argument should be omitted\&. +.RE +.RE +.SH "MODULE TYPES PROVIDED" @@ -1839,60 +12346,78 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/mo +\fBauth\fR +and +\fBaccount\fR -+module types are provided\. ++module types are provided\&. +.SH "RETURN VALUES" +.PP +PAM_AUTH_ERR +.RS 4 -+A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\. ++A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\&. +.RE +.PP +PAM_SUCCESS +.RS 4 -+Everything was successfull\. ++Everything was successfull\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 -+User not known\. ++User not known\&. +.RE +.SH "NOTES" +.PP -+pam_tally2 is not compatible with the old pam_tally faillog file format\. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\. ++pam_tally2 is not compatible with the old pam_tally faillog file format\&. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\&. +.PP +There is no setuid wrapper for access to the data file such as when the -+\fBpam_tally2\.so\fR -+module is called from xscreensaver\. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEPERM\fR) the module returns -+\fBPAM_IGNORE\fR\. ++\fBpam_tally2\&.so\fR ++module is called from xscreensaver\&. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEPERM\fR) the module returns ++\fBPAM_IGNORE\fR\&. +.SH "EXAMPLES" +.PP +Add the following line to -+\fI/etc/pam\.d/login\fR -+to lock the account after 4 failed logins\. Root account will be locked as well\. The accounts will be automatically unlocked after 20 minutes\. The module does not have to be called in the account phase because the ++\FC/etc/pam\&.d/login\F[] ++to lock the account after 4 failed logins\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&. The module does not have to be called in the account phase because the +\fBlogin\fR +calls +\fBpam_setcred\fR(3) -+correctly\. ++correctly\&. +.sp ++.if n \{\ +.RS 4 ++.\} ++.fam C ++.ps -1 +.nf -+auth required pam_securetty\.so -+auth required pam_tally2\.so deny=4 even_deny_root unlock_time=1200 -+auth required pam_env\.so -+auth required pam_unix\.so -+auth required pam_nologin\.so -+account required pam_unix\.so -+password required pam_unix\.so -+session required pam_limits\.so -+session required pam_unix\.so -+session required pam_lastlog\.so nowtmp -+session optional pam_mail\.so standard ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth required pam_securetty\&.so ++auth required pam_tally2\&.so deny=4 even_deny_root unlock_time=1200 ++auth required pam_env\&.so ++auth required pam_unix\&.so ++auth required pam_nologin\&.so ++account required pam_unix\&.so ++password required pam_unix\&.so ++session required pam_limits\&.so ++session required pam_unix\&.so ++session required pam_lastlog\&.so nowtmp ++session optional pam_mail\&.so standard + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} +.fi ++.fam ++.ps +1 ++.if n \{\ +.RE ++.\} +.SH "FILES" +.PP -+\fI/var/log/tallylog\fR ++\FC/var/log/tallylog\F[] +.RS 4 +failure count logging file +.RE @@ -1904,10 +12429,9 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/pam_tally2.8 Linux-PAM-1.0.2/mo +\fBpam\fR(8) +.SH "AUTHOR" +.PP -+pam_tally was written by Tim Baverstock and Tomas Mraz\. -diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/README Linux-PAM-1.0.2/modules/pam_tally2/README ---- Linux-PAM-1.0.2-old/modules/pam_tally2/README 1970-01-01 01:00:00.000000000 +0100 -+++ Linux-PAM-1.0.2/modules/pam_tally2/README 2008-10-17 13:03:00.000000000 +0200 ++pam_tally was written by Tim Baverstock and Tomas Mraz\&. +--- Linux-PAM-1.0.2-orig/modules/pam_tally2/README 1970-01-01 01:00:00.000000000 +0100 ++++ Linux-PAM-1.0.2/modules/pam_tally2/README 2009-01-20 12:00:06.000000000 +0100 @@ -0,0 +1,146 @@ +pam_tally2 — The login counter (tallying) module + @@ -2055,27 +12579,217 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tally2/README Linux-PAM-1.0.2/modules/ + +pam_tally was written by Tim Baverstock and Tomas Mraz. + -diff -urN Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 Linux-PAM-1.0.2/modules/pam_time/pam_time.8 ---- Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 2008-04-16 11:08:15.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2008-10-17 13:03:02.000000000 +0200 -@@ -1,11 +1,11 @@ +--- Linux-PAM-1.0.2-orig/modules/pam_time/pam_time.8 2008-04-16 11:08:15.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2009-01-20 12:00:08.000000000 +0100 +@@ -1,95 +1,271 @@ .\" Title: pam_time - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_TIME" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_TIME" "8" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_TIME" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -35,11 +35,11 @@ + .ad l +-.SH "NAME" +-pam_time - PAM module for time control access +-.SH "SYNOPSIS" +-.HP 12 +-\fBpam_time\.so\fR [debug] [noaudit] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_time \- PAM module for time control access ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_time\&.so\fR\ 'u ++\fBpam_time\&.so\fR [debug] [noaudit] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\. ++The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\&. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\&. + .PP + By default rules for time/port access are taken from config file +-\fI/etc/security/time\.conf\fR\. ++\FC/etc/security/time\&.conf\F[]\&. + .PP +-If Linux PAM is compiled with audit support the module will report when it denies access\. ++If Linux PAM is compiled with audit support the module will report when it denies access\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Do not report logins at disallowed time to the audit subsystem\. + Some debug informations are printed with +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .RE + .PP + \fBnoaudit\fR + .RS 4 +-Do not report logins at disallowed time to the audit subsystem\. ++Do not report logins at disallowed time to the audit subsystem\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -2083,40 +12797,310 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_time/pam_time.8 Linux-PAM-1.0.2/module Only the \fBaccount\fR -service is supported\. -+type is provided\. ++type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS -@@ -88,7 +88,7 @@ + .RS 4 +-Access was granted\. ++Access was granted\&. + .RE + .PP + PAM_ABORT + .RS 4 +-Not all relevant data could be gotten\. ++Not all relevant data could be gotten\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_PERM_DENIED + .RS 4 +-Access was not granted\. ++Access was not granted\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-The user is not known to the system\. ++The user is not known to the system\&. + .RE + .SH "FILES" + .PP +-\fI/etc/security/time\.conf\fR ++\FC/etc/security/time\&.conf\F[] + .RS 4 + Default configuration file + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 + # + # apply pam_time accounting to login requests + # +-login account required pam_time\.so ++login account required pam_time\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" .PP \fBtime.conf\fR(5), -\fBpam.d\fR(8), +-\fBpam\fR(8)\. +\fBpam.d\fR(5), - \fBpam\fR(8)\. ++\fBpam\fR(8)\&. .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 ---- Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 2008-04-16 11:08:21.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2008-10-17 13:03:05.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_time was written by Andrew G\. Morgan \. ++pam_time was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_tty_audit/pam_tty_audit.8 2008-04-16 11:08:21.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2009-01-20 12:00:11.000000000 +0100 +@@ -1,80 +1,256 @@ .\" Title: pam_tty_audit - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_TTY_AUDIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TTY_AUDIT" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TTY_AUDIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -43,11 +43,11 @@ + .ad l +-.SH "NAME" +-pam_tty_audit - Enable or disable TTY auditing for specified users +-.SH "SYNOPSIS" +-.HP 17 +-\fBpam_tty_audit\.so\fR [disable=\fIpatterns\fR] [enable=\fIpatterns\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_tty_audit \- Enable or disable TTY auditing for specified users ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_tty_audit\&.so\fR\ 'u ++\fBpam_tty_audit\&.so\fR [disable=\fIpatterns\fR] [enable=\fIpatterns\fR] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_tty_audit PAM module is used to enable or disable TTY auditing\. By default, the kernel does not audit input on any TTY\. ++The pam_tty_audit PAM module is used to enable or disable TTY auditing\&. By default, the kernel does not audit input on any TTY\&. + .SH "OPTIONS" + .PP + \fBdisable=\fR\fB\fIpatterns\fR\fR + .RS 4 + For each user matching one of comma\-separated glob +-\fB\fIpatterns\fR\fR, disable TTY auditing\. This overrides any previous ++\fB\fIpatterns\fR\fR, disable TTY auditing\&. This overrides any previous + \fBenable\fR +-option matchin the same user name on the command line\. ++option matchin the same user name on the command line\&. + .RE + .PP + \fBenable=\fR\fB\fIpatterns\fR\fR + .RS 4 + For each user matching one of comma\-separated glob +-\fB\fIpatterns\fR\fR, enable TTY auditing\. This overrides any previous ++\fB\fIpatterns\fR\fR, enable TTY auditing\&. This overrides any previous + \fBdisable\fR +-option matching the same user name on the command line\. ++option matching the same user name on the command line\&. + .RE + .PP + \fBopen_only\fR + .RS 4 +-Set the TTY audit flag when opening the session, but do not restore it when closing the session\. Using this option is necessary for some services that don\'t ++Set the TTY audit flag when opening the session, but do not restore it when closing the session\&. Using this option is necessary for some services that don\'t + \fBfork()\fR to run the authenticated session, such as - \fBsudo\fR\. +-\fBsudo\fR\. ++\fBsudo\fR\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -2124,31 +13108,355 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_tty_audit/pam_tty_audit.8 Linux-PAM-1. Only the \fBsession\fR -service is supported\. -+type is supported\. ++type is supported\&. .SH "RETURN VALUES" .PP PAM_SESSION_ERR -diff -urN Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 ---- Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 2008-04-16 11:08:27.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2008-10-17 13:03:08.000000000 +0200 -@@ -1,11 +1,11 @@ + .RS 4 +-Error reading or modifying the TTY audit flag\. See the system log for more details\. ++Error reading or modifying the TTY audit flag\&. See the system log for more details\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Success\. ++Success\&. + .RE + .SH "NOTES" + .PP +-When TTY auditing is enabled, it is inherited by all processes started by that user\. In particular, daemons restarted by an user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\. Therefore, it is recommended to use ++When TTY auditing is enabled, it is inherited by all processes started by that user\&. In particular, daemons restarted by an user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\&. Therefore, it is recommended to use + \fBdisable=*\fR +-as the first option for most daemons using PAM\. ++as the first option for most daemons using PAM\&. + .SH "EXAMPLES" + .PP +-Audit all administrative actions\. ++Audit all administrative actions\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-session required pam_tty_audit\.so disable=* enable=root ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++session required pam_tty_audit\&.so disable=* enable=root + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "AUTHOR" + .PP +-pam_tty_audit was written by Miloslav Trmač \. ++pam_tty_audit was written by Miloslav Trmač \&. +--- Linux-PAM-1.0.2-orig/modules/pam_umask/pam_umask.8 2008-04-16 11:08:27.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2009-01-20 12:00:14.000000000 +0100 +@@ -1,48 +1,248 @@ .\" Title: pam_umask - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_UMASK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UMASK" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UMASK" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -70,11 +70,11 @@ + .ad l +-.SH "NAME" +-pam_umask - PAM module to set the file mode creation mask +-.SH "SYNOPSIS" +-.HP 13 +-\fBpam_umask\.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_umask \- PAM module to set the file mode creation mask ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_umask\&.so\fR\ 'u ++\fBpam_umask\&.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR] ++.fam + .SH "DESCRIPTION" + .PP +-pam_umask is a PAM module to set the file mode creation mask of the current environment\. The umask affects the default permissions assigned to newly created files\. ++pam_umask is a PAM module to set the file mode creation mask of the current environment\&. The umask affects the default permissions assigned to newly created files\&. + .PP + The PAM module tries to get the umask value from the following places in the following order: + .sp + .RS 4 +-\h'-04'\(bu\h'+03'umask= argument ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++umask= argument + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'umask= entry of the users GECOS field ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++umask= entry of the users GECOS field + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'pri= entry of the users GECOS field ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++pri= entry of the users GECOS field + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'ulimit= entry of the users GECOS field ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++ulimit= entry of the users GECOS field + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'UMASK= entry from /etc/default/login ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++UMASK= entry from /etc/default/login + .RE + .sp + .RS 4 +-\h'-04'\(bu\h'+03'UMASK entry from /etc/login\.defs ++.ie n \{\ ++\h'-04'\(bu\h'+03'\c ++.\} ++.el \{\ ++.sp -1 ++.IP \(bu 2.3 ++.\} ++UMASK entry from /etc/login\&.defs + .RE + .sp + .RE +@@ -51,66 +251,84 @@ + .PP + \fBdebug\fR + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBsilent\fR + .RS 4 +-Don\'t print informative messages\. ++Don\'t print informative messages\&. + .RE + .PP + \fBusergroups\fR + .RS 4 +-If the user is not root, and the user ID is equal to the group ID, and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\. ++If the user is not root, and the user ID is equal to the group ID, and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. + .RE + .PP + \fBumask=\fR\fB\fImask\fR\fR + .RS 4 + Sets the calling process\'s file mode creation mask (umask) to \fBmask\fR - & 0777\. The value is interpreted as Octal\. +-& 0777\. The value is interpreted as Octal\. ++& 0777\&. The value is interpreted as Octal\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -2156,11 +13464,61 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 Linux-PAM-1.0.2/modu Only the \fBsession\fR -service is supported\. -+type is provided\. ++type is provided\&. .SH "RETURN VALUES" .PP .PP -@@ -109,7 +109,7 @@ + PAM_SUCCESS + .RS 4 +-The new umask was set successfull\. ++The new umask was set successfull\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-No username was given\. ++No username was given\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + to set the user specific umask at login: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +- session optional pam_umask\.so umask=0022 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++ session optional pam_umask\&.so umask=0022 + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -2169,29 +13527,362 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_umask/pam_umask.8 Linux-PAM-1.0.2/modu \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 ---- Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 2008-04-16 11:08:40.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2008-10-17 13:03:17.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_umask was written by Thorsten Kukuk \. ++pam_umask was written by Thorsten Kukuk \&. +--- Linux-PAM-1.0.2-orig/modules/pam_unix/pam_unix.8 2008-04-16 11:08:40.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2009-01-20 12:00:24.000000000 +0100 +@@ -1,85 +1,243 @@ .\" Title: pam_unix - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_UNIX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UNIX" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UNIX" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -148,9 +148,13 @@ + .ad l +-.SH "NAME" +-pam_unix - Module for traditional password authentication +-.SH "SYNOPSIS" +-.HP 12 +-\fBpam_unix\.so\fR [\.\.\.] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_unix \- Module for traditional password authentication ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_unix\&.so\fR\ 'u ++\fBpam_unix\&.so\fR [\&.\&.\&.] ++.fam + .SH "DESCRIPTION" + .PP +-This is the standard Unix authentication module\. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\. ++This is the standard Unix authentication module\&. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&. + .PP + The account component performs the task of establishing the status of the user\'s account and password based on the following + \fIshadow\fR +-elements: expire, last_change, max_change, min_change, warn_change\. In the case of the latter, it may offer advice to the user on changing their password or, through the ++elements: expire, last_change, max_change, min_change, warn_change\&. In the case of the latter, it may offer advice to the user on changing their password or, through the + \fBPAM_AUTHTOKEN_REQD\fR +-return, delay giving service to the user until they have established a new password\. The entries listed above are documented in the ++return, delay giving service to the user until they have established a new password\&. The entries listed above are documented in the + \fBshadow\fR(5) +-manual page\. Should the user\'s record not contain one or more of these entries, the corresponding ++manual page\&. Should the user\'s record not contain one or more of these entries, the corresponding + \fIshadow\fR +-check is not performed\. ++check is not performed\&. + .PP +-The authentication component performs the task of checking the users credentials (password)\. The default action of this module is to not permit the user access to a service if their official password is blank\. ++The authentication component performs the task of checking the users credentials (password)\&. The default action of this module is to not permit the user access to a service if their official password is blank\&. + .PP + A helper binary, +-\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\. This binary is very simple and will only check the password of the user invoking it\. It is called transparently on behalf of the user by the authenticating component of this module\. In this way it is possible for applications like ++\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like + \fBxlock\fR(1) +-to work without being setuid\-root\. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was +-\fBfork()\fRd\. The ++to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was ++\fBfork()\fRd\&. The + \fBnoreap\fR +-module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\. ++module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. + .PP +-The password component of this module performs the task of updating the user\'s password\. ++The password component of this module performs the task of updating the user\'s password\&. + .PP +-The session component of this module logs when a user logins or leave the system\. ++The session component of this module logs when a user logins or leave the system\&. + .PP +-Remaining arguments, supported by others functions of this module, are silently ignored\. Other arguments are logged as errors through +-\fBsyslog\fR(3)\. ++Remaining arguments, supported by others functions of this module, are silently ignored\&. Other arguments are logged as errors through ++\fBsyslog\fR(3)\&. + .SH "OPTIONS" + .PP + \fBdebug\fR + .RS 4 + Turns on debugging via +-\fBsyslog\fR(3)\. ++\fBsyslog\fR(3)\&. + .RE + .PP + \fBaudit\fR + .RS 4 +-A little more extreme than debug\. ++A little more extreme than debug\&. + .RE + .PP + \fBnullok\fR + .RS 4 +-The default action of this module is to not permit the user access to a service if their official password is blank\. The ++The default action of this module is to not permit the user access to a service if their official password is blank\&. The + \fBnullok\fR +-argument overrides this default\. ++argument overrides this default\&. + .RE + .PP + \fBtry_first_pass\fR + .RS 4 +-Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\. ++Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\&. + .RE + .PP + \fBuse_first_pass\fR + .RS 4 + The argument + \fBuse_first_pass\fR +-forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\. ++forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\&. + .RE + .PP + \fBnodelay\fR + .RS 4 +-This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\. The default action is for the module to request a delay\-on\-failure of the order of two second\. ++This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\&. The default action is for the module to request a delay\-on\-failure of the order of two second\&. + .RE + .PP + \fBuse_authtok\fR +@@ -88,17 +246,17 @@ + \fBpassword\fR + module (this is used in the example of the stacking of the + \fBpam_cracklib\fR +-module documented above)\. ++module documented above)\&. + .RE + .PP + \fBnot_set_pass\fR + .RS 4 +-This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\. ++This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\&. + .RE + .PP + \fBnis\fR + .RS 4 +-NIS RPC is used for setting new passwords\. ++NIS RPC is used for setting new passwords\&. + .RE + .PP + \fBremember=\fR\fB\fIn\fR\fR +@@ -106,84 +264,106 @@ + The last + \fIn\fR + passwords for each user are saved in +-\fI/etc/security/opasswd\fR +-in order to force password change history and keep the user from alternating between the same password too frequently\. ++\FC/etc/security/opasswd\F[] ++in order to force password change history and keep the user from alternating between the same password too frequently\&. + .RE + .PP + \fBshadow\fR + .RS 4 +-Try to maintain a shadow based system\. ++Try to maintain a shadow based system\&. + .RE + .PP + \fBmd5\fR + .RS 4 +-When a user changes their password next, encrypt it with the MD5 algorithm\. ++When a user changes their password next, encrypt it with the MD5 algorithm\&. + .RE + .PP + \fBbigcrypt\fR + .RS 4 +-When a user changes their password next, encrypt it with the DEC C2 algorithm\. ++When a user changes their password next, encrypt it with the DEC C2 algorithm\&. + .RE + .PP + \fBsha256\fR + .RS 4 +-When a user changes their password next, encrypt it with the SHA256 algorithm\. If the SHA256 algorithm is not known to the libcrypt, fall back to MD5\. ++When a user changes their password next, encrypt it with the SHA256 algorithm\&. If the SHA256 algorithm is not known to the libcrypt, fall back to MD5\&. + .RE + .PP + \fBsha512\fR + .RS 4 +-When a user changes their password next, encrypt it with the SHA512 algorithm\. If the SHA512 algorithm is not known to the libcrypt, fall back to MD5\. ++When a user changes their password next, encrypt it with the SHA512 algorithm\&. If the SHA512 algorithm is not known to the libcrypt, fall back to MD5\&. + .RE + .PP + \fBrounds=\fR\fB\fIn\fR\fR + .RS 4 + Set the optional number of rounds of the SHA256 and SHA512 password hashing algorithms to +-\fIn\fR\. ++\fIn\fR\&. + .RE + .PP + \fBbroken_shadow\fR + .RS 4 +-Ignore errors reading shadow inforation for users in the account management module\. ++Ignore errors reading shadow inforation for users in the account management module\&. + .RE .PP Invalid arguments are logged with - \fBsyslog\fR(3)\. +-\fBsyslog\fR(3)\. -.SH "MODULE SERVICES PROVIDED" ++\fBsyslog\fR(3)\&. +.SH "MODULE TYPES PROVIDED" .PP -All service are supported\. @@ -2199,11 +13890,60 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 Linux-PAM-1.0.2/module +\fBauth\fR, +\fBpassword\fR +and -+\fBsession\fR) are provided\. ++\fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_IGNORE -@@ -182,7 +186,7 @@ + .RS 4 +-Ignore this module\. ++Ignore this module\&. + .RE + .SH "EXAMPLES" + .PP + An example usage for +-\fI/etc/pam\.d/login\fR ++\FC/etc/pam\&.d/login\F[] + would be: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ + # Authenticate the user +-auth required pam_unix\.so ++auth required pam_unix\&.so + # Ensure users account and password are still active +-account required pam_unix\.so ++account required pam_unix\&.so + # Change the users password, but at first check the strength + # with pam_cracklib(8) +-password required pam_cracklib\.so retry=3 minlen=6 difok=3 +-password required pam_unix\.so use_authtok nullok md5 +-session required pam_unix\.so ++password required pam_cracklib\&.so retry=3 minlen=6 difok=3 ++password required pam_unix\&.so use_authtok nullok md5 ++session required pam_unix\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -2212,27 +13952,266 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_unix/pam_unix.8 Linux-PAM-1.0.2/module \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 ---- Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 2008-04-16 11:08:48.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2008-10-17 13:03:20.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_unix was written by various people\. ++pam_unix was written by various people\&. +--- Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.8 2008-04-16 11:08:48.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2009-01-20 12:00:28.000000000 +0100 +@@ -1,136 +1,312 @@ .\" Title: pam_userdb - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_USERDB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_USERDB" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_USERDB" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -73,13 +73,13 @@ + .ad l +-.SH "NAME" +-pam_userdb - PAM module to authenticate against a db database +-.SH "SYNOPSIS" +-.HP 14 +-\fBpam_userdb\.so\fR db=\fI/path/database\fR [debug] [crypt=[crypt|none]] [icase] [dump] [try_first_pass] [use_first_pass] [unknown_ok] [key_only] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_userdb \- PAM module to authenticate against a db database ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_userdb\&.so\fR\ 'u ++\fBpam_userdb\&.so\fR db=\fI/path/database\fR [debug] [crypt=[crypt|none]] [icase] [dump] [try_first_pass] [use_first_pass] [unknown_ok] [key_only] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_userdb module is used to verify a username/password pair against values stored in a Berkeley DB database\. The database is indexed by the username, and the data fields corresponding to the username keys are the passwords\. ++The pam_userdb module is used to verify a username/password pair against values stored in a Berkeley DB database\&. The database is indexed by the username, and the data fields corresponding to the username keys are the passwords\&. + .SH "OPTIONS" + .PP + \fBcrypt=[crypt|none]\fR .RS 4 - The username and password are concatenated together in the database hash as \'username\-password\' with a random value\. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\. this is useful in cases where the username may not be unique but the username and password pair are\. +-Indicates whether encrypted or plaintext passwords are stored in the database\. If it is ++Indicates whether encrypted or plaintext passwords are stored in the database\&. If it is + \fBcrypt\fR, passwords should be stored in the database in + \fBcrypt\fR(3) +-form\. If ++form\&. If + \fBnone\fR +-is selected, passwords should be stored in the database as plaintext\. ++is selected, passwords should be stored in the database as plaintext\&. + .RE + .PP + \fBdb=\fR\fB\fI/path/database\fR\fR + .RS 4 + Use the +-\fI/path/database\fR +-database for performing lookup\. There is no default; the module will return ++\FC/path/database\F[] ++database for performing lookup\&. There is no default; the module will return + \fBPAM_IGNORE\fR +-if no database is provided\. ++if no database is provided\&. + .RE + .PP + \fBdebug\fR + .RS 4 +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBdump\fR + .RS 4 +-Dump all the entries in the database to the log\. Don\'t do this by default! ++Dump all the entries in the database to the log\&. Don\'t do this by default! + .RE + .PP + \fBicase\fR + .RS 4 +-Make the password verification to be case insensitive (ie when working with registration numbers and such)\. Only works with plaintext password storage\. ++Make the password verification to be case insensitive (ie when working with registration numbers and such)\&. Only works with plaintext password storage\&. + .RE + .PP + \fBtry_first_pass\fR + .RS 4 +-Use the authentication token previously obtained by another module that did the conversation with the application\. If this token can not be obtained then the module will try to converse\. This option can be used for stacking different modules that need to deal with the authentication tokens\. ++Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will try to converse\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&. + .RE + .PP + \fBuse_first_pass\fR + .RS 4 +-Use the authentication token previously obtained by another module that did the conversation with the application\. If this token can not be obtained then the module will fail\. This option can be used for stacking different modules that need to deal with the authentication tokens\. ++Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will fail\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&. + .RE + .PP + \fBunknown_ok\fR + .RS 4 +-Do not return error when checking for a user that is not in the database\. This can be used to stack more than one pam_userdb module that will check a username/password pair in more than a database\. ++Do not return error when checking for a user that is not in the database\&. This can be used to stack more than one pam_userdb module that will check a username/password pair in more than a database\&. + .RE + .PP + \fBkey_only\fR + .RS 4 +-The username and password are concatenated together in the database hash as \'username\-password\' with a random value\. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\. this is useful in cases where the username may not be unique but the username and password pair are\. ++The username and password are concatenated together in the database hash as \'username\-password\' with a random value\&. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\&. this is useful in cases where the username may not be unique but the username and password pair are\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -2243,11 +14222,79 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 Linux-PAM-1.0.2/mo and \fBaccount\fR -are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR -@@ -129,7 +129,7 @@ + .RS 4 +-Authentication failure\. ++Authentication failure\&. + .RE + .PP + PAM_AUTHTOK_RECOVERY_ERR + .RS 4 +-Authentication information cannot be recovered\. ++Authentication information cannot be recovered\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_CONV_ERR + .RS 4 +-Conversation failure\. ++Conversation failure\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Error in service module\. ++Error in service module\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Success\. ++Success\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known to the underlying authentication module\. ++User not known to the underlying authentication module\&. + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-auth sufficient pam_userdb\.so icase db=/etc/dbtest\.db ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++auth sufficient pam_userdb\&.so icase db=/etc/dbtest\&.db + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" + .PP \fBcrypt\fR(3), \fBpam.conf\fR(5), @@ -2256,29 +14303,207 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_userdb/pam_userdb.8 Linux-PAM-1.0.2/mo \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 ---- Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 2008-04-16 11:08:53.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2008-10-17 13:03:23.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_userdb was written by Cristian Gafton >gafton@redhat\.com<\. ++pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. +--- Linux-PAM-1.0.2-orig/modules/pam_warn/pam_warn.8 2008-04-16 11:08:53.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2009-01-20 12:00:31.000000000 +0100 +@@ -1,69 +1,245 @@ .\" Title: pam_warn - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_WARN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WARN" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WARN" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -23,15 +23,15 @@ + .ad l +-.SH "NAME" +-pam_warn - PAM module which logs all PAM items if called +-.SH "SYNOPSIS" +-.HP 12 +-\fBpam_warn\.so\fR ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_warn \- PAM module which logs all PAM items if called ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_warn\&.so\fR\ 'u ++\fBpam_warn\&.so\fR ++.fam + .SH "DESCRIPTION" + .PP + pam_warn is a PAM module that logs the service, terminal, user, remote user and remote host to +-\fBsyslog\fR(3)\. The items are not probed for, but instead obtained from the standard PAM items\. The module always returns +-\fBPAM_IGNORE\fR, indicating that it does not want to affect the authentication process\. ++\fBsyslog\fR(3)\&. The items are not probed for, but instead obtained from the standard PAM items\&. The module always returns ++\fBPAM_IGNORE\fR, indicating that it does not want to affect the authentication process\&. .SH "OPTIONS" .PP - This module does not recognise any options\. +-This module does not recognise any options\. -.SH "MODULE SERVICES PROVIDED" ++This module does not recognise any options\&. +.SH "MODULE TYPES PROVIDED" .PP -The services @@ -2289,11 +14514,64 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 Linux-PAM-1.0.2/module and \fBsession\fR -are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_IGNORE -@@ -62,7 +62,7 @@ + .RS 4 +-This module always returns PAM_IGNORE\. ++This module always returns PAM_IGNORE\&. + .RE + .SH "EXAMPLES" + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-#%PAM\-1\.0 ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++#%PAM\-1\&.0 + # + # If we don\'t have config entries for a service, the +-# OTHER entries are used\. To be secure, warn and deny +-# access to everything\. +-other auth required pam_warn\.so +-other auth required pam_deny\.so +-other account required pam_warn\.so +-other account required pam_deny\.so +-other password required pam_warn\.so +-other password required pam_deny\.so +-other session required pam_warn\.so +-other session required pam_deny\.so ++# OTHER entries are used\&. To be secure, warn and deny ++# access to everything\&. ++other auth required pam_warn\&.so ++other auth required pam_deny\&.so ++other account required pam_warn\&.so ++other account required pam_deny\&.so ++other password required pam_warn\&.so ++other password required pam_deny\&.so ++other session required pam_warn\&.so ++other session required pam_deny\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -2302,27 +14580,249 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_warn/pam_warn.8 Linux-PAM-1.0.2/module \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 ---- Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 2008-04-16 11:08:57.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2008-10-17 13:03:26.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_warn was written by Andrew G\. Morgan \. ++pam_warn was written by Andrew G\&. Morgan \&. +--- Linux-PAM-1.0.2-orig/modules/pam_wheel/pam_wheel.8 2008-04-16 11:08:57.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2009-01-20 12:00:34.000000000 +0100 +@@ -1,127 +1,303 @@ .\" Title: pam_wheel - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WHEEL" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WHEEL" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -60,13 +60,13 @@ + .ad l +-.SH "NAME" +-pam_wheel - Only permit root access to members of group wheel +-.SH "SYNOPSIS" +-.HP 13 +-\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_wheel \- Only permit root access to members of group wheel ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_wheel\&.so\fR\ 'u ++\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] ++.fam + .SH "DESCRIPTION" + .PP + The pam_wheel PAM module is used to enforce the so\-called + \fIwheel\fR +-group\. By default it permits root access to the system if the applicant user is a member of the ++group\&. By default it permits root access to the system if the applicant user is a member of the + \fIwheel\fR +-group\. If no group with this name exist, the module is using the group with the group\-ID +-\fB0\fR\. ++group\&. If no group with this name exist, the module is using the group with the group\-ID ++\fB0\fR\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\. +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBdeny\fR + .RS 4 + Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the + \fBgroup\fR +-option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless ++option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless + \fBtrust\fR +-was also specified, in which case we return PAM_SUCCESS)\. ++was also specified, in which case we return PAM_SUCCESS)\&. + .RE + .PP + \fBgroup=\fR\fB\fIname\fR\fR + .RS 4 + Instead of checking the wheel or GID 0 groups, use the + \fB\fIname\fR\fR +-group to perform the authentication\. ++group to perform the authentication\&. + .RE + .PP + \fBroot_only\fR + .RS 4 +-The check for wheel membership is done only\. ++The check for wheel membership is done only\&. + .RE + .PP + \fBtrust\fR + .RS 4 +-The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\. ++The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. + .RE + .PP + \fBuse_uid\fR + .RS 4 +-The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\. ++The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -2332,11 +14832,86 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 Linux-PAM-1.0.2/modu and \fBaccount\fR -services are supported\. -+module types are provided\. ++module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR -@@ -120,7 +120,7 @@ + .RS 4 +-Authentication failure\. ++Authentication failure\&. + .RE + .PP + PAM_BUF_ERR + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_IGNORE + .RS 4 +-The return value should be ignored by PAM dispatch\. ++The return value should be ignored by PAM dispatch\&. + .RE + .PP + PAM_PERM_DENY + .RS 4 +-Permission denied\. ++Permission denied\&. + .RE + .PP + PAM_SERVICE_ERR + .RS 4 +-Cannot determine the user name\. ++Cannot determine the user name\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Success\. ++Success\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP +-The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\. ++The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&. + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-su auth sufficient pam_rootok\.so +-su auth required pam_wheel\.so +-su auth required pam_unix\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++su auth sufficient pam_rootok\&.so ++su auth required pam_wheel\&.so ++su auth required pam_unix\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "SEE ALSO" .PP \fBpam.conf\fR(5), @@ -2345,27 +14920,286 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_wheel/pam_wheel.8 Linux-PAM-1.0.2/modu \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 ---- Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 2008-04-16 11:09:03.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2008-10-17 13:03:30.000000000 +0200 -@@ -1,11 +1,11 @@ +-pam_wheel was written by Cristian Gafton \. ++pam_wheel was written by Cristian Gafton \&. +--- Linux-PAM-1.0.2-orig/modules/pam_xauth/pam_xauth.8 2008-04-16 11:09:03.000000000 +0200 ++++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2009-01-20 12:00:38.000000000 +0100 +@@ -1,154 +1,330 @@ .\" Title: pam_xauth - .\" Author: +-.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 ++.\" Author: [see the "AUTHOR" section] ++.\" Generator: DocBook XSL Stylesheets v1.74.0 ++.\" Date: 01/20/2009 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual ++.\" Language: English .\" -.TH "PAM_XAUTH" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_XAUTH" "8" "10/17/2008" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_XAUTH" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" ++.\" ----------------------------------------------------------------- ++.\" * (re)Define some macros ++.\" ----------------------------------------------------------------- ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" toupper - uppercase a string (locale-aware) ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de toupper ++.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ ++\\$* ++.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH-xref - format a cross-reference to an SH section ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de SH-xref ++.ie n \{\ ++.\} ++.toupper \\$* ++.el \{\ ++\\$* ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SH - level-one heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SH ++.\" put an extra blank line of space above the head in non-TTY output ++.if t \{\ ++.sp 1 ++.\} ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[an-margin]u ++.ti 0 ++.HTML-TAG ".NH \\n[an-level]" ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++\." make the size of the head bigger ++.ps +3 ++.ft B ++.ne (2v + 1u) ++.ie n \{\ ++.\" if n (TTY output), use uppercase ++.toupper \\$* ++.\} ++.el \{\ ++.nr an-break-flag 0 ++.\" if not n (not TTY), use normal case (not uppercase) ++\\$1 ++.in \\n[an-margin]u ++.ti 0 ++.\" if not n (not TTY), put a border/line under subheading ++.sp -.6 ++\l'\n(.lu' ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" SS - level-two heading that works better for non-TTY output ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de1 SS ++.sp \\n[PD]u ++.nr an-level 1 ++.set-an-margin ++.nr an-prevailing-indent \\n[IN] ++.fi ++.in \\n[IN]u ++.ti \\n[SN]u ++.it 1 an-trap ++.nr an-no-space-flag 1 ++.nr an-break-flag 1 ++.ps \\n[PS-SS]u ++\." make the size of the head bigger ++.ps +2 ++.ft B ++.ne (2v + 1u) ++.if \\n[.$] \&\\$* ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BB/BE - put background/screen (filled box) around block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BB ++.if t \{\ ++.sp -.5 ++.br ++.in +2n ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EB ++.if t \{\ ++.if "\\$2"adjust-for-leading-newline" \{\ ++.sp -1 ++.\} ++.br ++.di ++.in ++.ll ++.gcolor ++.nr BW \\n(.lu-\\n(.i ++.nr BH \\n(dn+.5v ++.ne \\n(BHu+.5v ++.ie "\\$2"adjust-for-leading-newline" \{\ ++\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.el \{\ ++\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] ++.\} ++.in 0 ++.sp -.5v ++.nf ++.BX ++.in ++.sp .5v ++.fi ++.\} ++.. ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.\" BM/EM - put colored marker in margin next to block of text ++.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ++.de BM ++.if t \{\ ++.br ++.ll -2n ++.gcolor red ++.di BX ++.\} ++.. ++.de EM ++.if t \{\ ++.br ++.di ++.ll ++.gcolor ++.nr BH \\n(dn ++.ne \\n(BHu ++\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] ++.in 0 ++.nf ++.BX ++.in ++.fi ++.\} ++.. ++.\" ----------------------------------------------------------------- ++.\" * set default formatting ++.\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) -@@ -82,11 +82,11 @@ + .ad l +-.SH "NAME" +-pam_xauth - PAM module to forward xauth keys between users +-.SH "SYNOPSIS" +-.HP 13 +-\fBpam_xauth\.so\fR [debug] [xauthpath=\fI/path/to/xauth\fR] [systemuser=\fIUID\fR] [targetuser=\fIUID\fR] ++.\" ----------------------------------------------------------------- ++.\" * MAIN CONTENT STARTS HERE * ++.\" ----------------------------------------------------------------- ++.SH "Name" ++pam_xauth \- PAM module to forward xauth keys between users ++.SH "Synopsis" ++.fam C ++.HP \w'\fBpam_xauth\&.so\fR\ 'u ++\fBpam_xauth\&.so\fR [debug] [xauthpath=\fI/path/to/xauth\fR] [systemuser=\fIUID\fR] [targetuser=\fIUID\fR] ++.fam + .SH "DESCRIPTION" + .PP +-The pam_xauth PAM module is designed to forward xauth keys (sometimes referred to as "cookies") between users\. ++The pam_xauth PAM module is designed to forward xauth keys (sometimes referred to as "cookies") between users\&. + .PP + Without pam_xauth, when xauth is enabled and a user uses the + \fBsu\fR(1) +-command to assume another user\'s priviledges, that user is no longer able to access the original user\'s X display because the new user does not have the key needed to access the display\. pam_xauth solves the problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target user) when the session is created, and destroying the key when the session is torn down\. ++command to assume another user\'s priviledges, that user is no longer able to access the original user\'s X display because the new user does not have the key needed to access the display\&. pam_xauth solves the problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target user) when the session is created, and destroying the key when the session is torn down\&. + .PP + This means, for example, that when you run + \fBsu\fR(1) + from an xterm sesssion, you will be able to run X programs without explicitly dealing with the + \fBxauth\fR(1) +-xauth command or ~/\.Xauthority files\. ++xauth command or ~/\&.Xauthority files\&. + .PP +-pam_xauth will only forward keys if xauth can list a key connected to the $DISPLAY environment variable\. ++pam_xauth will only forward keys if xauth can list a key connected to the $DISPLAY environment variable\&. + .PP + Primitive access control is provided by +-\fI~/\.xauth/export\fR ++\FC~/\&.xauth/export\F[] + in the invoking user\'s home directory and +-\fI~/\.xauth/import\fR +-in the target user\'s home directory\. ++\FC~/\&.xauth/import\F[] ++in the target user\'s home directory\&. + .PP + If a user has a +-\fI~/\.xauth/import\fR +-file, the user will only receive cookies from users listed in the file\. If there is no +-\fI~/\.xauth/import\fR +-file, the user will accept cookies from any other user\. ++\FC~/\&.xauth/import\F[] ++file, the user will only receive cookies from users listed in the file\&. If there is no ++\FC~/\&.xauth/import\F[] ++file, the user will accept cookies from any other user\&. + .PP + If a user has a +-\fI\.xauth/export\fR +-file, the user will only forward cookies to users listed in the file\. If there is no +-\fI~/\.xauth/export\fR ++\FC\&.xauth/export\F[] ++file, the user will only forward cookies to users listed in the file\&. If there is no ++\FC~/\&.xauth/export\F[] + file, and the invoking user is not +-\fBroot\fR, the user will forward cookies to any other user\. If there is no +-\fI~/\.xauth/export\fR ++\fBroot\fR, the user will forward cookies to any other user\&. If there is no ++\FC~/\&.xauth/export\F[] + file, and the invoking user is + \fBroot\fR, the user will + \fInot\fR +-forward cookies to other users\. ++forward cookies to other users\&. + .PP + Both the import and export files support wildcards (such as +-\fI*\fR)\. Both the import and export files can be empty, signifying that no users are allowed\. ++\fI*\fR)\&. Both the import and export files can be empty, signifying that no users are allowed\&. + .SH "OPTIONS" + .PP + \fBdebug\fR .RS 4 - Specify a single target UID which is exempt from the systemuser check\. +-Print debug information\. ++Print debug information\&. + .RE + .PP + \fBxauthpath=\fR\fB\fI/path/to/xauth\fR\fR + .RS 4 + Specify the path the xauth program (it is expected in +-\fI/usr/X11R6/bin/xauth\fR, +-\fI/usr/bin/xauth\fR, or +-\fI/usr/bin/X11/xauth\fR +-by default)\. ++\FC/usr/X11R6/bin/xauth\F[], ++\FC/usr/bin/xauth\F[], or ++\FC/usr/bin/X11/xauth\F[] ++by default)\&. + .RE + .PP + \fBsystemuser=\fR\fB\fIUID\fR\fR + .RS 4 +-Specify the highest UID which will be assumed to belong to a "system" user\. pam_xauth will refuse to forward credentials to users with UID less than or equal to this number, except for root and the "targetuser", if specified\. ++Specify the highest UID which will be assumed to belong to a "system" user\&. pam_xauth will refuse to forward credentials to users with UID less than or equal to this number, except for root and the "targetuser", if specified\&. + .RE + .PP + \fBtargetuser=\fR\fB\fIUID\fR\fR + .RS 4 +-Specify a single target UID which is exempt from the systemuser check\. ++Specify a single target UID which is exempt from the systemuser check\&. .RE -.SH "MODULE SERVICES PROVIDED" +.SH "MODULE TYPES PROVIDED" @@ -2373,11 +15207,105 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 Linux-PAM-1.0.2/modu Only the \fBsession\fR -service is supported\. -+type is provided\. ++type is provided\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR -@@ -156,7 +156,7 @@ + .RS 4 +-Memory buffer error\. ++Memory buffer error\&. + .RE + .PP + PAM_PERM_DENIED + .RS 4 +-Permission denied by import/export file\. ++Permission denied by import/export file\&. + .RE + .PP + PAM_SESSION_ERR + .RS 4 +-Cannot determine user name, UID or access users home directory\. ++Cannot determine user name, UID or access users home directory\&. + .RE + .PP + PAM_SUCCESS + .RS 4 +-Success\. ++Success\&. + .RE + .PP + PAM_USER_UNKNOWN + .RS 4 +-User not known\. ++User not known\&. + .RE + .SH "EXAMPLES" + .PP + Add the following line to +-\fI/etc/pam\.d/su\fR ++\FC/etc/pam\&.d/su\F[] + to forward xauth keys between users when calling su: + .sp ++.if n \{\ + .RS 4 ++.\} ++.fam C ++.ps -1 + .nf +-session optional pam_xauth\.so ++.if t \{\ ++.sp -1 ++.\} ++.BB lightgray adjust-for-leading-newline ++.sp -1 ++ ++session optional pam_xauth\&.so + ++.EB lightgray adjust-for-leading-newline ++.if t \{\ ++.sp 1 ++.\} + .fi ++.fam ++.ps +1 ++.if n \{\ + .RE ++.\} + .sp + .SH "IMPLEMENTATION DETAILS" + .PP + pam_xauth will work + \fIonly\fR + if it is used from a setuid application in which the +-\fBgetuid\fR() call returns the id of the user running the application, and for which PAM can supply the name of the account that the user is attempting to assume\. The typical application of this type is +-\fBsu\fR(1)\. The application must call both ++\fBgetuid\fR() call returns the id of the user running the application, and for which PAM can supply the name of the account that the user is attempting to assume\&. The typical application of this type is ++\fBsu\fR(1)\&. The application must call both + \fBpam_open_session\fR() and +-\fBpam_close_session\fR() with the ruid set to the uid of the calling user and the euid set to root, and must have provided as the PAM_USER item the name of the target user\. ++\fBpam_close_session\fR() with the ruid set to the uid of the calling user and the euid set to root, and must have provided as the PAM_USER item the name of the target user\&. + .PP + pam_xauth calls + \fBxauth\fR(1) +-as the source user to extract the key for $DISPLAY, then calls xauth as the target user to merge the key into the a temporary database and later remove the database\. ++as the source user to extract the key for $DISPLAY, then calls xauth as the target user to merge the key into the a temporary database and later remove the database\&. + .PP +-pam_xauth cannot be told to not remove the keys when the session is closed\. ++pam_xauth cannot be told to not remove the keys when the session is closed\&. + .SH "FILES" + .PP +-\fI~/\.xauth/import\fR ++\FC~/\&.xauth/import\F[] + .RS 4 + XXX + .RE + .PP +-\fI~/\.xauth/export\fR ++\FC~/\&.xauth/export\F[] + .RS 4 + XXX + .RE +@@ -156,8 +332,8 @@ .PP \fBpam.conf\fR(5), @@ -2386,62 +15314,5 @@ diff -urN Linux-PAM-1.0.2-old/modules/pam_xauth/pam_xauth.8 Linux-PAM-1.0.2/modu \fBpam\fR(8) .SH "AUTHOR" .PP -diff -urN Linux-PAM-1.0.2-old/doc/man//pam_getenv.3 Linux-PAM-1.0.2/doc/man//pam_getenv.3 ---- Linux-PAM-1.0.2-old/doc/man//pam_getenv.3 2008-04-16 11:09:52.000000000 +0200 -+++ Linux-PAM-1.0.2/doc/man//pam_getenv.3 2008-10-17 13:03:34.000000000 +0200 -@@ -1,11 +1,11 @@ - .\" Title: pam_getenv - .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" --.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GETENV" "3" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) -@@ -27,8 +27,9 @@ - \fBpam_getenv\fR - function searches the PAM environment list as associated with the handle - \fIpamh\fR --for a string that matches the string pointed to by --\fIname\fR\. The return values are of the form: "\fIname=value\fR"\. -+for an item that matches the string pointed to by -+\fIname\fR -+and returns the value of the environment variable\. - .SH "RETURN VALUES" - .PP - The -diff -urN Linux-PAM-1.0.2-old/doc/man//pam_prompt.3 Linux-PAM-1.0.2/doc/man//pam_prompt.3 ---- Linux-PAM-1.0.2-old/doc/man//pam_prompt.3 2008-04-16 11:09:59.000000000 +0200 -+++ Linux-PAM-1.0.2/doc/man//pam_prompt.3 2008-10-17 13:03:35.000000000 +0200 -@@ -1,11 +1,11 @@ - .\" Title: pam_prompt - .\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/17/2008 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" --.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_PROMPT" "3" "10/17/2008" "Linux-PAM Manual" "Linux-PAM Manual" - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) -@@ -27,7 +27,9 @@ - .PP - The - \fBpam_prompt\fR --function constructs a message from the specified format string and arguments and passes it to -+function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\. Upon successful return, -+\fIresponse\fR -+is set to point to a string returned from the conversation function\. This string is allocated on heap and should be freed\. - .SH "RETURN VALUES" - .PP - PAM_BUF_ERR +-pam_xauth was written by Nalin Dahyabhai , based on original version by Michael K\. Johnson \. ++pam_xauth was written by Nalin Dahyabhai , based on original version by Michael K\&. Johnson \&. diff --git a/libpam-password-requisite.diff b/libpam-password-requisite.diff new file mode 100644 index 0000000..9fc0e8d --- /dev/null +++ b/libpam-password-requisite.diff @@ -0,0 +1,49 @@ +--- libpam/pam_dispatch.c 3 Dec 2008 14:16:33 -0000 1.13 ++++ libpam/pam_dispatch.c 4 Feb 2009 13:48:02 -0000 +@@ -132,11 +132,10 @@ + } + + /* +- * use_cached_chain is how we ensure that the setcred/close_session +- * and chauthtok(2) modules are called in the same order as they did +- * when they were invoked as auth/open_session/chauthtok(1). This +- * feature was added in 0.75 to make the behavior of pam_setcred +- * sane. It was debugged by release 0.76. ++ * use_cached_chain is how we ensure that the setcred and ++ * close_session modules are called in the same order as they did ++ * when they were invoked as auth/open_session. This feature was ++ * added in 0.75 to make the behavior of pam_setcred sane. + */ + if (use_cached_chain != _PAM_PLEASE_FREEZE) { + +@@ -358,9 +357,6 @@ + break; + case PAM_CHAUTHTOK: + h = pamh->handlers.conf.chauthtok; +- if (flags & PAM_UPDATE_AUTHTOK) { +- use_cached_chain = _PAM_MUST_BE_FROZEN; +- } + break; + default: + pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); +--- libpam/pam_password.c 24 Jul 2006 15:47:40 -0000 1.5 ++++ libpam/pam_password.c 4 Feb 2009 13:48:02 -0000 +@@ -24,6 +24,13 @@ + return PAM_SYSTEM_ERR; + } + ++ /* applications are not allowed to set this flags */ ++ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) { ++ syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX ++ "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application"); ++ return PAM_SYSTEM_ERR; ++ } ++ + if (pamh->former.choice == PAM_NOT_STACKED) { + _pam_start_timer(pamh); /* we try to make the time for a failure + independent of the time it takes to +@@ -58,4 +67,3 @@ + + return retval; + } +- diff --git a/pam.changes b/pam.changes index 0596ab9..229b807 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + ------------------------------------------------------------------- Wed Dec 10 12:34:56 CET 2008 - olh@suse.de diff --git a/pam.spec b/pam.spec index 3d3cd9c..e4ab3e3 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam (Version 1.0.2) # -# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,7 +40,7 @@ Obsoletes: pam-64bit %endif # Version: 1.0.2 -Release: 15 +Release: 18 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -69,6 +69,8 @@ Patch13: pam_xauth-XAUTHLOCALHOSTNAME.diff Patch14: pam_pwhistory-type.diff Patch15: pam_time.diff Patch16: pam_limits-doc.diff +Patch17: pam_limits-logging.diff +Patch18: libpam-password-requisite.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -134,6 +136,8 @@ chmod 755 modules/pam_tally2/tst-pam_tally2 %patch14 -p0 %patch15 -p0 %patch16 -p0 +%patch17 -p0 +%patch18 -p0 %build aclocal -I m4 --install --force @@ -342,6 +346,11 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Thu Feb 05 2009 kukuk@suse.de +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] +* Tue Jan 20 2009 kukuk@suse.de +- Regenerate documentation [bnc#448314] * Wed Dec 10 2008 olh@suse.de - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) diff --git a/pam_limits-logging.diff b/pam_limits-logging.diff new file mode 100644 index 0000000..51e304d --- /dev/null +++ b/pam_limits-logging.diff @@ -0,0 +1,125 @@ +--- modules/pam_limits/pam_limits.c 7 Dec 2007 15:40:02 -0000 1.46 ++++ modules/pam_limits/pam_limits.c 5 Feb 2009 15:48:49 -0000 +@@ -42,7 +42,7 @@ + #include + + #ifdef HAVE_LIBAUDIT +-#include ++#include + #endif + + /* Module defines */ +@@ -141,6 +141,73 @@ + return ctrl; + } + ++static const char * ++i2str (int i) ++{ ++ switch (i) { ++ case RLIMIT_CPU: ++ return "cpu"; ++ break; ++ case RLIMIT_FSIZE: ++ return "fsize"; ++ break; ++ case RLIMIT_DATA: ++ return "data"; ++ break; ++ case RLIMIT_STACK: ++ return "stack"; ++ break; ++ case RLIMIT_CORE: ++ return "core"; ++ break; ++ case RLIMIT_RSS: ++ return "rss"; ++ break; ++ case RLIMIT_NPROC: ++ return "nproc"; ++ break; ++ case RLIMIT_NOFILE: ++ return "nofile"; ++ break; ++ case RLIMIT_MEMLOCK: ++ return "memlock"; ++ break; ++#ifdef RLIMIT_AS ++ case RLIMIT_AS: ++ return "as"; ++ break; ++#endif ++#ifdef RLIMIT_LOCKS ++ case RLIMIT_LOCKS: ++ return "locks"; ++ break; ++#endif ++#ifdef RLIMIT_SIGPENDING ++ case RLIMIT_SIGPENDING: ++ return "sigpending"; ++ break; ++#endif ++#ifdef RLIMIT_MSGQUEUE ++ case RLIMIT_MSGQUEUE: ++ return "msgqueue"; ++ break; ++#endif ++#ifdef RLIMIT_NICE ++ case RLIMIT_NICE: ++ return "nice"; ++ break; ++#endif ++#ifdef RLIMIT_RTPRIO ++ case RLIMIT_RTPRIO: ++ return "rtprio"; ++ break; ++#endif ++ default: ++ return "UNKNOWN"; ++ break; ++ } ++} ++ + + #define LIMITED_OK 0 /* limit setting appeared to work */ + #define LIMIT_ERR 1 /* error setting a limit */ +@@ -416,8 +483,8 @@ + if (int_value < -20) + int_value = -20; + rlimit_value = 20 - int_value; +-#endif + break; ++#endif + } + + if ( (limit_item != LIMIT_LOGIN) +@@ -575,6 +642,8 @@ + int retval = LIMITED_OK; + + for (i=0, status=LIMITED_OK; ilimits[i].supported) { + /* skip it if its not known to the system */ + continue; +@@ -586,7 +655,11 @@ + } + if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) + pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; +- status |= setrlimit(i, &pl->limits[i].limit); ++ res = setrlimit(i, &pl->limits[i].limit); ++ if (res != 0) ++ pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", ++ i2str(i)); ++ status |= res; + } + + if (status) { +@@ -595,6 +668,7 @@ + + status = setpriority(PRIO_PROCESS, 0, pl->priority); + if (status != 0) { ++ pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m"); + retval = LIMIT_ERR; + } + -- 2.51.1 From f331331acb8bdcd8374062adce5531f87d508c520bf320966e18e71e2c0a61a3 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 12 Feb 2009 21:19:25 +0000 Subject: [PATCH 026/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=26 --- pam.changes | 5 +++++ pam.spec | 8 +++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/pam.changes b/pam.changes index 229b807..3349695 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + ------------------------------------------------------------------- Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index e4ab3e3..a0f50bf 100644 --- a/pam.spec +++ b/pam.spec @@ -40,7 +40,7 @@ Obsoletes: pam-64bit %endif # Version: 1.0.2 -Release: 18 +Release: 19 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 @@ -218,10 +218,6 @@ rm $DOC/modules/README.pam_namespace rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_keyinit* rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_keyinit.so %endif -# -# XXX Fix name of locale -# -mv $RPM_BUILD_ROOT/usr/share/locale/sr@latin $RPM_BUILD_ROOT/usr/share/locale/sr@Latn # Create filelist with translatins %{find_lang} Linux-PAM @@ -346,6 +342,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Wed Feb 11 2009 ro@suse.de +- use sr@latin instead of sr@Latn * Thu Feb 05 2009 kukuk@suse.de - Log failures of setrlimit in pam_limits [bnc#448314] - Fix using of requisite in password stack [bnc#470337] -- 2.51.1 From 9987222f7b65b1c9b7984bb5e79f21226feef28b3e6ab3f0ca0f6754a7f6943d Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 2 Apr 2009 15:28:15 +0000 Subject: [PATCH 027/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=27 --- Linux-PAM-1.0.2-SUSE-docs.tar.bz2 | 3 - Linux-PAM-1.0.2.tar.bz2 | 3 - Linux-PAM-1.0.91-docs.tar.bz2 | 3 + Linux-PAM-1.0.91.tar.bz2 | 3 + Linux-PAM-docu-generated.diff | 15318 --------------------------- Linux-PAM-docu.diff | 1620 --- cvs.diff | 2333 ++++ libpam-password-requisite.diff | 49 - pam-1.0.0-selinux-env-params.patch | 561 - pam-1.0.1-namespace-create.patch | 679 -- pam.changes | 24 + pam.spec | 93 +- pam_cracklib-no-pwhistory.diff | 88 - pam_lastlog.diff | 325 - pam_limits-doc.diff | 23 - pam_limits-logging.diff | 125 - pam_mail.diff | 49 - pam_pwhistory-0.1.diff | 1725 --- pam_pwhistory-type.diff | 102 - pam_sepermit.diff | 17 - pam_tally-deprecated.diff | 55 + pam_tally-fdleak.diff | 37 - pam_tally.diff | 173 - pam_tally2.diff | 1622 --- pam_time.diff | 18 - pam_xauth-XAUTHLOCALHOSTNAME.diff | 54 - pam_xauth.diff | 26 - 27 files changed, 2459 insertions(+), 22669 deletions(-) delete mode 100644 Linux-PAM-1.0.2-SUSE-docs.tar.bz2 delete mode 100644 Linux-PAM-1.0.2.tar.bz2 create mode 100644 Linux-PAM-1.0.91-docs.tar.bz2 create mode 100644 Linux-PAM-1.0.91.tar.bz2 delete mode 100644 Linux-PAM-docu-generated.diff delete mode 100644 Linux-PAM-docu.diff create mode 100644 cvs.diff delete mode 100644 libpam-password-requisite.diff delete mode 100644 pam-1.0.0-selinux-env-params.patch delete mode 100644 pam-1.0.1-namespace-create.patch delete mode 100644 pam_cracklib-no-pwhistory.diff delete mode 100644 pam_lastlog.diff delete mode 100644 pam_limits-doc.diff delete mode 100644 pam_limits-logging.diff delete mode 100644 pam_mail.diff delete mode 100644 pam_pwhistory-0.1.diff delete mode 100644 pam_pwhistory-type.diff delete mode 100644 pam_sepermit.diff create mode 100644 pam_tally-deprecated.diff delete mode 100644 pam_tally-fdleak.diff delete mode 100644 pam_tally.diff delete mode 100644 pam_tally2.diff delete mode 100644 pam_time.diff delete mode 100644 pam_xauth-XAUTHLOCALHOSTNAME.diff delete mode 100644 pam_xauth.diff diff --git a/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 b/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 deleted file mode 100644 index 28cfd32..0000000 --- a/Linux-PAM-1.0.2-SUSE-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:82a4195effbfd56af6eb3dd80de9690c1fef3fa8b9c25457037d3d591d15dcd9 -size 468691 diff --git a/Linux-PAM-1.0.2.tar.bz2 b/Linux-PAM-1.0.2.tar.bz2 deleted file mode 100644 index a4087f8..0000000 --- a/Linux-PAM-1.0.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1f85b4ed494c73b43fcfb195758ee6570615fd6e5f7cf09fd27644a1838019ae -size 980339 diff --git a/Linux-PAM-1.0.91-docs.tar.bz2 b/Linux-PAM-1.0.91-docs.tar.bz2 new file mode 100644 index 0000000..4dd19e1 --- /dev/null +++ b/Linux-PAM-1.0.91-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3c6e610cae207e7af87ab471228ab3311536a27f061d86dd0c75413ae8f96d09 +size 498156 diff --git a/Linux-PAM-1.0.91.tar.bz2 b/Linux-PAM-1.0.91.tar.bz2 new file mode 100644 index 0000000..2c3765c --- /dev/null +++ b/Linux-PAM-1.0.91.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b729820717cbf07a7ab07672180d070ce384ac923cc2129904fdc975342a35c4 +size 1112332 diff --git a/Linux-PAM-docu-generated.diff b/Linux-PAM-docu-generated.diff deleted file mode 100644 index 40ae346..0000000 --- a/Linux-PAM-docu-generated.diff +++ /dev/null @@ -1,15318 +0,0 @@ ---- Linux-PAM-1.0.2-orig/doc/man/pam_getenv.3 2008-04-16 11:09:52.000000000 +0200 -+++ Linux-PAM-1.0.2/doc/man/pam_getenv.3 2009-01-20 12:00:42.000000000 +0100 -@@ -1,39 +1,202 @@ - .\" Title: pam_getenv --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_GETENV" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GETENV" "3" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_getenv - get a PAM environment variable --.SH "SYNOPSIS" -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_getenv \- get a PAM environment variable -+.SH "Synopsis" - .sp - .ft B -+.fam C -+.ps -1 - .nf --#include -+#include - .fi -+.fam -+.ps +1 - .ft --.HP 23 -+.fam C -+.HP \w'const\ char\ *pam_getenv('u - .BI "const char *pam_getenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name" ");" -+.fam - .SH "DESCRIPTION" - .PP - The - \fBpam_getenv\fR - function searches the PAM environment list as associated with the handle - \fIpamh\fR --for a string that matches the string pointed to by --\fIname\fR\. The return values are of the form: "\fIname=value\fR"\. -+for an item that matches the string pointed to by -+\fIname\fR -+and returns the value of the environment variable\&. - .SH "RETURN VALUES" - .PP - The - \fBpam_getenv\fR --function returns NULL on failure\. -+function returns NULL on failure\&. - .SH "SEE ALSO" - .PP - ---- Linux-PAM-1.0.2-orig/doc/man/pam_prompt.3 2008-04-16 11:09:59.000000000 +0200 -+++ Linux-PAM-1.0.2/doc/man/pam_prompt.3 2009-01-20 12:00:43.000000000 +0100 -@@ -1,53 +1,219 @@ - .\" Title: pam_prompt --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_PROMPT" "3" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_PROMPT" "3" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_prompt, pam_vprompt - interface to conversation function --.SH "SYNOPSIS" -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_prompt, pam_vprompt \- interface to conversation function -+.SH "Synopsis" - .sp - .ft B -+.fam C -+.ps -1 - .nf --#include -+#include - .fi -+.fam -+.ps +1 - .ft --.HP 16 --.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\.\.\." ");" --.HP 17 -+.fam C -+.HP \w'void\ pam_prompt('u -+.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" -+.fam -+.fam C -+.HP \w'void\ pam_vprompt('u - .BI "void pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" -+.fam - .SH "DESCRIPTION" - .PP - The - \fBpam_prompt\fR --function constructs a message from the specified format string and arguments and passes it to -+function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\&. Upon successful return, -+\fIresponse\fR -+is set to point to a string returned from the conversation function\&. This string is allocated on heap and should be freed\&. - .SH "RETURN VALUES" - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_CONV_ERR - .RS 4 --Conversation failure\. -+Conversation failure\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Transaction was successful created\. -+Transaction was successful created\&. - .RE - .PP - PAM_SYSTEM_ERR - .RS 4 --System error\. -+System error\&. - .RE - .SH "SEE ALSO" - .PP -@@ -60,4 +226,4 @@ - \fBpam_prompt\fR - and - \fBpam_vprompt\fR --functions are Linux\-PAM extensions\. -+functions are Linux\-PAM extensions\&. ---- Linux-PAM-1.0.2-orig/modules/pam_access/pam_access.8 2008-04-16 11:06:35.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_access/pam_access.8 2009-01-20 11:58:09.000000000 +0100 -@@ -1,103 +1,265 @@ - .\" Title: pam_access --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHORS" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_ACCESS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ACCESS" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_access - PAM module for logdaemon style login access control --.SH "SYNOPSIS" --.HP 14 --\fBpam_access\.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_access \- PAM module for logdaemon style login access control -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_access\&.so\fR\ 'u -+\fBpam_access\&.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR] -+.fam - .SH "DESCRIPTION" - .PP --The pam_access PAM module is mainly for access management\. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\. -+The pam_access PAM module is mainly for access management\&. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\&. - .PP - By default rules for access management are taken from config file --\fI/etc/security/access\.conf\fR --if you don\'t specify another file\. -+\FC/etc/security/access\&.conf\F[] -+if you don\'t specify another file\&. - .PP --If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\. -+If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\&. - .SH "OPTIONS" - .PP --\fBaccessfile=\fR\fB\fI/path/to/access\.conf\fR\fR -+\fBaccessfile=\fR\fB\fI/path/to/access\&.conf\fR\fR - .RS 4 - Indicate an alternative --\fIaccess\.conf\fR --style configuration file to override the default\. This can be useful when different services need different access lists\. -+\FCaccess\&.conf\F[] -+style configuration file to override the default\&. This can be useful when different services need different access lists\&. - .RE - .PP - \fBdebug\fR - .RS 4 - A lot of debug informations are printed with --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .RE - .PP - \fBnoaudit\fR - .RS 4 --Do not report logins from disallowed hosts and ttys to the audit subsystem\. -+Do not report logins from disallowed hosts and ttys to the audit subsystem\&. - .RE - .PP - \fBfieldsep=\fR\fB\fIseparators\fR\fR - .RS 4 --This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\. For example: -+This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\&. For example: - \fBfieldsep=|\fR --will cause the default `:\' character to be treated as part of a field value and `|\' becomes the field separator\. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the -+will cause the default `:\' character to be treated as part of a field value and `|\' becomes the field separator\&. Doing this may be useful in conjuction with a system that wants to use pam_access with X based applications, since the - \fBPAM_TTY\fR --item is likely to be of the form "hostname:0" which includes a `:\' character in its value\. But you should not need this\. -+item is likely to be of the form "hostname:0" which includes a `:\' character in its value\&. But you should not need this\&. - .RE - .PP - \fBlistsep=\fR\fB\fIseparators\fR\fR - .RS 4 --This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\. For example: -+This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\&. For example: - \fBlistsep=,\fR --will cause the default ` \' (space) and `\et\' (tab) characters to be treated as part of a list element value and `,\' becomes the only list element separator\. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\. -+will cause the default ` \' (space) and `\et\' (tab) characters to be treated as part of a list element value and `,\' becomes the only list element separator\&. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\&. - .RE - .PP - \fBnodefgroup\fR - .RS 4 --The group database will not be used for tokens not identified as account name\. -+The group database will not be used for tokens not identified as account name\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --All services are supported\. -+All module types (\fBauth\fR, -+\fBaccount\fR, -+\fBpassword\fR -+and -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --Access was granted\. -+Access was granted\&. - .RE - .PP - PAM_PERM_DENIED - .RS 4 --Access was not granted\. -+Access was not granted\&. - .RE - .PP - PAM_IGNORE - .RS 4 - - \fBpam_setcred\fR --was called which does nothing\. -+was called which does nothing\&. - .RE - .PP - PAM_ABORT - .RS 4 --Not all relevant data or options could be gotten\. -+Not all relevant data or options could be gotten\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --The user is not known to the system\. -+The user is not known to the system\&. - .RE - .SH "FILES" - .PP --\fI/etc/security/access\.conf\fR -+\FC/etc/security/access\&.conf\F[] - .RS 4 - Default configuration file - .RE -@@ -105,8 +267,8 @@ - .PP - - \fBaccess.conf\fR(5), --\fBpam.d\fR(8), --\fBpam\fR(8)\. -+\fBpam.d\fR(5), -+\fBpam\fR(8)\&. - .SH "AUTHORS" - .PP --The logdaemon style login access control scheme was designed and implemented by Wietse Venema\. The pam_access PAM module was developed by Alexei Nogin \. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher \. -+The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin \&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher \&. ---- Linux-PAM-1.0.2-orig/modules/pam_cracklib/pam_cracklib.8 2008-04-16 11:06:38.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_cracklib/pam_cracklib.8 2009-01-20 11:58:12.000000000 +0100 -@@ -1,33 +1,191 @@ - .\" Title: pam_cracklib --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_CRACKLIB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_CRACKLIB" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_cracklib - PAM module to check the password against dictionary words --.SH "SYNOPSIS" --.HP 16 --\fBpam_cracklib\.so\fR [\fI\.\.\.\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_cracklib \- PAM module to check the password against dictionary words -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_cracklib\&.so\fR\ 'u -+\fBpam_cracklib\&.so\fR [\fI\&.\&.\&.\fR] -+.fam - .SH "DESCRIPTION" - .PP - This module can be plugged into the - \fIpassword\fR --stack of a given application to provide some plug\-in strength\-checking for passwords\. -+stack of a given application to provide some plug\-in strength\-checking for passwords\&. - .PP --The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\. -+The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\&. - .PP --The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\. -+The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\&. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\&. - .PP - The strength checks works in the following manner: at first the - \fBCracklib\fR --routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\. These checks are: -+routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\&. These checks are: - .PP - Palindrome - .RS 4 -@@ -43,15 +201,15 @@ - .RS 4 - Is the new password too much like the old one? This is primarily controlled by one argument, - \fBdifok\fR --which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller\. -+which is a number of characters that if different between the old and new are enough to accept the new password, this defaults to 10 or 1/2 the size of the new password whichever is smaller\&. - .sp - To avoid the lockup associated with trying to change a long and complicated password, - \fBdifignore\fR --is available\. This argument can be used to specify the minimum length a new password needs to be before the -+is available\&. This argument can be used to specify the minimum length a new password needs to be before the - \fBdifok\fR --value is ignored\. The default value for -+value is ignored\&. The default value for - \fBdifignore\fR --is 23\. -+is 23\&. - .RE - .PP - Simple -@@ -61,7 +219,7 @@ - \fBdcredit\fR, - \fBucredit\fR, - \fBlcredit\fR, and --\fBocredit\fR\. See the section on the arguments for the details of how these work and there defaults\. -+\fBocredit\fR\&. See the section on the arguments for the details of how these work and there defaults\&. - .RE - .PP - Rotated -@@ -69,13 +227,7 @@ - Is the new password a rotated version of the old password? - .RE - .PP --Already used --.RS 4 --Was the password used in the past? Previously used passwords are to be found in --\fI/etc/security/opasswd\fR\. --.RE --.PP --This module with no arguments will work well for standard unix password encryption\. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\.\.\. In addition, the default action is to allow passwords as small as 5 characters in length\. For a md5 systems it can be a good idea to increase the required minimum size of a password\. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\. -+This module with no arguments will work well for standard unix password encryption\&. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\&. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\&. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\&.\&.\&. In addition, the default action is to allow passwords as small as 5 characters in length\&. For a md5 systems it can be a good idea to increase the required minimum size of a password\&. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\&. - .SH "OPTIONS" - .PP - .PP -@@ -83,21 +235,21 @@ - .RS 4 - This option makes the module write information to - \fBsyslog\fR(3) --indicating the behavior of the module (this option does not write password information to the log file)\. -+indicating the behavior of the module (this option does not write password information to the log file)\&. - .RE - .PP - \fBtype=\fR\fB\fIXXX\fR\fR - .RS 4 --The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\. The default word -+The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The default word - \fIUNIX\fR --can be replaced with this option\. -+can be replaced with this option\&. - .RE - .PP - \fBretry=\fR\fB\fIN\fR\fR - .RS 4 - Prompt user at most - \fIN\fR --times before returning with error\. The default is -+times before returning with error\&. The default is - \fI1\fR - .RE - .PP -@@ -105,98 +257,98 @@ - .RS 4 - This argument will change the default of - \fI5\fR --for the number of characters in the new password that must not be present in the old password\. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway\. -+for the number of characters in the new password that must not be present in the old password\&. In addition, if 1/2 of the characters in the new password are different then the new password will be accepted anyway\&. - .RE - .PP - \fBdifignore=\fR\fB\fIN\fR\fR - .RS 4 --How many characters should the password have before difok will be ignored\. The default is --\fI23\fR\. -+How many characters should the password have before difok will be ignored\&. The default is -+\fI23\fR\&. - .RE - .PP - \fBminlen=\fR\fB\fIN\fR\fR - .RS 4 --The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR, -+The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\&. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR, - \fIupper\fR, - \fIlower\fR - and --\fIdigit\fR)\. The default for this parameter is -+\fIdigit\fR)\&. The default for this parameter is - \fI9\fR --which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\. Note that there is a pair of length limits in -+which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\&. Note that there is a pair of length limits in - \fICracklib\fR - itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to --\fBminlen\fR\. If you want to allow passwords as short as 5 characters you should not use this module\. -+\fBminlen\fR\&. If you want to allow passwords as short as 5 characters you should not use this module\&. - .RE - .PP - \fBdcredit=\fR\fB\fIN\fR\fR - .RS 4 --(N >= 0) This is the maximum credit for having digits in the new password\. If you have less than or -+(N >= 0) This is the maximum credit for having digits in the new password\&. If you have less than or - \fIN\fR - digits, each digit will count +1 towards meeting the current - \fBminlen\fR --value\. The default for -+value\&. The default for - \fBdcredit\fR - is 1 which is the recommended value for - \fBminlen\fR --less than 10\. -+less than 10\&. - .sp --(N < 0) This is the minimum number of digits that must be met for a new password\. -+(N < 0) This is the minimum number of digits that must be met for a new password\&. - .RE - .PP - \fBucredit=\fR\fB\fIN\fR\fR - .RS 4 --(N >= 0) This is the maximum credit for having upper case letters in the new password\. If you have less than or -+(N >= 0) This is the maximum credit for having upper case letters in the new password\&. If you have less than or - \fIN\fR - upper case letters each letter will count +1 towards meeting the current - \fBminlen\fR --value\. The default for -+value\&. The default for - \fBucredit\fR - is - \fI1\fR - which is the recommended value for - \fBminlen\fR --less than 10\. -+less than 10\&. - .sp --(N > 0) This is the minimum number of upper case letters that must be met for a new password\. -+(N < 0) This is the minimum number of upper case letters that must be met for a new password\&. - .RE - .PP - \fBlcredit=\fR\fB\fIN\fR\fR - .RS 4 --(N >= 0) This is the maximum credit for having lower case letters in the new password\. If you have less than or -+(N >= 0) This is the maximum credit for having lower case letters in the new password\&. If you have less than or - \fIN\fR - lower case letters, each letter will count +1 towards meeting the current - \fBminlen\fR --value\. The default for -+value\&. The default for - \fBlcredit\fR - is 1 which is the recommended value for - \fBminlen\fR --less than 10\. -+less than 10\&. - .sp --(N < 0) This is the minimum number of lower case letters that must be met for a new password\. -+(N < 0) This is the minimum number of lower case letters that must be met for a new password\&. - .RE - .PP - \fBocredit=\fR\fB\fIN\fR\fR - .RS 4 --(N >= 0) This is the maximum credit for having other characters in the new password\. If you have less than or -+(N >= 0) This is the maximum credit for having other characters in the new password\&. If you have less than or - \fIN\fR - other characters, each character will count +1 towards meeting the current - \fBminlen\fR --value\. The default for -+value\&. The default for - \fBocredit\fR - is 1 which is the recommended value for - \fBminlen\fR --less than 10\. -+less than 10\&. - .sp --(N < 0) This is the minimum number of other characters that must be met for a new password\. -+(N < 0) This is the minimum number of other characters that must be met for a new password\&. - .RE - .PP - \fBminclass=\fR\fB\fIN\fR\fR - .RS 4 --The minimum number of required classes of characters for the new password\. The default number is zero\. The four classes are digits, upper and lower letters and other characters\. The difference to the -+The minimum number of required classes of characters for the new password\&. The default number is zero\&. The four classes are digits, upper and lower letters and other characters\&. The difference to the - \fBcredit\fR --check is that a specific class if of characters is not required\. Instead -+check is that a specific class if of characters is not required\&. Instead - \fIN\fR --out of four of the classes are required\. -+out of four of the classes are required\&. - .RE - .PP - \fBuse_authtok\fR -@@ -205,105 +357,159 @@ - \fIforce\fR - the module to not prompt the user for a new password but use the one provided by the previously stacked - \fIpassword\fR --module\. -+module\&. - .RE - .PP - \fBdictpath=\fR\fB\fI/path/to/dict\fR\fR - .RS 4 --Path to the cracklib dictionaries\. -+Path to the cracklib dictionaries\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --Only he -+Only the - \fBpassword\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SUCCESS - .RS 4 --The new password passes all checks\. -+The new password passes all checks\&. - .RE - .PP - PAM_AUTHTOK_ERR - .RS 4 --No new password was entered, the username could not be determined or the new password fails the strength checks\. -+No new password was entered, the username could not be determined or the new password fails the strength checks\&. - .RE - .PP - PAM_AUTHTOK_RECOVERY_ERR - .RS 4 --The old password was not supplied by a previous stacked module or got not requested from the user\. The first error can happen if -+The old password was not supplied by a previous stacked module or got not requested from the user\&. The first error can happen if - \fBuse_authtok\fR --is specified\. -+is specified\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --A internal error occured\. -+A internal error occured\&. - .RE - .SH "EXAMPLES" - .PP - For an example of the use of this module, we show how it may be stacked with the password component of - \fBpam_unix\fR(8) - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ - # --# These lines stack two password type modules\. In this example the --# user is given 3 opportunities to enter a strong password\. The -+# These lines stack two password type modules\&. In this example the -+# user is given 3 opportunities to enter a strong password\&. The - # "use_authtok" argument ensures that the pam_unix module does not - # prompt for a password, but instead uses the one provided by --# pam_cracklib\. -+# pam_cracklib\&. - # --passwd password required pam_cracklib\.so retry=3 --passwd password required pam_unix\.so use_authtok -+passwd password required pam_cracklib\&.so retry=3 -+passwd password required pam_unix\&.so use_authtok - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .PP - Another example (in the --\fI/etc/pam\.d/passwd\fR -+\FC/etc/pam\&.d/passwd\F[] - format) is for the case that you want to use md5 password encryption: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 - # - # These lines allow a md5 systems to support passwords of at least 14 - # bytes with extra credit of 2 for digits and 2 for others the new - # password must have at least three bytes that are not present in the - # old password - # --password required pam_cracklib\.so \e -+password required pam_cracklib\&.so \e - difok=3 minlen=15 dcredit= 2 ocredit=2 --password required pam_unix\.so use_authtok nullok md5 -+password required pam_unix\&.so use_authtok nullok md5 - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .PP - And here is another example in case you don\'t want to use credits: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 - # - # These lines require the user to select a password with a minimum - # length of 8 and with at least 1 digit number, 1 upper case letter, - # and 1 other character - # --password required pam_cracklib\.so \e -+password required pam_cracklib\&.so \e - dcredit=\-1 ucredit=\-1 ocredit=\-1 lcredit=0 minlen=8 --password required pam_unix\.so use_authtok nullok md5 -+password required pam_unix\&.so use_authtok nullok md5 - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_cracklib was written by Cristian Gafton -+pam_cracklib was written by Cristian Gafton ---- Linux-PAM-1.0.2-orig/modules/pam_cracklib/README 2008-04-16 11:06:39.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_cracklib/README 2009-01-20 11:58:14.000000000 +0100 -@@ -51,11 +51,6 @@ - - Is the new password a rotated version of the old password? - --Already used -- -- Was the password used in the past? Previously used passwords are to be -- found in /etc/security/opasswd. -- - This module with no arguments will work well for standard unix password - encryption. With md5 encryption, passwords can be longer than 8 characters and - the default settings for this module can make it hard for the user to choose a -@@ -129,7 +124,7 @@ - will count +1 towards meeting the current minlen value. The default for - ucredit is 1 which is the recommended value for minlen less than 10. - -- (N > 0) This is the minimum number of upper case letters that must be met -+ (N < 0) This is the minimum number of upper case letters that must be met - for a new password. - - lcredit=N ---- Linux-PAM-1.0.2-orig/modules/pam_debug/pam_debug.8 2008-04-16 11:06:41.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_debug/pam_debug.8 2009-01-20 11:58:16.000000000 +0100 -@@ -1,23 +1,181 @@ - .\" Title: pam_debug --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_DEBUG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DEBUG" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_debug - PAM module to debug the PAM stack --.SH "SYNOPSIS" --.HP 13 --\fBpam_debug\.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_debug \- PAM module to debug the PAM stack -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_debug\&.so\fR\ 'u -+\fBpam_debug\&.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR] -+.fam - .SH "DESCRIPTION" - .PP --The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\. This module returns what its module arguments tell it to return\. -+The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\&. This module returns what its module arguments tell it to return\&. - .SH "OPTIONS" - .PP - \fBauth=\fR\fB\fIvalue\fR\fR -@@ -25,7 +183,7 @@ - The - \fBpam_sm_authenticate\fR(3) - function will return --\fIvalue\fR\. -+\fIvalue\fR\&. - .RE - .PP - \fBcred=\fR\fB\fIvalue\fR\fR -@@ -33,7 +191,7 @@ - The - \fBpam_sm_setcred\fR(3) - function will return --\fIvalue\fR\. -+\fIvalue\fR\&. - .RE - .PP - \fBacct=\fR\fB\fIvalue\fR\fR -@@ -41,7 +199,7 @@ - The - \fBpam_sm_acct_mgmt\fR(3) - function will return --\fIvalue\fR\. -+\fIvalue\fR\&. - .RE - .PP - \fBprechauthtok=\fR\fB\fIvalue\fR\fR -@@ -52,7 +210,7 @@ - \fIvalue\fR - if the - \fIPAM_PRELIM_CHECK\fR --flag is set\. -+flag is set\&. - .RE - .PP - \fBchauthtok=\fR\fB\fIvalue\fR\fR -@@ -65,7 +223,7 @@ - \fIPAM_PRELIM_CHECK\fR - flag is - \fBnot\fR --set\. -+set\&. - .RE - .PP - \fBopen_session=\fR\fB\fIvalue\fR\fR -@@ -73,7 +231,7 @@ - The - \fBpam_sm_open_session\fR(3) - function will return --\fIvalue\fR\. -+\fIvalue\fR\&. - .RE - .PP - \fBclose_session=\fR\fB\fIvalue\fR\fR -@@ -81,46 +239,62 @@ - The - \fBpam_sm_close_session\fR(3) - function will return --\fIvalue\fR\. -+\fIvalue\fR\&. - .RE - .PP - Where - \fIvalue\fR --can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\. --.SH "MODULE SERVICES PROVIDED" -+can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\&. -+.SH "MODULE TYPES PROVIDED" - .PP --The services --\fBauth\fR, -+All module types (\fBauth\fR, - \fBaccount\fR, - \fBpassword\fR - and --\fBsession\fR --are supported\. -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --Default return code if no other value was specified, else specified return value\. -+Default return code if no other value was specified, else specified return value\&. - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth requisite pam_permit\.so --auth [success=2 default=ok] pam_debug\.so auth=perm_denied cred=success --auth [default=reset] pam_debug\.so auth=success cred=perm_denied --auth [success=done default=die] pam_debug\.so --auth optional pam_debug\.so auth=perm_denied cred=perm_denied --auth sufficient pam_debug\.so auth=success cred=success -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth requisite pam_permit\&.so -+auth [success=2 default=ok] pam_debug\&.so auth=perm_denied cred=success -+auth [default=reset] pam_debug\&.so auth=success cred=perm_denied -+auth [success=done default=die] pam_debug\&.so -+auth optional pam_debug\&.so auth=perm_denied cred=perm_denied -+auth sufficient pam_debug\&.so auth=success cred=success - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_debug was written by Andrew G\. Morgan \. -+pam_debug was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_deny/pam_deny.8 2008-04-16 11:06:44.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_deny/pam_deny.8 2009-01-20 11:58:19.000000000 +0100 -@@ -1,82 +1,258 @@ - .\" Title: pam_deny --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_DENY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DENY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_deny - The locking-out PAM module --.SH "SYNOPSIS" --.HP 12 --\fBpam_deny\.so\fR -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_deny \- The locking\-out PAM module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_deny\&.so\fR\ 'u -+\fBpam_deny\&.so\fR -+.fam - .SH "DESCRIPTION" - .PP --This module can be used to deny access\. It always indicates a failure to the application through the PAM framework\. It might be suitable for using for default (the --\fIOTHER\fR) entries\. -+This module can be used to deny access\&. It always indicates a failure to the application through the PAM framework\&. It might be suitable for using for default (the -+\fIOTHER\fR) entries\&. - .SH "OPTIONS" - .PP --This module does not recognise any options\. --.SH "MODULE SERVICES PROVIDED" -+This module does not recognise any options\&. -+.SH "MODULE TYPES PROVIDED" - .PP --All services (\fBaccount\fR, -+All module types (\fBaccount\fR, - \fBauth\fR, - \fBpassword\fR - and --\fBsession\fR) are supported\. -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_AUTH_ERR - .RS 4 --This is returned by the account and auth services\. -+This is returned by the account and auth services\&. - .RE - .PP - PAM_CRED_ERR - .RS 4 --This is returned by the setcred function\. -+This is returned by the setcred function\&. - .RE - .PP - PAM_AUTHTOK_ERR - .RS 4 --This is returned by the password service\. -+This is returned by the password service\&. - .RE - .PP - PAM_SESSION_ERR - .RS 4 --This is returned by the session service\. -+This is returned by the session service\&. - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 - # - # If we don\'t have config entries for a service, the --# OTHER entries are used\. To be secure, warn and deny --# access to everything\. --other auth required pam_warn\.so --other auth required pam_deny\.so --other account required pam_warn\.so --other account required pam_deny\.so --other password required pam_warn\.so --other password required pam_deny\.so --other session required pam_warn\.so --other session required pam_deny\.so -+# OTHER entries are used\&. To be secure, warn and deny -+# access to everything\&. -+other auth required pam_warn\&.so -+other auth required pam_deny\&.so -+other account required pam_warn\&.so -+other account required pam_deny\&.so -+other password required pam_warn\&.so -+other password required pam_deny\&.so -+other session required pam_warn\&.so -+other session required pam_deny\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_deny was written by Andrew G\. Morgan -+pam_deny was written by Andrew G\&. Morgan ---- Linux-PAM-1.0.2-orig/modules/pam_echo/pam_echo.8 2008-04-16 11:06:47.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_echo/pam_echo.8 2009-01-20 11:58:22.000000000 +0100 -@@ -1,108 +1,288 @@ - .\" Title: pam_echo --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_ECHO" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ECHO" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_echo - PAM module for printing text messages --.SH "SYNOPSIS" --.HP 12 --\fBpam_echo\.so\fR [file=\fI/path/message\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_echo \- PAM module for printing text messages -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_echo\&.so\fR\ 'u -+\fBpam_echo\&.so\fR [file=\fI/path/message\fR] -+.fam - .SH "DESCRIPTION" - .PP - The - \fIpam_echo\fR --PAM module is for printing text messages to inform user about special things\. Sequences starting with the -+PAM module is for printing text messages to inform user about special things\&. Sequences starting with the - \fI%\fR - character are interpreted in the following way: - .PP - \fI%H\fR - .RS 4 --The name of the remote host (PAM_RHOST)\. -+The name of the remote host (PAM_RHOST)\&. - .RE - .PP - \fB%h\fR - .RS 4 --The name of the local host\. -+The name of the local host\&. - .RE - .PP - \fI%s\fR - .RS 4 --The service name (PAM_SERVICE)\. -+The service name (PAM_SERVICE)\&. - .RE - .PP - \fI%t\fR - .RS 4 --The name of the controlling terminal (PAM_TTY)\. -+The name of the controlling terminal (PAM_TTY)\&. - .RE - .PP - \fI%U\fR - .RS 4 --The remote user name (PAM_RUSER)\. -+The remote user name (PAM_RUSER)\&. - .RE - .PP - \fI%u\fR - .RS 4 --The local user name (PAM_USER)\. -+The local user name (PAM_USER)\&. - .RE - .PP - All other sequences beginning with - \fI%\fR - expands to the characters following the - \fI%\fR --character\. -+character\&. - .SH "OPTIONS" - .PP - \fBfile=\fR\fB\fI/path/message\fR\fR - .RS 4 - The content of the file --\fI/path/message\fR --will be printed with the PAM conversion function as PAM_TEXT_INFO\. -+\FC/path/message\F[] -+will be printed with the PAM conversion function as PAM_TEXT_INFO\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --All services are supported\. -+All module types (\fBauth\fR, -+\fBaccount\fR, -+\fBpassword\fR -+and -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Message was successful printed\. -+Message was successful printed\&. - .RE - .PP - PAM_IGNORE - .RS 4 --PAM_SILENT flag was given or message file does not exist, no message printed\. -+PAM_SILENT flag was given or message file does not exist, no message printed\&. - .RE - .SH "EXAMPLES" - .PP - For an example of the use of this module, we show how it may be used to print informations about good passwords: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --password optional pam_echo\.so file=/usr/share/doc/good\-password\.txt --password required pam_unix\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+password optional pam_echo\&.so file=/usr/share/doc/good\-password\&.txt -+password required pam_unix\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(8), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --Thorsten Kukuk -+Thorsten Kukuk ---- Linux-PAM-1.0.2-orig/modules/pam_env/pam_env.8 2008-04-16 11:06:52.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_env/pam_env.8 2009-01-20 11:58:25.000000000 +0100 -@@ -1,100 +1,258 @@ - .\" Title: pam_env --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_ENV" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_env - PAM module to set/unset environment variables --.SH "SYNOPSIS" --.HP 11 --\fBpam_env\.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_env \- PAM module to set/unset environment variables -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_env\&.so\fR\ 'u -+\fBpam_env\&.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] -+.fam - .SH "DESCRIPTION" - .PP --The pam_env PAM module allows the (un)setting of environment variables\. Supported is the use of previously set environment variables as well as -+The pam_env PAM module allows the (un)setting of environment variables\&. Supported is the use of previously set environment variables as well as - \fIPAM_ITEM\fRs such as --\fIPAM_RHOST\fR\. -+\fIPAM_RHOST\fR\&. - .PP - By default rules for (un)setting of variables is taken from the config file --\fI/etc/security/pam_env\.conf\fR --if no other file is specified\. -+\FC/etc/security/pam_env\&.conf\F[] -+if no other file is specified\&. - .PP - This module can also parse a file with simple - \fIKEY=VAL\fR --pairs on seperate lines (\fI/etc/environment\fR --by default)\. You can change the default file to parse, with the -+pairs on separate lines (\FC/etc/environment\F[] -+by default)\&. You can change the default file to parse, with the - \fIenvfile\fR - flag and turn it on or off by setting the - \fIreadenv\fR --flag to 1 or 0 respectively\. -+flag to 1 or 0 respectively\&. - .SH "OPTIONS" - .PP --\fBconffile=\fR\fB\fI/path/to/pam_env\.conf\fR\fR -+\fBconffile=\fR\fB\fI/path/to/pam_env\&.conf\fR\fR - .RS 4 - Indicate an alternative --\fIpam_env\.conf\fR --style configuration file to override the default\. This can be useful when different services need different environments\. -+\FCpam_env\&.conf\F[] -+style configuration file to override the default\&. This can be useful when different services need different environments\&. - .RE - .PP - \fBdebug\fR - .RS 4 - A lot of debug informations are printed with --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .RE - .PP - \fBenvfile=\fR\fB\fI/path/to/environment\fR\fR - .RS 4 - Indicate an alternative --\fIenvironment\fR --file to override the default\. This can be useful when different services need different environments\. -+\FCenvironment\F[] -+file to override the default\&. This can be useful when different services need different environments\&. - .RE - .PP - \fBreadenv=\fR\fB\fI0|1\fR\fR - .RS 4 --Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\. By default this option is on\. -+Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\&. By default this option is on\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - The - \fBauth\fR - and - \fBsession\fR --services are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_ABORT - .RS 4 --Not all relevant data or options could be gotten\. -+Not all relevant data or options could be gotten\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_IGNORE - .RS 4 --No pam_env\.conf and environment file was found\. -+No pam_env\&.conf and environment file was found\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Environment variables were set\. -+Environment variables were set\&. - .RE - .SH "FILES" - .PP --\fI/etc/security/pam_env\.conf\fR -+\FC/etc/security/pam_env\&.conf\F[] - .RS 4 - Default configuration file - .RE - .PP --\fI/etc/environment\fR -+\FC/etc/environment\F[] - .RS 4 - Default environment file - .RE -@@ -102,8 +260,8 @@ - .PP - - \fBpam_env.conf\fR(5), --\fBpam.d\fR(8), --\fBpam\fR(8)\. -+\fBpam.d\fR(5), -+\fBpam\fR(8)\&. - .SH "AUTHOR" - .PP --pam_env was written by Dave Kinchlea \. -+pam_env was written by Dave Kinchlea \&. ---- Linux-PAM-1.0.2-orig/modules/pam_env/README 2008-04-16 11:06:53.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_env/README 2009-01-20 11:58:27.000000000 +0100 -@@ -11,7 +11,7 @@ - By default rules for (un)setting of variables is taken from the config file / - etc/security/pam_env.conf if no other file is specified. - --This module can also parse a file with simple KEY=VAL pairs on seperate lines -+This module can also parse a file with simple KEY=VAL pairs on separate lines - (/etc/environment by default). You can change the default file to parse, with - the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 - respectively. ---- Linux-PAM-1.0.2-orig/modules/pam_exec/pam_exec.8 2008-04-16 11:09:09.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_exec/pam_exec.8 2009-01-20 11:58:29.000000000 +0100 -@@ -1,23 +1,181 @@ - .\" Title: pam_exec --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_EXEC" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_EXEC" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_exec - PAM module which calls an external command --.SH "SYNOPSIS" --.HP 12 --\fBpam_exec\.so\fR [debug] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\.\.\.\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_exec \- PAM module which calls an external command -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_exec\&.so\fR\ 'u -+\fBpam_exec\&.so\fR [debug] [seteuid] [quiet] [log=\fIfile\fR] \fIcommand\fR [\fI\&.\&.\&.\fR] -+.fam - .SH "DESCRIPTION" - .PP --pam_exec is a PAM module that can be used to run an external command\. -+pam_exec is a PAM module that can be used to run an external command\&. - .PP - The child\'s environment is set to the current PAM environment list, as returned by - \fBpam_getenvlist\fR(3) -@@ -26,91 +184,117 @@ - \fIPAM_RUSER\fR, - \fIPAM_SERVICE\fR, - \fIPAM_TTY\fR, and --\fIPAM_USER\fR\. -+\fIPAM_USER\fR\&. - .SH "OPTIONS" - .PP - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBlog=\fR\fB\fIfile\fR\fR - .RS 4 - The output of the command is appended to --\fIfile\fR -+\FCfile\F[] - .RE - .PP - \fBquiet\fR - .RS 4 --Per default pam_exec\.so will echo the exit status of the external command if it fails\. Specifying this option will suppress the message\. -+Per default pam_exec\&.so will echo the exit status of the external command if it fails\&. Specifying this option will suppress the message\&. - .RE - .PP - \fBseteuid\fR - .RS 4 --Per default pam_exec\.so will execute the external command with the real user ID of the calling process\. Specifying this option means the command is run with the effective user ID\. -+Per default pam_exec\&.so will execute the external command with the real user ID of the calling process\&. Specifying this option means the command is run with the effective user ID\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --The services --\fBauth\fR, -+All module types (\fBauth\fR, - \fBaccount\fR, - \fBpassword\fR - and --\fBsession\fR --are supported\. -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SUCCESS - .RS 4 --The external command runs successfull\. -+The external command runs successfull\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --No argument or a wrong number of arguments were given\. -+No argument or a wrong number of arguments were given\&. - .RE - .PP - PAM_SYSTEM_ERR - .RS 4 --A system error occured or the command to execute failed\. -+A system error occured or the command to execute failed\&. - .RE - .PP - PAM_IGNORE - .RS 4 - - \fBpam_setcred\fR --was called, which does not execute the command\. -+was called, which does not execute the command\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/passwd\fR -+\FC/etc/pam\&.d/passwd\F[] - to rebuild the NIS database after each local password change: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -- passwd optional pam_exec\.so seteuid make \-C /var/yp -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+ passwd optional pam_exec\&.so seteuid make \-C /var/yp - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - This will execute the command - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.BB lightgray - make \-C /var/yp -+.EB lightgray - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp --with effective user ID\. -+with effective user ID\&. - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_exec was written by Thorsten Kukuk \. -+pam_exec was written by Thorsten Kukuk \&. ---- Linux-PAM-1.0.2-orig/modules/pam_faildelay/pam_faildelay.8 2008-04-16 11:09:21.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_faildelay/pam_faildelay.8 2009-01-20 11:58:33.000000000 +0100 -@@ -1,73 +1,249 @@ - .\" Title: pam_faildelay --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_FAILDELAY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FAILDELAY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_faildelay - Change the delay on failure per-application --.SH "SYNOPSIS" --.HP 17 --\fBpam_faildelay\.so\fR [debug] [delay=\fImicroseconds\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_faildelay \- Change the delay on failure per\-application -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_faildelay\&.so\fR\ 'u -+\fBpam_faildelay\&.so\fR [debug] [delay=\fImicroseconds\fR] -+.fam - .SH "DESCRIPTION" - .PP --pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\. -+pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\&. - .PP - If no - \fBdelay\fR - is given, pam_faildelay will use the value of FAIL_DELAY from --\fI/etc/login\.defs\fR\. -+\FC/etc/login\&.defs\F[]\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Turns on debugging messages sent to syslog\. -+Turns on debugging messages sent to syslog\&. - .RE - .PP - \fBdelay=\fR\fB\fIN\fR\fR - .RS 4 --Set the delay on failure to N microseconds\. -+Set the delay on failure to N microseconds\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBauth\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_IGNORE - .RS 4 --Delay was successful adjusted\. -+Delay was successful adjusted\&. - .RE - .PP - PAM_SYSTEM_ERR - .RS 4 --The specified delay was not valid\. -+The specified delay was not valid\&. - .RE - .SH "EXAMPLES" - .PP - The following example will set the delay on failure to 10 seconds: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth optional pam_faildelay\.so delay=10000000 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth optional pam_faildelay\&.so delay=10000000 - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam_fail_delay\fR(3), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_faildelay was written by Darren Tucker \. -+pam_faildelay was written by Darren Tucker \&. ---- Linux-PAM-1.0.2-orig/modules/pam_filter/pam_filter.8 2008-04-16 11:06:56.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_filter/pam_filter.8 2009-01-20 11:58:36.000000000 +0100 -@@ -1,73 +1,231 @@ - .\" Title: pam_filter --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_FILTER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FILTER" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_filter - PAM filter module --.SH "SYNOPSIS" --.HP 14 --\fBpam_filter\.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\.\.\.\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_filter \- PAM filter module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_filter\&.so\fR\ 'u -+\fBpam_filter\&.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\&.\&.\&.\fR] -+.fam - .SH "DESCRIPTION" - .PP --This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\. It is only suitable for tty\-based and (stdin/stdout) applications\. -+This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\&. It is only suitable for tty\-based and (stdin/stdout) applications\&. - .PP - To function this module requires - \fIfilters\fR --to be installed on the system\. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\. (This can be very annoying and is not kind to termcap based editors)\. -+to be installed on the system\&. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\&. (This can be very annoying and is not kind to termcap based editors)\&. - .PP --Each component of the module has the potential to invoke the desired filter\. The filter is always -+Each component of the module has the potential to invoke the desired filter\&. The filter is always - \fBexecv\fR(2) - with the privilege of the calling application and - \fInot\fR --that of the user\. For this reason it cannot usually be killed by the user without closing their session\. -+that of the user\&. For this reason it cannot usually be killed by the user without closing their session\&. - .SH "OPTIONS" - .PP - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBnew_term\fR - .RS 4 - The default action of the filter is to set the - \fIPAM_TTY\fR --item to indicate the terminal that the user is using to connect to the application\. This argument indicates that the filter should set -+item to indicate the terminal that the user is using to connect to the application\&. This argument indicates that the filter should set - \fIPAM_TTY\fR --to the filtered pseudo\-terminal\. -+to the filtered pseudo\-terminal\&. - .RE - .PP - \fBnon_term\fR - .RS 4 - don\'t try to set the - \fIPAM_TTY\fR --item\. -+item\&. - .RE - .PP - \fBrunX\fR - .RS 4 --In order that the module can invoke a filter it should know when to invoke it\. This argument is required to tell the filter when to do this\. -+In order that the module can invoke a filter it should know when to invoke it\&. This argument is required to tell the filter when to do this\&. - .sp - Permitted values for - \fIX\fR - are - \fI1\fR - and --\fI2\fR\. These indicate the precise time that the filter is to be run\. To understand this concept it will be useful to have read the -+\fI2\fR\&. These indicate the precise time that the filter is to be run\&. To understand this concept it will be useful to have read the - \fBpam\fR(3) --manual page\. Basically, for each management group there are up to two ways of calling the module\'s functions\. In the case of the -+manual page\&. Basically, for each management group there are up to two ways of calling the module\'s functions\&. In the case of the - \fIauthentication\fR - and - \fIsession\fR --components there are actually two separate functions\. For the case of authentication, these functions are -+components there are actually two separate functions\&. For the case of authentication, these functions are - \fBpam_authenticate\fR(3) - and - \fBpam_setcred\fR(3), here -@@ -77,20 +235,20 @@ - function and - \fBrun2\fR - means run the filter from --\fBpam_setcred\fR\. In the case of the session modules, -+\fBpam_setcred\fR\&. In the case of the session modules, - \fIrun1\fR - implies that the filter is invoked at the - \fBpam_open_session\fR(3) - stage, and - \fIrun2\fR - for --\fBpam_close_session\fR(3)\. -+\fBpam_close_session\fR(3)\&. - .sp --For the case of the account component\. Either -+For the case of the account component\&. Either - \fIrun1\fR - or - \fIrun2\fR --may be used\. -+may be used\&. - .sp - For the case of the password component, - \fIrun1\fR -@@ -102,53 +260,69 @@ - \fIrun2\fR - is used to indicate that the filter is run on the second occasion (the - \fIPAM_UPDATE_AUTHTOK\fR --phase)\. -+phase)\&. - .RE - .PP - \fBfilter\fR - .RS 4 --The full pathname of the filter to be run and any command line arguments that the filter might expect\. -+The full pathname of the filter to be run and any command line arguments that the filter might expect\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --The services --\fBauth\fR, -+All module types (\fBauth\fR, - \fBaccount\fR, - \fBpassword\fR - and --\fBsession\fR --are supported\. -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SUCCESS - .RS 4 --The new filter was set successfull\. -+The new filter was set successfull\&. - .RE - .PP - PAM_ABORT - .RS 4 --Critical error, immediate abort\. -+Critical error, immediate abort\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - to see how to configure login to transpose upper and lower case letters once the user has logged in: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -- session required pam_filter\.so run1 /lib/security/pam_filter/upperLOWER -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+ session required pam_filter\&.so run1 /lib/security/pam_filter/upperLOWER - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_filter was written by Andrew G\. Morgan \. -+pam_filter was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_ftp/pam_ftp.8 2008-04-16 11:07:01.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_ftp/pam_ftp.8 2009-01-20 11:58:39.000000000 +0100 -@@ -1,25 +1,183 @@ - .\" Title: pam_ftp --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_FTP" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FTP" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_ftp - PAM module for anonymous access module --.SH "SYNOPSIS" --.HP 11 --\fBpam_ftp\.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_ftp \- PAM module for anonymous access module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_ftp\&.so\fR\ 'u -+\fBpam_ftp\&.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...] -+.fam - .SH "DESCRIPTION" - .PP --pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\. -+pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\&. - .PP --This module intercepts the user\'s name and password\. If the name is -+This module intercepts the user\'s name and password\&. If the name is - \fIftp\fR - or - \fIanonymous\fR, the user\'s password is broken up at the -@@ -28,78 +186,96 @@ - \fIPAM_RUSER\fR - and a - \fIPAM_RHOST\fR --part; these pam\-items being set accordingly\. The username (\fIPAM_USER\fR) is set to --\fIftp\fR\. In this case the module succeeds\. Alternatively, the module sets the -+part; these pam\-items being set accordingly\&. The username (\fIPAM_USER\fR) is set to -+\fIftp\fR\&. In this case the module succeeds\&. Alternatively, the module sets the - \fIPAM_AUTHTOK\fR --item with the entered password and fails\. -+item with the entered password and fails\&. - .PP --This module is not safe and easily spoofable\. -+This module is not safe and easily spoofable\&. - .SH "OPTIONS" - .PP - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBignore\fR - .RS 4 --Pay no attention to the email address of the user (if supplied)\. -+Pay no attention to the email address of the user (if supplied)\&. - .RE - .PP --\fBftp=\fR\fB\fIXXX,YYY,\.\.\.\fR\fR -+\fBftp=\fR\fB\fIXXX,YYY,\&.\&.\&.\fR\fR - .RS 4 - Instead of - \fIftp\fR - or - \fIanonymous\fR, provide anonymous login to the comma separated list of users: --\fB\fIXXX,YYY,\.\.\.\fR\fR\. Should the applicant enter one of these usernames the returned username is set to the first in the list: --\fIXXX\fR\. -+\fB\fIXXX,YYY,\&.\&.\&.\fR\fR\&. Should the applicant enter one of these usernames the returned username is set to the first in the list: -+\fIXXX\fR\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBauth\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SUCCESS - .RS 4 --The authentication was successfull\. -+The authentication was successfull\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/ftpd\fR -+\FC/etc/pam\&.d/ftpd\F[] - to handle ftp style anonymous login: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ - # --# ftpd; add ftp\-specifics\. These lines enable anonymous ftp over -+# ftpd; add ftp\-specifics\&. These lines enable anonymous ftp over - # standard UN*X access (the listfile entry blocks access to - # users listed in /etc/ftpusers) - # --auth sufficient pam_ftp\.so --auth required pam_unix\.so use_first_pass --auth required pam_listfile\.so \e -+auth sufficient pam_ftp\&.so -+auth required pam_unix\&.so use_first_pass -+auth required pam_listfile\&.so \e - onerr=succeed item=user sense=deny file=/etc/ftpusers - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_ftp was written by Andrew G\. Morgan \. -+pam_ftp was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_group/pam_group.8 2008-04-16 11:07:06.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_group/pam_group.8 2009-01-20 11:58:43.000000000 +0100 -@@ -1,85 +1,243 @@ - .\" Title: pam_group --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHORS" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_GROUP" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GROUP" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_group - PAM module for group access --.SH "SYNOPSIS" --.HP 13 --\fBpam_group\.so\fR -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_group \- PAM module for group access -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_group\&.so\fR\ 'u -+\fBpam_group\&.so\fR -+.fam - .SH "DESCRIPTION" - .PP --The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\. Such memberships are based on the service they are applying for\. -+The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&. - .PP - By default rules for group memberships are taken from config file --\fI/etc/security/group\.conf\fR\. -+\FC/etc/security/group\&.conf\F[]\&. - .PP --This module\'s usefulness relies on the file\-systems accessible to the user\. The point being that once granted the membership of a group, the user may attempt to create a -+This module\'s usefulness relies on the file\-systems accessible to the user\&. The point being that once granted the membership of a group, the user may attempt to create a - \fBsetgid\fR --binary with a restricted group ownership\. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted -+binary with a restricted group ownership\&. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\&. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted - \fInosuid\fR --the user is unable to create or execute such a binary file\. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted --\fInosuid\fR\. -+the user is unable to create or execute such a binary file\&. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted -+\fInosuid\fR\&. - .PP - The pam_group module fuctions in parallel with the --\fI/etc/group\fR --file\. If the user is granted any groups based on the behavior of this module, they are granted -+\FC/etc/group\F[] -+file\&. If the user is granted any groups based on the behavior of this module, they are granted - \fIin addition\fR - to those entries --\fI/etc/group\fR --(or equivalent)\. -+\FC/etc/group\F[] -+(or equivalent)\&. - .SH "OPTIONS" - .PP --This module does not recognise any options\. --.SH "MODULE SERVICES PROVIDED" -+This module does not recognise any options\&. -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBauth\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --group membership was granted\. -+group membership was granted\&. - .RE - .PP - PAM_ABORT - .RS 4 --Not all relevant data could be gotten\. -+Not all relevant data could be gotten\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_CRED_ERR - .RS 4 --Group membership was not granted\. -+Group membership was not granted\&. - .RE - .PP - PAM_IGNORE - .RS 4 - - \fBpam_sm_authenticate\fR --was called which does nothing\. -+was called which does nothing\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --The user is not known to the system\. -+The user is not known to the system\&. - .RE - .SH "FILES" - .PP --\fI/etc/security/group\.conf\fR -+\FC/etc/security/group\&.conf\F[] - .RS 4 - Default configuration file - .RE -@@ -87,8 +245,8 @@ - .PP - - \fBgroup.conf\fR(5), --\fBpam.d\fR(8), --\fBpam\fR(8)\. -+\fBpam.d\fR(5), -+\fBpam\fR(8)\&. - .SH "AUTHORS" - .PP --pam_group was written by Andrew G\. Morgan \. -+pam_group was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_issue/pam_issue.8 2008-04-16 11:07:09.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_issue/pam_issue.8 2009-01-20 11:58:46.000000000 +0100 -@@ -1,23 +1,181 @@ - .\" Title: pam_issue --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_ISSUE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ISSUE" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_issue - PAM module to add issue file to user prompt --.SH "SYNOPSIS" --.HP 13 --\fBpam_issue\.so\fR [noesc] [issue=\fIissue\-file\-name\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_issue \- PAM module to add issue file to user prompt -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_issue\&.so\fR\ 'u -+\fBpam_issue\&.so\fR [noesc] [issue=\fIissue\-file\-name\fR] -+.fam - .SH "DESCRIPTION" - .PP --pam_issue is a PAM module to prepend an issue file to the username prompt\. It also by default parses escape codes in the issue file similar to some common getty\'s (using \ex format)\. -+pam_issue is a PAM module to prepend an issue file to the username prompt\&. It also by default parses escape codes in the issue file similar to some common getty\'s (using \ex format)\&. - .PP - Recognized escapes: - .PP -@@ -68,7 +226,7 @@ - .PP - \fB\eU\fR - .RS 4 --same as \eu except it is suffixed with "user" or "users" (eg\. "1 user" or "10 users") -+same as \eu except it is suffixed with "user" or "users" (eg\&. "1 user" or "10 users") - .RE - .PP - \fB\ev\fR -@@ -80,59 +238,77 @@ - .PP - \fBnoesc\fR - .RS 4 --Turns off escape code parsing\. -+Turns off escape code parsing\&. - .RE - .PP - \fBissue=\fR\fB\fIissue\-file\-name\fR\fR - .RS 4 --The file to output if not using the default\. -+The file to output if not using the default\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBauth\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_IGNORE - .RS 4 --The prompt was already changed\. -+The prompt was already changed\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --A service module error occured\. -+A service module error occured\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --The new prompt was set successfull\. -+The new prompt was set successfull\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - to set the user specific issue at login: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -- auth optional pam_issue\.so issue=/etc/issue -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+ auth optional pam_issue\&.so issue=/etc/issue - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_issue was written by Ben Collins \. -+pam_issue was written by Ben Collins \&. ---- Linux-PAM-1.0.2-orig/modules/pam_keyinit/pam_keyinit.8 2008-04-16 11:07:12.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_keyinit/pam_keyinit.8 2009-01-20 11:58:50.000000000 +0100 -@@ -1,63 +1,221 @@ - .\" Title: pam_keyinit --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_KEYINIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_KEYINIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_keyinit - Kernel session keyring initialiser module --.SH "SYNOPSIS" --.HP 15 --\fBpam_keyinit\.so\fR [debug] [force] [revoke] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_keyinit \- Kernel session keyring initialiser module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_keyinit\&.so\fR\ 'u -+\fBpam_keyinit\&.so\fR [debug] [force] [revoke] -+.fam - .SH "DESCRIPTION" - .PP --The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\. -+The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\&. - .PP --The session component of the module checks to see if the process\'s session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\. -+The session component of the module checks to see if the process\'s session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\&. - .PP --If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\. -+If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\&. - .PP --The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\. -+The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&. - .PP --This module is intended primarily for use by login processes\. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\. -+This module is intended primarily for use by login processes\&. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\&. - .PP - This module should not, generally, be invoked by programs like --\fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\. The keys have their own permissions system to manage this\. -+\fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\&. The keys have their own permissions system to manage this\&. - .PP --This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\. -+This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\&. - .PP --The keyutils package is used to manipulate keys more directly\. This can be obtained from: -+The keyutils package is used to manipulate keys more directly\&. This can be obtained from: - .PP - --\fI Keyutils \fR\&[1] -+\m[blue]\fB Keyutils \fR\m[]\&\s-2\u[1]\d\s+2 - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 - Log debug information with --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .RE - .PP - \fBforce\fR - .RS 4 --Causes the session keyring of the invoking process to be replaced unconditionally\. -+Causes the session keyring of the invoking process to be replaced unconditionally\&. - .RE - .PP - \fBrevoke\fR - .RS 4 --Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\. -+Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS -@@ -67,56 +225,74 @@ - .PP - PAM_AUTH_ERR - .RS 4 --Authentication failure\. -+Authentication failure\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_IGNORE - .RS 4 --The return value should be ignored by PAM dispatch\. -+The return value should be ignored by PAM dispatch\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Cannot determine the user name\. -+Cannot determine the user name\&. - .RE - .PP - PAM_SESSION_ERR - .RS 4 --This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs\. -+This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add this line to your login entries to start each login session with its own session keyring: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --session required pam_keyinit\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+session required pam_keyinit\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .PP --This will prevent keys from one session leaking into another session for the same user\. -+This will prevent keys from one session leaking into another session for the same user\&. - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - \fBkeyctl\fR(1) - .SH "AUTHOR" - .PP --pam_keyinit was written by David Howells, \. --.SH "NOTES" -+pam_keyinit was written by David Howells, \&. -+.SH "Notes" - .IP " 1." 4 - Keyutils - .RS 4 ---- Linux-PAM-1.0.2-orig/modules/pam_lastlog/pam_lastlog.8 2008-04-16 11:07:16.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_lastlog/pam_lastlog.8 2009-01-20 11:58:53.000000000 +0100 -@@ -1,104 +1,292 @@ - .\" Title: pam_lastlog --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_LASTLOG" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LASTLOG" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_lastlog - PAM module to display date of last login --.SH "SYNOPSIS" --.HP 15 --\fBpam_lastlog\.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_lastlog \- PAM module to display date of last login -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_lastlog\&.so\fR\ 'u -+\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] -+.fam - .SH "DESCRIPTION" - .PP --pam_lastlog is a PAM module to display a line of information about the last login of the user\. In addition, the module maintains the --\fI/var/log/lastlog\fR --file\. -+pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the -+\FC/var/log/lastlog\F[] -+file\&. - .PP --Some applications may perform this function themselves\. In such cases, this module is not necessary\. -+Some applications may perform this function themselves\&. In such cases, this module is not necessary\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBsilent\fR - .RS 4 - Don\'t inform the user about any previous login, just upate the --\fI/var/log/lastlog\fR --file\. -+\FC/var/log/lastlog\F[] -+file\&. - .RE - .PP - \fBnever\fR - .RS 4 - If the --\fI/var/log/lastlog\fR --file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\. -+\FC/var/log/lastlog\F[] -+file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\&. - .RE - .PP - \fBnodate\fR - .RS 4 --Don\'t display the date of the last login\. -+Don\'t display the date of the last login\&. - .RE - .PP - \fBnoterm\fR - .RS 4 --Don\'t display the terminal name on which the last login was attempted\. -+Don\'t display the terminal name on which the last login was attempted\&. - .RE - .PP - \fBnohost\fR - .RS 4 --Don\'t indicate from which host the last login was attempted\. -+Don\'t indicate from which host the last login was attempted\&. - .RE - .PP - \fBnowtmp\fR - .RS 4 --Don\'t update the wtmp entry\. -+Don\'t update the wtmp entry\&. -+.RE -+.PP -+\fBnoupdate\fR -+.RS 4 -+Don\'t update any file\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.PP -+\fBshowfailed\fR -+.RS 4 -+Display number of failed login attempts and the date of the last failed attempt from btmp\&. The date is not displayed when -+\fBnodate\fR -+is specified\&. -+.RE -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SUCCESS - .RS 4 --Everything was successfull\. -+Everything was successfull\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Internal service module error\. -+Internal service module error\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - to display the last login time of an user: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -- session required pam_lastlog\.so nowtmp -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+ session required pam_lastlog\&.so nowtmp - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "FILES" - .PP --\fI/var/log/lastlog\fR -+\FC/var/log/lastlog\F[] - .RS 4 - Lastlog logging file - .RE -@@ -106,8 +294,8 @@ - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_lastlog was written by Andrew G\. Morgan \. -+pam_lastlog was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_lastlog/README 2008-04-16 11:07:17.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_lastlog/README 2009-01-20 11:58:55.000000000 +0100 -@@ -43,6 +43,15 @@ - - Don't update the wtmp entry. - -+noupdate -+ -+ Don't update any file. -+ -+showfailed -+ -+ Display number of failed login attempts and the date of the last failed -+ attempt from btmp. The date is not displayed when nodate is specified. -+ - EXAMPLES - - Add the following line to /etc/pam.d/login to display the last login time of an ---- Linux-PAM-1.0.2-orig/modules/pam_limits/limits.conf.5 2008-04-16 11:07:19.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_limits/limits.conf.5 2009-01-20 11:58:57.000000000 +0100 -@@ -1,17 +1,173 @@ - .\" Title: limits.conf --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "LIMITS\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "LIMITS\&.CONF" "5" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --limits.conf - configuration file for the pam_limits module -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+limits.conf \- configuration file for the pam_limits module - .SH "DESCRIPTION" - .PP - The syntax of the lines is as follows: -@@ -28,25 +184,53 @@ - .RS 4 - .sp - .RS 4 --\h'-04'\(bu\h'+03'a username -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+a username - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'a groupname, with -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+a groupname, with - \fB@group\fR --syntax\. This should not be confused with netgroups\. -+syntax\&. This should not be confused with netgroups\&. - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'the wildcard --\fB*\fR, for default entry\. -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+the wildcard -+\fB*\fR, for default entry\&. - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'the wildcard -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+the wildcard - \fB%\fR, for maxlogins limit only, can also be used with - \fI%group\fR --syntax\. -+syntax\&. - .RE - .RE - .PP -@@ -57,18 +241,18 @@ - .RS 4 - for enforcing - \fBhard\fR --resource limits\. These limits are set by the superuser and enforced by the Kernel\. The user cannot raise his requirement of system resources above such values\. -+resource limits\&. These limits are set by the superuser and enforced by the Kernel\&. The user cannot raise his requirement of system resources above such values\&. - .RE - .PP - \fBsoft\fR - .RS 4 - for enforcing - \fBsoft\fR --resource limits\. These limits are ones that the user can move up or down within the permitted range by any pre\-existing -+resource limits\&. These limits are ones that the user can move up or down within the permitted range by any pre\-existing - \fBhard\fR --limits\. The values specified with this token can be thought of as -+limits\&. The values specified with this token can be thought of as - \fIdefault\fR --values, for normal system usage\. -+values, for normal system usage\&. - .RE - .PP - \fB\-\fR -@@ -77,9 +261,9 @@ - \fBsoft\fR - and - \fBhard\fR --resource limits together\. -+resource limits together\&. - .sp --Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\. \. -+Note, if you specify a type of \'\-\' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\&. \&. - .RE - .RE - .PP -@@ -154,50 +338,70 @@ - .PP - \fBlocks\fR - .RS 4 --maximum locked files (Linux 2\.4 and higher) -+maximum locked files (Linux 2\&.4 and higher) - .RE - .PP - \fBsigpending\fR - .RS 4 --maximum number of pending signals (Linux 2\.6 and higher) -+maximum number of pending signals (Linux 2\&.6 and higher) - .RE - .PP - \fBmsqqueue\fR - .RS 4 --maximum memory used by POSIX message queues (bytes) (Linux 2\.6 and higher) -+maximum memory used by POSIX message queues (bytes) (Linux 2\&.6 and higher) - .RE - .PP - \fBnice\fR - .RS 4 --maximum nice priority allowed to raise to (Linux 2\.6\.12 and higher) values: [\-20,19] -+maximum nice priority allowed to raise to (Linux 2\&.6\&.12 and higher) values: [\-20,19] - .RE - .PP - \fBrtprio\fR - .RS 4 --maximum realtime priority allowed for non\-privileged processes (Linux 2\.6\.12 and higher) -+maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) - .RE - .RE - .PP -+All items support the values -+\fI\-1\fR, -+\fIunlimited\fR -+or -+\fIinfinity\fR -+indicating no limit, except for -+\fBpriority\fR -+and -+\fBnice\fR\&. -+.PP - In general, individual limits have priority over group limits, so if you impose no limits for - \fIadmin\fR --group, but one of the members in this group have a limits line, the user will have its limits set according to this line\. -+group, but one of the members in this group have a limits line, the user will have its limits set according to this line\&. - .PP - Also, please note that all limit settings are set --\fIper login\fR\. They are not global, nor are they permanent; existing only for the duration of the session\. -+\fIper login\fR\&. They are not global, nor are they permanent; existing only for the duration of the session\&. - .PP - In the - \fIlimits\fR --configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\. -+configuration file, the \'\fB#\fR\' character introduces a comment \- after which the rest of the line is ignored\&. - .PP - The pam_limits module does its best to report configuration problems found in its configuration file via --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .SH "EXAMPLES" - .PP - These are some example lines which might be specified in --\fI/etc/security/limits\.conf\fR\. -+\FC/etc/security/limits\&.conf\F[]\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ - * soft core 0 - * hard rss 10000 - @student hard nproc 20 -@@ -206,14 +410,23 @@ - ftp hard nproc 0 - @student \- maxlogins 4 - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - - \fBpam_limits\fR(8), - \fBpam.d\fR(5), --\fBpam\fR(8) -+\fBpam\fR(8), -+\fBgetrlimit\fR(2) - .SH "AUTHOR" - .PP --pam_limits was initially written by Cristian Gafton -+pam_limits was initially written by Cristian Gafton ---- Linux-PAM-1.0.2-orig/modules/pam_limits/pam_limits.8 2008-04-16 11:07:20.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_limits/pam_limits.8 2009-01-20 11:58:58.000000000 +0100 -@@ -1,132 +1,308 @@ - .\" Title: pam_limits --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHORS" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_LIMITS" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_LIMITS" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_limits - PAM module to limit resources --.SH "SYNOPSIS" --.HP 14 --\fBpam_limits\.so\fR [change_uid] [conf=\fI/path/to/limits\.conf\fR] [debug] [utmp_early] [noaudit] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_limits \- PAM module to limit resources -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_limits\&.so\fR\ 'u -+\fBpam_limits\&.so\fR [change_uid] [conf=\fI/path/to/limits\&.conf\fR] [debug] [utmp_early] [noaudit] -+.fam - .SH "DESCRIPTION" - .PP --The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\. Users of -+The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\&. Users of - \fIuid=0\fR --are affected by this limits, too\. -+are affected by this limits, too\&. - .PP - By default limits are taken from the --\fI/etc/security/limits\.conf\fR --config file\. Then individual files from the --\fI/etc/security/limits\.d/\fR --directory are read\. The files are parsed one after another in the order of "C" locale\. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\. If a config file is explicitely specified with a module option then the files in the above directory are not parsed\. -+\FC/etc/security/limits\&.conf\F[] -+config file\&. Then individual files from the -+\FC/etc/security/limits\&.d/\F[] -+directory are read\&. The files are parsed one after another in the order of "C" locale\&. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\&. If a config file is explicitely specified with a module option then the files in the above directory are not parsed\&. - .PP --The module must not be called by a multithreaded application\. -+The module must not be called by a multithreaded application\&. - .PP --If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\. -+If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\&. - .SH "OPTIONS" - .PP - \fBchange_uid\fR - .RS 4 --Change real uid to the user for who the limits are set up\. Use this option if you have problems like login not forking a shell for user who has no processes\. Be warned that something else may break when you do this\. -+Change real uid to the user for who the limits are set up\&. Use this option if you have problems like login not forking a shell for user who has no processes\&. Be warned that something else may break when you do this\&. - .RE - .PP --\fBconf=\fR\fB\fI/path/to/limits\.conf\fR\fR -+\fBconf=\fR\fB\fI/path/to/limits\&.conf\fR\fR - .RS 4 --Indicate an alternative limits\.conf style configuration file to override the default\. -+Indicate an alternative limits\&.conf style configuration file to override the default\&. - .RE - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fButmp_early\fR - .RS 4 --Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\.conf file\. -+Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\&. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\&.conf file\&. - .RE - .PP - \fBnoaudit\fR - .RS 4 --Do not report exceeded maximum logins count to the audit subsystem\. -+Do not report exceeded maximum logins count to the audit subsystem\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_ABORT - .RS 4 --Cannot get current limits\. -+Cannot get current limits\&. - .RE - .PP - PAM_IGNORE - .RS 4 --No limits found for this user\. -+No limits found for this user\&. - .RE - .PP - PAM_PERM_DENIED - .RS 4 --New limits could not be set\. -+New limits could not be set\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Cannot read config file\. -+Cannot read config file\&. - .RE - .PP - PAM_SESSEION_ERR - .RS 4 --Error recovering account name\. -+Error recovering account name\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Limits were changed\. -+Limits were changed\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --The user is not known to the system\. -+The user is not known to the system\&. - .RE - .SH "FILES" - .PP --\fI/etc/security/limits\.conf\fR -+\FC/etc/security/limits\&.conf\F[] - .RS 4 - Default configuration file - .RE - .SH "EXAMPLES" - .PP - For the services you need resources limits (login for example) put a the following line in --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - as the last line for that service (usually after the pam_unix session line): - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 - # - # Resource limits imposed on login sessions via pam_limits - # --session required pam_limits\.so -+session required pam_limits\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .PP --Replace "login" for each service you are using this module\. -+Replace "login" for each service you are using this module\&. - .SH "SEE ALSO" - .PP - - \fBlimits.conf\fR(5), --\fBpam.d\fR(8), --\fBpam\fR(8)\. -+\fBpam.d\fR(5), -+\fBpam\fR(8)\&. - .SH "AUTHORS" - .PP --pam_limits was initially written by Cristian Gafton -+pam_limits was initially written by Cristian Gafton ---- Linux-PAM-1.0.2-orig/modules/pam_listfile/pam_listfile.8 2008-04-16 11:07:24.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_listfile/pam_listfile.8 2009-01-20 11:59:02.000000000 +0100 -@@ -1,23 +1,181 @@ - .\" Title: pam_listfile --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_LISTFILE" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LISTFILE" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_listfile - deny or allow services based on an arbitrary file --.SH "SYNOPSIS" --.HP 16 --\fBpam_listfile\.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_listfile \- deny or allow services based on an arbitrary file -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_listfile\&.so\fR\ 'u -+\fBpam_listfile\&.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] -+.fam - .SH "DESCRIPTION" - .PP --pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\. -+pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\&. - .PP - The module gets the - \fBitem\fR -@@ -29,18 +187,18 @@ - \fIPAM_RHOST\fR; and ruser specifies the name of the remote user (if available) who made the request, - \fIPAM_RUSER\fR - \-\- and looks for an instance of that item in the --\fBfile=\fR\fB\fIfilename\fR\fR\. --\fIfilename\fR --contains one line per item listed\. If the item is found, then if -+\fBfile=\fR\fB\fIfilename\fR\fR\&. -+\FCfilename\F[] -+contains one line per item listed\&. If the item is found, then if - \fBsense=\fR\fB\fIallow\fR\fR, - \fIPAM_SUCCESS\fR - is returned, causing the authorization request to succeed; else if - \fBsense=\fR\fB\fIdeny\fR\fR, - \fIPAM_AUTH_ERR\fR --is returned, causing the authorization request to fail\. -+is returned, causing the authorization request to fail\&. - .PP - If an error is encountered (for instance, if --\fIfilename\fR -+\FCfilename\F[] - does not exist, or a poorly\-constructed argument is encountered), then if - \fIonerr=succeed\fR, - \fIPAM_SUCCESS\fR -@@ -49,141 +207,175 @@ - \fIPAM_AUTH_ERR\fR - or - \fIPAM_SERVICE_ERR\fR --(as appropriate) will be returned\. -+(as appropriate) will be returned\&. - .PP - An additional argument, --\fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR)\. This added restriction is only meaningful when used with the -+\fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR)\&. This added restriction is only meaningful when used with the - \fItty\fR, - \fIrhost\fR - and - \fIshell\fR --items\. -+items\&. - .PP --Besides this last one, all arguments should be specified; do not count on any default behavior\. -+Besides this last one, all arguments should be specified; do not count on any default behavior\&. - .PP --No credentials are awarded by this module\. -+No credentials are awarded by this module\&. - .SH "OPTIONS" - .PP - .PP - \fBitem=[tty|user|rhost|ruser|group|shell]\fR - .RS 4 --What is listed in the file and should be checked for\. -+What is listed in the file and should be checked for\&. - .RE - .PP - \fBsense=[allow|deny]\fR - .RS 4 --Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested\. -+Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested\&. - .RE - .PP - \fBfile=\fR\fB\fI/path/filename\fR\fR - .RS 4 --File containing one item per line\. The file needs to be a plain file and not world writeable\. -+File containing one item per line\&. The file needs to be a plain file and not world writeable\&. - .RE - .PP - \fBonerr=[succeed|fail]\fR - .RS 4 --What to do if something weird happens like being unable to open the file\. -+What to do if something weird happens like being unable to open the file\&. - .RE - .PP - \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR - .RS 4 --Restrict the user class for which the restriction apply\. Note that with -+Restrict the user class for which the restriction apply\&. Note that with - \fBitem=[user|ruser|group]\fR - this does not make sense, but for - \fBitem=[tty|rhost|shell]\fR --it have a meaning\. -+it have a meaning\&. - .RE - .PP - \fBquiet\fR - .RS 4 --Do not treat service refusals or missing list files as errors that need to be logged\. -+Do not treat service refusals or missing list files as errors that need to be logged\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --The services --\fBauth\fR, -+All module types (\fBauth\fR, - \fBaccount\fR, - \fBpassword\fR - and --\fBsession\fR --are supported\. -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_AUTH_ERR - .RS 4 --Authentication failure\. -+Authentication failure\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_IGNORE - .RS 4 - The rule does not apply to the - \fBapply\fR --option\. -+option\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Error in service module\. -+Error in service module\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Success\. -+Success\&. - .RE - .SH "EXAMPLES" - .PP - Classic \'ftpusers\' authentication can be implemented with this entry in --\fI/etc/pam\.d/ftpd\fR: -+\FC/etc/pam\&.d/ftpd\F[]: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ - # - # deny ftp\-access to users listed in the /etc/ftpusers file - # --auth required pam_listfile\.so \e -+auth required pam_listfile\&.so \e - onerr=succeed item=user sense=deny file=/etc/ftpusers - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - Note, users listed in --\fI/etc/ftpusers\fR -+\FC/etc/ftpusers\F[] - file are (counterintuitively) - \fInot\fR --allowed access to the ftp service\. -+allowed access to the ftp service\&. - .PP - To allow login access only for certain users, you can use a --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - entry like this: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ - # - # permit login to users listed in /etc/loginusers - # --auth required pam_listfile\.so \e -+auth required pam_listfile\&.so \e - onerr=fail item=user sense=allow file=/etc/loginusers - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - For this example to work, all users who are allowed to use the login service should be listed in the file --\fI/etc/loginusers\fR\. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in --\fI/etc/loginusers\fR, or by listing a user who is able to -+\FC/etc/loginusers\F[]\&. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in -+\FC/etc/loginusers\F[], or by listing a user who is able to - \fIsu\fR --to the root account\. -+to the root account\&. - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_listfile was written by Michael K\. Johnson and Elliot Lee \. -+pam_listfile was written by Michael K\&. Johnson and Elliot Lee \&. ---- Linux-PAM-1.0.2-orig/modules/pam_localuser/pam_localuser.8 2008-04-16 11:07:27.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_localuser/pam_localuser.8 2009-01-20 11:59:06.000000000 +0100 -@@ -1,88 +1,264 @@ - .\" Title: pam_localuser --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_LOCALUSER" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOCALUSER" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_localuser - require users to be listed in /etc/passwd --.SH "SYNOPSIS" --.HP 17 --\fBpam_localuser\.so\fR [debug] [file=\fI/path/passwd\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_localuser \- require users to be listed in /etc/passwd -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_localuser\&.so\fR\ 'u -+\fBpam_localuser\&.so\fR [debug] [file=\fI/path/passwd\fR] -+.fam - .SH "DESCRIPTION" - .PP --pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\'s users and a few accounts that are local to a particular workstation\. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\'s users\. -+pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\'s users and a few accounts that are local to a particular workstation\&. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\'s users\&. - .PP --This could also be implemented using pam_listfile\.so and a very short awk script invoked by cron, but it\'s common enough to have been separated out\. -+This could also be implemented using pam_listfile\&.so and a very short awk script invoked by cron, but it\'s common enough to have been separated out\&. - .SH "OPTIONS" - .PP - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBfile=\fR\fB\fI/path/passwd\fR\fR - .RS 4 - Use a file other than --\fI/etc/passwd\fR\. -+\FC/etc/passwd\F[]\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --All services (\fBaccount\fR, -+All module types (\fBaccount\fR, - \fBauth\fR, - \fBpassword\fR - and --\fBsession\fR) are supported\. -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SUCCESS - .RS 4 --The new localuser was set successfull\. -+The new localuser was set successfull\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --No username was given\. -+No username was given\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/su\fR --to allow only local users in group wheel to use su\. -+\FC/etc/pam\&.d/su\F[] -+to allow only local users in group wheel to use su\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --account sufficient pam_localuser\.so --account required pam_wheel\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+account sufficient pam_localuser\&.so -+account required pam_wheel\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "FILES" - .PP --\fI/etc/passwd\fR -+\FC/etc/passwd\F[] - .RS 4 --Local user account information\. -+Local user account information\&. - .RE - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_localuser was written by Nalin Dahyabhai \. -+pam_localuser was written by Nalin Dahyabhai \&. ---- Linux-PAM-1.0.2-orig/modules/pam_loginuid/pam_loginuid.8 2008-04-16 11:09:18.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_loginuid/pam_loginuid.8 2009-01-20 11:59:09.000000000 +0100 -@@ -1,63 +1,239 @@ - .\" Title: pam_loginuid --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_LOGINUID" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOGINUID" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_loginuid - Record user's login uid to the process attribute --.SH "SYNOPSIS" --.HP 16 --\fBpam_loginuid\.so\fR [require_auditd] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_loginuid \- Record user\'s login uid to the process attribute -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_loginuid\&.so\fR\ 'u -+\fBpam_loginuid\&.so\fR [require_auditd] -+.fam - .SH "DESCRIPTION" - .PP --The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\. This is necessary for applications to be correctly audited\. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\. There are probably other entry point applications besides these\. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\. -+The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\&. This is necessary for applications to be correctly audited\&. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\&. There are probably other entry point applications besides these\&. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\&. - .SH "OPTIONS" - .PP - \fBrequire_auditd\fR - .RS 4 --This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\. -+This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --The -+Only the - \fBsession\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SESSION_ERR - .RS 4 --An error occured during session management\. -+An error occured during session management\&. - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 --auth required pam_unix\.so --auth required pam_nologin\.so --account required pam_unix\.so --password required pam_unix\.so --session required pam_unix\.so --session required pam_loginuid\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 -+auth required pam_unix\&.so -+auth required pam_nologin\&.so -+account required pam_unix\&.so -+password required pam_unix\&.so -+session required pam_unix\&.so -+session required pam_loginuid\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8), - \fBauditctl\fR(8), - \fBauditd\fR(8) - .SH "AUTHOR" - .PP --pam_loginuid was written by Steve Grubb -+pam_loginuid was written by Steve Grubb ---- Linux-PAM-1.0.2-orig/modules/pam_mail/pam_mail.8 2008-04-16 11:07:30.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_mail/pam_mail.8 2009-01-20 11:59:12.000000000 +0100 -@@ -1,139 +1,315 @@ - .\" Title: pam_mail --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_MAIL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MAIL" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_mail - Inform about available mail --.SH "SYNOPSIS" --.HP 12 --\fBpam_mail\.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quit] [standard] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_mail \- Inform about available mail -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_mail\&.so\fR\ 'u -+\fBpam_mail\&.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quiet] [standard] -+.fam - .SH "DESCRIPTION" - .PP --The pam_mail PAM module provides the "you have new mail" service to the user\. It can be plugged into any application that has credential or session hooks\. It gives a single message indicating the -+The pam_mail PAM module provides the "you have new mail" service to the user\&. It can be plugged into any application that has credential or session hooks\&. It gives a single message indicating the - \fInewness\fR --of any mail it finds in the user\'s mail folder\. This module also sets the PAM environment variable, --\fBMAIL\fR, to the user\'s mail directory\. -+of any mail it finds in the user\'s mail folder\&. This module also sets the PAM environment variable, -+\fBMAIL\fR, to the user\'s mail directory\&. - .PP - If the mail spool file (be it --\fI/var/mail/$USER\fR -+\FC/var/mail/$USER\F[] - or a pathname given with the - \fBdir=\fR - parameter) is a directory then pam_mail assumes it is in the - \fIMaildir\fR --format\. -+format\&. - .SH "OPTIONS" - .PP - .PP - \fBclose\fR - .RS 4 --Indicate if the user has any mail also on logout\. -+Indicate if the user has any mail also on logout\&. - .RE - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBdir=\fR\fB\fImaildir\fR\fR - .RS 4 - Look for the users\' mail in an alternative location defined by --\fImaildir/\fR\. The default location for mail is --\fI/var/mail/\fR\. Note, if the supplied --\fImaildir\fR --is prefixed by a \'~\', the directory is interpreted as indicating a file in the user\'s home directory\. -+\FCmaildir/\F[]\&. The default location for mail is -+\FC/var/mail/\F[]\&. Note, if the supplied -+\FCmaildir\F[] -+is prefixed by a \'~\', the directory is interpreted as indicating a file in the user\'s home directory\&. - .RE - .PP - \fBempty\fR - .RS 4 --Also print message if user has no mail\. -+Also print message if user has no mail\&. - .RE - .PP - \fBhash=\fR\fB\fIcount\fR\fR - .RS 4 --Mail directory hash depth\. For example, a -+Mail directory hash depth\&. For example, a - \fIhashcount\fR - of 2 would make the mail file be --\fI/var/spool/mail/u/s/user\fR\. -+\FC/var/spool/mail/u/s/user\F[]\&. - .RE - .PP - \fBnoenv\fR - .RS 4 - Do not set the - \fBMAIL\fR --environment variable\. -+environment variable\&. - .RE - .PP - \fBnopen\fR - .RS 4 --Don\'t print any mail information on login\. This flag is useful to get the -+Don\'t print any mail information on login\&. This flag is useful to get the - \fBMAIL\fR --environment variable set, but to not display any information about it\. -+environment variable set, but to not display any information about it\&. - .RE - .PP - \fBquiet\fR - .RS 4 --Only report when there is new mail\. -+Only report when there is new mail\&. - .RE - .PP - \fBstandard\fR - .RS 4 --Old style "You have\.\.\." format which doesn\'t show the mail spool being used\. This also implies "empty"\. -+Old style "You have\&.\&.\&." format which doesn\'t show the mail spool being used\&. This also implies "empty"\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - The --\fBauth\fR -+\fBsession\fR - and --\fBaccount\fR --services are supported\. -+\fBauth\fR -+(on establishment and deletion of credentials) module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Badly formed arguments\. -+Badly formed arguments\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Success\. -+Success\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/login\fR --to indicate that the user has new mail when they login to the system\. -+\FC/etc/pam\&.d/login\F[] -+to indicate that the user has new mail when they login to the system\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --session optional pam_mail\.so standard -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+session optional pam_mail\&.so standard - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_mail was written by Andrew G\. Morgan \. -+pam_mail was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_mkhomedir/pam_mkhomedir.8 2008-04-16 11:07:34.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_mkhomedir/pam_mkhomedir.8 2009-01-20 11:59:15.000000000 +0100 -@@ -1,109 +1,285 @@ - .\" Title: pam_mkhomedir --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_MKHOMEDIR" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_MKHOMEDIR" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_mkhomedir - PAM module to create users home directory --.SH "SYNOPSIS" --.HP 17 --\fBpam_mkhomedir\.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_mkhomedir \- PAM module to create users home directory -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_mkhomedir\&.so\fR\ 'u -+\fBpam_mkhomedir\&.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR] -+.fam - .SH "DESCRIPTION" - .PP --The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\. The skeleton directory (usually --\fI/etc/skel/\fR) is used to copy default files and also set\'s a umask for the creation\. -+The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\&. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\&. The skeleton directory (usually -+\FC/etc/skel/\F[]) is used to copy default files and also set\'s a umask for the creation\&. - .PP --The new users home directory will not be removed after logout of the user\. -+The new users home directory will not be removed after logout of the user\&. - .SH "OPTIONS" - .PP - \fBsilent\fR - .RS 4 --Don\'t print informative messages\. -+Don\'t print informative messages\&. - .RE - .PP - \fBumask=\fR\fB\fImask\fR\fR - .RS 4 - The user file\-creation mask is set to --\fImask\fR\. The default value of mask is 0022\. -+\fImask\fR\&. The default value of mask is 0022\&. - .RE - .PP - \fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR - .RS 4 - Indicate an alternative --\fIskel\fR -+\FCskel\F[] - directory to override the default --\fI/etc/skel\fR\. -+\FC/etc/skel\F[]\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_CRED_INSUFFICIENT - .RS 4 --Insufficient credentials to access authentication data\. -+Insufficient credentials to access authentication data\&. - .RE - .PP - PAM_PERM_DENIED - .RS 4 --Not enough permissions to create the new directory or read the skel directory\. -+Not enough permissions to create the new directory or read the skel directory\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known to the underlying authentication module\. -+User not known to the underlying authentication module\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Environment variables were set\. -+Environment variables were set\&. - .RE - .SH "FILES" - .PP --\fI/etc/skel\fR -+\FC/etc/skel\F[] - .RS 4 - Default skel directory - .RE - .SH "EXAMPLES" - .PP --A sample /etc/pam\.d/login file: -+A sample /etc/pam\&.d/login file: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -- auth requisite pam_securetty\.so -- auth sufficient pam_ldap\.so -- auth required pam_unix\.so -- auth required pam_nologin\.so -- account sufficient pam_ldap\.so -- account required pam_unix\.so -- password required pam_unix\.so -- session required pam_mkhomedir\.so skel=/etc/skel/ umask=0022 -- session required pam_unix\.so -- session optional pam_lastlog\.so -- session optional pam_mail\.so standard -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+ auth requisite pam_securetty\&.so -+ auth sufficient pam_ldap\&.so -+ auth required pam_unix\&.so -+ auth required pam_nologin\&.so -+ account sufficient pam_ldap\&.so -+ account required pam_unix\&.so -+ password required pam_unix\&.so -+ session required pam_mkhomedir\&.so skel=/etc/skel/ umask=0022 -+ session required pam_unix\&.so -+ session optional pam_lastlog\&.so -+ session optional pam_mail\&.so standard - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - --\fBpam.d\fR(8), --\fBpam\fR(8)\. -+\fBpam.d\fR(5), -+\fBpam\fR(8)\&. - .SH "AUTHOR" - .PP --pam_mkhomedir was written by Jason Gunthorpe \. -+pam_mkhomedir was written by Jason Gunthorpe \&. ---- Linux-PAM-1.0.2-orig/modules/pam_motd/pam_motd.8 2008-04-16 11:07:37.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_motd/pam_motd.8 2009-01-20 11:59:18.000000000 +0100 -@@ -1,64 +1,240 @@ - .\" Title: pam_motd --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_MOTD" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MOTD" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_motd - Display the motd file --.SH "SYNOPSIS" --.HP 12 --\fBpam_motd\.so\fR [motd=\fI/path/filename\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_motd \- Display the motd file -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_motd\&.so\fR\ 'u -+\fBpam_motd\&.so\fR [motd=\fI/path/filename\fR] -+.fam - .SH "DESCRIPTION" - .PP --pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a succesful login\. By default the --\fI/etc/motd\fR --file is shown\. The message size is limited to 64KB\. -+pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a succesful login\&. By default the -+\FC/etc/motd\F[] -+file is shown\&. The message size is limited to 64KB\&. - .SH "OPTIONS" - .PP - \fBmotd=\fR\fB\fI/path/filename\fR\fR - .RS 4 - The --\fI/path/filename\fR --file is displayed as message of the day\. -+\FC/path/filename\F[] -+file is displayed as message of the day\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_IGNORE - .RS 4 --This is the only return value of this module\. -+This is the only return value of this module\&. - .RE - .SH "EXAMPLES" - .PP - The suggested usage for --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - is: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --session optional pam_motd\.so motd=/etc/motd -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+session optional pam_motd\&.so motd=/etc/motd - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBmotd\fR(5), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_motd was written by Ben Collins \. -+pam_motd was written by Ben Collins \&. ---- Linux-PAM-1.0.2-orig/modules/pam_namespace/namespace.conf.5 2008-04-16 11:09:13.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_namespace/namespace.conf.5 2009-01-20 11:59:23.000000000 +0100 -@@ -1,40 +1,196 @@ - .\" Title: namespace.conf --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHORS" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "NAMESPACE\.CONF" "5" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "NAMESPACE\&.CONF" "5" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --namespace.conf - the namespace configuration file -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+namespace.conf \- the namespace configuration file - .SH "DESCRIPTION" - .PP - The --\fIpam_namespace\.so\fR --module allows setup of private namespaces with polyinstantiated directories\. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\. If an executable script --\fI/etc/security/namespace\.init\fR --exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path and the instance directory path as its arguments\. -+\fIpam_namespace\&.so\fR -+module allows setup of private namespaces with polyinstantiated directories\&. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\&. If an executable script -+\FC/etc/security/namespace\&.init\F[] -+exists, it is used to initialize the namespace every time an instance directory is set up and mounted\&. The script receives the polyinstantiated directory path and the instance directory path as its arguments\&. - .PP - The --\fI/etc/security/namespace\.conf\fR --file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\. -+\FC/etc/security/namespace\&.conf\F[] -+file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\&. - .PP - When someone logs in, the file --\fInamespace\.conf\fR --is scanned\. Comments are marked by -+\FCnamespace\&.conf\F[] -+is scanned\&. Comments are marked by - \fI#\fR --characters\. Each non comment line represents one polyinstantiated directory\. The fields are separated by spaces but can be quoted by -+characters\&. Each non comment line represents one polyinstantiated directory\&. The fields are separated by spaces but can be quoted by - \fI"\fR - characters also escape sequences - \fI\eb\fR, - \fI\en\fR, and - \fI\et\fR --are recognized\. The fields are as follows: -+are recognized\&. The fields are as follows: - .PP - \fIpolydir\fR - \fIinstance_prefix\fR -@@ -42,92 +198,110 @@ - \fIlist_of_uids\fR - .PP - The first field, --\fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\. The special string -+\fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\&. The special string - \fI$HOME\fR - is replaced with the user\'s home directory, and - \fI$USER\fR --with the username\. This field cannot be blank\. -+with the username\&. This field cannot be blank\&. - .PP - The second field, - \fIinstance_prefix\fR --is the string prefix used to build the pathname for the instantiation of \. Depending on the polyinstantiation -+is the string prefix used to build the pathname for the instantiation of \&. Depending on the polyinstantiation - \fImethod\fR --it is then appended with "instance differentiation string" to generate the final instance directory path\. This directory is created if it did not exist already, and is then bind mounted on the to provide an instance of based on the column\. The special string -+it is then appended with "instance differentiation string" to generate the final instance directory path\&. This directory is created if it did not exist already, and is then bind mounted on the to provide an instance of based on the column\&. The special string - \fI$HOME\fR - is replaced with the user\'s home directory, and - \fI$USER\fR --with the username\. This field cannot be blank\. -+with the username\&. This field cannot be blank\&. - .PP - The third field, --\fImethod\fR, is the method used for polyinstantiation\. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user\'s session is closed\. Methods "context" and "level" are only available with SELinux\. This field cannot be blank\. -+\fImethod\fR, is the method used for polyinstantiation\&. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user\'s session is closed\&. Methods "context" and "level" are only available with SELinux\&. This field cannot be blank\&. - .PP - The fourth field, --\fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\. If left blank, polyinstantiation will be performed for all users\. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list\. -+\fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\&. If left blank, polyinstantiation will be performed for all users\&. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list\&. - .PP - The - \fImethod\fR - field can contain also following optional flags separated by - \fI:\fR --characters\. -+characters\&. - .PP - \fIcreate\fR=\fImode\fR,\fIowner\fR,\fIgroup\fR --\- create the polyinstantiated directory\. The mode, owner and group parameters are optional\. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user\. -+\- create the polyinstantiated directory\&. The mode, owner and group parameters are optional\&. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user\&. - .PP - \fIiscript\fR=\fIpath\fR --\- path to the instance directory init script\. The base directory for relative paths is --\fI/etc/security/namespace\.d\fR\. -+\- path to the instance directory init script\&. The base directory for relative paths is -+\FC/etc/security/namespace\&.d\F[]\&. - .PP - \fInoinit\fR --\- instance directory init script will not be executed\. -+\- instance directory init script will not be executed\&. - .PP - \fIshared\fR --\- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\. -+\- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\&. - .PP --The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\. The requirement that the instance parent be of mode 0000 can be overridden with the command line option -+The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\&. The requirement that the instance parent be of mode 0000 can be overridden with the command line option - \fIignore_instance_parent_mode\fR - .PP --In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\. This context must be set by the calling application or --\fIpam_selinux\.so\fR --module\. If this context is not set the polyinstatiation will be based just on user name\. -+In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\&. This context must be set by the calling application or -+\FCpam_selinux\&.so\F[] -+module\&. If this context is not set the polyinstatiation will be based just on user name\&. - .PP --The "instance differentiation string" is for "user" method and _ for "context" and "level" methods\. If the whole string is too long the end of it is replaced with md5sum of itself\. Also when command line option -+The "instance differentiation string" is for "user" method and _ for "context" and "level" methods\&. If the whole string is too long the end of it is replaced with md5sum of itself\&. Also when command line option - \fIgen_hash\fR --is used the whole string is replaced with md5sum of itself\. -+is used the whole string is replaced with md5sum of itself\&. - .SH "EXAMPLES" - .PP - These are some example lines which might be specified in --\fI/etc/security/namespace\.conf\fR\. -+\FC/etc/security/namespace\&.conf\F[]\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ - # The following three lines will polyinstantiate /tmp, -- # /var/tmp and user\'s home directories\. /tmp and /var/tmp -+ # /var/tmp and user\'s home directories\&. /tmp and /var/tmp - # will be polyinstantiated based on the security level - # as well as user name, whereas home directory will be -- # polyinstantiated based on the full security context and user name\. -+ # polyinstantiated based on the full security context and user name\&. - # Polyinstantiation will not be performed for user root - # and adm for directories /tmp and /var/tmp, whereas home -- # directories will be polyinstantiated for all users\. -+ # directories will be polyinstantiated for all users\&. - # - # Note that instance directories do not have to reside inside -- # the polyinstantiated directory\. In the examples below, -+ # the polyinstantiated directory\&. In the examples below, - # instances of /tmp will be created in /tmp\-inst directory, - # where as instances of /var/tmp and users home directories - # will reside within the directories that are being -- # polyinstantiated\. -+ # polyinstantiated\&. - # - /tmp /tmp\-inst/ level root,adm - /var/tmp /var/tmp/tmp\-inst/ level root,adm -- $HOME $HOME/$USER\.inst/inst\- context -+ $HOME $HOME/$USER\&.inst/inst\- context - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .PP --For the s you need polyinstantiation (login for example) put the following line in /etc/pam\.d/ as the last line for session group: -+For the s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/ as the last line for session group: - .PP --session required pam_namespace\.so [arguments] -+session required pam_namespace\&.so [arguments] - .PP --This module also depends on pam_selinux\.so setting the context\. -+This module also depends on pam_selinux\&.so setting the context\&. - .SH "SEE ALSO" - .PP - -@@ -136,4 +310,4 @@ - \fBpam\fR(8) - .SH "AUTHORS" - .PP --The namespace\.conf manual page was written by Janak Desai \. More features added by Tomas Mraz \. -+The namespace\&.conf manual page was written by Janak Desai \&. More features added by Tomas Mraz \&. ---- Linux-PAM-1.0.2-orig/modules/pam_namespace/pam_namespace.8 2008-04-16 11:09:14.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_namespace/pam_namespace.8 2009-01-20 11:59:24.000000000 +0100 -@@ -1,27 +1,185 @@ - .\" Title: pam_namespace --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHORS" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_NAMESPACE" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_NAMESPACE" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_namespace - PAM module for configuring namespace for a session --.SH "SYNOPSIS" --.HP 17 --\fBpam_namespace\.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close] [use_current_context] [use_default_context] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_namespace \- PAM module for configuring namespace for a session -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_namespace\&.so\fR\ 'u -+\fBpam_namespace\&.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [no_unmount_on_close] [use_current_context] [use_default_context] -+.fam - .SH "DESCRIPTION" - .PP --The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\. If an executable script --\fI/etc/security/namespace\.init\fR --exists, it is used to initialize the namespace every time a new instance directory is setup\. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\. -+The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\&. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\&. If an executable script -+\FC/etc/security/namespace\&.init\F[] -+exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated direcory\&. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\&. - .PP --The pam_namespace module disassociates the session namespace from the parent namespace\. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\.net/Articles/159077 and http://lwn\.net/Articles/159092\. -+The pam_namespace module disassociates the session namespace from the parent namespace\&. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\&. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\&. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\&.net/Articles/159077 and http://lwn\&.net/Articles/159092\&. - .SH "OPTIONS" - .PP - \fBdebug\fR -@@ -31,7 +189,7 @@ - .PP - \fBunmnt_remnt\fR - .RS 4 --For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context -+For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\&. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\&. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context - .RE - .PP - \fBunmnt_only\fR -@@ -46,112 +204,130 @@ - .PP - \fBgen_hash\fR - .RS 4 --Instead of using the security context string for the instance name, generate and use its md5 hash\. -+Instead of using the security context string for the instance name, generate and use its md5 hash\&. - .RE - .PP - \fBignore_config_error\fR - .RS 4 --If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\. Without this option, pam will return an error to the calling program resulting in termination of the session\. -+If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\&. Without this option, pam will return an error to the calling program resulting in termination of the session\&. - .RE - .PP - \fBignore_instance_parent_mode\fR - .RS 4 --Instance parent directories by default are expected to have the restrictive mode of 000\. Using this option, an administrator can choose to ignore the mode of the instance parent\. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\. -+Instance parent directories by default are expected to have the restrictive mode of 000\&. Using this option, an administrator can choose to ignore the mode of the instance parent\&. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\&. - .RE - .PP - \fBno_unmount_on_close\fR - .RS 4 --For certain trusted programs such as newrole, open session is called from a child process while the parent perfoms close session and pam end functions\. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the parent\. -+For certain trusted programs such as newrole, open session is called from a child process while the parent perfoms close session and pam end functions\&. For these commands use this option to instruct pam_close_session to not unmount the bind mounted polyinstantiated directory in the parent\&. - .RE - .PP - \fBuse_current_context\fR - .RS 4 --Useful for services which do not change the SELinux context with setexeccon call\. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\. -+Useful for services which do not change the SELinux context with setexeccon call\&. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\&. - .RE - .PP - \fBuse_default_context\fR - .RS 4 --Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\. The module will use the default SELinux context of the user for the level and context polyinstantiation\. -+Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\&. The module will use the default SELinux context of the user for the level and context polyinstantiation\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --The -+Only the - \fBsession\fR --service is supported\. The module must not be called from multithreaded processes\. -+module type is provided\&. The module must not be called from multithreaded processes\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --Namespace setup was successful\. -+Namespace setup was successful\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Unexpected system error occurred while setting up namespace\. -+Unexpected system error occurred while setting up namespace\&. - .RE - .PP - PAM_SESSION_ERR - .RS 4 --Unexpected namespace configuration error occurred\. -+Unexpected namespace configuration error occurred\&. - .RE - .SH "FILES" - .PP --\fI/etc/security/namespace\.conf\fR -+\FC/etc/security/namespace\&.conf\F[] - .RS 4 - Main configuration file - .RE - .PP --\fI/etc/security/namespace\.d\fR -+\FC/etc/security/namespace\&.d\F[] - .RS 4 - Directory for additional configuration files - .RE - .PP --\fI/etc/security/namespace\.init\fR -+\FC/etc/security/namespace\&.init\F[] - .RS 4 - Init script for instance directories - .RE - .SH "EXAMPLES" - .PP --For the s you need polyinstantiation (login for example) put the following line in /etc/pam\.d/ as the last line for session group: -+For the s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/ as the last line for session group: - .PP --session required pam_namespace\.so [arguments] -+session required pam_namespace\&.so [arguments] - .PP - To use polyinstantiation with graphical display manager gdm, insert the following line, before exit 0, in /etc/gdm/PostSession/Default: - .PP - /usr/sbin/gdm\-safe\-restart - .PP --This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\. Please use the initialization script --\fI/etc/security/namespace\.init\fR --to ensure that the X server and its clients can appropriately access the communication socket X0\. Please refer to the sample instructions provided in the comment section of the instance initialization script --\fI/etc/security/namespace\.init\fR\. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp: -+This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\&. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\&. Please use the initialization script -+\FC/etc/security/namespace\&.init\F[] -+to ensure that the X server and its clients can appropriately access the communication socket X0\&. Please refer to the sample instructions provided in the comment section of the instance initialization script -+\FC/etc/security/namespace\&.init\F[]\&. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp: - .PP - - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -- 1\. Disable the use of font server by commenting out "FontPath" -- line in /etc/X11/xorg\.conf\. If you do want to use the font server -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+ 1\&. Disable the use of font server by commenting out "FontPath" -+ line in /etc/X11/xorg\&.conf\&. If you do want to use the font server - then you will have to augment the instance initialization -- script to appropriately provide /tmp/\.font\-unix from the -- polyinstantiated /tmp\. -- 2\. Ensure that the gdm service is setup to use pam_namespace, -- as described above, by modifying /etc/pam\.d/gdm\. -- 3\. Ensure that the display manager is configured to restart X server -- with each new session\. This default setup can be verified by -- making sure that /usr/share/gdm/defaults\.conf contains -+ script to appropriately provide /tmp/\&.font\-unix from the -+ polyinstantiated /tmp\&. -+ 2\&. Ensure that the gdm service is setup to use pam_namespace, -+ as described above, by modifying /etc/pam\&.d/gdm\&. -+ 3\&. Ensure that the display manager is configured to restart X server -+ with each new session\&. This default setup can be verified by -+ making sure that /usr/share/gdm/defaults\&.conf contains - "AlwaysRestartServer=true", and it is not overridden by -- /etc/gdm/custom\.conf\. -+ /etc/gdm/custom\&.conf\&. - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBnamespace.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBmount\fR(8), --\fBpam\fR(8)\. -+\fBpam\fR(8)\&. - .SH "AUTHORS" - .PP --The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\. The pam_namespace PAM module was developed by Janak Desai , Chad Sellers and Steve Grubb \. Additional improvements by Xavier Toth and Tomas Mraz \. -+The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai , Chad Sellers and Steve Grubb \&. Additional improvements by Xavier Toth and Tomas Mraz \&. ---- Linux-PAM-1.0.2-orig/modules/pam_nologin/pam_nologin.8 2008-04-16 11:07:40.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_nologin/pam_nologin.8 2009-01-20 11:59:26.000000000 +0100 -@@ -1,110 +1,286 @@ - .\" Title: pam_nologin --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_NOLOGIN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_NOLOGIN" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_nologin - Prevent non-root users from login --.SH "SYNOPSIS" --.HP 15 --\fBpam_nologin\.so\fR [file=\fI/path/nologin\fR] [successok] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_nologin \- Prevent non\-root users from login -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_nologin\&.so\fR\ 'u -+\fBpam_nologin\&.so\fR [file=\fI/path/nologin\fR] [successok] -+.fam - .SH "DESCRIPTION" - .PP - pam_nologin is a PAM module that prevents users from logging into the system when --\fI/etc/nologin\fR --exists\. The contents of the --\fI/etc/nologin\fR --file are displayed to the user\. The pam_nologin module has no effect on the root user\'s ability to log in\. -+\FC/etc/nologin\F[] -+exists\&. The contents of the -+\FC/etc/nologin\F[] -+file are displayed to the user\&. The pam_nologin module has no effect on the root user\'s ability to log in\&. - .SH "OPTIONS" - .PP - \fBfile=\fR\fB\fI/path/nologin\fR\fR - .RS 4 - Use this file instead the default --\fI/etc/nologin\fR\. -+\FC/etc/nologin\F[]\&. - .RE - .PP - \fBsuccessok\fR - .RS 4 --Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\. -+Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - The - \fBauth\fR - and - \fBacct\fR --services are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 - The user is not root and --\fI/etc/nologin\fR --exists, so the user is not permitted to log in\. -+\FC/etc/nologin\F[] -+exists, so the user is not permitted to log in\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_IGNORE - .RS 4 --This is the default return value\. -+This is the default return value\&. - .RE - .PP - PAM_SUCCESS - .RS 4 - Success: either the user is root or the --\fI/etc/nologin\fR --file does not exist\. -+\FC/etc/nologin\F[] -+file does not exist\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known to the underlying authentication module\. -+User not known to the underlying authentication module\&. - .RE - .SH "EXAMPLES" - .PP - The suggested usage for --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - is: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth required pam_nologin\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth required pam_nologin\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "NOTES" - .PP --In order to make this module effective, all login methods should be secured by it\. It should be used as a -+In order to make this module effective, all login methods should be secured by it\&. It should be used as a - \fIrequired\fR - method listed before any - \fIsufficient\fR --methods in order to get standard Unix nologin semantics\. Note, the use of -+methods in order to get standard Unix nologin semantics\&. Note, the use of - \fBsuccessok\fR - module argument causes the module to return - \fIPAM_SUCCESS\fR - and as such would break such a configuration \- failing - \fIsufficient\fR - modules would lead to a successful login because the nologin module --\fIsucceeded\fR\. -+\fIsucceeded\fR\&. - .SH "SEE ALSO" - .PP - - \fBnologin\fR(5), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_nologin was written by Michael K\. Johnson \. -+pam_nologin was written by Michael K\&. Johnson \&. ---- Linux-PAM-1.0.2-orig/modules/pam_permit/pam_permit.8 2008-04-16 11:07:43.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_permit/pam_permit.8 2009-01-20 11:59:29.000000000 +0100 -@@ -1,64 +1,240 @@ - .\" Title: pam_permit --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_PERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_PERMIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_permit - The promiscuous module --.SH "SYNOPSIS" --.HP 14 --\fBpam_permit\.so\fR -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_permit \- The promiscuous module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_permit\&.so\fR\ 'u -+\fBpam_permit\&.so\fR -+.fam - .SH "DESCRIPTION" - .PP --pam_permit is a PAM module that always permit access\. It does nothing else\. -+pam_permit is a PAM module that always permit access\&. It does nothing else\&. - .PP - In the case of authentication, the user\'s name will be set to - \fInobody\fR --if the application didn\'t set one\. Many applications and PAM modules become confused if this name is unknown\. -+if the application didn\'t set one\&. Many applications and PAM modules become confused if this name is unknown\&. - .PP --This module is very dangerous\. It should be used with extreme caution\. -+This module is very dangerous\&. It should be used with extreme caution\&. - .SH "OPTIONS" - .PP --This module does not recognise any options\. --.SH "MODULE SERVICES PROVIDED" -+This module does not recognise any options\&. -+.SH "MODULE TYPES PROVIDED" - .PP --The services -+The - \fBauth\fR, - \fBaccount\fR, - \fBpassword\fR - and - \fBsession\fR --are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --This module always returns this value\. -+This module always returns this value\&. - .RE - .SH "EXAMPLES" - .PP --Add this line to your other login entries to disable account management, but continue to permit users to log in\. -+Add this line to your other login entries to disable account management, but continue to permit users to log in\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --account required pam_permit\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+account required pam_permit\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_permit was written by Andrew G\. Morgan, \. -+pam_permit was written by Andrew G\&. Morgan, \&. ---- Linux-PAM-1.0.2-orig/modules/pam_pwhistory/README 1970-01-01 01:00:00.000000000 +0100 -+++ Linux-PAM-1.0.2/modules/pam_pwhistory/README 2009-01-20 11:59:33.000000000 +0100 -@@ -0,0 +1,67 @@ -+pam_pwhistory — PAM module to remember last passwords -+ -+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -+ -+DESCRIPTION -+ -+This module saves the last passwords for each user in order to force password -+change history and keep the user from alternating between the same password too -+frequently. -+ -+This module does not work togehter with kerberos. In general, it does not make -+much sense to use this module in conjuction with NIS or LDAP, since the old -+passwords are stored on the local machine and are not available on another -+machine for password history checking. -+ -+OPTIONS -+ -+debug -+ -+ Turns on debugging via syslog(3). -+ -+use_authtok -+ -+ When password changing enforce the module to use the new password provided -+ by a previously stacked password module (this is used in the example of the -+ stacking of the pam_cracklib module documented below). -+ -+enforce_for_root -+ -+ If this option is set, the check is enforced for root, too. -+ -+remember=N -+ -+ The last N passwords for each user are saved in /etc/security/opasswd. The -+ default is 10. -+ -+retry=N -+ -+ Prompt user at most N times before returning with error. The default is 1. -+ -+type=STRING -+ -+ The default action is for the module to use the following prompts when -+ requesting passwords: "New UNIX password: " and "Retype UNIX password: ". -+ The default word UNIX can be replaced with this option. -+ -+EXAMPLES -+ -+An example password section would be: -+ -+#%PAM-1.0 -+password required pam_pwhistory.so -+password required pam_unix.so use_authtok -+ -+ -+In combination with pam_cracklib: -+ -+#%PAM-1.0 -+password required pam_cracklib.so retry=3 -+password required pam_pwhistory.so use_authtok -+password required pam_unix.so use_authtok -+ -+ -+AUTHOR -+ -+pam_pwhistory was written by Thorsten Kukuk -+ ---- Linux-PAM-1.0.2-orig/modules/pam_rhosts/pam_rhosts.8 2008-04-16 11:07:46.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_rhosts/pam_rhosts.8 2009-01-20 11:59:35.000000000 +0100 -@@ -1,98 +1,274 @@ - .\" Title: pam_rhosts --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_RHOSTS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_RHOSTS" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_rhosts - The rhosts PAM module --.SH "SYNOPSIS" --.HP 14 --\fBpam_rhosts\.so\fR -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_rhosts \- The rhosts PAM module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_rhosts\&.so\fR\ 'u -+\fBpam_rhosts\&.so\fR -+.fam - .SH "DESCRIPTION" - .PP - This module performs the standard network authentication for services, as used by traditional implementations of - \fBrlogin\fR - and - \fBrsh\fR --etc\. -+etc\&. - .PP - The authentication mechanism of this module is based on the contents of two files; --\fI/etc/hosts\.equiv\fR -+\FC/etc/hosts\&.equiv\F[] - (or and --\fI~/\.rhosts\fR\. Firstly, hosts listed in the former file are treated as equivalent to the localhost\. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\. Access is granted to the user if their host is present in --\fI/etc/hosts\.equiv\fR --and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\. -+\FC~/\&.rhosts\F[]\&. Firstly, hosts listed in the former file are treated as equivalent to the localhost\&. Secondly, entries in the user\'s own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\'s account on the current host\&. Access is granted to the user if their host is present in -+\FC/etc/hosts\&.equiv\F[] -+and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\&. - .PP - The module authenticates a remote user (internally specified by the item - \fIPAM_RUSER\fR - connecting from the remote host (internally specified by the item --\fBPAM_RHOST\fR)\. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling --\fBpam_authenticate()\fR\. The module is not capable of independently probing the network connection for such information\. -+\fBPAM_RHOST\fR)\&. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling -+\fBpam_authenticate()\fR\&. The module is not capable of independently probing the network connection for such information\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBsilent\fR - .RS 4 --Don\'t print informative messages\. -+Don\'t print informative messages\&. - .RE - .PP - \fBsuperuser=\fR\fB\fIaccount\fR\fR - .RS 4 - Handle - \fIaccount\fR --as root\. -+as root\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBauth\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 - The remote host, remote user name or the local user name couldn\'t be determined or access was denied by --\fI\.rhosts\fR --file\. -+\FC\&.rhosts\F[] -+file\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User is not known to system\. -+User is not known to system\&. - .RE - .SH "EXAMPLES" - .PP - To grant a remote user access by --\fI/etc/hosts\.equiv\fR -+\FC/etc/hosts\&.equiv\F[] - or --\fI\.rhosts\fR -+\FC\&.rhosts\F[] - for - \fBrsh\fR - add the following lines to --\fI/etc/pam\.d/rsh\fR: -+\FC/etc/pam\&.d/rsh\F[]: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 - # --auth required pam_rhosts\.so --auth required pam_nologin\.so --auth required pam_env\.so --auth required pam_unix\.so -+auth required pam_rhosts\&.so -+auth required pam_nologin\&.so -+auth required pam_env\&.so -+auth required pam_unix\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP -@@ -101,8 +277,8 @@ - \fBhosts.equiv\fR(5), - \fBrhosts\fR(5), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_rhosts was written by Thorsten Kukuk -+pam_rhosts was written by Thorsten Kukuk ---- Linux-PAM-1.0.2-orig/modules/pam_rootok/pam_rootok.8 2008-04-16 11:07:49.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_rootok/pam_rootok.8 2009-01-20 11:59:38.000000000 +0100 -@@ -1,41 +1,199 @@ - .\" Title: pam_rootok --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_ROOTOK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ROOTOK" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_rootok - Gain only root access --.SH "SYNOPSIS" --.HP 14 --\fBpam_rootok\.so\fR [debug] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_rootok \- Gain only root access -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_rootok\&.so\fR\ 'u -+\fBpam_rootok\&.so\fR [debug] -+.fam - .SH "DESCRIPTION" - .PP - pam_rootok is a PAM module that authenticates the user if their - \fIUID\fR - is --\fI0\fR\. Applications that are created setuid\-root generally retain the -+\fI0\fR\&. Applications that are created setuid\-root generally retain the - \fIUID\fR --of the user but run with the authority of an enhanced effective\-UID\. It is the real -+of the user but run with the authority of an enhanced effective\-UID\&. It is the real - \fIUID\fR --that is checked\. -+that is checked\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBauth\fR --service is supported\. -+type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS -@@ -43,7 +201,7 @@ - The - \fIUID\fR - is --\fI0\fR\. -+\fI0\fR\&. - .RE - .PP - PAM_AUTH_ERR -@@ -52,32 +210,50 @@ - \fIUID\fR - is - \fBnot\fR --\fI0\fR\. -+\fI0\fR\&. - .RE - .SH "EXAMPLES" - .PP - In the case of the - \fBsu\fR(1) --application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the --\fI/etc/pam\.d/su\fR -+application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\&. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the -+\FC/etc/pam\&.d/su\F[] - configuration file: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --# su authentication\. Root is granted access by default\. --auth sufficient pam_rootok\.so --auth required pam_unix\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+# su authentication\&. Root is granted access by default\&. -+auth sufficient pam_rootok\&.so -+auth required pam_unix\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBsu\fR(1), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_rootok was written by Andrew G\. Morgan, \. -+pam_rootok was written by Andrew G\&. Morgan, \&. ---- Linux-PAM-1.0.2-orig/modules/pam_securetty/pam_securetty.8 2008-04-16 11:07:52.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_securetty/pam_securetty.8 2009-01-20 11:59:41.000000000 +0100 -@@ -1,97 +1,273 @@ - .\" Title: pam_securetty --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_SECURETTY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SECURETTY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_securetty - Limit root login to special devices --.SH "SYNOPSIS" --.HP 17 --\fBpam_securetty\.so\fR [debug] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_securetty \- Limit root login to special devices -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_securetty\&.so\fR\ 'u -+\fBpam_securetty\&.so\fR [debug] -+.fam - .SH "DESCRIPTION" - .PP - pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in --\fI/etc/securetty\fR\. pam_securetty also checks to make sure that --\fI/etc/securetty\fR --is a plain file and not world writable\. -+\FC/etc/securetty\F[]\&. pam_securetty also checks to make sure that -+\FC/etc/securetty\F[] -+is a plain file and not world writable\&. - .PP - This module has no effect on non\-root users and requires that the application fills in the - \fBPAM_TTY\fR --item correctly\. -+item correctly\&. - .PP - For canonical usage, should be listed as a - \fBrequired\fR - authentication method before any - \fBsufficient\fR --authentication methods\. -+authentication methods\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBauth\fR --service is supported\. -+module type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --The user is allowed to continue authentication\. Either the user is not root, or the root user is trying to log in on an acceptable device\. -+The user is allowed to continue authentication\&. Either the user is not root, or the root user is trying to log in on an acceptable device\&. - .RE - .PP - PAM_AUTH_ERR - .RS 4 --Authentication is rejected\. Either root is attempting to log in via an unacceptable device, or the --\fI/etc/securetty\fR --file is world writable or not a normal file\. -+Authentication is rejected\&. Either root is attempting to log in via an unacceptable device, or the -+\FC/etc/securetty\F[] -+file is world writable or not a normal file\&. - .RE - .PP - PAM_INCOMPLETE - .RS 4 --An application error occurred\. pam_securetty was not able to get information it required from the application that called it\. -+An application error occurred\&. pam_securetty was not able to get information it required from the application that called it\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 - An error occurred while the module was determining the user\'s name or tty, or the module could not open --\fI/etc/securetty\fR\. -+\FC/etc/securetty\F[]\&. - .RE - .PP --PAM_IGNORE -+PAM_USER_UNKNOWN - .RS 4 - The module could not find the user name in the --\fI/etc/passwd\fR --file to verify whether the user had a UID of 0\. Therefore, the results of running this module are ignored\. -+\FC/etc/passwd\F[] -+file to verify whether the user had a UID of 0\&. Therefore, the results of running this module are ignored\&. - .RE - .SH "EXAMPLES" - .PP - - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth required pam_securetty\.so --auth required pam_unix\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth required pam_securetty\&.so -+auth required pam_unix\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBsecuretty\fR(5), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_securetty was written by Elliot Lee \. -+pam_securetty was written by Elliot Lee \&. ---- Linux-PAM-1.0.2-orig/modules/pam_selinux/pam_selinux.8 2008-04-16 11:07:56.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_selinux/pam_selinux.8 2009-01-20 11:59:45.000000000 +0100 -@@ -1,95 +1,279 @@ - .\" Title: pam_selinux --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_SELINUX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_selinux - PAM module to set the default security context --.SH "SYNOPSIS" --.HP 15 --\fBpam_selinux\.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [use_current_range] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_selinux \- PAM module to set the default security context -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_selinux\&.so\fR\ 'u -+\fBpam_selinux\&.so\fR [close] [debug] [open] [nottys] [verbose] [select_context] [env_params] [use_current_range] -+.fam - .SH "DESCRIPTION" - .PP --In a nutshell, pam_selinux sets up the default security context for the next execed shell\. -+In a nutshell, pam_selinux sets up the default security context for the next execed shell\&. - .PP --When an application opens a session using pam_selinux, the shell that gets executed will be run in the default security context, or if the user chooses and the pam file allows the selected security context\. Also the controlling tty will have it\'s security context modified to match the users\. -+When an application opens a session using pam_selinux, the shell that gets executed will be run in the default security context, or if the user chooses and the pam file allows the selected security context\&. Also the controlling tty will have it\'s security context modified to match the users\&. - .PP --Adding pam_selinux into a pam file could cause other pam modules to change their behavior if the exec another application\. The close and open option help mitigate this problem\. close option will only cause the close portion of the pam_selinux to execute, and open will only cause the open portion to run\. You can add pam_selinux to the config file twice\. Add the pam_selinux close as the executes the open pass through the modules, pam_selinux open_session will happen last\. When PAM executes the close pass through the modules pam_selinux close_session will happen first\. -+Adding pam_selinux into a pam file could cause other pam modules to change their behavior if the exec another application\&. The close and open option help mitigate this problem\&. close option will only cause the close portion of the pam_selinux to execute, and open will only cause the open portion to run\&. You can add pam_selinux to the config file twice\&. Add the pam_selinux close as the executes the open pass through the modules, pam_selinux open_session will happen last\&. When PAM executes the close pass through the modules pam_selinux close_session will happen first\&. - .SH "OPTIONS" - .PP - \fBclose\fR - .RS 4 --Only execute the close_session portion of the module\. -+Only execute the close_session portion of the module\&. - .RE - .PP - \fBdebug\fR - .RS 4 - Turns on debugging via --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .RE - .PP - \fBopen\fR - .RS 4 --Only execute the open_session portion of the module\. -+Only execute the open_session portion of the module\&. - .RE - .PP - \fBnottys\fR - .RS 4 --Do not try to setup the ttys security context\. -+Do not try to setup the ttys security context\&. - .RE - .PP - \fBverbose\fR - .RS 4 --attempt to inform the user when security context is set\. -+attempt to inform the user when security context is set\&. - .RE - .PP - \fBselect_context\fR - .RS 4 --Attempt to ask the user for a custom security context role\. If MLS is on ask also for sensitivity level\. -+Attempt to ask the user for a custom security context role\&. If MLS is on ask also for sensitivity level\&. -+.RE -+.PP -+\fBenv_params\fR -+.RS 4 -+Attempt to obtain a custom security context role from PAM environment\&. If MLS is on obtain also sensitivity level\&. This option and the select_context option are mutually exclusive\&. The respective PAM environment variables are -+\fISELINUX_ROLE_REQUESTED\fR, -+\fISELINUX_LEVEL_REQUESTED\fR, and -+\fISELINUX_USE_CURRENT_RANGE\fR\&. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module\&. - .RE - .PP - \fBuse_current_range\fR - .RS 4 --Use the sensitivity range of the process for the user context\. This option and the select_context option are mutually exclusive\. -+Use the sensitivity level of the current process for the user context instead of the default level\&. Also supresses asking of the sensitivity level from the user or obtaining it from PAM environment\&. - .RE - .SH "MODULE SERVICES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+service is supported\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 --Unable to get or set a valid context\. -+Unable to get or set a valid context\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --The security context was set successfull\. -+The security context was set successfull\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --The user is not known to the system\. -+The user is not known to the system\&. - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth required pam_unix\.so --session required pam_permit\.so --session optional pam_selinux\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth required pam_unix\&.so -+session required pam_permit\&.so -+session optional pam_selinux\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - -@@ -98,4 +282,4 @@ - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_selinux was written by Dan Walsh \. -+pam_selinux was written by Dan Walsh \&. ---- Linux-PAM-1.0.2-orig/modules/pam_selinux/README 2008-04-16 11:07:55.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_selinux/README 2009-01-20 11:59:47.000000000 +0100 -@@ -48,10 +48,21 @@ - Attempt to ask the user for a custom security context role. If MLS is on - ask also for sensitivity level. - -+env_params -+ -+ Attempt to obtain a custom security context role from PAM environment. If -+ MLS is on obtain also sensitivity level. This option and the select_context -+ option are mutually exclusive. The respective PAM environment variables are -+ SELINUX_ROLE_REQUESTED, SELINUX_LEVEL_REQUESTED, and -+ SELINUX_USE_CURRENT_RANGE. The first two variables are self describing and -+ the last one if set to 1 makes the PAM module behave as if the -+ use_current_range was specified on the command line of the module. -+ - use_current_range - -- Use the sensitivity range of the process for the user context. This option -- and the select_context option are mutually exclusive. -+ Use the sensitivity level of the current process for the user context -+ instead of the default level. Also supresses asking of the sensitivity -+ level from the user or obtaining it from PAM environment. - - EXAMPLES - ---- Linux-PAM-1.0.2-orig/modules/pam_sepermit/pam_sepermit.8 2008-04-16 11:07:59.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_sepermit/pam_sepermit.8 2009-01-20 11:59:49.000000000 +0100 -@@ -1,104 +1,280 @@ - .\" Title: pam_sepermit --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_SEPERMIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SEPERMIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_sepermit - PAM module to allow/deny login depending on SELinux enforcement state --.SH "SYNOPSIS" --.HP 16 --\fBpam_sepermit\.so\fR [debug] [conf=\fI/path/to/config/file\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_sepermit \- PAM module to allow/deny login depending on SELinux enforcement state -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_sepermit\&.so\fR\ 'u -+\fBpam_sepermit\&.so\fR [debug] [conf=\fI/path/to/config/file\fR] -+.fam - .SH "DESCRIPTION" - .PP --The pam_sepermit module allows or denies login depending on SELinux enforcement state\. -+The pam_sepermit module allows or denies login depending on SELinux enforcement state\&. - .PP --When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\. Otherwise he is denied access\. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\. -+When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\&. Otherwise he is denied access\&. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\&. - .PP --The config file contains a simple list of user names one per line\. If the -+The config file contains a simple list of user names one per line\&. If the - \fIname\fR - is prefixed with - \fI@\fR - character it means that all users in the group - \fIname\fR --match\. If it is prefixed with a -+match\&. If it is prefixed with a - \fI%\fR - character the SELinux user is used to match against the - \fIname\fR --instead of the account name\. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\. -+instead of the account name\&. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\&. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\&. - .PP - Each user name in the configuration file can have optional arguments separated by - \fI:\fR --character\. The only currently recognized argument is --\fIexclusive\fR\. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\. -+character\&. The only currently recognized argument is -+\fIexclusive\fR\&. The pam_sepermit module will allow only single concurrent user session for the user with this argument specified and it will attempt to kill all processes of the user after logout\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 - Turns on debugging via --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .RE - .PP - \fBconf=\fR\fB\fI/path/to/config/file\fR\fR - .RS 4 --Path to alternative config file overriding the default\. -+Path to alternative config file overriding the default\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --Only the -+The - \fBauth\fR - and - \fBaccount\fR --services are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 --SELinux is disabled or in the permissive mode and the user matches\. -+SELinux is disabled or in the permissive mode and the user matches\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --SELinux is in the enforcing mode and the user matches\. -+SELinux is in the enforcing mode and the user matches\&. - .RE - .PP - PAM_IGNORE - .RS 4 --The user does not match any entry in the config file\. -+The user does not match any entry in the config file\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --The module was unable to determine the user\'s name\. -+The module was unable to determine the user\'s name\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Error during reading or parsing the config file\. -+Error during reading or parsing the config file\&. - .RE - .SH "FILES" - .PP --\fI/etc/security/sepermit\.conf\fR -+\FC/etc/security/sepermit\&.conf\F[] - .RS 4 - Default configuration file - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth [success=done ignore=ignore default=bad] pam_sepermit\.so --auth required pam_unix\.so --account required pam_unix\.so --session required pam_permit\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth [success=done ignore=ignore default=bad] pam_sepermit\&.so -+auth required pam_unix\&.so -+account required pam_unix\&.so -+session required pam_permit\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - -@@ -107,4 +283,4 @@ - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_sepermit was written by Tomas Mraz \. -+pam_sepermit was written by Tomas Mraz \&. ---- Linux-PAM-1.0.2-orig/modules/pam_shells/pam_shells.8 2008-04-16 11:08:01.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_shells/pam_shells.8 2009-01-20 11:59:52.000000000 +0100 -@@ -1,73 +1,249 @@ - .\" Title: pam_shells --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_SHELLS" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SHELLS" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_shells - PAM module to check for valid login shell --.SH "SYNOPSIS" --.HP 14 --\fBpam_shells\.so\fR -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_shells \- PAM module to check for valid login shell -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_shells\&.so\fR\ 'u -+\fBpam_shells\&.so\fR -+.fam - .SH "DESCRIPTION" - .PP - pam_shells is a PAM module that only allows access to the system if the users shell is listed in --\fI/etc/shells\fR\. -+\FC/etc/shells\F[]\&. - .PP - It also checks if --\fI/etc/shells\fR --is a plain file and not world writable\. -+\FC/etc/shells\F[] -+is a plain file and not world writable\&. - .SH "OPTIONS" - .PP --This module does not recognise any options\. --.SH "MODULE SERVICES PROVIDED" -+This module does not recognise any options\&. -+.SH "MODULE TYPES PROVIDED" - .PP --The services -+The - \fBauth\fR - and - \fBaccount\fR --are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 --Access to the system was denied\. -+Access to the system was denied\&. - .RE - .PP - PAM_SUCCESS - .RS 4 - The users login shell was listed as valid shell in --\fI/etc/shells\fR\. -+\FC/etc/shells\F[]\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --The module was not able to get the name of the user\. -+The module was not able to get the name of the user\&. - .RE - .SH "EXAMPLES" - .PP - - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth required pam_shells\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth required pam_shells\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBshells\fR(5), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_shells was written by Erik Troan \. -+pam_shells was written by Erik Troan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_succeed_if/pam_succeed_if.8 2008-04-16 11:08:05.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_succeed_if/pam_succeed_if.8 2009-01-20 11:59:56.000000000 +0100 -@@ -1,25 +1,183 @@ - .\" Title: pam_succeed_if --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM - .\" Source: Linux-PAM -+.\" Language: English - .\" --.TH "PAM_SUCCEED_IF" "8" "04/16/2008" "Linux-PAM" "Linux\-PAM" -+.TH "PAM_SUCCEED_IF" "8" "01/20/2009" "Linux-PAM" "Linux\-PAM" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_succeed_if - test account characteristics --.SH "SYNOPSIS" --.HP 18 --\fBpam_succeed_if\.so\fR [\fIflag\fR...] [\fIcondition\fR...] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_succeed_if \- test account characteristics -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_succeed_if\&.so\fR\ 'u -+\fBpam_succeed_if\&.so\fR [\fIflag\fR...] [\fIcondition\fR...] -+.fam - .SH "DESCRIPTION" - .PP --pam_succeed_if\.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\. One use is to select whether to load other modules based on this test\. -+pam_succeed_if\&.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\&. One use is to select whether to load other modules based on this test\&. - .PP --The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\. -+The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\&. - .SH "OPTIONS" - .PP - The following -@@ -27,31 +185,31 @@ - .PP - \fBdebug\fR - .RS 4 --Turns on debugging messages sent to syslog\. -+Turns on debugging messages sent to syslog\&. - .RE - .PP - \fBuse_uid\fR - .RS 4 --Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\. -+Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&. - .RE - .PP - \fBquiet\fR - .RS 4 --Don\'t log failure or success to the system log\. -+Don\'t log failure or success to the system log\&. - .RE - .PP - \fBquiet_fail\fR - .RS 4 --Don\'t log failure to the system log\. -+Don\'t log failure to the system log\&. - .RE - .PP - \fBquiet_success\fR - .RS 4 --Don\'t log success to the system log\. -+Don\'t log success to the system log\&. - .RE - .PP - --\fICondition\fRs are three words: a field, a test, and a value to test for\. -+\fICondition\fRs are three words: a field, a test, and a value to test for\&. - .PP - Available fields are - \fIuser\fR, -@@ -64,123 +222,163 @@ - .PP - \fBfield < number\fR - .RS 4 --Field has a value numerically less than number\. -+Field has a value numerically less than number\&. - .RE - .PP - \fBfield <= number\fR - .RS 4 --Field has a value numerically less than or equal to number\. -+Field has a value numerically less than or equal to number\&. - .RE - .PP - \fBfield eq number\fR - .RS 4 --Field has a value numerically equal to number\. -+Field has a value numerically equal to number\&. - .RE - .PP - \fBfield >= number\fR - .RS 4 --Field has a value numerically greater than or equal to number\. -+Field has a value numerically greater than or equal to number\&. - .RE - .PP - \fBfield > number\fR - .RS 4 --Field has a value numerically greater than number\. -+Field has a value numerically greater than number\&. - .RE - .PP - \fBfield ne number\fR - .RS 4 --Field has a value numerically different from number\. -+Field has a value numerically different from number\&. - .RE - .PP - \fBfield = string\fR - .RS 4 --Field exactly matches the given string\. -+Field exactly matches the given string\&. - .RE - .PP - \fBfield != string\fR - .RS 4 --Field does not match the given string\. -+Field does not match the given string\&. - .RE - .PP - \fBfield =~ glob\fR - .RS 4 --Field matches the given glob\. -+Field matches the given glob\&. - .RE - .PP - \fBfield !~ glob\fR - .RS 4 --Field does not match the given glob\. -+Field does not match the given glob\&. - .RE - .PP --\fBfield in item:item:\.\.\.\fR -+\fBfield in item:item:\&.\&.\&.\fR - .RS 4 --Field is contained in the list of items separated by colons\. -+Field is contained in the list of items separated by colons\&. - .RE - .PP --\fBfield notin item:item:\.\.\.\fR -+\fBfield notin item:item:\&.\&.\&.\fR - .RS 4 --Field is not contained in the list of items separated by colons\. -+Field is not contained in the list of items separated by colons\&. - .RE - .PP - \fBuser ingroup group\fR - .RS 4 --User is in given group\. -+User is in given group\&. - .RE - .PP - \fBuser notingroup group\fR - .RS 4 --User is not in given group\. -+User is not in given group\&. - .RE - .PP - \fBuser innetgr netgroup\fR - .RS 4 --(user,host) is in given netgroup\. -+(user,host) is in given netgroup\&. - .RE - .PP - \fBuser notinnetgr group\fR - .RS 4 --(user,host) is not in given netgroup\. -+(user,host) is not in given netgroup\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --All services are supported\. -+All module types (\fBaccount\fR, -+\fBauth\fR, -+\fBpassword\fR -+and -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --The condition was true\. -+The condition was true\&. - .RE - .PP - PAM_AUTH_ERR - .RS 4 --The condition was false\. -+The condition was false\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --A service error occured or the arguments can\'t be parsed as numbers\. -+A service error occured or the arguments can\'t be parsed correctly\&. - .RE - .SH "EXAMPLES" - .PP - To emulate the behaviour of - \fIpam_wheel\fR, except there is no fallback to group 0: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth required pam_succeed_if\.so quiet user ingroup wheel -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth required pam_succeed_if\&.so quiet user ingroup wheel - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .PP --Given that the type matches, only loads the othermodule rule if the UID is over 500\. Adjust the number after default to skip several rules\. -+Given that the type matches, only loads the othermodule rule if the UID is over 500\&. Adjust the number after default to skip several rules\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --type [default=1 success=ignore] pam_succeed_if\.so quiet uid > 500 --type required othermodule\.so arguments\.\.\. -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+type [default=1 success=ignore] pam_succeed_if\&.so quiet uid > 500 -+type required othermodule\&.so arguments\&.\&.\&. - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - -@@ -188,4 +386,4 @@ - \fBpam\fR(8) - .SH "AUTHOR" - .PP --Nalin Dahyabhai -+Nalin Dahyabhai ---- Linux-PAM-1.0.2-orig/modules/pam_tally/pam_tally.8 2008-04-16 11:08:10.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tally/pam_tally.8 2009-01-20 11:59:59.000000000 +0100 -@@ -1,34 +1,194 @@ - .\" Title: pam_tally --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_TALLY" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TALLY" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_tally - The login counter (tallying) module --.SH "SYNOPSIS" --.HP 13 --\fBpam_tally\.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] --.HP 10 -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_tally \- The login counter (tallying) module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_tally\&.so\fR\ 'u -+\fBpam_tally\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root_account] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [per_user] [no_lock_time] [no_reset] [audit] [silent] [no_log_info] -+.fam -+.fam C -+.HP \w'\fBpam_tally\fR\ 'u - \fBpam_tally\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet] -+.fam - .SH "DESCRIPTION" - .PP --This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\. -+This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&. - .PP - pam_tally comes in two parts: --\fBpam_tally\.so\fR -+\fBpam_tally\&.so\fR - and --\fBpam_tally\fR\. The former is the PAM module and the latter, a stand\-alone program\. -+\fBpam_tally\fR\&. The former is the PAM module and the latter, a stand\-alone program\&. - \fBpam_tally\fR --is an (optional) application which can be used to interrogate and manipulate the counter file\. It can display users\' counts, set individual counts, or clear all counts\. Setting artificially high counts may be useful for blocking users without changing their passwords\. For example, one might find it useful to clear all counts every midnight from a cron job\. The -+is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display users\' counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&. The - \fBfaillog\fR(8) --command can be used instead of pam_tally to to maintain the counter file\. -+command can be used instead of pam_tally to to maintain the counter file\&. - .PP - Normally, failed attempts to access - \fIroot\fR -@@ -36,7 +196,7 @@ - \fBnot\fR - cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\'t given shell accounts and root may only login via - \fBsu\fR --or at the machine console (not telnet/rsh, etc), this is safe\. -+or at the machine console (not telnet/rsh, etc), this is safe\&. - .SH "OPTIONS" - .PP - GLOBAL OPTIONS -@@ -45,7 +205,7 @@ - \fIauth\fR - and - \fIaccount\fR --services\. -+module types\&. - .PP - \fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR - .RS 4 -@@ -53,85 +213,96 @@ - \fBPAM_SUCESS\fR - if - \fBonerr=\fR\fB\fIsucceed\fR\fR --is given, else with the corresponding PAM error code\. -+is given, else with the corresponding PAM error code\&. - .RE - .PP - \fBfile=\fR\fB\fI/path/to/counter\fR\fR - .RS 4 --File where to keep counts\. Default is --\fI/var/log/faillog\fR\. -+File where to keep counts\&. Default is -+\FC/var/log/faillog\F[]\&. - .RE - .PP - \fBaudit\fR - .RS 4 --Will log the user name into the system log if the user is not found\. -+Will log the user name into the system log if the user is not found\&. -+.RE -+.PP -+\fBsilent\fR -+.RS 4 -+Don\'t print informative messages\&. -+.RE -+.PP -+\fBno_log_info\fR -+.RS 4 -+Don\'t log informative messages via -+\fBsyslog\fR(3)\&. - .RE - .RE - .PP - AUTH OPTIONS - .RS 4 --Authentication phase first checks if user should be denied access and if not it increments attempted login counter\. Then on call to -+Authentication phase first checks if user should be denied access and if not it increments attempted login counter\&. Then on call to - \fBpam_setcred\fR(3) --it resets the attempts counter\. -+it resets the attempts counter\&. - .PP - \fBdeny=\fR\fB\fIn\fR\fR - .RS 4 - Deny access if tally for this user exceeds --\fIn\fR\. -+\fIn\fR\&. - .RE - .PP - \fBlock_time=\fR\fB\fIn\fR\fR - .RS 4 - Always deny for - \fIn\fR --seconds after failed attempt\. -+seconds after failed attempt\&. - .RE - .PP - \fBunlock_time=\fR\fB\fIn\fR\fR - .RS 4 - Allow access after - \fIn\fR --seconds after failed attempt\. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\. -+seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&. - .RE - .PP - \fBmagic_root\fR - .RS 4 --If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like --\fBsu\fR, otherwise this argument should be omitted\. -+If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like -+\fBsu\fR, otherwise this argument should be omitted\&. - .RE - .PP - \fBno_lock_time\fR - .RS 4 --Do not use the \.fail_locktime field in --\fI/var/log/faillog\fR --for this user\. -+Do not use the \&.fail_locktime field in -+\FC/var/log/faillog\F[] -+for this user\&. - .RE - .PP - \fBno_reset\fR - .RS 4 --Don\'t reset count on successful entry, only decrement\. -+Don\'t reset count on successful entry, only decrement\&. - .RE - .PP - \fBeven_deny_root_account\fR - .RS 4 --Root account can become unavailable\. -+Root account can become unavailable\&. - .RE - .PP - \fBper_user\fR - .RS 4 - If --\fI/var/log/faillog\fR --contains a non\-zero \.fail_max/\.fail_locktime field for this user then use it instead of -+\FC/var/log/faillog\F[] -+contains a non\-zero \&.fail_max/\&.fail_locktime field for this user then use it instead of - \fBdeny=\fR\fB\fIn\fR\fR/ - \fBlock_time=\fR\fB\fIn\fR\fR --parameter\. -+parameter\&. - .RE - .PP - \fBno_lock_time\fR - .RS 4 --Don\'t use \.fail_locktime filed in --\fI/var/log/faillog\fR --for this user\. -+Don\'t use \&.fail_locktime filed in -+\FC/var/log/faillog\F[] -+for this user\&. - .RE - .RE - .PP -@@ -139,73 +310,91 @@ - .RS 4 - Account phase resets attempts counter if the user is - \fBnot\fR --magic root\. This phase can be used optionaly for services which don\'t call -+magic root\&. This phase can be used optionaly for services which don\'t call - \fBpam_setcred\fR(3) --correctly or if the reset should be done regardless of the failure of the account phase of other modules\. -+correctly or if the reset should be done regardless of the failure of the account phase of other modules\&. - .PP - \fBmagic_root\fR - .RS 4 --If the module is invoked by a user with uid=0 the counter is not incremented\. The sys\-admin should use this for user launched services, like --\fBsu\fR, otherwise this argument should be omitted\. -+If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like -+\fBsu\fR, otherwise this argument should be omitted\&. - .RE - .PP - \fBno_reset\fR - .RS 4 --Don\'t reset count on successful entry, only decrement\. -+Don\'t reset count on successful entry, only decrement\&. - .RE - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - The - \fBauth\fR - and - \fBaccount\fR --services are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 --A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\. -+A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Everything was successfull\. -+Everything was successfull\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/login\fR --to lock the account after too many failed logins\. The number of allowed fails is specified by --\fI/var/log/faillog\fR -+\FC/etc/pam\&.d/login\F[] -+to lock the account after too many failed logins\&. The number of allowed fails is specified by -+\FC/var/log/faillog\F[] - and needs to be set with pam_tally or - \fBfaillog\fR(8) --before\. -+before\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth required pam_securetty\.so --auth required pam_tally\.so per_user --auth required pam_env\.so --auth required pam_unix\.so --auth required pam_nologin\.so --account required pam_unix\.so --password required pam_unix\.so --session required pam_limits\.so --session required pam_unix\.so --session required pam_lastlog\.so nowtmp --session optional pam_mail\.so standard -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth required pam_securetty\&.so -+auth required pam_tally\&.so per_user -+auth required pam_env\&.so -+auth required pam_unix\&.so -+auth required pam_nologin\&.so -+account required pam_unix\&.so -+password required pam_unix\&.so -+session required pam_limits\&.so -+session required pam_unix\&.so -+session required pam_lastlog\&.so nowtmp -+session optional pam_mail\&.so standard - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "FILES" - .PP --\fI/var/log/faillog\fR -+\FC/var/log/faillog\F[] - .RS 4 - failure logging file - .RE -@@ -214,8 +403,8 @@ - - \fBfaillog\fR(8), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_tally was written by Tim Baverstock and Tomas Mraz\. -+pam_tally was written by Tim Baverstock and Tomas Mraz\&. ---- Linux-PAM-1.0.2-orig/modules/pam_tally/README 2008-04-16 11:08:11.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tally/README 2009-01-20 12:00:01.000000000 +0100 -@@ -25,7 +25,7 @@ - - GLOBAL OPTIONS - -- This can be used for auth and account services. -+ This can be used for auth and account module types. - - onerr=[fail|succeed] - -@@ -41,6 +41,14 @@ - - Will log the user name into the system log if the user is not found. - -+ silent -+ -+ Don't print informative messages. -+ -+ no_log_info -+ -+ Don't log informative messages via syslog(3). -+ - AUTH OPTIONS - - Authentication phase first checks if user should be denied access and if ---- Linux-PAM-1.0.2-orig/modules/pam_tally2/pam_tally2.8 1970-01-01 01:00:00.000000000 +0100 -+++ Linux-PAM-1.0.2/modules/pam_tally2/pam_tally2.8 2009-01-20 12:00:03.000000000 +0100 -@@ -0,0 +1,402 @@ -+.\" Title: pam_tally2 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 -+.\" Manual: Linux-PAM Manual -+.\" Source: Linux-PAM Manual -+.\" Language: English -+.\" -+.TH "PAM_TALLY2" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- -+.\" disable hyphenation -+.nh -+.\" disable justification (adjust text to left margin only) -+.ad l -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_tally2 \- The login counter (tallying) module -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_tally2\&.so\fR\ 'u -+\fBpam_tally2\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [audit] [silent] [no_log_info] -+.fam -+.fam C -+.HP \w'\fBpam_tally2\fR\ 'u -+\fBpam_tally2\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet] -+.fam -+.SH "DESCRIPTION" -+.PP -+This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&. -+.PP -+pam_tally2 comes in two parts: -+\fBpam_tally2\&.so\fR -+and -+\fBpam_tally2\fR\&. The former is the PAM module and the latter, a stand\-alone program\&. -+\fBpam_tally2\fR -+is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display users\' counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&. -+.PP -+Normally, failed attempts to access -+\fIroot\fR -+will -+\fBnot\fR -+cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\'t given shell accounts and root may only login via -+\fBsu\fR -+or at the machine console (not telnet/rsh, etc), this is safe\&. -+.SH "OPTIONS" -+.PP -+GLOBAL OPTIONS -+.RS 4 -+This can be used for -+\fIauth\fR -+and -+\fIaccount\fR -+module types\&. -+.PP -+\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR -+.RS 4 -+If something weird happens (like unable to open the file), return with -+\fBPAM_SUCESS\fR -+if -+\fBonerr=\fR\fB\fIsucceed\fR\fR -+is given, else with the corresponding PAM error code\&. -+.RE -+.PP -+\fBfile=\fR\fB\fI/path/to/counter\fR\fR -+.RS 4 -+File where to keep counts\&. Default is -+\FC/var/log/tallylog\F[]\&. -+.RE -+.PP -+\fBaudit\fR -+.RS 4 -+Will log the user name into the system log if the user is not found\&. -+.RE -+.PP -+\fBsilent\fR -+.RS 4 -+Don\'t print informative messages\&. -+.RE -+.PP -+\fBno_log_info\fR -+.RS 4 -+Don\'t log informative messages via -+\fBsyslog\fR(3)\&. -+.RE -+.RE -+.PP -+AUTH OPTIONS -+.RS 4 -+Authentication phase first increments attempted login counter and checks if user should be denied access\&. If the user is authenticated and the login process continues on call to -+\fBpam_setcred\fR(3) -+it resets the attempts counter\&. -+.PP -+\fBdeny=\fR\fB\fIn\fR\fR -+.RS 4 -+Deny access if tally for this user exceeds -+\fIn\fR\&. -+.RE -+.PP -+\fBlock_time=\fR\fB\fIn\fR\fR -+.RS 4 -+Always deny for -+\fIn\fR -+seconds after failed attempt\&. -+.RE -+.PP -+\fBunlock_time=\fR\fB\fIn\fR\fR -+.RS 4 -+Allow access after -+\fIn\fR -+seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&. -+.RE -+.PP -+\fBmagic_root\fR -+.RS 4 -+If the module is invoked by a user with uid=0 the counter is not incremented\&. The sys\-admin should use this for user launched services, like -+\fBsu\fR, otherwise this argument should be omitted\&. -+.RE -+.PP -+\fBno_lock_time\fR -+.RS 4 -+Do not use the \&.fail_locktime field in -+\FC/var/log/faillog\F[] -+for this user\&. -+.RE -+.PP -+\fBno_reset\fR -+.RS 4 -+Don\'t reset count on successful entry, only decrement\&. -+.RE -+.PP -+\fBeven_deny_root\fR -+.RS 4 -+Root account can become unavailable\&. -+.RE -+.PP -+\fBroot_unlock_time=\fR\fB\fIn\fR\fR -+.RS 4 -+This option implies -+\fBeven_deny_root\fR -+option\&. Allow access after -+\fIn\fR -+seconds to root acccount after failed attempt\&. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. -+.RE -+.RE -+.PP -+ACCOUNT OPTIONS -+.RS 4 -+Account phase resets attempts counter if the user is -+\fBnot\fR -+magic root\&. This phase can be used optionaly for services which don\'t call -+\fBpam_setcred\fR(3) -+correctly or if the reset should be done regardless of the failure of the account phase of other modules\&. -+.PP -+\fBmagic_root\fR -+.RS 4 -+If the module is invoked by a user with uid=0 the counter is not changed\&. The sys\-admin should use this for user launched services, like -+\fBsu\fR, otherwise this argument should be omitted\&. -+.RE -+.RE -+.SH "MODULE TYPES PROVIDED" -+.PP -+The -+\fBauth\fR -+and -+\fBaccount\fR -+module types are provided\&. -+.SH "RETURN VALUES" -+.PP -+PAM_AUTH_ERR -+.RS 4 -+A invalid option was given, the module was not able to retrive the user name, no valid counter file was found, or too many failed logins\&. -+.RE -+.PP -+PAM_SUCCESS -+.RS 4 -+Everything was successfull\&. -+.RE -+.PP -+PAM_USER_UNKNOWN -+.RS 4 -+User not known\&. -+.RE -+.SH "NOTES" -+.PP -+pam_tally2 is not compatible with the old pam_tally faillog file format\&. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\&. -+.PP -+There is no setuid wrapper for access to the data file such as when the -+\fBpam_tally2\&.so\fR -+module is called from xscreensaver\&. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEPERM\fR) the module returns -+\fBPAM_IGNORE\fR\&. -+.SH "EXAMPLES" -+.PP -+Add the following line to -+\FC/etc/pam\&.d/login\F[] -+to lock the account after 4 failed logins\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&. The module does not have to be called in the account phase because the -+\fBlogin\fR -+calls -+\fBpam_setcred\fR(3) -+correctly\&. -+.sp -+.if n \{\ -+.RS 4 -+.\} -+.fam C -+.ps -1 -+.nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth required pam_securetty\&.so -+auth required pam_tally2\&.so deny=4 even_deny_root unlock_time=1200 -+auth required pam_env\&.so -+auth required pam_unix\&.so -+auth required pam_nologin\&.so -+account required pam_unix\&.so -+password required pam_unix\&.so -+session required pam_limits\&.so -+session required pam_unix\&.so -+session required pam_lastlog\&.so nowtmp -+session optional pam_mail\&.so standard -+ -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} -+.fi -+.fam -+.ps +1 -+.if n \{\ -+.RE -+.\} -+.SH "FILES" -+.PP -+\FC/var/log/tallylog\F[] -+.RS 4 -+failure count logging file -+.RE -+.SH "SEE ALSO" -+.PP -+ -+\fBpam.conf\fR(5), -+\fBpam.d\fR(5), -+\fBpam\fR(8) -+.SH "AUTHOR" -+.PP -+pam_tally was written by Tim Baverstock and Tomas Mraz\&. ---- Linux-PAM-1.0.2-orig/modules/pam_tally2/README 1970-01-01 01:00:00.000000000 +0100 -+++ Linux-PAM-1.0.2/modules/pam_tally2/README 2009-01-20 12:00:06.000000000 +0100 -@@ -0,0 +1,146 @@ -+pam_tally2 — The login counter (tallying) module -+ -+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -+ -+DESCRIPTION -+ -+This module maintains a count of attempted accesses, can reset count on -+success, can deny access if too many attempts fail. -+ -+pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the -+PAM module and the latter, a stand-alone program. pam_tally2 is an (optional) -+application which can be used to interrogate and manipulate the counter file. -+It can display users' counts, set individual counts, or clear all counts. -+Setting artificially high counts may be useful for blocking users without -+changing their passwords. For example, one might find it useful to clear all -+counts every midnight from a cron job. -+ -+Normally, failed attempts to access root will not cause the root account to -+become blocked, to prevent denial-of-service: if your users aren't given shell -+accounts and root may only login via su or at the machine console (not telnet/ -+rsh, etc), this is safe. -+ -+OPTIONS -+ -+GLOBAL OPTIONS -+ -+ This can be used for auth and account module types. -+ -+ onerr=[fail|succeed] -+ -+ If something weird happens (like unable to open the file), return with -+ PAM_SUCESS if onerr=succeed is given, else with the corresponding PAM -+ error code. -+ -+ file=/path/to/counter -+ -+ File where to keep counts. Default is /var/log/tallylog. -+ -+ audit -+ -+ Will log the user name into the system log if the user is not found. -+ -+ silent -+ -+ Don't print informative messages. -+ -+ no_log_info -+ -+ Don't log informative messages via syslog(3). -+ -+AUTH OPTIONS -+ -+ Authentication phase first increments attempted login counter and checks if -+ user should be denied access. If the user is authenticated and the login -+ process continues on call to pam_setcred(3) it resets the attempts counter. -+ -+ deny=n -+ -+ Deny access if tally for this user exceeds n. -+ -+ lock_time=n -+ -+ Always deny for n seconds after failed attempt. -+ -+ unlock_time=n -+ -+ Allow access after n seconds after failed attempt. If this option is -+ used the user will be locked out for the specified amount of time after -+ he exceeded his maximum allowed attempts. Otherwise the account is -+ locked until the lock is removed by a manual intervention of the system -+ administrator. -+ -+ magic_root -+ -+ If the module is invoked by a user with uid=0 the counter is not -+ incremented. The sys-admin should use this for user launched services, -+ like su, otherwise this argument should be omitted. -+ -+ no_lock_time -+ -+ Do not use the .fail_locktime field in /var/log/faillog for this user. -+ -+ no_reset -+ -+ Don't reset count on successful entry, only decrement. -+ -+ even_deny_root -+ -+ Root account can become unavailable. -+ -+ root_unlock_time=n -+ -+ This option implies even_deny_root option. Allow access after n seconds -+ to root acccount after failed attempt. If this option is used the root -+ user will be locked out for the specified amount of time after he -+ exceeded his maximum allowed attempts. -+ -+ACCOUNT OPTIONS -+ -+ Account phase resets attempts counter if the user is not magic root. This -+ phase can be used optionaly for services which don't call pam_setcred(3) -+ correctly or if the reset should be done regardless of the failure of the -+ account phase of other modules. -+ -+ magic_root -+ -+ If the module is invoked by a user with uid=0 the counter is not -+ changed. The sys-admin should use this for user launched services, like -+ su, otherwise this argument should be omitted. -+ -+NOTES -+ -+pam_tally2 is not compatible with the old pam_tally faillog file format. This -+is caused by requirement of compatibility of the tallylog file format between -+32bit and 64bit architectures on multiarch systems. -+ -+There is no setuid wrapper for access to the data file such as when the -+pam_tally2.so module is called from xscreensaver. As this would make it -+impossible to share PAM configuration with such services the following -+workaround is used: If the data file cannot be opened because of insufficient -+permissions (EPERM) the module returns PAM_IGNORE. -+ -+EXAMPLES -+ -+Add the following line to /etc/pam.d/login to lock the account after 4 failed -+logins. Root account will be locked as well. The accounts will be automatically -+unlocked after 20 minutes. The module does not have to be called in the account -+phase because the login calls pam_setcred(3) correctly. -+ -+auth required pam_securetty.so -+auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200 -+auth required pam_env.so -+auth required pam_unix.so -+auth required pam_nologin.so -+account required pam_unix.so -+password required pam_unix.so -+session required pam_limits.so -+session required pam_unix.so -+session required pam_lastlog.so nowtmp -+session optional pam_mail.so standard -+ -+ -+AUTHOR -+ -+pam_tally was written by Tim Baverstock and Tomas Mraz. -+ ---- Linux-PAM-1.0.2-orig/modules/pam_time/pam_time.8 2008-04-16 11:08:15.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_time/pam_time.8 2009-01-20 12:00:08.000000000 +0100 -@@ -1,95 +1,271 @@ - .\" Title: pam_time --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_TIME" "8" "04/16/2008" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_TIME" "8" "01/20/2009" "Linux-PAM Manual" "Linux-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_time - PAM module for time control access --.SH "SYNOPSIS" --.HP 12 --\fBpam_time\.so\fR [debug] [noaudit] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_time \- PAM module for time control access -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_time\&.so\fR\ 'u -+\fBpam_time\&.so\fR [debug] [noaudit] -+.fam - .SH "DESCRIPTION" - .PP --The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\. -+The pam_time PAM module does not authenticate the user, but instead it restricts access to a system and or specific applications at various times of the day and on specific days or over various terminal lines\&. This module can be configured to deny access to (individual) users based on their name, the time of day, the day of week, the service they are applying for and their terminal from which they are making their request\&. - .PP - By default rules for time/port access are taken from config file --\fI/etc/security/time\.conf\fR\. -+\FC/etc/security/time\&.conf\F[]\&. - .PP --If Linux PAM is compiled with audit support the module will report when it denies access\. -+If Linux PAM is compiled with audit support the module will report when it denies access\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 - Some debug informations are printed with --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .RE - .PP - \fBnoaudit\fR - .RS 4 --Do not report logins at disallowed time to the audit subsystem\. -+Do not report logins at disallowed time to the audit subsystem\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBaccount\fR --service is supported\. -+type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_SUCCESS - .RS 4 --Access was granted\. -+Access was granted\&. - .RE - .PP - PAM_ABORT - .RS 4 --Not all relevant data could be gotten\. -+Not all relevant data could be gotten\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_PERM_DENIED - .RS 4 --Access was not granted\. -+Access was not granted\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --The user is not known to the system\. -+The user is not known to the system\&. - .RE - .SH "FILES" - .PP --\fI/etc/security/time\.conf\fR -+\FC/etc/security/time\&.conf\F[] - .RS 4 - Default configuration file - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 - # - # apply pam_time accounting to login requests - # --login account required pam_time\.so -+login account required pam_time\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - - \fBtime.conf\fR(5), --\fBpam.d\fR(8), --\fBpam\fR(8)\. -+\fBpam.d\fR(5), -+\fBpam\fR(8)\&. - .SH "AUTHOR" - .PP --pam_time was written by Andrew G\. Morgan \. -+pam_time was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_tty_audit/pam_tty_audit.8 2008-04-16 11:08:21.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_tty_audit/pam_tty_audit.8 2009-01-20 12:00:11.000000000 +0100 -@@ -1,80 +1,256 @@ - .\" Title: pam_tty_audit --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_TTY_AUDIT" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TTY_AUDIT" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_tty_audit - Enable or disable TTY auditing for specified users --.SH "SYNOPSIS" --.HP 17 --\fBpam_tty_audit\.so\fR [disable=\fIpatterns\fR] [enable=\fIpatterns\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_tty_audit \- Enable or disable TTY auditing for specified users -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_tty_audit\&.so\fR\ 'u -+\fBpam_tty_audit\&.so\fR [disable=\fIpatterns\fR] [enable=\fIpatterns\fR] -+.fam - .SH "DESCRIPTION" - .PP --The pam_tty_audit PAM module is used to enable or disable TTY auditing\. By default, the kernel does not audit input on any TTY\. -+The pam_tty_audit PAM module is used to enable or disable TTY auditing\&. By default, the kernel does not audit input on any TTY\&. - .SH "OPTIONS" - .PP - \fBdisable=\fR\fB\fIpatterns\fR\fR - .RS 4 - For each user matching one of comma\-separated glob --\fB\fIpatterns\fR\fR, disable TTY auditing\. This overrides any previous -+\fB\fIpatterns\fR\fR, disable TTY auditing\&. This overrides any previous - \fBenable\fR --option matchin the same user name on the command line\. -+option matchin the same user name on the command line\&. - .RE - .PP - \fBenable=\fR\fB\fIpatterns\fR\fR - .RS 4 - For each user matching one of comma\-separated glob --\fB\fIpatterns\fR\fR, enable TTY auditing\. This overrides any previous -+\fB\fIpatterns\fR\fR, enable TTY auditing\&. This overrides any previous - \fBdisable\fR --option matching the same user name on the command line\. -+option matching the same user name on the command line\&. - .RE - .PP - \fBopen_only\fR - .RS 4 --Set the TTY audit flag when opening the session, but do not restore it when closing the session\. Using this option is necessary for some services that don\'t -+Set the TTY audit flag when opening the session, but do not restore it when closing the session\&. Using this option is necessary for some services that don\'t - \fBfork()\fR - to run the authenticated session, such as --\fBsudo\fR\. -+\fBsudo\fR\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+type is supported\&. - .SH "RETURN VALUES" - .PP - PAM_SESSION_ERR - .RS 4 --Error reading or modifying the TTY audit flag\. See the system log for more details\. -+Error reading or modifying the TTY audit flag\&. See the system log for more details\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Success\. -+Success\&. - .RE - .SH "NOTES" - .PP --When TTY auditing is enabled, it is inherited by all processes started by that user\. In particular, daemons restarted by an user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\. Therefore, it is recommended to use -+When TTY auditing is enabled, it is inherited by all processes started by that user\&. In particular, daemons restarted by an user will still have TTY auditing enabled, and audit TTY input even by other users unless auditing for these users is explicitly disabled\&. Therefore, it is recommended to use - \fBdisable=*\fR --as the first option for most daemons using PAM\. -+as the first option for most daemons using PAM\&. - .SH "EXAMPLES" - .PP --Audit all administrative actions\. -+Audit all administrative actions\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --session required pam_tty_audit\.so disable=* enable=root -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+session required pam_tty_audit\&.so disable=* enable=root - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "AUTHOR" - .PP --pam_tty_audit was written by Miloslav Trmač \. -+pam_tty_audit was written by Miloslav Trmač \&. ---- Linux-PAM-1.0.2-orig/modules/pam_umask/pam_umask.8 2008-04-16 11:08:27.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_umask/pam_umask.8 2009-01-20 12:00:14.000000000 +0100 -@@ -1,48 +1,248 @@ - .\" Title: pam_umask --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_UMASK" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UMASK" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_umask - PAM module to set the file mode creation mask --.SH "SYNOPSIS" --.HP 13 --\fBpam_umask\.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_umask \- PAM module to set the file mode creation mask -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_umask\&.so\fR\ 'u -+\fBpam_umask\&.so\fR [debug] [silent] [usergroups] [umask=\fImask\fR] -+.fam - .SH "DESCRIPTION" - .PP --pam_umask is a PAM module to set the file mode creation mask of the current environment\. The umask affects the default permissions assigned to newly created files\. -+pam_umask is a PAM module to set the file mode creation mask of the current environment\&. The umask affects the default permissions assigned to newly created files\&. - .PP - The PAM module tries to get the umask value from the following places in the following order: - .sp - .RS 4 --\h'-04'\(bu\h'+03'umask= argument -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+umask= argument - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'umask= entry of the users GECOS field -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+umask= entry of the users GECOS field - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'pri= entry of the users GECOS field -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+pri= entry of the users GECOS field - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'ulimit= entry of the users GECOS field -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+ulimit= entry of the users GECOS field - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'UMASK= entry from /etc/default/login -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+UMASK= entry from /etc/default/login - .RE - .sp - .RS 4 --\h'-04'\(bu\h'+03'UMASK entry from /etc/login\.defs -+.ie n \{\ -+\h'-04'\(bu\h'+03'\c -+.\} -+.el \{\ -+.sp -1 -+.IP \(bu 2.3 -+.\} -+UMASK entry from /etc/login\&.defs - .RE - .sp - .RE -@@ -51,66 +251,84 @@ - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBsilent\fR - .RS 4 --Don\'t print informative messages\. -+Don\'t print informative messages\&. - .RE - .PP - \fBusergroups\fR - .RS 4 --If the user is not root, and the user ID is equal to the group ID, and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\. -+If the user is not root, and the user ID is equal to the group ID, and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. - .RE - .PP - \fBumask=\fR\fB\fImask\fR\fR - .RS 4 - Sets the calling process\'s file mode creation mask (umask) to - \fBmask\fR --& 0777\. The value is interpreted as Octal\. -+& 0777\&. The value is interpreted as Octal\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+type is provided\&. - .SH "RETURN VALUES" - .PP - .PP - PAM_SUCCESS - .RS 4 --The new umask was set successfull\. -+The new umask was set successfull\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --No username was given\. -+No username was given\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - to set the user specific umask at login: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -- session optional pam_umask\.so umask=0022 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+ session optional pam_umask\&.so umask=0022 - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_umask was written by Thorsten Kukuk \. -+pam_umask was written by Thorsten Kukuk \&. ---- Linux-PAM-1.0.2-orig/modules/pam_unix/pam_unix.8 2008-04-16 11:08:40.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_unix/pam_unix.8 2009-01-20 12:00:24.000000000 +0100 -@@ -1,85 +1,243 @@ - .\" Title: pam_unix --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_UNIX" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UNIX" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_unix - Module for traditional password authentication --.SH "SYNOPSIS" --.HP 12 --\fBpam_unix\.so\fR [\.\.\.] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_unix \- Module for traditional password authentication -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_unix\&.so\fR\ 'u -+\fBpam_unix\&.so\fR [\&.\&.\&.] -+.fam - .SH "DESCRIPTION" - .PP --This is the standard Unix authentication module\. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\. -+This is the standard Unix authentication module\&. It uses standard calls from the system\'s libraries to retrieve and set account information as well as authentication\&. Usually this is obtained from the /etc/passwd and the /etc/shadow file as well if shadow is enabled\&. - .PP - The account component performs the task of establishing the status of the user\'s account and password based on the following - \fIshadow\fR --elements: expire, last_change, max_change, min_change, warn_change\. In the case of the latter, it may offer advice to the user on changing their password or, through the -+elements: expire, last_change, max_change, min_change, warn_change\&. In the case of the latter, it may offer advice to the user on changing their password or, through the - \fBPAM_AUTHTOKEN_REQD\fR --return, delay giving service to the user until they have established a new password\. The entries listed above are documented in the -+return, delay giving service to the user until they have established a new password\&. The entries listed above are documented in the - \fBshadow\fR(5) --manual page\. Should the user\'s record not contain one or more of these entries, the corresponding -+manual page\&. Should the user\'s record not contain one or more of these entries, the corresponding - \fIshadow\fR --check is not performed\. -+check is not performed\&. - .PP --The authentication component performs the task of checking the users credentials (password)\. The default action of this module is to not permit the user access to a service if their official password is blank\. -+The authentication component performs the task of checking the users credentials (password)\&. The default action of this module is to not permit the user access to a service if their official password is blank\&. - .PP - A helper binary, --\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\. This binary is very simple and will only check the password of the user invoking it\. It is called transparently on behalf of the user by the authenticating component of this module\. In this way it is possible for applications like -+\fBunix_chkpwd\fR(8), is provided to check the user\'s password when it is stored in a read protected database\&. This binary is very simple and will only check the password of the user invoking it\&. It is called transparently on behalf of the user by the authenticating component of this module\&. In this way it is possible for applications like - \fBxlock\fR(1) --to work without being setuid\-root\. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was --\fBfork()\fRd\. The -+to work without being setuid\-root\&. The module, by default, will temporarily turn off SIGCHLD handling for the duration of execution of the helper binary\&. This is generally the right thing to do, as many applications are not prepared to handle this signal from a child they didn\'t know was -+\fBfork()\fRd\&. The - \fBnoreap\fR --module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\. -+module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. - .PP --The password component of this module performs the task of updating the user\'s password\. -+The password component of this module performs the task of updating the user\'s password\&. - .PP --The session component of this module logs when a user logins or leave the system\. -+The session component of this module logs when a user logins or leave the system\&. - .PP --Remaining arguments, supported by others functions of this module, are silently ignored\. Other arguments are logged as errors through --\fBsyslog\fR(3)\. -+Remaining arguments, supported by others functions of this module, are silently ignored\&. Other arguments are logged as errors through -+\fBsyslog\fR(3)\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 - Turns on debugging via --\fBsyslog\fR(3)\. -+\fBsyslog\fR(3)\&. - .RE - .PP - \fBaudit\fR - .RS 4 --A little more extreme than debug\. -+A little more extreme than debug\&. - .RE - .PP - \fBnullok\fR - .RS 4 --The default action of this module is to not permit the user access to a service if their official password is blank\. The -+The default action of this module is to not permit the user access to a service if their official password is blank\&. The - \fBnullok\fR --argument overrides this default\. -+argument overrides this default\&. - .RE - .PP - \fBtry_first_pass\fR - .RS 4 --Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\. -+Before prompting the user for their password, the module first tries the previous stacked module\'s password in case that satisfies this module as well\&. - .RE - .PP - \fBuse_first_pass\fR - .RS 4 - The argument - \fBuse_first_pass\fR --forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\. -+forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\&. - .RE - .PP - \fBnodelay\fR - .RS 4 --This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\. The default action is for the module to request a delay\-on\-failure of the order of two second\. -+This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\&. The default action is for the module to request a delay\-on\-failure of the order of two second\&. - .RE - .PP - \fBuse_authtok\fR -@@ -88,17 +246,17 @@ - \fBpassword\fR - module (this is used in the example of the stacking of the - \fBpam_cracklib\fR --module documented above)\. -+module documented above)\&. - .RE - .PP - \fBnot_set_pass\fR - .RS 4 --This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\. -+This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\&. - .RE - .PP - \fBnis\fR - .RS 4 --NIS RPC is used for setting new passwords\. -+NIS RPC is used for setting new passwords\&. - .RE - .PP - \fBremember=\fR\fB\fIn\fR\fR -@@ -106,84 +264,106 @@ - The last - \fIn\fR - passwords for each user are saved in --\fI/etc/security/opasswd\fR --in order to force password change history and keep the user from alternating between the same password too frequently\. -+\FC/etc/security/opasswd\F[] -+in order to force password change history and keep the user from alternating between the same password too frequently\&. - .RE - .PP - \fBshadow\fR - .RS 4 --Try to maintain a shadow based system\. -+Try to maintain a shadow based system\&. - .RE - .PP - \fBmd5\fR - .RS 4 --When a user changes their password next, encrypt it with the MD5 algorithm\. -+When a user changes their password next, encrypt it with the MD5 algorithm\&. - .RE - .PP - \fBbigcrypt\fR - .RS 4 --When a user changes their password next, encrypt it with the DEC C2 algorithm\. -+When a user changes their password next, encrypt it with the DEC C2 algorithm\&. - .RE - .PP - \fBsha256\fR - .RS 4 --When a user changes their password next, encrypt it with the SHA256 algorithm\. If the SHA256 algorithm is not known to the libcrypt, fall back to MD5\. -+When a user changes their password next, encrypt it with the SHA256 algorithm\&. If the SHA256 algorithm is not known to the libcrypt, fall back to MD5\&. - .RE - .PP - \fBsha512\fR - .RS 4 --When a user changes their password next, encrypt it with the SHA512 algorithm\. If the SHA512 algorithm is not known to the libcrypt, fall back to MD5\. -+When a user changes their password next, encrypt it with the SHA512 algorithm\&. If the SHA512 algorithm is not known to the libcrypt, fall back to MD5\&. - .RE - .PP - \fBrounds=\fR\fB\fIn\fR\fR - .RS 4 - Set the optional number of rounds of the SHA256 and SHA512 password hashing algorithms to --\fIn\fR\. -+\fIn\fR\&. - .RE - .PP - \fBbroken_shadow\fR - .RS 4 --Ignore errors reading shadow inforation for users in the account management module\. -+Ignore errors reading shadow inforation for users in the account management module\&. - .RE - .PP - Invalid arguments are logged with --\fBsyslog\fR(3)\. --.SH "MODULE SERVICES PROVIDED" -+\fBsyslog\fR(3)\&. -+.SH "MODULE TYPES PROVIDED" - .PP --All service are supported\. -+All module types (\fBaccount\fR, -+\fBauth\fR, -+\fBpassword\fR -+and -+\fBsession\fR) are provided\&. - .SH "RETURN VALUES" - .PP - PAM_IGNORE - .RS 4 --Ignore this module\. -+Ignore this module\&. - .RE - .SH "EXAMPLES" - .PP - An example usage for --\fI/etc/pam\.d/login\fR -+\FC/etc/pam\&.d/login\F[] - would be: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ - # Authenticate the user --auth required pam_unix\.so -+auth required pam_unix\&.so - # Ensure users account and password are still active --account required pam_unix\.so -+account required pam_unix\&.so - # Change the users password, but at first check the strength - # with pam_cracklib(8) --password required pam_cracklib\.so retry=3 minlen=6 difok=3 --password required pam_unix\.so use_authtok nullok md5 --session required pam_unix\.so -+password required pam_cracklib\&.so retry=3 minlen=6 difok=3 -+password required pam_unix\&.so use_authtok nullok md5 -+session required pam_unix\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_unix was written by various people\. -+pam_unix was written by various people\&. ---- Linux-PAM-1.0.2-orig/modules/pam_userdb/pam_userdb.8 2008-04-16 11:08:48.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_userdb/pam_userdb.8 2009-01-20 12:00:28.000000000 +0100 -@@ -1,136 +1,312 @@ - .\" Title: pam_userdb --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_USERDB" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_USERDB" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_userdb - PAM module to authenticate against a db database --.SH "SYNOPSIS" --.HP 14 --\fBpam_userdb\.so\fR db=\fI/path/database\fR [debug] [crypt=[crypt|none]] [icase] [dump] [try_first_pass] [use_first_pass] [unknown_ok] [key_only] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_userdb \- PAM module to authenticate against a db database -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_userdb\&.so\fR\ 'u -+\fBpam_userdb\&.so\fR db=\fI/path/database\fR [debug] [crypt=[crypt|none]] [icase] [dump] [try_first_pass] [use_first_pass] [unknown_ok] [key_only] -+.fam - .SH "DESCRIPTION" - .PP --The pam_userdb module is used to verify a username/password pair against values stored in a Berkeley DB database\. The database is indexed by the username, and the data fields corresponding to the username keys are the passwords\. -+The pam_userdb module is used to verify a username/password pair against values stored in a Berkeley DB database\&. The database is indexed by the username, and the data fields corresponding to the username keys are the passwords\&. - .SH "OPTIONS" - .PP - \fBcrypt=[crypt|none]\fR - .RS 4 --Indicates whether encrypted or plaintext passwords are stored in the database\. If it is -+Indicates whether encrypted or plaintext passwords are stored in the database\&. If it is - \fBcrypt\fR, passwords should be stored in the database in - \fBcrypt\fR(3) --form\. If -+form\&. If - \fBnone\fR --is selected, passwords should be stored in the database as plaintext\. -+is selected, passwords should be stored in the database as plaintext\&. - .RE - .PP - \fBdb=\fR\fB\fI/path/database\fR\fR - .RS 4 - Use the --\fI/path/database\fR --database for performing lookup\. There is no default; the module will return -+\FC/path/database\F[] -+database for performing lookup\&. There is no default; the module will return - \fBPAM_IGNORE\fR --if no database is provided\. -+if no database is provided\&. - .RE - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBdump\fR - .RS 4 --Dump all the entries in the database to the log\. Don\'t do this by default! -+Dump all the entries in the database to the log\&. Don\'t do this by default! - .RE - .PP - \fBicase\fR - .RS 4 --Make the password verification to be case insensitive (ie when working with registration numbers and such)\. Only works with plaintext password storage\. -+Make the password verification to be case insensitive (ie when working with registration numbers and such)\&. Only works with plaintext password storage\&. - .RE - .PP - \fBtry_first_pass\fR - .RS 4 --Use the authentication token previously obtained by another module that did the conversation with the application\. If this token can not be obtained then the module will try to converse\. This option can be used for stacking different modules that need to deal with the authentication tokens\. -+Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will try to converse\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&. - .RE - .PP - \fBuse_first_pass\fR - .RS 4 --Use the authentication token previously obtained by another module that did the conversation with the application\. If this token can not be obtained then the module will fail\. This option can be used for stacking different modules that need to deal with the authentication tokens\. -+Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will fail\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&. - .RE - .PP - \fBunknown_ok\fR - .RS 4 --Do not return error when checking for a user that is not in the database\. This can be used to stack more than one pam_userdb module that will check a username/password pair in more than a database\. -+Do not return error when checking for a user that is not in the database\&. This can be used to stack more than one pam_userdb module that will check a username/password pair in more than a database\&. - .RE - .PP - \fBkey_only\fR - .RS 4 --The username and password are concatenated together in the database hash as \'username\-password\' with a random value\. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\. this is useful in cases where the username may not be unique but the username and password pair are\. -+The username and password are concatenated together in the database hash as \'username\-password\' with a random value\&. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\&. this is useful in cases where the username may not be unique but the username and password pair are\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP --The services -+The - \fBauth\fR - and - \fBaccount\fR --are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 --Authentication failure\. -+Authentication failure\&. - .RE - .PP - PAM_AUTHTOK_RECOVERY_ERR - .RS 4 --Authentication information cannot be recovered\. -+Authentication information cannot be recovered\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_CONV_ERR - .RS 4 --Conversation failure\. -+Conversation failure\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Error in service module\. -+Error in service module\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Success\. -+Success\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known to the underlying authentication module\. -+User not known to the underlying authentication module\&. - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --auth sufficient pam_userdb\.so icase db=/etc/dbtest\.db -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+auth sufficient pam_userdb\&.so icase db=/etc/dbtest\&.db - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - - \fBcrypt\fR(3), - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_userdb was written by Cristian Gafton >gafton@redhat\.com<\. -+pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. ---- Linux-PAM-1.0.2-orig/modules/pam_warn/pam_warn.8 2008-04-16 11:08:53.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_warn/pam_warn.8 2009-01-20 12:00:31.000000000 +0100 -@@ -1,69 +1,245 @@ - .\" Title: pam_warn --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_WARN" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WARN" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_warn - PAM module which logs all PAM items if called --.SH "SYNOPSIS" --.HP 12 --\fBpam_warn\.so\fR -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_warn \- PAM module which logs all PAM items if called -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_warn\&.so\fR\ 'u -+\fBpam_warn\&.so\fR -+.fam - .SH "DESCRIPTION" - .PP - pam_warn is a PAM module that logs the service, terminal, user, remote user and remote host to --\fBsyslog\fR(3)\. The items are not probed for, but instead obtained from the standard PAM items\. The module always returns --\fBPAM_IGNORE\fR, indicating that it does not want to affect the authentication process\. -+\fBsyslog\fR(3)\&. The items are not probed for, but instead obtained from the standard PAM items\&. The module always returns -+\fBPAM_IGNORE\fR, indicating that it does not want to affect the authentication process\&. - .SH "OPTIONS" - .PP --This module does not recognise any options\. --.SH "MODULE SERVICES PROVIDED" -+This module does not recognise any options\&. -+.SH "MODULE TYPES PROVIDED" - .PP --The services -+The - \fBauth\fR, - \fBaccount\fR, - \fBpassword\fR - and - \fBsession\fR --are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_IGNORE - .RS 4 --This module always returns PAM_IGNORE\. -+This module always returns PAM_IGNORE\&. - .RE - .SH "EXAMPLES" - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --#%PAM\-1\.0 -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+#%PAM\-1\&.0 - # - # If we don\'t have config entries for a service, the --# OTHER entries are used\. To be secure, warn and deny --# access to everything\. --other auth required pam_warn\.so --other auth required pam_deny\.so --other account required pam_warn\.so --other account required pam_deny\.so --other password required pam_warn\.so --other password required pam_deny\.so --other session required pam_warn\.so --other session required pam_deny\.so -+# OTHER entries are used\&. To be secure, warn and deny -+# access to everything\&. -+other auth required pam_warn\&.so -+other auth required pam_deny\&.so -+other account required pam_warn\&.so -+other account required pam_deny\&.so -+other password required pam_warn\&.so -+other password required pam_deny\&.so -+other session required pam_warn\&.so -+other session required pam_deny\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_warn was written by Andrew G\. Morgan \. -+pam_warn was written by Andrew G\&. Morgan \&. ---- Linux-PAM-1.0.2-orig/modules/pam_wheel/pam_wheel.8 2008-04-16 11:08:57.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_wheel/pam_wheel.8 2009-01-20 12:00:34.000000000 +0100 -@@ -1,127 +1,303 @@ - .\" Title: pam_wheel --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_WHEEL" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WHEEL" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_wheel - Only permit root access to members of group wheel --.SH "SYNOPSIS" --.HP 13 --\fBpam_wheel\.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_wheel \- Only permit root access to members of group wheel -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_wheel\&.so\fR\ 'u -+\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] -+.fam - .SH "DESCRIPTION" - .PP - The pam_wheel PAM module is used to enforce the so\-called - \fIwheel\fR --group\. By default it permits root access to the system if the applicant user is a member of the -+group\&. By default it permits root access to the system if the applicant user is a member of the - \fIwheel\fR --group\. If no group with this name exist, the module is using the group with the group\-ID --\fB0\fR\. -+group\&. If no group with this name exist, the module is using the group with the group\-ID -+\fB0\fR\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBdeny\fR - .RS 4 - Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of the - \fBgroup\fR --option), deny access\. Conversely, if the user is not in the group, return PAM_IGNORE (unless -+option), deny access\&. Conversely, if the user is not in the group, return PAM_IGNORE (unless - \fBtrust\fR --was also specified, in which case we return PAM_SUCCESS)\. -+was also specified, in which case we return PAM_SUCCESS)\&. - .RE - .PP - \fBgroup=\fR\fB\fIname\fR\fR - .RS 4 - Instead of checking the wheel or GID 0 groups, use the - \fB\fIname\fR\fR --group to perform the authentication\. -+group to perform the authentication\&. - .RE - .PP - \fBroot_only\fR - .RS 4 --The check for wheel membership is done only\. -+The check for wheel membership is done only\&. - .RE - .PP - \fBtrust\fR - .RS 4 --The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\. -+The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. - .RE - .PP - \fBuse_uid\fR - .RS 4 --The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\. -+The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - The - \fBauth\fR - and - \fBaccount\fR --services are supported\. -+module types are provided\&. - .SH "RETURN VALUES" - .PP - PAM_AUTH_ERR - .RS 4 --Authentication failure\. -+Authentication failure\&. - .RE - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_IGNORE - .RS 4 --The return value should be ignored by PAM dispatch\. -+The return value should be ignored by PAM dispatch\&. - .RE - .PP - PAM_PERM_DENY - .RS 4 --Permission denied\. -+Permission denied\&. - .RE - .PP - PAM_SERVICE_ERR - .RS 4 --Cannot determine the user name\. -+Cannot determine the user name\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Success\. -+Success\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP --The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\. -+The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non\-root applicants\&. - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --su auth sufficient pam_rootok\.so --su auth required pam_wheel\.so --su auth required pam_unix\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+su auth sufficient pam_rootok\&.so -+su auth required pam_wheel\&.so -+su auth required pam_unix\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "SEE ALSO" - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_wheel was written by Cristian Gafton \. -+pam_wheel was written by Cristian Gafton \&. ---- Linux-PAM-1.0.2-orig/modules/pam_xauth/pam_xauth.8 2008-04-16 11:09:03.000000000 +0200 -+++ Linux-PAM-1.0.2/modules/pam_xauth/pam_xauth.8 2009-01-20 12:00:38.000000000 +0100 -@@ -1,154 +1,330 @@ - .\" Title: pam_xauth --.\" Author: --.\" Generator: DocBook XSL Stylesheets v1.73.1 --.\" Date: 04/16/2008 -+.\" Author: [see the "AUTHOR" section] -+.\" Generator: DocBook XSL Stylesheets v1.74.0 -+.\" Date: 01/20/2009 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual -+.\" Language: English - .\" --.TH "PAM_XAUTH" "8" "04/16/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_XAUTH" "8" "01/20/2009" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" ----------------------------------------------------------------- -+.\" * (re)Define some macros -+.\" ----------------------------------------------------------------- -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" toupper - uppercase a string (locale-aware) -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de toupper -+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ -+\\$* -+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH-xref - format a cross-reference to an SH section -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de SH-xref -+.ie n \{\ -+.\} -+.toupper \\$* -+.el \{\ -+\\$* -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SH - level-one heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SH -+.\" put an extra blank line of space above the head in non-TTY output -+.if t \{\ -+.sp 1 -+.\} -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[an-margin]u -+.ti 0 -+.HTML-TAG ".NH \\n[an-level]" -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+\." make the size of the head bigger -+.ps +3 -+.ft B -+.ne (2v + 1u) -+.ie n \{\ -+.\" if n (TTY output), use uppercase -+.toupper \\$* -+.\} -+.el \{\ -+.nr an-break-flag 0 -+.\" if not n (not TTY), use normal case (not uppercase) -+\\$1 -+.in \\n[an-margin]u -+.ti 0 -+.\" if not n (not TTY), put a border/line under subheading -+.sp -.6 -+\l'\n(.lu' -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" SS - level-two heading that works better for non-TTY output -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de1 SS -+.sp \\n[PD]u -+.nr an-level 1 -+.set-an-margin -+.nr an-prevailing-indent \\n[IN] -+.fi -+.in \\n[IN]u -+.ti \\n[SN]u -+.it 1 an-trap -+.nr an-no-space-flag 1 -+.nr an-break-flag 1 -+.ps \\n[PS-SS]u -+\." make the size of the head bigger -+.ps +2 -+.ft B -+.ne (2v + 1u) -+.if \\n[.$] \&\\$* -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BB/BE - put background/screen (filled box) around block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BB -+.if t \{\ -+.sp -.5 -+.br -+.in +2n -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EB -+.if t \{\ -+.if "\\$2"adjust-for-leading-newline" \{\ -+.sp -1 -+.\} -+.br -+.di -+.in -+.ll -+.gcolor -+.nr BW \\n(.lu-\\n(.i -+.nr BH \\n(dn+.5v -+.ne \\n(BHu+.5v -+.ie "\\$2"adjust-for-leading-newline" \{\ -+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.el \{\ -+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[] -+.\} -+.in 0 -+.sp -.5v -+.nf -+.BX -+.in -+.sp .5v -+.fi -+.\} -+.. -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.\" BM/EM - put colored marker in margin next to block of text -+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -+.de BM -+.if t \{\ -+.br -+.ll -2n -+.gcolor red -+.di BX -+.\} -+.. -+.de EM -+.if t \{\ -+.br -+.di -+.ll -+.gcolor -+.nr BH \\n(dn -+.ne \\n(BHu -+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[] -+.in 0 -+.nf -+.BX -+.in -+.fi -+.\} -+.. -+.\" ----------------------------------------------------------------- -+.\" * set default formatting -+.\" ----------------------------------------------------------------- - .\" disable hyphenation - .nh - .\" disable justification (adjust text to left margin only) - .ad l --.SH "NAME" --pam_xauth - PAM module to forward xauth keys between users --.SH "SYNOPSIS" --.HP 13 --\fBpam_xauth\.so\fR [debug] [xauthpath=\fI/path/to/xauth\fR] [systemuser=\fIUID\fR] [targetuser=\fIUID\fR] -+.\" ----------------------------------------------------------------- -+.\" * MAIN CONTENT STARTS HERE * -+.\" ----------------------------------------------------------------- -+.SH "Name" -+pam_xauth \- PAM module to forward xauth keys between users -+.SH "Synopsis" -+.fam C -+.HP \w'\fBpam_xauth\&.so\fR\ 'u -+\fBpam_xauth\&.so\fR [debug] [xauthpath=\fI/path/to/xauth\fR] [systemuser=\fIUID\fR] [targetuser=\fIUID\fR] -+.fam - .SH "DESCRIPTION" - .PP --The pam_xauth PAM module is designed to forward xauth keys (sometimes referred to as "cookies") between users\. -+The pam_xauth PAM module is designed to forward xauth keys (sometimes referred to as "cookies") between users\&. - .PP - Without pam_xauth, when xauth is enabled and a user uses the - \fBsu\fR(1) --command to assume another user\'s priviledges, that user is no longer able to access the original user\'s X display because the new user does not have the key needed to access the display\. pam_xauth solves the problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target user) when the session is created, and destroying the key when the session is torn down\. -+command to assume another user\'s priviledges, that user is no longer able to access the original user\'s X display because the new user does not have the key needed to access the display\&. pam_xauth solves the problem by forwarding the key from the user running su (the source user) to the user whose identity the source user is assuming (the target user) when the session is created, and destroying the key when the session is torn down\&. - .PP - This means, for example, that when you run - \fBsu\fR(1) - from an xterm sesssion, you will be able to run X programs without explicitly dealing with the - \fBxauth\fR(1) --xauth command or ~/\.Xauthority files\. -+xauth command or ~/\&.Xauthority files\&. - .PP --pam_xauth will only forward keys if xauth can list a key connected to the $DISPLAY environment variable\. -+pam_xauth will only forward keys if xauth can list a key connected to the $DISPLAY environment variable\&. - .PP - Primitive access control is provided by --\fI~/\.xauth/export\fR -+\FC~/\&.xauth/export\F[] - in the invoking user\'s home directory and --\fI~/\.xauth/import\fR --in the target user\'s home directory\. -+\FC~/\&.xauth/import\F[] -+in the target user\'s home directory\&. - .PP - If a user has a --\fI~/\.xauth/import\fR --file, the user will only receive cookies from users listed in the file\. If there is no --\fI~/\.xauth/import\fR --file, the user will accept cookies from any other user\. -+\FC~/\&.xauth/import\F[] -+file, the user will only receive cookies from users listed in the file\&. If there is no -+\FC~/\&.xauth/import\F[] -+file, the user will accept cookies from any other user\&. - .PP - If a user has a --\fI\.xauth/export\fR --file, the user will only forward cookies to users listed in the file\. If there is no --\fI~/\.xauth/export\fR -+\FC\&.xauth/export\F[] -+file, the user will only forward cookies to users listed in the file\&. If there is no -+\FC~/\&.xauth/export\F[] - file, and the invoking user is not --\fBroot\fR, the user will forward cookies to any other user\. If there is no --\fI~/\.xauth/export\fR -+\fBroot\fR, the user will forward cookies to any other user\&. If there is no -+\FC~/\&.xauth/export\F[] - file, and the invoking user is - \fBroot\fR, the user will - \fInot\fR --forward cookies to other users\. -+forward cookies to other users\&. - .PP - Both the import and export files support wildcards (such as --\fI*\fR)\. Both the import and export files can be empty, signifying that no users are allowed\. -+\fI*\fR)\&. Both the import and export files can be empty, signifying that no users are allowed\&. - .SH "OPTIONS" - .PP - \fBdebug\fR - .RS 4 --Print debug information\. -+Print debug information\&. - .RE - .PP - \fBxauthpath=\fR\fB\fI/path/to/xauth\fR\fR - .RS 4 - Specify the path the xauth program (it is expected in --\fI/usr/X11R6/bin/xauth\fR, --\fI/usr/bin/xauth\fR, or --\fI/usr/bin/X11/xauth\fR --by default)\. -+\FC/usr/X11R6/bin/xauth\F[], -+\FC/usr/bin/xauth\F[], or -+\FC/usr/bin/X11/xauth\F[] -+by default)\&. - .RE - .PP - \fBsystemuser=\fR\fB\fIUID\fR\fR - .RS 4 --Specify the highest UID which will be assumed to belong to a "system" user\. pam_xauth will refuse to forward credentials to users with UID less than or equal to this number, except for root and the "targetuser", if specified\. -+Specify the highest UID which will be assumed to belong to a "system" user\&. pam_xauth will refuse to forward credentials to users with UID less than or equal to this number, except for root and the "targetuser", if specified\&. - .RE - .PP - \fBtargetuser=\fR\fB\fIUID\fR\fR - .RS 4 --Specify a single target UID which is exempt from the systemuser check\. -+Specify a single target UID which is exempt from the systemuser check\&. - .RE --.SH "MODULE SERVICES PROVIDED" -+.SH "MODULE TYPES PROVIDED" - .PP - Only the - \fBsession\fR --service is supported\. -+type is provided\&. - .SH "RETURN VALUES" - .PP - PAM_BUF_ERR - .RS 4 --Memory buffer error\. -+Memory buffer error\&. - .RE - .PP - PAM_PERM_DENIED - .RS 4 --Permission denied by import/export file\. -+Permission denied by import/export file\&. - .RE - .PP - PAM_SESSION_ERR - .RS 4 --Cannot determine user name, UID or access users home directory\. -+Cannot determine user name, UID or access users home directory\&. - .RE - .PP - PAM_SUCCESS - .RS 4 --Success\. -+Success\&. - .RE - .PP - PAM_USER_UNKNOWN - .RS 4 --User not known\. -+User not known\&. - .RE - .SH "EXAMPLES" - .PP - Add the following line to --\fI/etc/pam\.d/su\fR -+\FC/etc/pam\&.d/su\F[] - to forward xauth keys between users when calling su: - .sp -+.if n \{\ - .RS 4 -+.\} -+.fam C -+.ps -1 - .nf --session optional pam_xauth\.so -+.if t \{\ -+.sp -1 -+.\} -+.BB lightgray adjust-for-leading-newline -+.sp -1 -+ -+session optional pam_xauth\&.so - -+.EB lightgray adjust-for-leading-newline -+.if t \{\ -+.sp 1 -+.\} - .fi -+.fam -+.ps +1 -+.if n \{\ - .RE -+.\} - .sp - .SH "IMPLEMENTATION DETAILS" - .PP - pam_xauth will work - \fIonly\fR - if it is used from a setuid application in which the --\fBgetuid\fR() call returns the id of the user running the application, and for which PAM can supply the name of the account that the user is attempting to assume\. The typical application of this type is --\fBsu\fR(1)\. The application must call both -+\fBgetuid\fR() call returns the id of the user running the application, and for which PAM can supply the name of the account that the user is attempting to assume\&. The typical application of this type is -+\fBsu\fR(1)\&. The application must call both - \fBpam_open_session\fR() and --\fBpam_close_session\fR() with the ruid set to the uid of the calling user and the euid set to root, and must have provided as the PAM_USER item the name of the target user\. -+\fBpam_close_session\fR() with the ruid set to the uid of the calling user and the euid set to root, and must have provided as the PAM_USER item the name of the target user\&. - .PP - pam_xauth calls - \fBxauth\fR(1) --as the source user to extract the key for $DISPLAY, then calls xauth as the target user to merge the key into the a temporary database and later remove the database\. -+as the source user to extract the key for $DISPLAY, then calls xauth as the target user to merge the key into the a temporary database and later remove the database\&. - .PP --pam_xauth cannot be told to not remove the keys when the session is closed\. -+pam_xauth cannot be told to not remove the keys when the session is closed\&. - .SH "FILES" - .PP --\fI~/\.xauth/import\fR -+\FC~/\&.xauth/import\F[] - .RS 4 - XXX - .RE - .PP --\fI~/\.xauth/export\fR -+\FC~/\&.xauth/export\F[] - .RS 4 - XXX - .RE -@@ -156,8 +332,8 @@ - .PP - - \fBpam.conf\fR(5), --\fBpam.d\fR(8), -+\fBpam.d\fR(5), - \fBpam\fR(8) - .SH "AUTHOR" - .PP --pam_xauth was written by Nalin Dahyabhai , based on original version by Michael K\. Johnson \. -+pam_xauth was written by Nalin Dahyabhai , based on original version by Michael K\&. Johnson \&. diff --git a/Linux-PAM-docu.diff b/Linux-PAM-docu.diff deleted file mode 100644 index bd2f5b3..0000000 --- a/Linux-PAM-docu.diff +++ /dev/null @@ -1,1620 +0,0 @@ ---- Linux-PAM-1.0/doc/man/pam_getenv.3.xml 2006-06-25 21:01:00.000000000 +0200 -+++ Linux-PAM/doc/man/pam_getenv.3.xml 2008-06-22 09:47:28.000000000 +0200 -@@ -32,9 +32,9 @@ - - The pam_getenv function searches the - PAM environment list as associated with the handle -- pamh for a string that matches the string -- pointed to by name. The return values are -- of the form: "name=value". -+ pamh for an item that matches the string -+ pointed to by name and returns the value -+ of the environment variable. - - - ---- Linux-PAM-1.0/doc/man/pam_prompt.3.xml 2006-05-04 08:56:08.000000000 +0200 -+++ Linux-PAM/doc/man/pam_prompt.3.xml 2008-06-22 09:47:29.000000000 +0200 -@@ -44,7 +44,11 @@ - DESCRIPTION - - The pam_prompt function constructs a message -- from the specified format string and arguments and passes it to -+ from the specified format string and arguments and passes it to the -+ conversation function as set by the service. Upon successful return, -+ response is set to point to a string -+ returned from the conversation function. This string is allocated -+ on heap and should be freed. - - - ---- Linux-PAM-1.0/doc/sag/pam_access.xml 2006-10-13 13:33:18.000000000 +0200 -+++ Linux-PAM/doc/sag/pam_access.xml 2008-08-20 20:56:21.000000000 +0200 -@@ -19,9 +19,9 @@ - -
--
-+
- -+ href="../../modules/pam_access/pam_access.8.xml" xpointer='xpointer(//refsect1[@id = "pam_access-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_cracklib/pam_cracklib.8.xml" xpointer='xpointer(//refsect1[@id = "pam_cracklib-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_debug/pam_debug.8.xml" xpointer='xpointer(//refsect1[@id = "pam_debug-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_deny/pam_deny.8.xml" xpointer='xpointer(//refsect1[@id = "pam_deny-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_echo/pam_echo.8.xml" xpointer='xpointer(//refsect1[@id = "pam_echo-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_env/pam_env.8.xml" xpointer='xpointer(//refsect1[@id = "pam_env-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_exec/pam_exec.8.xml" xpointer='xpointer(//refsect1[@id = "pam_exec-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_faildelay/pam_faildelay.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faildelay-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_filter/pam_filter.8.xml" xpointer='xpointer(//refsect1[@id = "pam_filter-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_ftp/pam_ftp.8.xml" xpointer='xpointer(//refsect1[@id = "pam_ftp-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_group/pam_group.8.xml" xpointer='xpointer(//refsect1[@id = "pam_group-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_issue/pam_issue.8.xml" xpointer='xpointer(//refsect1[@id = "pam_issue-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_keyinit/pam_keyinit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_keyinit-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_lastlog/pam_lastlog.8.xml" xpointer='xpointer(//refsect1[@id = "pam_lastlog-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_limits/pam_limits.8.xml" xpointer='xpointer(//refsect1[@id = "pam_limits-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_listfile/pam_listfile.8.xml" xpointer='xpointer(//refsect1[@id = "pam_listfile-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_localuser/pam_localuser.8.xml" xpointer='xpointer(//refsect1[@id = "pam_localuser-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_loginuid/pam_loginuid.8.xml" xpointer='xpointer(//refsect1[@id = "pam_loginuid-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_mail/pam_mail.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mail-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_mkhomedir/pam_mkhomedir.8.xml" xpointer='xpointer(//refsect1[@id = "pam_mkhomedir-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_motd/pam_motd.8.xml" xpointer='xpointer(//refsect1[@id = "pam_motd-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_namespace/pam_namespace.8.xml" xpointer='xpointer(//refsect1[@id = "pam_namespace-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_nologin/pam_nologin.8.xml" xpointer='xpointer(//refsect1[@id = "pam_nologin-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_permit/pam_permit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_permit-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_rhosts/pam_rhosts.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rhosts-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_rootok/pam_rootok.8.xml" xpointer='xpointer(//refsect1[@id = "pam_rootok-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_securetty/pam_securetty.8.xml" xpointer='xpointer(//refsect1[@id = "pam_securetty-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_sepermit/pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_shells/pam_shells.8.xml" xpointer='xpointer(//refsect1[@id = "pam_shells-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_succeed_if/pam_succeed_if.8.xml" xpointer='xpointer(//refsect1[@id = "pam_succeed_if-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_tally/pam_tally.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_time/pam_time.8.xml" xpointer='xpointer(//refsect1[@id = "pam_time-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_tty_audit/pam_tty_audit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tty_audit-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_umask/pam_umask.8.xml" xpointer='xpointer(//refsect1[@id = "pam_umask-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_unix/pam_unix.8.xml" xpointer='xpointer(//refsect1[@id = "pam_unix-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_userdb/pam_userdb.8.xml" xpointer='xpointer(//refsect1[@id = "pam_userdb-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_warn/pam_warn.8.xml" xpointer='xpointer(//refsect1[@id = "pam_warn-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_wheel/pam_wheel.8.xml" xpointer='xpointer(//refsect1[@id = "pam_wheel-types"]/*)'/> -
-
- -
--
-+
- -+ href="../../modules/pam_xauth/pam_xauth.8.xml" xpointer='xpointer(//refsect1[@id = "pam_xauth-types"]/*)'/> -
-
- - - If Linux PAM is compiled with audit support the module will report -- when it denies access based on origin (host or tty). -+ when it denies access based on origin (host or tty). - - - -@@ -159,10 +159,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- All services are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -231,7 +232,7 @@ - access.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_cracklib/pam_cracklib.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_cracklib/pam_cracklib.8.xml 2008-08-20 20:56:25.000000000 +0200 -@@ -281,7 +281,7 @@ - than 10. - - -- (N > 0) This is the minimum number of upper -+ (N < 0) This is the minimum number of upper - case letters that must be met for a new password. - - -@@ -376,10 +376,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only he service is supported. -+ Only the module type is provided. - - - -@@ -495,7 +495,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_debug/pam_debug.8.xml 2006-06-17 19:20:40.000000000 +0200 -+++ Linux-PAM/modules/pam_debug/pam_debug.8.xml 2008-08-20 20:56:25.000000000 +0200 -@@ -171,11 +171,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services , , -- and are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -213,7 +213,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_deny/pam_deny.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_deny/pam_deny.8.xml 2008-08-20 20:56:25.000000000 +0200 -@@ -38,11 +38,11 @@ - This module does not recognise any options. - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- All services (, , -- and ) are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -117,7 +117,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_echo/pam_echo.8.xml 2006-06-22 21:44:30.000000000 +0200 -+++ Linux-PAM/modules/pam_echo/pam_echo.8.xml 2008-08-20 20:56:25.000000000 +0200 -@@ -96,10 +96,12 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- All services are supported. -+ All module types (, , -+ and ) are provided. -+ - - - -@@ -154,7 +156,7 @@ - pam.conf8 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_env/environment 2006-09-01 13:37:13.000000000 +0200 -+++ Linux-PAM/modules/pam_env/environment 2008-08-01 14:10:43.000000000 +0200 -@@ -1,5 +1,5 @@ - # - # This file is parsed by pam_env module - # --# Syntax: simple "KEY=VAL" pairs on seperate lines -+# Syntax: simple "KEY=VAL" pairs on separate lines - # ---- Linux-PAM-1.0/modules/pam_env/pam_env.8.xml 2006-06-22 21:44:30.000000000 +0200 -+++ Linux-PAM/modules/pam_env/pam_env.8.xml 2008-08-20 20:56:25.000000000 +0200 -@@ -53,7 +53,7 @@ - - - This module can also parse a file with simple -- KEY=VAL pairs on seperate lines -+ KEY=VAL pairs on separate lines - (/etc/environment by default). You can - change the default file to parse, with the envfile - flag and turn it on or off by setting the readenv -@@ -118,11 +118,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The and services -- are supported. -+ The and module -+ types are provided. - - - -@@ -189,7 +189,7 @@ - pam_env.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_exec/pam_exec.8.xml 2008-02-04 16:27:31.000000000 +0100 -+++ Linux-PAM/modules/pam_exec/pam_exec.8.xml 2008-08-20 20:56:25.000000000 +0200 -@@ -123,11 +123,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services , , -- and are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -199,7 +199,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_faildelay/pam_faildelay.8.xml 2006-12-07 13:34:00.000000000 +0100 -+++ Linux-PAM/modules/pam_faildelay/pam_faildelay.8.xml 2008-08-20 20:56:25.000000000 +0200 -@@ -68,10 +68,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -118,7 +118,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_filter/pam_filter.8.xml 2006-06-09 18:44:06.000000000 +0200 -+++ Linux-PAM/modules/pam_filter/pam_filter.8.xml 2008-08-20 20:56:26.000000000 +0200 -@@ -188,11 +188,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services , , -- and are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -243,7 +243,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_ftp/pam_ftp.8.xml 2006-06-09 18:44:06.000000000 +0200 -+++ Linux-PAM/modules/pam_ftp/pam_ftp.8.xml 2008-08-20 20:56:26.000000000 +0200 -@@ -105,10 +105,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -165,7 +165,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_group/pam_group.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_group/pam_group.8.xml 2008-08-20 20:56:26.000000000 +0200 -@@ -65,10 +65,10 @@ - This module does not recognise any options. - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -145,7 +145,7 @@ - group.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_issue/pam_issue.8.xml 2006-06-21 08:35:25.000000000 +0200 -+++ Linux-PAM/modules/pam_issue/pam_issue.8.xml 2008-08-20 20:56:26.000000000 +0200 -@@ -146,10 +146,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -216,7 +216,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_keyinit/pam_keyinit.8.xml 2006-06-27 14:34:07.000000000 +0200 -+++ Linux-PAM/modules/pam_keyinit/pam_keyinit.8.xml 2008-08-20 20:56:26.000000000 +0200 -@@ -121,10 +121,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the session service is supported. -+ Only the module type is provided. - - - -@@ -220,7 +220,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_limits/pam_limits.8.xml 2007-12-07 16:40:02.000000000 +0100 -+++ Linux-PAM/modules/pam_limits/pam_limits.8.xml 2008-08-20 20:56:26.000000000 +0200 -@@ -132,10 +132,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -239,7 +239,7 @@ - limits.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_listfile/pam_listfile.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_listfile/pam_listfile.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -175,11 +175,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services , , -- and are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -278,7 +278,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_localuser/pam_localuser.8.xml 2006-12-13 11:35:49.000000000 +0100 -+++ Linux-PAM/modules/pam_localuser/pam_localuser.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -80,11 +80,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- All services (, , -- and ) are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -155,7 +155,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_loginuid/pam_loginuid.8.xml 2006-09-01 15:17:47.000000000 +0200 -+++ Linux-PAM/modules/pam_loginuid/pam_loginuid.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -57,10 +57,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The service is supported. -+ Only the module type is provided. - - - -@@ -101,7 +101,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_mail/pam_mail.8.xml 2006-06-09 18:44:07.000000000 +0200 -+++ Linux-PAM/modules/pam_mail/pam_mail.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -193,11 +193,12 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The auth and -- account services are supported. -+ The and -+ (on establishment and -+ deletion of credentials) module types are provided. - - - -@@ -261,7 +262,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_mkhomedir/pam_mkhomedir.8.xml 2006-05-30 15:03:09.000000000 +0200 -+++ Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -95,10 +95,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -186,7 +186,7 @@ - SEE ALSO - - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_motd/pam_motd.8.xml 2006-10-26 15:51:51.000000000 +0200 -+++ Linux-PAM/modules/pam_motd/pam_motd.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -55,10 +55,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -96,7 +96,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_namespace/pam_namespace.8.xml 2008-02-13 13:49:44.000000000 +0100 -+++ Linux-PAM/modules/pam_namespace/pam_namespace.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -237,11 +237,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The service is supported. The module must not -- be called from multithreaded processes. -+ Only the module type is provided. -+ The module must not be called from multithreaded processes. - - - -@@ -365,7 +365,7 @@ - namespace.conf5 - , - -- pam.d8 -+ pam.d5 - , - - mount8 ---- Linux-PAM-1.0/modules/pam_nologin/pam_nologin.8.xml 2006-06-04 03:48:34.000000000 +0200 -+++ Linux-PAM/modules/pam_nologin/pam_nologin.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -68,11 +68,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The and services are -- supported. -+ The and module -+ types are provided. - - - -@@ -156,7 +156,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_permit/pam_permit.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_permit/pam_permit.8.xml 2008-08-20 20:56:27.000000000 +0200 -@@ -47,11 +47,12 @@ - This module does not recognise any options. - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services , , -- and are supported. -+ The , , -+ and -+ module types are provided. - - - -@@ -87,7 +88,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_rhosts/pam_rhosts.8.xml 2006-06-28 09:22:43.000000000 +0200 -+++ Linux-PAM/modules/pam_rhosts/pam_rhosts.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -89,10 +89,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -153,7 +153,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_rootok/pam_rootok.8.xml 2006-06-04 14:11:16.000000000 +0200 -+++ Linux-PAM/modules/pam_rootok/pam_rootok.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -54,10 +54,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the type is provided. - - - -@@ -112,7 +112,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_securetty/pam_securetty.8.xml 2006-06-04 17:29:23.000000000 +0200 -+++ Linux-PAM/modules/pam_securetty/pam_securetty.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -64,10 +64,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -116,7 +116,7 @@ - - - -- PAM_IGNORE -+ PAM_USER_UNKNOWN - - - The module could not find the user name in the -@@ -149,7 +149,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_sepermit/pam_sepermit.8.xml 2008-01-29 16:38:35.000000000 +0100 -+++ Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -87,11 +87,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the and -- services are supported. -+ The and -+ module types are provided. - - - ---- Linux-PAM-1.0/modules/pam_shells/pam_shells.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_shells/pam_shells.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -41,11 +41,11 @@ - This module does not recognise any options. - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services and -- are supported. -+ The and -+ module types are provided. - - - -@@ -99,7 +99,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_succeed_if/pam_succeed_if.8.xml 2008-01-07 15:54:50.000000000 +0100 -+++ Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -215,10 +215,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- All services are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -249,7 +250,7 @@ - - - A service error occured or the arguments can't be -- parsed as numbers. -+ parsed correctly. - - - ---- Linux-PAM-1.0/modules/pam_tally/pam_tally.8.xml 2007-10-10 16:10:07.000000000 +0200 -+++ Linux-PAM/modules/pam_tally/pam_tally.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -113,7 +119,7 @@ - - - This can be used for auth and -- account services. -+ account module types. - - - -@@ -322,11 +348,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - - The and -- services are supported. -+ module types are provided. - - - -@@ -409,7 +435,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_time/pam_time.8.xml 2007-12-07 16:40:02.000000000 +0100 -+++ Linux-PAM/modules/pam_time/pam_time.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -49,7 +49,7 @@ - - - If Linux PAM is compiled with audit support the module will report -- when it denies access. -+ when it denies access. - - - -@@ -83,10 +83,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the type is provided. - - - -@@ -166,7 +166,7 @@ - time.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_tty_audit/pam_tty_audit.8.xml 2008-01-29 16:09:29.000000000 +0100 -+++ Linux-PAM/modules/pam_tty_audit/pam_tty_audit.8.xml 2008-08-20 20:56:29.000000000 +0200 -@@ -80,10 +80,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the session service is supported. -+ Only the session type is supported. - - - ---- Linux-PAM-1.0/modules/pam_umask/pam_umask.8.xml 2006-08-06 13:38:43.000000000 +0200 -+++ Linux-PAM/modules/pam_umask/pam_umask.8.xml 2008-08-20 20:56:29.000000000 +0200 -@@ -141,10 +141,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the type is provided. - - - -@@ -202,7 +202,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_unix/pam_unix.8.xml 2008-01-23 16:35:12.000000000 +0100 -+++ Linux-PAM/modules/pam_unix/pam_unix.8.xml 2008-08-20 20:56:29.000000000 +0200 -@@ -85,7 +85,7 @@ - - - -- The session component of this module logs when a user logins -+ The session component of this module logs when a user logins - or leave the system. - - -@@ -314,10 +314,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- All service are supported. -+ All module types (, , -+ and ) are provided. - - - -@@ -361,7 +362,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_userdb/pam_userdb.8.xml 2006-06-09 18:44:07.000000000 +0200 -+++ Linux-PAM/modules/pam_userdb/pam_userdb.8.xml 2008-08-20 20:56:29.000000000 +0200 -@@ -189,11 +189,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services and -- are supported. -+ The and module -+ types are provided. - - - -@@ -274,7 +274,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_warn/pam_warn.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_warn/pam_warn.8.xml 2008-08-20 20:56:29.000000000 +0200 -@@ -38,11 +38,12 @@ - This module does not recognise any options. - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- The services , , -- and are supported. -+ The , , -+ and module -+ types are provided. - - - -@@ -86,7 +87,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_wheel/pam_wheel.8.xml 2006-09-10 01:11:34.000000000 +0200 -+++ Linux-PAM/modules/pam_wheel/pam_wheel.8.xml 2008-08-20 20:56:29.000000000 +0200 -@@ -130,11 +130,11 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - - The auth and -- account services are supported. -+ account module types are provided. - - - -@@ -224,7 +224,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- Linux-PAM-1.0/modules/pam_xauth/pam_xauth.8.xml 2007-11-06 15:58:54.000000000 +0100 -+++ Linux-PAM/modules/pam_xauth/pam_xauth.8.xml 2008-08-20 20:56:30.000000000 +0200 -@@ -147,10 +147,10 @@ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the session service is supported. -+ Only the session type is provided. - - - -@@ -273,7 +273,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 diff --git a/cvs.diff b/cvs.diff new file mode 100644 index 0000000..a9517a1 --- /dev/null +++ b/cvs.diff @@ -0,0 +1,2333 @@ +Index: libpamc/include/security/pam_client.h +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/libpamc/include/security/pam_client.h,v +retrieving revision 1.7 +diff -u -r1.7 pam_client.h +--- libpamc/include/security/pam_client.h 20 May 2005 14:58:58 -0000 1.7 ++++ libpamc/include/security/pam_client.h 27 Mar 2009 10:11:14 -0000 +@@ -9,8 +9,8 @@ + #ifndef PAM_CLIENT_H + #define PAM_CLIENT_H + +-#ifdef __cplusplus +-extern "C" { ++#ifdef __cplusplus ++extern "C" { + #endif /* def __cplusplus */ + + #include +@@ -74,8 +74,12 @@ + #include + + #ifndef PAM_BP_ASSERT +-# define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \ +- __LINE__, x) ; exit(1); } while (0) ++# ifdef NDEBUG ++# define PAM_BP_ASSERT(x) do {} while (0) ++# else ++# define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \ ++ __LINE__, x) ; exit(1); } while (0) ++# endif /* NDEBUG */ + #endif /* PAM_BP_ASSERT */ + + #ifndef PAM_BP_CALLOC +Index: modules/pam_ftp/pam_ftp.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_ftp/pam_ftp.c,v +retrieving revision 1.12 +diff -u -r1.12 pam_ftp.c +--- modules/pam_ftp/pam_ftp.c 5 Mar 2008 20:21:38 -0000 1.12 ++++ modules/pam_ftp/pam_ftp.c 27 Mar 2009 10:11:14 -0000 +@@ -1,7 +1,7 @@ + /* pam_ftp module */ + + /* +- * $Id: pam_ftp.c,v 1.12 2008/03/05 20:21:38 t8m Exp $ ++ * $Id: pam_ftp.c,v 1.13 2009/03/25 10:54:23 kukuk Exp $ + * + * Written by Andrew Morgan 1996/3/11 + * +@@ -79,7 +79,7 @@ + if (list && *list) { + const char *l; + char *list_copy, *x; +- char *sptr; ++ char *sptr = NULL; + + list_copy = x_strdup(list); + x = list_copy; +@@ -172,7 +172,7 @@ + /* XXX: Some effort should be made to verify this email address! */ + + if (!(ctrl & PAM_IGNORE_EMAIL)) { +- char *sptr; ++ char *sptr = NULL; + token = strtok_r(resp, "@", &sptr); + retval = pam_set_item(pamh, PAM_RUSER, token); + +Index: modules/pam_issue/pam_issue.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_issue/pam_issue.c,v +retrieving revision 1.14 +retrieving revision 1.15 +diff -u -r1.14 -r1.15 +--- modules/pam_issue/pam_issue.c 19 Sep 2005 16:47:20 -0000 1.14 ++++ modules/pam_issue/pam_issue.c 25 Mar 2009 10:54:23 -0000 1.15 +@@ -145,7 +145,7 @@ + return PAM_BUF_ERR; + } + +- if (fread(issue, 1, st.st_size, fp) != st.st_size) { ++ if ((off_t)fread(issue, 1, st.st_size, fp) != st.st_size) { + pam_syslog(pamh, LOG_ERR, "read error: %m"); + _pam_drop(issue); + return PAM_SERVICE_ERR; +Index: modules/pam_mkhomedir/pam_mkhomedir.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c,v +retrieving revision 1.27 +retrieving revision 1.28 +diff -u -r1.27 -r1.28 +--- modules/pam_mkhomedir/pam_mkhomedir.c 3 Mar 2009 08:10:53 -0000 1.27 ++++ modules/pam_mkhomedir/pam_mkhomedir.c 25 Mar 2009 10:54:23 -0000 1.28 +@@ -64,50 +64,52 @@ + #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ + #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ + +-static char UMask[16] = "0022"; +-static char SkelDir[BUFSIZ] = "/etc/skel"; /* THIS MODULE IS NOT THREAD SAFE */ ++struct options_t { ++ int ctrl; ++ const char *umask; ++ const char *skeldir; ++}; ++typedef struct options_t options_t; + +-static int +-_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv) ++static void ++_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, ++ options_t *opt) + { +- int ctrl = 0; ++ opt->ctrl = 0; ++ opt->umask = "0022"; ++ opt->skeldir = "/etc/skel"; + + /* does the appliction require quiet? */ + if ((flags & PAM_SILENT) == PAM_SILENT) +- ctrl |= MKHOMEDIR_QUIET; ++ opt->ctrl |= MKHOMEDIR_QUIET; + + /* step through arguments */ + for (; argc-- > 0; ++argv) + { + if (!strcmp(*argv, "silent")) { +- ctrl |= MKHOMEDIR_QUIET; ++ opt->ctrl |= MKHOMEDIR_QUIET; + } else if (!strcmp(*argv, "debug")) { +- ctrl |= MKHOMEDIR_DEBUG; ++ opt->ctrl |= MKHOMEDIR_DEBUG; + } else if (!strncmp(*argv,"umask=",6)) { +- strncpy(SkelDir,*argv+6,sizeof(UMask)); +- UMask[sizeof(UMask)-1] = '\0'; ++ opt->umask = *argv+6; + } else if (!strncmp(*argv,"skel=",5)) { +- strncpy(SkelDir,*argv+5,sizeof(SkelDir)); +- SkelDir[sizeof(SkelDir)-1] = '\0'; ++ opt->skeldir = *argv+5; + } else { + pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); + } + } +- +- D(("ctrl = %o", ctrl)); +- return ctrl; + } + + /* Do the actual work of creating a home dir */ + static int +-create_homedir (pam_handle_t *pamh, int ctrl, ++create_homedir (pam_handle_t *pamh, options_t *opt, + const struct passwd *pwd) + { + int retval, child; + struct sigaction newsa, oldsa; + + /* Mention what is happening, if the notification fails that is OK */ +- if (!(ctrl & MKHOMEDIR_QUIET)) ++ if (!(opt->ctrl & MKHOMEDIR_QUIET)) + pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); + + +@@ -121,8 +123,8 @@ + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); +- +- if (ctrl & MKHOMEDIR_DEBUG) { ++ ++ if (opt->ctrl & MKHOMEDIR_DEBUG) { + pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); + } + +@@ -145,8 +147,8 @@ + /* exec the mkhomedir helper */ + args[0] = x_strdup(MKHOMEDIR_HELPER); + args[1] = pwd->pw_name; +- args[2] = UMask; +- args[3] = SkelDir; ++ args[2] = x_strdup(opt->umask); ++ args[3] = x_strdup(opt->skeldir); + + execve(MKHOMEDIR_HELPER, args, envp); + +@@ -173,11 +175,11 @@ + + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + +- if (ctrl & MKHOMEDIR_DEBUG) { ++ if (opt->ctrl & MKHOMEDIR_DEBUG) { + pam_syslog(pamh, LOG_DEBUG, "mkhomedir_helper returned %d", retval); + } + +- if (retval != PAM_SUCCESS && !(ctrl & MKHOMEDIR_QUIET)) { ++ if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { + pam_error(pamh, _("Unable to create and initialize directory '%s'."), + pwd->pw_dir); + } +@@ -192,13 +194,14 @@ + pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, + const char **argv) + { +- int retval, ctrl; ++ int retval; ++ options_t opt; + const void *user; + const struct passwd *pwd; + struct stat St; + + /* Parse the flag values */ +- ctrl = _pam_parse(pamh, flags, argc, argv); ++ _pam_parse(pamh, flags, argc, argv, &opt); + + /* Determine the user name so we can get the home directory */ + retval = pam_get_item(pamh, PAM_USER, &user); +@@ -220,14 +223,14 @@ + /* Stat the home directory, if something exists then we assume it is + correct and return a success*/ + if (stat(pwd->pw_dir, &St) == 0) { +- if (ctrl & MKHOMEDIR_DEBUG) { ++ if (opt.ctrl & MKHOMEDIR_DEBUG) { + pam_syslog(pamh, LOG_DEBUG, "Home directory %s already exists.", + pwd->pw_dir); + } + return PAM_SUCCESS; + } + +- return create_homedir(pamh, ctrl, pwd); ++ return create_homedir(pamh, &opt, pwd); + } + + /* Ignore */ +Index: modules/pam_pwhistory/opasswd.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/opasswd.c,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -u -r1.2 -r1.3 +--- modules/pam_pwhistory/opasswd.c 25 Nov 2008 14:29:41 -0000 1.2 ++++ modules/pam_pwhistory/opasswd.c 24 Mar 2009 16:33:21 -0000 1.3 +@@ -452,6 +452,15 @@ + goto error_opasswd; + } + ++ if (fflush (newpf) != 0 || fsync (fileno (newpf)) != 0) ++ { ++ pam_syslog (pamh, LOG_ERR, ++ "Error while syncing temporary opasswd file: %m"); ++ retval = PAM_AUTHTOK_ERR; ++ fclose (newpf); ++ goto error_opasswd; ++ } ++ + if (fclose (newpf) != 0) + { + pam_syslog (pamh, LOG_ERR, +Index: modules/pam_timestamp/pam_timestamp.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_timestamp/pam_timestamp.c,v +retrieving revision 1.1 +diff -u -r1.1 pam_timestamp.c +--- modules/pam_timestamp/pam_timestamp.c 28 Nov 2008 14:29:12 -0000 1.1 ++++ modules/pam_timestamp/pam_timestamp.c 27 Mar 2009 10:11:14 -0000 +@@ -194,7 +194,7 @@ + } + + static int +-check_login_time(const char *ruser, time_t timestamp) ++check_login_time(const char *ruser, time_t timestamp) + { + struct utmp utbuf, *ut; + time_t oldest_login = 0; +@@ -237,14 +237,14 @@ + if (pwd != NULL) { + ruser = pwd->pw_name; + } +- } ++ } + if (ruser == NULL || strlen(ruser) >= ruserbuflen) { + *ruserbuf = '\0'; + return -1; + } + strcpy(ruserbuf, ruser); + return 0; +-} ++} + + /* Get the path to the timestamp to use. */ + static int +@@ -299,7 +299,7 @@ + tty = NULL; + } else { + tty = void_tty; +- } ++ } + if ((tty == NULL) || (strlen(tty) == 0)) { + tty = ttyname(STDIN_FILENO); + if ((tty == NULL) || (strlen(tty) == 0)) { +@@ -413,7 +413,7 @@ + int count; + void *mac; + size_t maclen; +- char ruser[BUFLEN]; ++ char ruser[BUFLEN]; + + /* Check that the file is owned by the superuser. */ + if ((st.st_uid != 0) || (st.st_gid != 0)) { +@@ -483,7 +483,7 @@ + free(mac); + memmove(&then, message + strlen(path) + 1, sizeof(then)); + free(message); +- ++ + /* Check oldest login against timestamp */ + if (get_ruser(pamh, ruser, sizeof(ruser))) + { +@@ -565,7 +565,14 @@ + subdir[i] = '\0'; + if (mkdir(subdir, 0700) == 0) { + /* Attempt to set the owner to the superuser. */ +- lchown(subdir, 0, 0); ++ if (lchown(subdir, 0, 0) != 0) { ++ if (debug) { ++ pam_syslog(pamh, LOG_DEBUG, ++ "error setting permissions on `%s': %m", ++ subdir); ++ } ++ return PAM_SESSION_ERR; ++ } + } else { + if (errno != EEXIST) { + if (debug) { +@@ -617,7 +624,15 @@ + } + + /* Attempt to set the owner to the superuser. */ +- fchown(fd, 0, 0); ++ if (fchown(fd, 0, 0) != 0) { ++ if (debug) { ++ pam_syslog(pamh, LOG_DEBUG, ++ "error setting ownership of `%s': %m", ++ path); ++ } ++ return PAM_SESSION_ERR; ++ } ++ + + /* Write the timestamp to the file. */ + if (write(fd, text, p - text) != p - text) { +Index: modules/pam_unix/passverify.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/passverify.c,v +retrieving revision 1.10 +retrieving revision 1.12 +diff -u -r1.10 -r1.12 +--- modules/pam_unix/passverify.c 27 Feb 2009 14:29:40 -0000 1.10 ++++ modules/pam_unix/passverify.c 25 Mar 2009 10:54:23 -0000 1.12 +@@ -680,8 +680,13 @@ + } + } + ++ if (fflush(pwfile) || fsync(fileno(pwfile))) { ++ D(("fflush or fsync error writing entries to old passwords file: %m")); ++ err = 1; ++ } ++ + if (fclose(pwfile)) { +- D(("error writing entries to old passwords file: %m")); ++ D(("fclose error writing entries to old passwords file: %m")); + err = 1; + } + +@@ -795,8 +800,13 @@ + } + fclose(opwfile); + ++ if (fflush(pwfile) || fsync(fileno(pwfile))) { ++ D(("fflush or fsync error writing entries to password file: %m")); ++ err = 1; ++ } ++ + if (fclose(pwfile)) { +- D(("error writing entries to password file: %m")); ++ D(("fclose error writing entries to password file: %m")); + err = 1; + } + +@@ -916,8 +926,13 @@ + } + fclose(opwfile); + ++ if (fflush(pwfile) || fsync(fileno(pwfile))) { ++ D(("fflush or fsync error writing entries to shadow file: %m")); ++ err = 1; ++ } ++ + if (fclose(pwfile)) { +- D(("error writing entries to shadow file: %m")); ++ D(("fclose error writing entries to shadow file: %m")); + err = 1; + } + +@@ -996,7 +1011,7 @@ + /* emulate the behaviour of the SA_RESETHAND flag */ + if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { + struct sigaction sa; +- memset(&sa, '\0, sizeof(sa)); ++ memset(&sa, '\0', sizeof(sa)); + sa.sa_handler = SIG_DFL; + sigaction(sig, &sa, NULL); + } +Index: modules/pam_unix/support.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/support.c,v +retrieving revision 1.52 +diff -u -r1.52 support.c +--- modules/pam_unix/support.c 3 Mar 2009 08:10:53 -0000 1.52 ++++ modules/pam_unix/support.c 27 Mar 2009 10:11:14 -0000 +@@ -120,13 +120,13 @@ + D(("DISALLOW_NULL_AUTHTOK")); + set(UNIX__NONULL, ctrl); + } +- ++ + /* Set default rounds for blowfish */ + if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) { + *rounds = 5; + set(UNIX_ALGO_ROUNDS, ctrl); + } +- ++ + /* Enforce sane "rounds" values */ + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + if (on(UNIX_BLOWFISH_PASS, ctrl)) { +@@ -478,10 +478,18 @@ + /* if the stored password is NULL */ + int rc=0; + if (passwd != NULL) { /* send the password to the child */ +- write(fds[1], passwd, strlen(passwd)+1); ++ if (write(fds[1], passwd, strlen(passwd)+1) == -1) { ++ pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); ++ close(fds[1]); ++ retval = PAM_AUTH_ERR; ++ } + passwd = NULL; +- } else { +- write(fds[1], "", 1); /* blank password */ ++ } else { /* blank password */ ++ if (write(fds[1], "", 1) == -1) { ++ pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); ++ close(fds[1]); ++ retval = PAM_AUTH_ERR; ++ } + } + close(fds[0]); /* close here to avoid possible SIGPIPE above */ + close(fds[1]); +@@ -871,7 +879,7 @@ + } + + /* ****************************************************************** * +- * Copyright (c) Jan Rkorajski 1999. ++ * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Andrew G. Morgan 1996-8. + * Copyright (c) Alex O. Yuriev, 1996. + * Copyright (c) Cristian Gafton 1996. +Index: po/Linux-PAM.pot +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/Linux-PAM.pot,v +retrieving revision 1.52 +retrieving revision 1.53 +diff -u -r1.52 -r1.53 +--- po/Linux-PAM.pot 9 Mar 2009 13:07:35 -0000 1.52 ++++ po/Linux-PAM.pot 25 Mar 2009 10:54:23 -0000 1.53 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: PACKAGE VERSION\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" + "Last-Translator: FULL NAME \n" + "Language-Team: LANGUAGE \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/ar.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ar.po,v +retrieving revision 1.19 +retrieving revision 1.20 +diff -u -r1.19 -r1.20 +--- po/ar.po 9 Mar 2009 13:07:35 -0000 1.19 ++++ po/ar.po 25 Mar 2009 10:54:23 -0000 1.20 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: @PACKAGE@\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2001-07-13 15:36+0200\n" + "Last-Translator: Novell Language \n" + "Language-Team: Novell Language \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "لديك بريد في مجلد %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/as.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/as.po,v +retrieving revision 1.14 +retrieving revision 1.15 +diff -u -r1.14 -r1.15 +--- po/as.po 9 Mar 2009 13:07:35 -0000 1.14 ++++ po/as.po 25 Mar 2009 10:54:23 -0000 1.15 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-13 11:23+0530\n" + "Last-Translator: Amitakhya Phukan \n" + "Language-Team: Assamese\n" +@@ -351,12 +351,12 @@ + msgid "You have mail in folder %s." + msgstr "%s ফোল্ডাৰত আপোনাৰ ডাক আছে ।" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "'%s' পঞ্জিকা সৃষ্টি কৰা হৈছে ।" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "%s পঞ্জিকা সৃষ্টি কৰিব নোৱাৰি: %m" +Index: po/bn_IN.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/bn_IN.po,v +retrieving revision 1.14 +retrieving revision 1.15 +diff -u -r1.14 -r1.15 +--- po/bn_IN.po 9 Mar 2009 13:07:35 -0000 1.14 ++++ po/bn_IN.po 25 Mar 2009 10:54:23 -0000 1.15 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-20 12:40+0530\n" + "Last-Translator: Runa Bhattacharjee \n" + "Language-Team: Bengali INDIA \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "%s ফোল্ডারে মেইল উপস্থিত রয়েছে।" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "'%s' ডিরেক্টরি নির্মাণ করা হচ্ছে।" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "ডিরেক্টরি %s নির্মাণ করতে ব্যর্থ: %m" +Index: po/ca.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ca.po,v +retrieving revision 1.20 +retrieving revision 1.21 +diff -u -r1.20 -r1.21 +--- po/ca.po 9 Mar 2009 13:07:35 -0000 1.20 ++++ po/ca.po 25 Mar 2009 10:54:23 -0000 1.21 +@@ -17,7 +17,7 @@ + msgstr "" + "Project-Id-Version: linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-15 16:10+0200\n" + "Last-Translator: Xavier Queralt Mateu \n" + "Language-Team: Catalan \n" +@@ -359,12 +359,12 @@ + msgid "You have mail in folder %s." + msgstr "Teniu correu a la carpeta %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Creant el directori '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "No s'ha pogut crear el directori %s: %m" +Index: po/cs.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/cs.po,v +retrieving revision 1.55 +retrieving revision 1.57 +diff -u -r1.55 -r1.57 +--- po/cs.po 9 Mar 2009 13:07:35 -0000 1.55 ++++ po/cs.po 25 Mar 2009 10:54:23 -0000 1.57 +@@ -1,14 +1,14 @@ + # translation of Linux-PAM.po to cs_CZ +-# This file is distributed under the same license as the PACKAGE package. +-# Copyright (C) YEAR Linux-PAM Project. ++# This file is distributed under the same license as the Linux-PAM package. ++# Copyright (C) 2005-2009 Linux-PAM Project. + # Klara Cihlarova , 2005, 2006. +-# Tomas Mraz , 2005, 2008. ++# Tomas Mraz , 2005, 2008, 2009. + msgid "" + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" +-"PO-Revision-Date: 2008-11-28 15:22+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" ++"PO-Revision-Date: 2009-03-24 15:22+0100\n" + "Last-Translator: Tomas Mraz \n" + "Language-Team: cs_CZ \n" + "MIME-Version: 1.0\n" +@@ -52,7 +52,7 @@ + #: libpam/pam_get_authtok.c:127 + #, c-format + msgid "Retype %s" +-msgstr "" ++msgstr "Opakujte %s" + + #: libpam/pam_get_authtok.c:146 + msgid "Password change aborted." +@@ -350,15 +350,15 @@ + msgid "You have mail in folder %s." + msgstr "Máte poštu ve složce %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Vytváření adresáře '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +-#, fuzzy, c-format ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 ++#, c-format + msgid "Unable to create and initialize directory '%s'." +-msgstr "Nezdařilo se vytvořit adresář %s: %m" ++msgstr "Nezdařilo se vytvořit a inicializovat adresář '%s'." + + #: modules/pam_pwhistory/pam_pwhistory.c:218 + #: modules/pam_unix/pam_unix_passwd.c:475 +Index: po/da.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/da.po,v +retrieving revision 1.19 +retrieving revision 1.20 +diff -u -r1.19 -r1.20 +--- po/da.po 9 Mar 2009 13:07:35 -0000 1.19 ++++ po/da.po 25 Mar 2009 10:54:23 -0000 1.20 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: @PACKAGE@\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2005-08-16 20:00+0200\n" + "Last-Translator: Novell Language \n" + "Language-Team: Novell Language \n" +@@ -354,12 +354,12 @@ + msgid "You have mail in folder %s." + msgstr "Du har e-mail i mappe %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/de.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/de.po,v +retrieving revision 1.63 +retrieving revision 1.64 +diff -u -r1.63 -r1.64 +--- po/de.po 9 Mar 2009 13:07:35 -0000 1.63 ++++ po/de.po 25 Mar 2009 10:54:23 -0000 1.64 +@@ -6,7 +6,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2009-02-25 18:04+01:00\n" + "Last-Translator: Fabian Affolter \n" + "Language-Team: German \n" +@@ -355,12 +355,12 @@ + msgid "You have mail in folder %s." + msgstr "Sie haben Nachrichten in %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Erstelle Verzeichnis '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Verzeichnis %s kann nicht erstellt und initialisiert werden: %m" +Index: po/es.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/es.po,v +retrieving revision 1.56 +retrieving revision 1.58 +diff -u -r1.56 -r1.58 +--- po/es.po 9 Mar 2009 13:07:35 -0000 1.56 ++++ po/es.po 25 Mar 2009 10:54:23 -0000 1.58 +@@ -10,10 +10,10 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip.es\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" +-"PO-Revision-Date: 2009-02-21 02:08-0300\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" ++"PO-Revision-Date: 2009-03-18 22:51-0300\n" + "Last-Translator: Domingo Becker \n" +-"Language-Team: Spanish \n" ++"Language-Team: Fedora Spanish \n" + "MIME-Version: 1.0\n" + "Content-Type: text/plain; charset=UTF-8\n" + "Content-Transfer-Encoding: 8bit\n" +@@ -357,15 +357,15 @@ + msgid "You have mail in folder %s." + msgstr "Tiene correo en la carpeta %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Creando directorio '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +-#, fuzzy, c-format ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 ++#, c-format + msgid "Unable to create and initialize directory '%s'." +-msgstr "No se pudo crear el directorio %s: %m" ++msgstr "No se pudo crear e inicializar el directorio '%s'." + + #: modules/pam_pwhistory/pam_pwhistory.c:218 + #: modules/pam_unix/pam_unix_passwd.c:475 +Index: po/fi.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/fi.po,v +retrieving revision 1.47 +retrieving revision 1.48 +diff -u -r1.47 -r1.48 +--- po/fi.po 9 Mar 2009 13:07:35 -0000 1.47 ++++ po/fi.po 25 Mar 2009 10:54:23 -0000 1.48 +@@ -10,7 +10,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2006-05-04 08:30+0200\n" + "Last-Translator: Jyri Palokangas \n" + "Language-Team: \n" +@@ -352,12 +352,12 @@ + msgid "You have mail in folder %s." + msgstr "Sinulla on postia kansiossa %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/fr.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/fr.po,v +retrieving revision 1.57 +retrieving revision 1.58 +diff -u -r1.57 -r1.58 +--- po/fr.po 9 Mar 2009 13:07:35 -0000 1.57 ++++ po/fr.po 25 Mar 2009 10:54:23 -0000 1.58 +@@ -9,7 +9,7 @@ + msgstr "" + "Project-Id-Version: pam.fr2\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-19 18:59+0200\n" + "Last-Translator: Pablo Martin-Gomez \n" + "Language-Team: Français \n" +@@ -362,12 +362,12 @@ + msgid "You have mail in folder %s." + msgstr "Vous avez des messages dans le dossier %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Création du répertoire « %s »." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Impossible de créer le répertoire %s : %m" +Index: po/gu.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/gu.po,v +retrieving revision 1.14 +retrieving revision 1.15 +diff -u -r1.14 -r1.15 +--- po/gu.po 9 Mar 2009 13:07:35 -0000 1.14 ++++ po/gu.po 25 Mar 2009 10:54:23 -0000 1.15 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip.gu\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-03-13 14:29+0530\n" + "Last-Translator: Ankit Patel \n" + "Language-Team: Gujarati \n" +@@ -352,12 +352,12 @@ + msgid "You have mail in folder %s." + msgstr "તમારી પાસે ફોલ્ડર %s માં મેઈલ છે." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "ડિરેક્ટરી '%s' બનાવી રહ્યા છીએ." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "ડિરેક્ટરી %s બનાવવામાં અસમર્થ: %m" +Index: po/hi.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/hi.po,v +retrieving revision 1.13 +retrieving revision 1.14 +diff -u -r1.13 -r1.14 +--- po/hi.po 9 Mar 2009 13:07:35 -0000 1.13 ++++ po/hi.po 25 Mar 2009 10:54:23 -0000 1.14 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: hi\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2007-06-21 15:22+0530\n" + "Last-Translator: Rajesh Ranjan \n" + "Language-Team: Hindi \n" +@@ -352,12 +352,12 @@ + msgid "You have mail in folder %s." + msgstr "आपके लिए %s फोल्डर में मेल है." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/hu.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/hu.po,v +retrieving revision 1.55 +retrieving revision 1.57 +diff -u -r1.55 -r1.57 +--- po/hu.po 9 Mar 2009 13:07:35 -0000 1.55 ++++ po/hu.po 25 Mar 2009 10:54:23 -0000 1.57 +@@ -2,27 +2,24 @@ + # translation of Linux-pam.po to + # translation of hu.po to + # This file is distributed under the same license as the PACKAGE package. +-# Copyright (C) YEAR Linux-PAM Project. +-# ++# Copyright (C) 2009 Linux-PAM Project. + # Papp Zsolt , 2006. + # Keresztes Ákos , 2006. + # Kalman Kemenczy , 2006, 2007. ++# ++# + msgid "" + msgstr "" + "Project-Id-Version: pam\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" +-"PO-Revision-Date: 2008-04-30 08:23+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" ++"PO-Revision-Date: 2009-03-20 20:53+0100\n" + "Last-Translator: Sulyok Péter \n" + "Language-Team: Hungarian \n" + "MIME-Version: 1.0\n" + "Content-Type: text/plain; charset=UTF-8\n" + "Content-Transfer-Encoding: 8bit\n" +-"X-Generator: KBabel 1.11.4\n" + "Plural-Forms: nplurals=2; plural=(n!=1);\n" +-"X-Poedit-Language: Hungarian\n" +-"X-Poedit-Country: HUNGARY\n" +-"X-Poedit-SourceCharset: utf-8\n" + + #: libpam_misc/misc_conv.c:33 + msgid "...Time is running out...\n" +@@ -59,12 +56,11 @@ + #: libpam/pam_get_authtok.c:127 + #, c-format + msgid "Retype %s" +-msgstr "" ++msgstr "Ismét %s" + + #: libpam/pam_get_authtok.c:146 +-#, fuzzy + msgid "Password change aborted." +-msgstr "Változatlan jelszó" ++msgstr "Jelszó változtatás elvetve." + + #: libpam/pam_item.c:310 + msgid "login:" +@@ -234,11 +230,11 @@ + + #: modules/pam_cracklib/pam_cracklib.c:522 + msgid "contains too many same characters consecutively" +-msgstr "" ++msgstr "túl sok egymást követő betű egyezik meg" + + #: modules/pam_cracklib/pam_cracklib.c:525 + msgid "contains the user name in some form" +-msgstr "" ++msgstr "valahogy tartalmazza a használó nevét" + + #: modules/pam_cracklib/pam_cracklib.c:555 + #: modules/pam_unix/pam_unix_passwd.c:454 +@@ -300,23 +296,23 @@ + + #. TRANSLATORS: "Last failed login: from on " + #: modules/pam_lastlog/pam_lastlog.c:460 +-#, fuzzy, c-format ++#, c-format + msgid "Last failed login:%s%s%s" +-msgstr "Utolsó belépés:%s%s%s" ++msgstr "Utolsó sikertelen belépés:%s %s %s" + + #: modules/pam_lastlog/pam_lastlog.c:469 modules/pam_lastlog/pam_lastlog.c:476 + #, c-format + msgid "There was %d failed login attempt since the last successful login." + msgid_plural "" + "There were %d failed login attempts since the last successful login." +-msgstr[0] "" +-msgstr[1] "" ++msgstr[0] "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." ++msgstr[1] "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." + + #. TRANSLATORS: only used if dngettext is not supported + #: modules/pam_lastlog/pam_lastlog.c:481 + #, c-format + msgid "There were %d failed login attempts since the last successful login." +-msgstr "" ++msgstr "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." + + #: modules/pam_limits/pam_limits.c:786 + #, c-format +@@ -359,15 +355,15 @@ + msgid "You have mail in folder %s." + msgstr "%s mappában levelek vannak." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "\"%s\" mappa teremtése" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +-#, fuzzy, c-format ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 ++#, c-format + msgid "Unable to create and initialize directory '%s'." +-msgstr "%s mapa nem teremthető meg: %m" ++msgstr "„%s” mapa nem teremthető meg." + + #: modules/pam_pwhistory/pam_pwhistory.c:218 + #: modules/pam_unix/pam_unix_passwd.c:475 +@@ -454,12 +450,12 @@ + #: modules/pam_tally/pam_tally.c:541 modules/pam_tally2/pam_tally2.c:596 + #, c-format + msgid "Account temporary locked (%ld seconds left)" +-msgstr "" ++msgstr "Számla ideiglenesen lakat alatt (még %ld másodpercig)" + + #: modules/pam_tally/pam_tally.c:566 modules/pam_tally2/pam_tally2.c:575 + #, c-format + msgid "Account locked due to %u failed logins" +-msgstr "" ++msgstr "Számla lakat alatt %u sikertelen belépés miatt" + + #: modules/pam_tally/pam_tally.c:777 modules/pam_tally2/pam_tally2.c:884 + msgid "Authentication error" +@@ -502,21 +498,23 @@ + #: modules/pam_tally2/pam_tally2.c:937 + #, c-format + msgid "Login Failures Latest failure From\n" +-msgstr "" ++msgstr "Belépés bukások Utolsó bukás innen\n" + + #: modules/pam_tally2/pam_tally2.c:953 +-#, fuzzy, c-format ++#, c-format + msgid "" + "%s: [-f rooted-filename] [--file rooted-filename]\n" + " [-u username] [--user username]\n" + " [-r] [--reset[=n]] [--quiet]\n" + msgstr "" +-"%s: [--file rooted-fájlnév] [--user használó] [--reset[=n]] [--quiet]\n" ++"%s: [-f rooted-fájlnév] [--file rooted-fájlnév]\n" ++" [-u használó] [--user használó]\n" ++" [-r] [--reset[=n]] [--quiet]\n" + + #: modules/pam_timestamp/pam_timestamp.c:339 + #, c-format + msgid "Access granted (last access was %ld seconds ago)." +-msgstr "" ++msgstr "Hozzáférés megadva (utolsó hozzáférés %ld másodperce volt)." + + #: modules/pam_unix/pam_unix_acct.c:235 modules/pam_unix/pam_unix_acct.c:257 + msgid "Your account has expired; please contact your system administrator" +@@ -572,6 +570,13 @@ + msgid "Retype new UNIX password: " + msgstr "Írja be újra a UNIX jelszót: " + ++#~ msgid "" ++#~ "There was %d failed login attempt since the last successful login.There " ++#~ "were %d failed login attempts since the last successful login." ++#~ msgstr "" ++#~ "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta.%d " ++#~ "sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." ++ + #~ msgid "has been already used" + #~ msgstr "használt" + +Index: po/it.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/it.po,v +retrieving revision 1.56 +retrieving revision 1.57 +diff -u -r1.56 -r1.57 +--- po/it.po 9 Mar 2009 13:07:35 -0000 1.56 ++++ po/it.po 25 Mar 2009 10:54:23 -0000 1.57 +@@ -9,7 +9,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-21 13:21+1000\n" + "Last-Translator: \n" + "Language-Team: \n" +@@ -361,12 +361,12 @@ + msgid "You have mail in folder %s." + msgstr "La cartella %s contiene email." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Creazione della directory \"%s\"." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Impossibile creare la directory %s: %m" +Index: po/ja.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ja.po,v +retrieving revision 1.56 +retrieving revision 1.57 +diff -u -r1.56 -r1.57 +--- po/ja.po 9 Mar 2009 13:07:35 -0000 1.56 ++++ po/ja.po 25 Mar 2009 10:54:23 -0000 1.57 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip.ja\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-21 15:08+1000\n" + "Last-Translator: Kiyoto Hashida \n" + "Language-Team: Japanese \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "フォルダ%sにメールがあります。" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "ディレクトリ '%s' を作成中" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "ディレクトリ %s を作成できません: %m" +Index: po/kk.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/kk.po,v +retrieving revision 1.2 +retrieving revision 1.3 +diff -u -r1.2 -r1.3 +--- po/kk.po 9 Mar 2009 13:07:35 -0000 1.2 ++++ po/kk.po 25 Mar 2009 10:54:23 -0000 1.3 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM 1.0.3\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2009-02-26 13:07+0600\n" + "Last-Translator: Baurzhan M. \n" + "Language-Team: Kazakh \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "Сізде %s бумасында поштаңыз бар." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "'%s' бумасын құру." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "%s бумасын құру мүмкін емес: %m" +Index: po/km.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/km.po,v +retrieving revision 1.30 +retrieving revision 1.31 +diff -u -r1.30 -r1.31 +--- po/km.po 9 Mar 2009 13:07:35 -0000 1.30 ++++ po/km.po 25 Mar 2009 10:54:23 -0000 1.31 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2006-03-17 10:32+0700\n" + "Last-Translator: Khoem Sokhem \n" + "Language-Team: Khmer \n" +@@ -353,12 +353,12 @@ + msgid "You have mail in folder %s." + msgstr "អ្នក​មាន​សំបុត្រ​នៅ​ក្នុង​ថត %s ។" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/kn.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/kn.po,v +retrieving revision 1.14 +retrieving revision 1.15 +diff -u -r1.14 -r1.15 +--- po/kn.po 9 Mar 2009 13:07:35 -0000 1.14 ++++ po/kn.po 25 Mar 2009 10:54:23 -0000 1.15 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip.kn\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-20 12:29+0530\n" + "Last-Translator: Shankar Prasad \n" + "Language-Team: Kannada \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "%s ಫೋಲ್ಡರಿನಲ್ಲಿ ನಿಮಗಾಗಿ ಮೈಲ್ ಇದೆ." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲಾಗುತ್ತಿದೆ." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲು ಸಾಧ್ಯವಾಗಿಲ್ಲ.: %m" +Index: po/ko.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ko.po,v +retrieving revision 1.13 +retrieving revision 1.14 +diff -u -r1.13 -r1.14 +--- po/ko.po 9 Mar 2009 13:07:35 -0000 1.13 ++++ po/ko.po 25 Mar 2009 10:54:23 -0000 1.14 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: ko\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2007-06-22 10:02+1000\n" + "Last-Translator: Eunju Kim \n" + "Language-Team: Korean \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "%s 폴더에 메일이 있습니다." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/ml.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ml.po,v +retrieving revision 1.14 +retrieving revision 1.15 +diff -u -r1.14 -r1.15 +--- po/ml.po 9 Mar 2009 13:07:35 -0000 1.14 ++++ po/ml.po 25 Mar 2009 10:54:23 -0000 1.15 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip.ml\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-20 12:50+0530\n" + "Last-Translator: \n" + "Language-Team: \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "%s ഫോള്‍ഡറില്‍ നിങ്ങള്‍ക്ക് മെയില്‍ ഉണ്ട്." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "'%s' ഡയറക്ടറി ഉണ്ടാക്കുന്നു." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "%s ഡയറക്ടറി ഉണ്ടാക്കുവാന്‍ സാധ്യമായില്ല: %m" +Index: po/mr.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/mr.po,v +retrieving revision 1.7 +retrieving revision 1.8 +diff -u -r1.7 -r1.8 +--- po/mr.po 9 Mar 2009 13:07:35 -0000 1.7 ++++ po/mr.po 25 Mar 2009 10:54:23 -0000 1.8 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-10 07:07+0530\n" + "Last-Translator: Sandeep Shedmake \n" + "Language-Team: marathi\n" +@@ -350,12 +350,12 @@ + msgid "You have mail in folder %s." + msgstr "संचयीका %s अंतर्गत मेल आढळले गेले." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "संचयीका '%s' बनवित आहे." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "संचयीका %s बनवू शकत नाही: %m" +Index: po/ms.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ms.po,v +retrieving revision 1.7 +retrieving revision 1.8 +diff -u -r1.7 -r1.8 +--- po/ms.po 9 Mar 2009 13:07:35 -0000 1.7 ++++ po/ms.po 25 Mar 2009 10:54:23 -0000 1.8 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: linux-pam\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-09-25 23:52+0800\n" + "Last-Translator: Sharuzzaman Ahmat Raslan \n" + "Language-Team: Malay \n" +@@ -379,12 +379,12 @@ + msgid "You have mail in folder %s." + msgstr "Pemindahan mel dalam proses" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, fuzzy, c-format + msgid "Creating directory '%s'." + msgstr "Menbuat direktori initrd" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "gagal untuk mencipta direktori %s: %s\n" +Index: po/nb.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/nb.po,v +retrieving revision 1.53 +retrieving revision 1.54 +diff -u -r1.53 -r1.54 +--- po/nb.po 9 Mar 2009 13:07:35 -0000 1.53 ++++ po/nb.po 25 Mar 2009 10:54:23 -0000 1.54 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-04-30 12:59+0200\n" + "Last-Translator: Olav Pettershagen \n" + "Language-Team: \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "Du har e-post i mappen %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Oppretter katalog «%s»." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Kan ikke opprette katalog %s: %m" +Index: po/nl.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/nl.po,v +retrieving revision 1.31 +retrieving revision 1.32 +diff -u -r1.31 -r1.32 +--- po/nl.po 9 Mar 2009 13:07:35 -0000 1.31 ++++ po/nl.po 25 Mar 2009 10:54:23 -0000 1.32 +@@ -9,7 +9,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-20 23:45+0200\n" + "Last-Translator: Peter van Egdom \n" + "Language-Team: Dutch \n" +@@ -355,12 +355,12 @@ + msgid "You have mail in folder %s." + msgstr "U hebt e-mail in map %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Aanmaken van map '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Niet in staat om map %s aan te maken: %m" +Index: po/or.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/or.po,v +retrieving revision 1.14 +retrieving revision 1.15 +diff -u -r1.14 -r1.15 +--- po/or.po 9 Mar 2009 13:07:35 -0000 1.14 ++++ po/or.po 25 Mar 2009 10:54:23 -0000 1.15 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip.or\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-09-30 11:42+0530\n" + "Last-Translator: Manoj Kumar Giri \n" + "Language-Team: Oriya\n" +@@ -354,12 +354,12 @@ + msgid "You have mail in folder %s." + msgstr "ଆପଣଙ୍କ ନିକଟରେ %s ଫୋଲଡରରେ ଚିଠି ଅଛି।" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରୁଅଛି." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରିବାରେ ଅସମର୍ଥ: %m" +Index: po/pa.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/pa.po,v +retrieving revision 1.51 +retrieving revision 1.52 +diff -u -r1.51 -r1.52 +--- po/pa.po 9 Mar 2009 13:07:35 -0000 1.51 ++++ po/pa.po 25 Mar 2009 10:54:23 -0000 1.52 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.pa\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2005-08-06 08:34+0530\n" + "Last-Translator: Amanpreet Singh Alam[ਆਲਮ] \n" + "Language-Team: Panjabi \n" +@@ -354,12 +354,12 @@ + msgid "You have mail in folder %s." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/pl.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/pl.po,v +retrieving revision 1.58 +retrieving revision 1.60 +diff -u -r1.58 -r1.60 +--- po/pl.po 9 Mar 2009 13:07:35 -0000 1.58 ++++ po/pl.po 25 Mar 2009 10:54:23 -0000 1.60 +@@ -7,8 +7,8 @@ + msgstr "" + "Project-Id-Version: pl\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" +-"PO-Revision-Date: 2009-01-04 23:16+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" ++"PO-Revision-Date: 2009-02-26 22:10+0100\n" + "Last-Translator: Piotr Drąg \n" + "Language-Team: Polish \n" + "MIME-Version: 1.0\n" +@@ -355,15 +355,15 @@ + msgid "You have mail in folder %s." + msgstr "Wiadomości w folderze %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Tworzenie katalogu \"%s\"." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +-#, fuzzy, c-format ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 ++#, c-format + msgid "Unable to create and initialize directory '%s'." +-msgstr "Nie można utworzyć katalogu %s: %m" ++msgstr "Nie można utworzyć i zainicjować katalogu \"%s\"." + + #: modules/pam_pwhistory/pam_pwhistory.c:218 + #: modules/pam_unix/pam_unix_passwd.c:475 +Index: po/pt.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/pt.po,v +retrieving revision 1.53 +retrieving revision 1.54 +diff -u -r1.53 -r1.54 +--- po/pt.po 9 Mar 2009 13:07:35 -0000 1.53 ++++ po/pt.po 25 Mar 2009 10:54:23 -0000 1.54 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.pt\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2006-05-03 21:54+0200\n" + "Last-Translator: Antonio Cardoso Martins \n" + "Language-Team: portuguese\n" +@@ -350,12 +350,12 @@ + msgid "You have mail in folder %s." + msgstr "Tem correio electrónico na pasta %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/pt_BR.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/pt_BR.po,v +retrieving revision 1.56 +retrieving revision 1.58 +diff -u -r1.56 -r1.58 +--- po/pt_BR.po 9 Mar 2009 13:07:35 -0000 1.56 ++++ po/pt_BR.po 25 Mar 2009 10:54:23 -0000 1.58 +@@ -10,7 +10,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2009-02-20 12:41-0300\n" + "Last-Translator: Taylon \n" + "Language-Team: Brazilian Portuguese \n" +@@ -352,15 +352,15 @@ + msgid "You have mail in folder %s." + msgstr "Há mensagens na pasta %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Criando o diretório '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +-#, fuzzy, c-format ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 ++#, c-format + msgid "Unable to create and initialize directory '%s'." +-msgstr "Impossível criar o diretório %s: %m" ++msgstr "Impossível criar e inicializar o diretório \"%s\"." + + #: modules/pam_pwhistory/pam_pwhistory.c:218 + #: modules/pam_unix/pam_unix_passwd.c:475 +Index: po/ru.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ru.po,v +retrieving revision 1.20 +retrieving revision 1.21 +diff -u -r1.20 -r1.21 +--- po/ru.po 9 Mar 2009 13:07:35 -0000 1.20 ++++ po/ru.po 25 Mar 2009 10:54:23 -0000 1.21 +@@ -11,7 +11,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-02-23 20:11+0300\n" + "Last-Translator: Andrew Martynov \n" + "Language-Team: Russian \n" +@@ -362,12 +362,12 @@ + msgid "You have mail in folder %s." + msgstr "Есть почта в папке %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Создание каталога '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Невозможно создать каталог %s: %m" +Index: po/si.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/si.po,v +retrieving revision 1.13 +retrieving revision 1.14 +diff -u -r1.13 -r1.14 +--- po/si.po 9 Mar 2009 13:07:35 -0000 1.13 ++++ po/si.po 25 Mar 2009 10:54:23 -0000 1.14 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: si\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2007-06-22 12:24+0530\n" + "Last-Translator: Danishka Navin \n" + "Language-Team: Sinhala \n" +@@ -350,12 +350,12 @@ + msgid "You have mail in folder %s." + msgstr "%s බහලුම තුළ ඔබට තැපැල් ඇත." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/sk.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/sk.po,v +retrieving revision 1.8 +retrieving revision 1.10 +diff -u -r1.8 -r1.10 +--- po/sk.po 9 Mar 2009 13:07:35 -0000 1.8 ++++ po/sk.po 25 Mar 2009 10:54:23 -0000 1.10 +@@ -2,19 +2,19 @@ + # This file is distributed under the same license as the Linux-PAM package. + # + # Ondrej Šulek , 2008. ++# Pavol Šimo , 2009. + msgid "" + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" +-"PO-Revision-Date: 2008-10-21 09:13+0200\n" +-"Last-Translator: Ondrej Šulek \n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" ++"PO-Revision-Date: 2009-03-24 22:24+0100\n" ++"Last-Translator: Pavol Šimo \n" + "Language-Team: Slovak \n" + "MIME-Version: 1.0\n" + "Content-Type: text/plain; charset=UTF-8\n" + "Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" +-"X-Generator: Lokalize 0.2\n" + + #: libpam_misc/misc_conv.c:33 + msgid "...Time is running out...\n" +@@ -27,7 +27,7 @@ + #: libpam_misc/misc_conv.c:342 + #, c-format + msgid "erroneous conversation (%d)\n" +-msgstr "nesprávna konverzácia (%d)\n" ++msgstr "chybná konverzácia (%d)\n" + + #: libpam/pam_get_authtok.c:39 modules/pam_exec/pam_exec.c:142 + #: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:63 +@@ -46,16 +46,16 @@ + + #: libpam/pam_get_authtok.c:44 modules/pam_cracklib/pam_cracklib.c:69 + msgid "Sorry, passwords do not match." +-msgstr "Heslá sa nezhodujú." ++msgstr "Prepáčte, heslá sa nezhodujú." + + #: libpam/pam_get_authtok.c:127 + #, c-format + msgid "Retype %s" +-msgstr "" ++msgstr "Opakujte %s" + + #: libpam/pam_get_authtok.c:146 + msgid "Password change aborted." +-msgstr "Zmena hesla prerušená." ++msgstr "Zmena hesla zrušená." + + #: libpam/pam_item.c:310 + msgid "login:" +@@ -67,7 +67,7 @@ + + #: libpam/pam_strerror.c:42 + msgid "Critical error - immediate abort" +-msgstr "Kritická chyba - okamžité prerušenie" ++msgstr "Kritická chyba - okamžité zrušenie" + + #: libpam/pam_strerror.c:44 + msgid "Failed to load module" +@@ -95,19 +95,19 @@ + + #: libpam/pam_strerror.c:56 + msgid "Authentication failure" +-msgstr "Zlyhanie autentifikácie" ++msgstr "Zlyhanie overenia" + + #: libpam/pam_strerror.c:58 + msgid "Insufficient credentials to access authentication data" +-msgstr "Nedostatočné oprávnenia pre prístup k autentifikačným dátam" ++msgstr "Nedostatočné oprávnenia pre prístup k údajom overenia" + + #: libpam/pam_strerror.c:60 + msgid "Authentication service cannot retrieve authentication info" +-msgstr "Autentifikačná služba nemôže získať informácie pre autentifikáciu" ++msgstr "Overovacia služba nemôže získať informácie pre overenie" + + #: libpam/pam_strerror.c:62 + msgid "User not known to the underlying authentication module" +-msgstr "Používateľ nie je známy pre podriadený autentifikačný modul" ++msgstr "Používateľ nie je známy pre podriadený overovací modul" + + #: libpam/pam_strerror.c:64 + msgid "Have exhausted maximum number of retries for service" +@@ -115,7 +115,7 @@ + + #: libpam/pam_strerror.c:66 + msgid "Authentication token is no longer valid; new one required" +-msgstr "Autentifikačný token už nie je platný; požadovaný nový" ++msgstr "Overovací token už nie je platný; požadovaný je nový" + + #: libpam/pam_strerror.c:68 + msgid "User account has expired" +@@ -123,11 +123,11 @@ + + #: libpam/pam_strerror.c:70 + msgid "Cannot make/remove an entry for the specified session" +-msgstr "Pre zadané sedenie nie je možné vytvoriť/odstrániť záznam" ++msgstr "Pre zadanú reláciu nie je možné vytvoriť/odstrániť záznam" + + #: libpam/pam_strerror.c:72 + msgid "Authentication service cannot retrieve user credentials" +-msgstr "Autentifikačná služba nemôže získať oprávnenia používateľa" ++msgstr "Overovacia služba nemôže získať oprávnenia používateľa" + + #: libpam/pam_strerror.c:74 + msgid "User credentials expired" +@@ -151,19 +151,19 @@ + + #: libpam/pam_strerror.c:84 + msgid "Authentication token manipulation error" +-msgstr "Chyba pri manipulácii s autentifikačným tokenom" ++msgstr "Chyba pri manipulácii s overovacím tokenom" + + #: libpam/pam_strerror.c:86 + msgid "Authentication information cannot be recovered" +-msgstr "Autentifikačnú informáciu nie je možné obnoviť" ++msgstr "Overovaciu informáciu nie je možné obnoviť" + + #: libpam/pam_strerror.c:88 + msgid "Authentication token lock busy" +-msgstr "Autentifikačný token je uzamknutý" ++msgstr "Overovací token je uzamknutý" + + #: libpam/pam_strerror.c:90 + msgid "Authentication token aging disabled" +-msgstr "Starnutie autentifikačného tokenu zakázané" ++msgstr "Starnutie overovacieho tokenu zakázané" + + #: libpam/pam_strerror.c:92 + msgid "Failed preliminary check by password service" +@@ -179,7 +179,7 @@ + + #: libpam/pam_strerror.c:98 + msgid "Authentication token expired" +-msgstr "Vypršala platnosť autentifikačného tokenu" ++msgstr "Vypršala platnosť overovacieho tokenu" + + #: libpam/pam_strerror.c:100 + msgid "Conversation is waiting for event" +@@ -219,7 +219,7 @@ + + #: modules/pam_cracklib/pam_cracklib.c:519 + msgid "not enough character classes" +-msgstr "dostatok rôznych druhov znakov" ++msgstr "nedostatok rôznych druhov znakov" + + #: modules/pam_cracklib/pam_cracklib.c:522 + msgid "contains too many same characters consecutively" +@@ -248,22 +248,22 @@ + #: modules/pam_exec/pam_exec.c:215 + #, c-format + msgid "%s failed: exit code %d" +-msgstr "%s zlyhal: výstupný kód %d" ++msgstr "%s zlyhalo: výstupný kód %d" + + #: modules/pam_exec/pam_exec.c:224 + #, c-format + msgid "%s failed: caught signal %d%s" +-msgstr "%s zlyhal: dostal signál %d%s" ++msgstr "%s zlyhalo: dostal signál %d%s" + + #: modules/pam_exec/pam_exec.c:233 + #, c-format + msgid "%s failed: unknown status 0x%x" +-msgstr "%s zlyhal: neznámy stav 0x%x" ++msgstr "%s zlyhalo: neznámy stav 0x%x" + + #. TRANSLATORS: "strftime options for date of last login" + #: modules/pam_lastlog/pam_lastlog.c:201 modules/pam_lastlog/pam_lastlog.c:429 + msgid " %a %b %e %H:%M:%S %Z %Y" +-msgstr "%a %d.%m.%Y %H:%M:%S %Z" ++msgstr " %a %d.%m.%Y %H:%M:%S %Z" + + #. TRANSLATORS: " from " + #: modules/pam_lastlog/pam_lastlog.c:210 modules/pam_lastlog/pam_lastlog.c:438 +@@ -285,7 +285,7 @@ + + #: modules/pam_lastlog/pam_lastlog.c:238 + msgid "Welcome to your new account!" +-msgstr "Vítajte vo vašom novom účte!" ++msgstr "Vitajte vo vašom novom účte!" + + #. TRANSLATORS: "Last failed login: from on " + #: modules/pam_lastlog/pam_lastlog.c:460 +@@ -357,24 +357,24 @@ + msgid "You have mail in folder %s." + msgstr "Máte poštu v priečinku %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Vytváranie priečinka '%s'." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 +-#, fuzzy, c-format ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 ++#, c-format + msgid "Unable to create and initialize directory '%s'." +-msgstr "Nedá sa vytvoriť priečinok %s: %m" ++msgstr "Nedá sa vytvoriť a inicializovať priečinok '%s'." + + #: modules/pam_pwhistory/pam_pwhistory.c:218 + #: modules/pam_unix/pam_unix_passwd.c:475 + msgid "Password has been already used. Choose another." +-msgstr "Heslo už bolo použité. Vyberte iné." ++msgstr "Heslo už bolo použité. Zvoľte si iné." + + #: modules/pam_selinux/pam_selinux.c:172 + msgid "Would you like to enter a security context? [N] " +-msgstr "Chcete zadať kontext zabezpečenia? [N] " ++msgstr "Želáte si zadať kontext zabezpečenia? [N] " + + #: modules/pam_selinux/pam_selinux.c:191 modules/pam_selinux/pam_selinux.c:282 + msgid "role:" +@@ -395,7 +395,7 @@ + + #: modules/pam_selinux/pam_selinux.c:269 + msgid "Would you like to enter a different role or level?" +-msgstr "Chcete zadať inú rolu alebo úroveň?" ++msgstr "Želáte si zadať inú rolu alebo úroveň?" + + #: modules/pam_selinux/pam_selinux.c:285 + #, c-format +@@ -405,7 +405,7 @@ + #: modules/pam_selinux/pam_selinux.c:677 + #, c-format + msgid "Unable to get valid context for %s" +-msgstr "Nepodaril sa získať platný kontext zabezpečenia pre %s" ++msgstr "Nepodarilo sa získať platný kontext zabezpečenia pre %s" + + #: modules/pam_selinux/pam_selinux.c:728 + #, c-format +@@ -425,7 +425,7 @@ + #: modules/pam_selinux/pam_selinux_check.c:105 + #, c-format + msgid "failed to pam_set_item()\n" +-msgstr "chyba pam_set_item()\n" ++msgstr "chyba pri pam_set_item()\n" + + #: modules/pam_selinux/pam_selinux_check.c:133 + #, c-format +@@ -443,7 +443,7 @@ + + #: modules/pam_stress/pam_stress.c:492 + msgid "Retype new STRESS password: " +-msgstr "Znovu zadajte nové STRESS heslo: " ++msgstr "Znovu zadajte nové STRESS heslo: " + + #: modules/pam_stress/pam_stress.c:521 + msgid "Verification mis-typed; password unchanged" +@@ -461,7 +461,7 @@ + + #: modules/pam_tally/pam_tally.c:777 modules/pam_tally2/pam_tally2.c:884 + msgid "Authentication error" +-msgstr "Chyba autentifikácie" ++msgstr "Chyba overenia" + + #: modules/pam_tally/pam_tally.c:778 modules/pam_tally2/pam_tally2.c:885 + msgid "Service error" +@@ -478,12 +478,12 @@ + #: modules/pam_tally/pam_tally.c:796 modules/pam_tally2/pam_tally2.c:906 + #, c-format + msgid "%s: Bad number given to --reset=\n" +-msgstr "%s: Zadaná zlá hodnota --reset=\n" ++msgstr "%s: Zadané zlé číslo pre --reset=\n" + + #: modules/pam_tally/pam_tally.c:800 modules/pam_tally2/pam_tally2.c:910 + #, c-format + msgid "%s: Unrecognised option %s\n" +-msgstr "%s: Neznáma možnosť %s\n" ++msgstr "%s: Neznáma voľba %s\n" + + #: modules/pam_tally/pam_tally.c:812 + #, c-format +@@ -501,22 +501,23 @@ + #: modules/pam_tally2/pam_tally2.c:937 + #, c-format + msgid "Login Failures Latest failure From\n" +-msgstr "" ++msgstr "Login Zlyhaní Ostatné zlyhanie Z\n" + + #: modules/pam_tally2/pam_tally2.c:953 +-#, fuzzy, c-format ++#, c-format + msgid "" + "%s: [-f rooted-filename] [--file rooted-filename]\n" + " [-u username] [--user username]\n" + " [-r] [--reset[=n]] [--quiet]\n" + msgstr "" +-"%s: [--file meno_suboru] [--user pouzivatelske_meno] [--reset[=n]] [--" +-"quiet]\n" ++"%s: [-f meno_suboru] [--file meno_suboru]\n" ++" [-u pouzivatelske_meno] [--user pouzivatelske_meno]\n" ++" [-r] [--reset[=n]] [--quiet]\n" + + #: modules/pam_timestamp/pam_timestamp.c:339 + #, c-format + msgid "Access granted (last access was %ld seconds ago)." +-msgstr "" ++msgstr "Prístup povolený (ostatný prístup pred %ld sekundami)." + + #: modules/pam_unix/pam_unix_acct.c:235 modules/pam_unix/pam_unix_acct.c:257 + msgid "Your account has expired; please contact your system administrator" +@@ -525,7 +526,7 @@ + + #: modules/pam_unix/pam_unix_acct.c:243 + msgid "You are required to change your password immediately (root enforced)" +-msgstr "Je vyžadovaná okamžitá zmena vašeho hesla (vynútené rootom)" ++msgstr "Je vyžadovaná okamžitá zmena vašeho hesla (vynútené správcom)" + + #: modules/pam_unix/pam_unix_acct.c:249 + msgid "You are required to change your password immediately (password aged)" +@@ -551,7 +552,7 @@ + + #: modules/pam_unix/pam_unix_passwd.c:471 + msgid "You must choose a longer password" +-msgstr "Musíte vybrať dlhšie heslo" ++msgstr "Musíte si zvoliť dlhšie heslo" + + #: modules/pam_unix/pam_unix_passwd.c:576 + #, c-format +Index: po/sr.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/sr.po,v +retrieving revision 1.11 +retrieving revision 1.12 +diff -u -r1.11 -r1.12 +--- po/sr.po 9 Mar 2009 13:07:35 -0000 1.11 ++++ po/sr.po 25 Mar 2009 10:54:23 -0000 1.12 +@@ -9,7 +9,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-04-05 10:48+0100\n" + "Last-Translator: Miloš Komarčević \n" + "Language-Team: Serbian (sr) \n" +@@ -355,12 +355,12 @@ + msgid "You have mail in folder %s." + msgstr "Имате поруке у директоријуму %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Правим директоријум „%s“." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Не могу да направим директоријум %s: %m" +Index: po/sr@latin.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/sr@latin.po,v +retrieving revision 1.11 +retrieving revision 1.12 +diff -u -r1.11 -r1.12 +--- po/sr@latin.po 9 Mar 2009 13:07:35 -0000 1.11 ++++ po/sr@latin.po 25 Mar 2009 10:54:23 -0000 1.12 +@@ -9,7 +9,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-04-05 10:48+0100\n" + "Last-Translator: Miloš Komarčević \n" + "Language-Team: Serbian (sr) \n" +@@ -355,12 +355,12 @@ + msgid "You have mail in folder %s." + msgstr "Imate poruke u direktorijumu %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Pravim direktorijum „%s“." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Ne mogu da napravim direktorijum %s: %m" +Index: po/sv.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/sv.po,v +retrieving revision 1.21 +retrieving revision 1.22 +diff -u -r1.21 -r1.22 +--- po/sv.po 9 Mar 2009 13:07:35 -0000 1.21 ++++ po/sv.po 25 Mar 2009 10:54:23 -0000 1.22 +@@ -8,7 +8,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2009-02-11 12:22+0100\n" + "Last-Translator: Daniel Nylander \n" + "Language-Team: Swedish \n" +@@ -355,12 +355,12 @@ + msgid "You have mail in folder %s." + msgstr "Du har brev i katalogen %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "Skapar katalogen \"%s\"." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "Kan inte skapa katalogen %s: %m" +Index: po/ta.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/ta.po,v +retrieving revision 1.13 +retrieving revision 1.14 +diff -u -r1.13 -r1.14 +--- po/ta.po 9 Mar 2009 13:07:35 -0000 1.13 ++++ po/ta.po 25 Mar 2009 10:54:23 -0000 1.14 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: ta\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2007-06-21 15:33+0530\n" + "Last-Translator: I felix \n" + "Language-Team: Tamil \n" +@@ -352,12 +352,12 @@ + msgid "You have mail in folder %s." + msgstr "உங்களுக்கு %s அடைவில் அஞ்சல் உள்ளது." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/te.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/te.po,v +retrieving revision 1.7 +retrieving revision 1.8 +diff -u -r1.7 -r1.8 +--- po/te.po 9 Mar 2009 13:07:35 -0000 1.7 ++++ po/te.po 25 Mar 2009 10:54:23 -0000 1.8 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: te\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-22 16:24+0530\n" + "Last-Translator: Krishna Babu K \n" + "Language-Team: Telugu \n" +@@ -352,12 +352,12 @@ + msgid "You have mail in folder %s." + msgstr "మీరు ఫోల్డరు %sనందు మెయిల్‌ను కలిగివున్నారు." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "డెరెక్టరీ '%s' సృష్టించుట." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "డైరెక్టరీ %sను సృష్టించలేక పోయింది: %m" +Index: po/tr.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/tr.po,v +retrieving revision 1.26 +retrieving revision 1.27 +diff -u -r1.26 -r1.27 +--- po/tr.po 9 Mar 2009 13:07:35 -0000 1.26 ++++ po/tr.po 25 Mar 2009 10:54:23 -0000 1.27 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2006-05-03 19:00+0200\n" + "Last-Translator: Koray Löker \n" + "Language-Team: Türkçe \n" +@@ -349,12 +349,12 @@ + msgid "You have mail in folder %s." + msgstr "%s dizininde iletiniz var" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/uk.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/uk.po,v +retrieving revision 1.26 +retrieving revision 1.27 +diff -u -r1.26 -r1.27 +--- po/uk.po 9 Mar 2009 13:07:35 -0000 1.26 ++++ po/uk.po 25 Mar 2009 10:54:23 -0000 1.27 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.uk\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2006-05-03 18:59+0200\n" + "Last-Translator: Ivan Petrouchtchak \n" + "Language-Team: Ukrainian \n" +@@ -352,12 +352,12 @@ + msgid "You have mail in folder %s." + msgstr "Ви маєте пошту в теці %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" +Index: po/zh_CN.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/zh_CN.po,v +retrieving revision 1.56 +retrieving revision 1.57 +diff -u -r1.56 -r1.57 +--- po/zh_CN.po 9 Mar 2009 13:07:35 -0000 1.56 ++++ po/zh_CN.po 25 Mar 2009 10:54:23 -0000 1.57 +@@ -9,7 +9,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-20 15:43+1000\n" + "Last-Translator: Leah Liu \n" + "Language-Team: Simplified Chinese \n" +@@ -350,12 +350,12 @@ + msgid "You have mail in folder %s." + msgstr "您在文件夹 %s 中有邮件。" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "创建目录 '%s'。" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "无法创建目录 %s:%m" +Index: po/zh_TW.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/zh_TW.po,v +retrieving revision 1.54 +retrieving revision 1.55 +diff -u -r1.54 -r1.55 +--- po/zh_TW.po 9 Mar 2009 13:07:35 -0000 1.54 ++++ po/zh_TW.po 25 Mar 2009 10:54:23 -0000 1.55 +@@ -7,7 +7,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM.tip\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2008-10-21 15:51+1000\n" + "Last-Translator: Terry Chuang \n" + "Language-Team: \n" +@@ -350,12 +350,12 @@ + msgid "You have mail in folder %s." + msgstr "資料夾 %s 中有您的郵件。" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "建立目錄「%s」。" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, fuzzy, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "無法建立 %s 目錄:%m" +Index: po/zu.po +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/po/zu.po,v +retrieving revision 1.19 +retrieving revision 1.20 +diff -u -r1.19 -r1.20 +--- po/zu.po 9 Mar 2009 13:07:35 -0000 1.19 ++++ po/zu.po 25 Mar 2009 10:54:23 -0000 1.20 +@@ -5,7 +5,7 @@ + msgstr "" + "Project-Id-Version: Linux-PAM\n" + "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" +-"POT-Creation-Date: 2009-03-03 14:56+0100\n" ++"POT-Creation-Date: 2009-03-25 11:53+0100\n" + "PO-Revision-Date: 2006-11-03 12:03\n" + "Last-Translator: Novell Language \n" + "Language-Team: Novell Language \n" +@@ -346,12 +346,12 @@ + msgid "You have mail in folder %s." + msgstr "Unemeyili kwifolda %s." + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:111 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:113 + #, c-format + msgid "Creating directory '%s'." + msgstr "" + +-#: modules/pam_mkhomedir/pam_mkhomedir.c:181 ++#: modules/pam_mkhomedir/pam_mkhomedir.c:183 + #, c-format + msgid "Unable to create and initialize directory '%s'." + msgstr "" diff --git a/libpam-password-requisite.diff b/libpam-password-requisite.diff deleted file mode 100644 index 9fc0e8d..0000000 --- a/libpam-password-requisite.diff +++ /dev/null @@ -1,49 +0,0 @@ ---- libpam/pam_dispatch.c 3 Dec 2008 14:16:33 -0000 1.13 -+++ libpam/pam_dispatch.c 4 Feb 2009 13:48:02 -0000 -@@ -132,11 +132,10 @@ - } - - /* -- * use_cached_chain is how we ensure that the setcred/close_session -- * and chauthtok(2) modules are called in the same order as they did -- * when they were invoked as auth/open_session/chauthtok(1). This -- * feature was added in 0.75 to make the behavior of pam_setcred -- * sane. It was debugged by release 0.76. -+ * use_cached_chain is how we ensure that the setcred and -+ * close_session modules are called in the same order as they did -+ * when they were invoked as auth/open_session. This feature was -+ * added in 0.75 to make the behavior of pam_setcred sane. - */ - if (use_cached_chain != _PAM_PLEASE_FREEZE) { - -@@ -358,9 +357,6 @@ - break; - case PAM_CHAUTHTOK: - h = pamh->handlers.conf.chauthtok; -- if (flags & PAM_UPDATE_AUTHTOK) { -- use_cached_chain = _PAM_MUST_BE_FROZEN; -- } - break; - default: - pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); ---- libpam/pam_password.c 24 Jul 2006 15:47:40 -0000 1.5 -+++ libpam/pam_password.c 4 Feb 2009 13:48:02 -0000 -@@ -24,6 +24,13 @@ - return PAM_SYSTEM_ERR; - } - -+ /* applications are not allowed to set this flags */ -+ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) { -+ syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX -+ "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application"); -+ return PAM_SYSTEM_ERR; -+ } -+ - if (pamh->former.choice == PAM_NOT_STACKED) { - _pam_start_timer(pamh); /* we try to make the time for a failure - independent of the time it takes to -@@ -58,4 +67,3 @@ - - return retval; - } -- diff --git a/pam-1.0.0-selinux-env-params.patch b/pam-1.0.0-selinux-env-params.patch deleted file mode 100644 index ac4d53a..0000000 --- a/pam-1.0.0-selinux-env-params.patch +++ /dev/null @@ -1,561 +0,0 @@ -Index: modules/pam_selinux/pam_selinux.8.xml -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_selinux/pam_selinux.8.xml,v -retrieving revision 1.2 -diff -u -p -r1.2 pam_selinux.8.xml ---- modules/pam_selinux/pam_selinux.8.xml 15 Jun 2007 10:17:22 -0000 1.2 -+++ modules/pam_selinux/pam_selinux.8.xml 19 May 2008 15:44:08 -0000 -@@ -37,6 +37,9 @@ - select_context - - -+ env_params -+ -+ - use_current_range - - -@@ -137,12 +140,30 @@ - - - -+ -+ -+ -+ -+ Attempt to obtain a custom security context role from PAM environment. -+ If MLS is on obtain also sensitivity level. This option and the -+ select_context option are mutually exclusive. The respective PAM -+ environment variables are SELINUX_ROLE_REQUESTED, -+ SELINUX_LEVEL_REQUESTED, and -+ SELINUX_USE_CURRENT_RANGE. The first two variables -+ are self describing and the last one if set to 1 makes the PAM module behave as -+ if the use_current_range was specified on the command line of the module. -+ -+ -+ -+ -+ - - - - -- Use the sensitivity range of the process for the user context. -- This option and the select_context option are mutually exclusive. -+ Use the sensitivity level of the current process for the user context -+ instead of the default level. Also supresses asking of the -+ sensitivity level from the user or obtaining it from PAM environment. - - - -Index: modules/pam_selinux/pam_selinux.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_selinux/pam_selinux.c,v -retrieving revision 1.16 -diff -u -p -r1.16 pam_selinux.c ---- modules/pam_selinux/pam_selinux.c 22 Apr 2008 19:21:37 -0000 1.16 -+++ modules/pam_selinux/pam_selinux.c 19 May 2008 15:44:08 -0000 -@@ -2,8 +2,9 @@ - * A module for Linux-PAM that will set the default security context after login - * via PAM. - * -- * Copyright (c) 2003 Red Hat, Inc. -+ * Copyright (c) 2003-2008 Red Hat, Inc. - * Written by Dan Walsh -+ * Additional improvements by Tomas Mraz - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -138,15 +139,22 @@ send_text (pam_handle_t *pamh, const cha - */ - static int - query_response (pam_handle_t *pamh, const char *text, const char *def, -- char **responses, int debug) -+ char **response, int debug) - { - int rc; - if (def) -- rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s [%s] ", text, def); -+ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def); - else -- rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, responses, "%s ", text); -- if (debug) -- pam_syslog(pamh, LOG_NOTICE, "%s %s", text, responses[0]); -+ rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text); -+ -+ if (*response == NULL) { -+ rc = PAM_CONV_ERR; -+ } -+ -+ if (rc != PAM_SUCCESS) { -+ pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text); -+ } else if (debug) -+ pam_syslog(pamh, LOG_NOTICE, "%s %s", text, *response); - return rc; - } - -@@ -157,13 +165,15 @@ manual_context (pam_handle_t *pamh, cons - context_t new_context; - int mls_enabled = is_selinux_mls_enabled(); - char *type=NULL; -- char *responses=NULL; -+ char *response=NULL; - - while (1) { -- query_response(pamh, -- _("Would you like to enter a security context? [N] "), NULL, -- &responses,debug); -- if ((responses[0] == 'y') || (responses[0] == 'Y')) -+ if (query_response(pamh, -+ _("Would you like to enter a security context? [N] "), NULL, -+ &response, debug) != PAM_SUCCESS) -+ return NULL; -+ -+ if ((response[0] == 'y') || (response[0] == 'Y')) - { - if (mls_enabled) - new_context = context_new ("user:role:type:level"); -@@ -176,26 +186,29 @@ manual_context (pam_handle_t *pamh, cons - if (context_user_set (new_context, user)) - goto fail_set; - -- _pam_drop(responses); -+ _pam_drop(response); - /* Allow the user to enter each field of the context individually */ -- query_response(pamh,_("role:"), NULL, &responses,debug); -- if (responses[0] != '\0') { -- if (context_role_set (new_context, responses)) -+ if (query_response(pamh, _("role:"), NULL, &response, debug) == PAM_SUCCESS && -+ response[0] != '\0') { -+ if (context_role_set (new_context, response)) - goto fail_set; -- if (get_default_type(responses, &type)) -+ if (get_default_type(response, &type)) - goto fail_set; - if (context_type_set (new_context, type)) - goto fail_set; - } -- _pam_drop(responses); -+ _pam_drop(response); -+ - if (mls_enabled) - { -- query_response(pamh,_("level:"), NULL, &responses,debug); -- if (responses[0] != '\0') { -- if (context_range_set (new_context, responses)) -+ if (query_response(pamh, _("level:"), NULL, &response, debug) == PAM_SUCCESS && -+ response[0] != '\0') { -+ if (context_range_set (new_context, response)) - goto fail_set; - } -+ _pam_drop(response); - } -+ - /* Get the string value of the context and see if it is valid. */ - if (!security_check_context(context_str(new_context))) { - newcon = strdup(context_str(new_context)); -@@ -204,16 +217,17 @@ manual_context (pam_handle_t *pamh, cons - } - else - send_text(pamh,_("Not a valid security context"),debug); -- context_free (new_context); -+ -+ context_free (new_context); - } - else { -- _pam_drop(responses); -+ _pam_drop(response); - return NULL; - } - } /* end while */ - fail_set: - free(type); -- _pam_drop(responses); -+ _pam_drop(response); - context_free (new_context); - return NULL; - } -@@ -239,69 +253,91 @@ static int mls_range_allowed(pam_handle_ - } - - static security_context_t --config_context (pam_handle_t *pamh, security_context_t puser_context, int debug) -+config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug) - { - security_context_t newcon=NULL; - context_t new_context; - int mls_enabled = is_selinux_mls_enabled(); -- char *responses=NULL; -+ char *response=NULL; - char *type=NULL; - char resp_val = 0; - -- pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), puser_context); -+ pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon); - - while (1) { -- query_response(pamh, -+ if (query_response(pamh, - _("Would you like to enter a different role or level?"), "n", -- &responses,debug); -- -- resp_val = responses[0]; -- _pam_drop(responses); -+ &response, debug) == PAM_SUCCESS) { -+ resp_val = response[0]; -+ _pam_drop(response); -+ } else { -+ resp_val = 'N'; -+ } - if ((resp_val == 'y') || (resp_val == 'Y')) - { -- new_context = context_new(puser_context); -- -+ if ((new_context = context_new(defaultcon)) == NULL) -+ goto fail_set; -+ - /* Allow the user to enter role and level individually */ -- query_response(pamh,_("role:"), context_role_get(new_context), -- &responses, debug); -- if (responses[0]) { -- if (get_default_type(responses, &type)) { -- pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), responses); -- _pam_drop(responses); -+ if (query_response(pamh, _("role:"), context_role_get(new_context), -+ &response, debug) == PAM_SUCCESS && response[0]) { -+ if (get_default_type(response, &type)) { -+ pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); -+ _pam_drop(response); - continue; - } else { -- if (context_role_set(new_context, responses)) -+ if (context_role_set(new_context, response)) - goto fail_set; - if (context_type_set (new_context, type)) - goto fail_set; - } - } -- _pam_drop(responses); -+ _pam_drop(response); -+ - if (mls_enabled) - { -- query_response(pamh,_("level:"), context_range_get(new_context), -- &responses, debug); -- if (responses[0]) { -- if (context_range_set(new_context, responses)) -- goto fail_set; -+ if (use_current_range) { -+ security_context_t mycon = NULL; -+ context_t my_context; -+ -+ if (getcon(&mycon) != 0) -+ goto fail_set; -+ my_context = context_new(mycon); -+ if (my_context == NULL) { -+ freecon(mycon); -+ goto fail_set; -+ } -+ freecon(mycon); -+ if (context_range_set(new_context, context_range_get(my_context))) { -+ context_free(my_context); -+ goto fail_set; -+ } -+ context_free(my_context); -+ } else if (query_response(pamh, _("level:"), context_range_get(new_context), -+ &response, debug) == PAM_SUCCESS && response[0]) { -+ if (context_range_set(new_context, response)) -+ goto fail_set; - } -- _pam_drop(responses); -+ _pam_drop(response); - } -+ - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context)); - - /* Get the string value of the context and see if it is valid. */ - if (!security_check_context(context_str(new_context))) { - newcon = strdup(context_str(new_context)); -- context_free (new_context); -+ if (newcon == NULL) -+ goto fail_set; -+ context_free(new_context); - - /* we have to check that this user is allowed to go into the - range they have specified ... role is tied to an seuser, so that'll - be checked at setexeccon time */ -- if (mls_enabled && !mls_range_allowed(pamh, puser_context, newcon, debug)) { -- pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", puser_context, newcon); -+ if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { -+ pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); - -- send_audit_message(pamh, 0, puser_context, newcon); -+ send_audit_message(pamh, 0, defaultcon, newcon); - - free(newcon); - goto fail_range; -@@ -309,26 +345,120 @@ config_context (pam_handle_t *pamh, secu - return newcon; - } - else { -- send_audit_message(pamh, 0, puser_context, context_str(new_context)); -+ send_audit_message(pamh, 0, defaultcon, context_str(new_context)); - send_text(pamh,_("Not a valid security context"),debug); - } - context_free(new_context); /* next time around allocates another */ - } - else -- return strdup(puser_context); -+ return strdup(defaultcon); - } /* end while */ - - return NULL; - - fail_set: - free(type); -- _pam_drop(responses); -+ _pam_drop(response); - context_free (new_context); -- send_audit_message(pamh, 0, puser_context, NULL); -+ send_audit_message(pamh, 0, defaultcon, NULL); - fail_range: - return NULL; - } - -+static security_context_t -+context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug) -+{ -+ security_context_t newcon = NULL; -+ context_t new_context; -+ context_t my_context = NULL; -+ int mls_enabled = is_selinux_mls_enabled(); -+ const char *env = NULL; -+ char *type = NULL; -+ -+ if ((new_context = context_new(defaultcon)) == NULL) -+ goto fail_set; -+ -+ if (env_params && (env = pam_getenv(pamh, "SELINUX_ROLE_REQUESTED")) != NULL && env[0] != '\0') { -+ if (debug) -+ pam_syslog(pamh, LOG_NOTICE, "Requested role: %s", env); -+ -+ if (get_default_type(env, &type)) { -+ pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env); -+ goto fail_set; -+ } else { -+ if (context_role_set(new_context, env)) -+ goto fail_set; -+ if (context_type_set(new_context, type)) -+ goto fail_set; -+ } -+ } -+ -+ if (mls_enabled) { -+ if ((env = pam_getenv(pamh, "SELINUX_USE_CURRENT_RANGE")) != NULL && env[0] == '1') { -+ if (debug) -+ pam_syslog(pamh, LOG_NOTICE, "SELINUX_USE_CURRENT_RANGE is set"); -+ use_current_range = 1; -+ } -+ -+ if (use_current_range) { -+ security_context_t mycon = NULL; -+ -+ if (getcon(&mycon) != 0) -+ goto fail_set; -+ my_context = context_new(mycon); -+ if (my_context == NULL) { -+ freecon(mycon); -+ goto fail_set; -+ } -+ freecon(mycon); -+ env = context_range_get(my_context); -+ } else { -+ env = pam_getenv(pamh, "SELINUX_LEVEL_REQUESTED"); -+ } -+ -+ if (env != NULL && env[0] != '\0') { -+ if (debug) -+ pam_syslog(pamh, LOG_NOTICE, "Requested level: %s", env); -+ if (context_range_set(new_context, env)) -+ goto fail_set; -+ } -+ } -+ -+ newcon = strdup(context_str(new_context)); -+ if (newcon == NULL) -+ goto fail_set; -+ -+ if (debug) -+ pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon); -+ -+ /* Get the string value of the context and see if it is valid. */ -+ if (security_check_context(newcon)) { -+ pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon); -+ send_audit_message(pamh, 0, defaultcon, newcon); -+ freecon(newcon); -+ newcon = NULL; -+ -+ goto fail_set; -+ } -+ -+ /* we have to check that this user is allowed to go into the -+ range they have specified ... role is tied to an seuser, so that'll -+ be checked at setexeccon time */ -+ if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { -+ pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); -+ send_audit_message(pamh, 0, defaultcon, newcon); -+ freecon(newcon); -+ newcon = NULL; -+ } -+ -+ fail_set: -+ free(type); -+ context_free(my_context); -+ context_free(new_context); -+ send_audit_message(pamh, 0, defaultcon, NULL); -+ return newcon; -+} -+ - static void - security_restorelabel_tty(const pam_handle_t *pamh, - const char *tty, security_context_t context) -@@ -439,13 +569,14 @@ PAM_EXTERN int - pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -- int i, debug = 0, ttys=1, has_tty=isatty(0); -+ int i, debug = 0, ttys=1; - int verbose=0, close_session=0; - int select_context = 0; - int use_current_range = 0; - int ret = 0; - security_context_t* contextlist = NULL; - int num_contexts = 0; -+ int env_params = 0; - const char *username = NULL; - const void *tty = NULL; - char *seuser=NULL; -@@ -472,13 +603,16 @@ pam_sm_open_session(pam_handle_t *pamh, - if (strcmp(argv[i], "use_current_range") == 0) { - use_current_range = 1; - } -+ if (strcmp(argv[i], "env_params") == 0) { -+ env_params = 1; -+ } - } - - if (debug) - pam_syslog(pamh, LOG_NOTICE, "Open Session"); - -- if (select_context && use_current_range) { -- pam_syslog(pamh, LOG_ERR, "select_context cannot be used with use_current_range"); -+ if (select_context && env_params) { -+ pam_syslog(pamh, LOG_ERR, "select_context cannot be used with env_params"); - select_context = 0; - } - -@@ -510,12 +644,17 @@ pam_sm_open_session(pam_handle_t *pamh, - freeconary(contextlist); - if (default_user_context == NULL) { - pam_syslog(pamh, LOG_ERR, "Out of memory"); -- return PAM_AUTH_ERR; -+ return PAM_BUF_ERR; - } -+ - user_context = default_user_context; -- if (select_context && has_tty) { -- user_context = config_context(pamh, default_user_context, debug); -- if (user_context == NULL) { -+ if (select_context) { -+ user_context = config_context(pamh, default_user_context, use_current_range, debug); -+ } else if (env_params || use_current_range) { -+ user_context = context_from_env(pamh, default_user_context, env_params, use_current_range, debug); -+ } -+ -+ if (user_context == NULL) { - freecon(default_user_context); - pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", - username); -@@ -524,11 +663,9 @@ pam_sm_open_session(pam_handle_t *pamh, - return PAM_AUTH_ERR; - else - return PAM_SUCCESS; -- } -- } -+ } - } - else { -- if (has_tty) { - user_context = manual_context(pamh,seuser,debug); - if (user_context == NULL) { - pam_syslog (pamh, LOG_ERR, "Unable to get valid context for %s", -@@ -538,59 +675,6 @@ pam_sm_open_session(pam_handle_t *pamh, - else - return PAM_SUCCESS; - } -- } else { -- pam_syslog (pamh, LOG_ERR, -- "Unable to get valid context for %s, No valid tty", -- username); -- if (security_getenforce() == 1) -- return PAM_AUTH_ERR; -- else -- return PAM_SUCCESS; -- } -- } -- -- if (use_current_range && is_selinux_mls_enabled()) { -- security_context_t process_context=NULL; -- if (getcon(&process_context) == 0) { -- context_t pcon, ucon; -- char *process_level=NULL; -- security_context_t orig_context; -- -- if (user_context) -- orig_context = user_context; -- else -- orig_context = default_user_context; -- -- pcon = context_new(process_context); -- freecon(process_context); -- process_level = strdup(context_range_get(pcon)); -- context_free(pcon); -- -- if (debug) -- pam_syslog (pamh, LOG_DEBUG, "process level=%s", process_level); -- -- ucon = context_new(orig_context); -- -- context_range_set(ucon, process_level); -- free(process_level); -- -- if (!mls_range_allowed(pamh, orig_context, context_str(ucon), debug)) { -- send_text(pamh, _("Requested MLS level not in permitted range"), debug); -- /* even if default_user_context is NULL audit that anyway */ -- send_audit_message(pamh, 0, default_user_context, context_str(ucon)); -- context_free(ucon); -- return PAM_AUTH_ERR; -- } -- -- if (debug) -- pam_syslog (pamh, LOG_DEBUG, "adjusted context=%s", context_str(ucon)); -- -- /* replace the user context with the level adjusted one */ -- freecon(user_context); -- user_context = strdup(context_str(ucon)); -- -- context_free(ucon); -- } - } - - if (getexeccon(&prev_user_context)<0) { -@@ -613,7 +697,7 @@ pam_sm_open_session(pam_handle_t *pamh, - } - } - } -- if(ttys && tty ) { -+ if (ttys && tty) { - ttyn=strdup(tty); - ttyn_context=security_label_tty(pamh,ttyn,user_context); - } diff --git a/pam-1.0.1-namespace-create.patch b/pam-1.0.1-namespace-create.patch deleted file mode 100644 index 7d12105..0000000 --- a/pam-1.0.1-namespace-create.patch +++ /dev/null @@ -1,679 +0,0 @@ -diff -up Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c.create Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c ---- Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c.create 2008-03-20 18:06:32.000000000 +0100 -+++ Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.c 2008-04-03 17:32:28.000000000 +0200 -@@ -32,6 +32,8 @@ - * DEALINGS IN THE SOFTWARE. - */ - -+#define _ATFILE_SOURCE -+ - #include "pam_namespace.h" - #include "argv_parse.h" - -@@ -78,11 +80,29 @@ static void del_polydir_list(struct poly - } - } - --static void cleanup_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) -+static void unprotect_dirs(struct protect_dir_s *dir) -+{ -+ struct protect_dir_s *next; -+ -+ while (dir != NULL) { -+ umount(dir->dir); -+ free(dir->dir); -+ next = dir->next; -+ free(dir); -+ dir = next; -+ } -+} -+ -+static void cleanup_polydir_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) - { - del_polydir_list(data); - } - -+static void cleanup_protect_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) -+{ -+ unprotect_dirs(data); -+} -+ - static char *expand_variables(const char *orig, const char *var_names[], const char *var_values[]) - { - const char *src = orig; -@@ -132,8 +152,8 @@ static char *expand_variables(const char - - static int parse_create_params(char *params, struct polydir_s *poly) - { -- char *sptr; -- struct passwd *pwd; -+ char *next; -+ struct passwd *pwd = NULL; - struct group *grp; - - poly->mode = (mode_t)ULONG_MAX; -@@ -144,28 +164,40 @@ static int parse_create_params(char *par - return 0; - params++; - -- params = strtok_r(params, ",", &sptr); -- if (params == NULL) -- return 0; -+ next = strchr(params, ','); -+ if (next != NULL) { -+ *next = '\0'; -+ next++; -+ } - -- errno = 0; -- poly->mode = (mode_t)strtoul(params, NULL, 0); -- if (errno != 0) { -- poly->mode = (mode_t)ULONG_MAX; -+ if (*params != '\0') { -+ errno = 0; -+ poly->mode = (mode_t)strtoul(params, NULL, 0); -+ if (errno != 0) { -+ poly->mode = (mode_t)ULONG_MAX; -+ } - } - -- params = strtok_r(NULL, ",", &sptr); -+ params = next; - if (params == NULL) - return 0; -+ next = strchr(params, ','); -+ if (next != NULL) { -+ *next = '\0'; -+ next++; -+ } - -- pwd = getpwnam(params); /* session modules are not reentrant */ -- if (pwd == NULL) -- return -1; -- poly->owner = pwd->pw_uid; -- -- params = strtok_r(NULL, ",", &sptr); -- if (params == NULL) { -- poly->group = pwd->pw_gid; -+ if (*params != '\0') { -+ pwd = getpwnam(params); /* session modules are not reentrant */ -+ if (pwd == NULL) -+ return -1; -+ poly->owner = pwd->pw_uid; -+ } -+ -+ params = next; -+ if (params == NULL || *params == '\0') { -+ if (pwd != NULL) -+ poly->group = pwd->pw_gid; - return 0; - } - grp = getgrnam(params); -@@ -199,7 +231,7 @@ static int parse_method(char *method, st - struct instance_data *idata) - { - enum polymethod pm; -- char *sptr; -+ char *sptr = NULL; - static const char *method_names[] = { "user", "context", "level", "tmpdir", - "tmpfs", NULL }; - static const char *flag_names[] = { "create", "noinit", "iscript", -@@ -921,10 +953,158 @@ fail: - return rc; - } - -+static int protect_mount(int dfd, const char *path, struct instance_data *idata) -+{ -+ struct protect_dir_s *dir = idata->protect_dirs; -+ char tmpbuf[64]; -+ -+ while (dir != NULL) { -+ if (strcmp(path, dir->dir) == 0) { -+ return 0; -+ } -+ dir = dir->next; -+ } -+ -+ dir = calloc(1, sizeof(*dir)); -+ -+ if (dir == NULL) { -+ return -1; -+ } -+ -+ dir->dir = strdup(path); -+ -+ if (dir->dir == NULL) { -+ free(dir); -+ return -1; -+ } -+ -+ snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd); -+ -+ if (idata->flags & PAMNS_DEBUG) { -+ pam_syslog(idata->pamh, LOG_INFO, -+ "Protect mount of %s over itself", path); -+ } -+ -+ if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { -+ int save_errno = errno; -+ pam_syslog(idata->pamh, LOG_ERR, -+ "Protect mount of %s failed: %m", tmpbuf); -+ free(dir->dir); -+ free(dir); -+ errno = save_errno; -+ return -1; -+ } -+ -+ dir->next = idata->protect_dirs; -+ idata->protect_dirs = dir; -+ -+ return 0; -+} -+ -+static int protect_dir(const char *path, mode_t mode, int do_mkdir, -+ struct instance_data *idata) -+{ -+ char *p = strdup(path); -+ char *d; -+ char *dir = p; -+ int dfd = AT_FDCWD; -+ int dfd_next; -+ int save_errno; -+ int flags = O_RDONLY; -+ int rv = -1; -+ struct stat st; -+ -+ if (p == NULL) { -+ goto error; -+ } -+ -+ if (*dir == '/') { -+ dfd = open("/", flags); -+ if (dfd == -1) { -+ goto error; -+ } -+ dir++; /* assume / is safe */ -+ } -+ -+ while ((d=strchr(dir, '/')) != NULL) { -+ *d = '\0'; -+ dfd_next = openat(dfd, dir, flags); -+ if (dfd_next == -1) { -+ goto error; -+ } -+ -+ if (dfd != AT_FDCWD) -+ close(dfd); -+ dfd = dfd_next; -+ -+ if (fstat(dfd, &st) != 0) { -+ goto error; -+ } -+ -+ if (flags & O_NOFOLLOW) { -+ /* we are inside user-owned dir - protect */ -+ if (protect_mount(dfd, p, idata) == -1) -+ goto error; -+ } else if (st.st_uid != 0 || st.st_gid != 0 || -+ (st.st_mode & S_IWOTH)) { -+ /* do not follow symlinks on subdirectories */ -+ flags |= O_NOFOLLOW; -+ } -+ -+ *d = '/'; -+ dir = d + 1; -+ } -+ -+ rv = openat(dfd, dir, flags); -+ -+ if (rv == -1) { -+ if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { -+ goto error; -+ } -+ rv = openat(dfd, dir, flags); -+ } -+ -+ if (rv != -1) { -+ if (fstat(rv, &st) != 0) { -+ save_errno = errno; -+ close(rv); -+ rv = -1; -+ errno = save_errno; -+ goto error; -+ } -+ if (!S_ISDIR(st.st_mode)) { -+ close(rv); -+ errno = ENOTDIR; -+ rv = -1; -+ goto error; -+ } -+ } -+ -+ if (flags & O_NOFOLLOW) { -+ /* we are inside user-owned dir - protect */ -+ if (protect_mount(rv, p, idata) == -1) { -+ save_errno = errno; -+ close(rv); -+ rv = -1; -+ errno = save_errno; -+ } -+ } -+ -+error: -+ save_errno = errno; -+ free(p); -+ if (dfd != AT_FDCWD) -+ close(dfd); -+ errno = save_errno; -+ -+ return rv; -+} -+ - static int check_inst_parent(char *ipath, struct instance_data *idata) - { - struct stat instpbuf; - char *inst_parent, *trailing_slash; -+ int dfd; - /* - * stat the instance parent path to make sure it exists - * and is a directory. Check that its mode is 000 (unless the -@@ -942,30 +1122,27 @@ static int check_inst_parent(char *ipath - if (trailing_slash) - *trailing_slash = '\0'; - -- if (stat(inst_parent, &instpbuf) < 0) { -- pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", inst_parent); -- free(inst_parent); -- return PAM_SESSION_ERR; -- } -+ dfd = protect_dir(inst_parent, 0, 1, idata); - -- /* -- * Make sure we are dealing with a directory -- */ -- if (!S_ISDIR(instpbuf.st_mode)) { -- pam_syslog(idata->pamh, LOG_ERR, "Instance parent %s is not a dir", -- inst_parent); -+ if (dfd == -1 || fstat(dfd, &instpbuf) < 0) { -+ pam_syslog(idata->pamh, LOG_ERR, -+ "Error creating or accessing instance parent %s, %m", inst_parent); -+ if (dfd != -1) -+ close(dfd); - free(inst_parent); - return PAM_SESSION_ERR; - } - - if ((idata->flags & PAMNS_IGN_INST_PARENT_MODE) == 0) { -- if (instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) { -- pam_syslog(idata->pamh, LOG_ERR, "Mode of inst parent %s not 000", -+ if ((instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) || instpbuf.st_uid != 0) { -+ pam_syslog(idata->pamh, LOG_ERR, "Mode of inst parent %s not 000 or owner not root", - inst_parent); -+ close(dfd); - free(inst_parent); - return PAM_SESSION_ERR; - } - } -+ close(dfd); - free(inst_parent); - return PAM_SUCCESS; - } -@@ -1051,6 +1228,8 @@ static int create_polydir(struct polydir - security_context_t dircon, oldcon = NULL; - #endif - const char *dir = polyptr->dir; -+ uid_t uid; -+ gid_t gid; - - if (polyptr->mode != (mode_t)ULONG_MAX) - mode = polyptr->mode; -@@ -1077,8 +1256,8 @@ static int create_polydir(struct polydir - } - #endif - -- rc = mkdir(dir, mode); -- if (rc != 0) { -+ rc = protect_dir(dir, mode, 1, idata); -+ if (rc == -1) { - pam_syslog(idata->pamh, LOG_ERR, - "Error creating directory %s: %m", dir); - return PAM_SESSION_ERR; -@@ -1098,36 +1277,41 @@ static int create_polydir(struct polydir - - if (polyptr->mode != (mode_t)ULONG_MAX) { - /* explicit mode requested */ -- if (chmod(dir, mode) != 0) { -+ if (fchmod(rc, mode) != 0) { - pam_syslog(idata->pamh, LOG_ERR, - "Error changing mode of directory %s: %m", dir); -+ close(rc); -+ umount(dir); /* undo the eventual protection bind mount */ - rmdir(dir); - return PAM_SESSION_ERR; - } - } - -- if (polyptr->owner != (uid_t)ULONG_MAX) { -- if (chown(dir, polyptr->owner, polyptr->group) != 0) { -- pam_syslog(idata->pamh, LOG_ERR, -- "Unable to change owner on directory %s: %m", dir); -- rmdir(dir); -- return PAM_SESSION_ERR; -- } -- if (idata->flags & PAMNS_DEBUG) -- pam_syslog(idata->pamh, LOG_DEBUG, -- "Polydir owner %u group %u from configuration", polyptr->owner, polyptr->group); -- } else { -- if (chown(dir, idata->uid, idata->gid) != 0) { -- pam_syslog(idata->pamh, LOG_ERR, -- "Unable to change owner on directory %s: %m", dir); -- rmdir(dir); -- return PAM_SESSION_ERR; -- } -- if (idata->flags & PAMNS_DEBUG) -- pam_syslog(idata->pamh, LOG_DEBUG, -- "Polydir owner %u group %u", idata->uid, idata->gid); -+ if (polyptr->owner != (uid_t)ULONG_MAX) -+ uid = polyptr->owner; -+ else -+ uid = idata->uid; -+ -+ if (polyptr->group != (gid_t)ULONG_MAX) -+ gid = polyptr->group; -+ else -+ gid = idata->gid; -+ -+ if (fchown(rc, uid, gid) != 0) { -+ pam_syslog(idata->pamh, LOG_ERR, -+ "Unable to change owner on directory %s: %m", dir); -+ close(rc); -+ umount(dir); /* undo the eventual protection bind mount */ -+ rmdir(dir); -+ return PAM_SESSION_ERR; - } - -+ close(rc); -+ -+ if (idata->flags & PAMNS_DEBUG) -+ pam_syslog(idata->pamh, LOG_DEBUG, -+ "Polydir owner %u group %u", uid, gid); -+ - return PAM_SUCCESS; - } - -@@ -1135,17 +1319,16 @@ static int create_polydir(struct polydir - * Create polyinstantiated instance directory (ipath). - */ - #ifdef WITH_SELINUX --static int create_dirs(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, -+static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, - security_context_t icontext, security_context_t ocontext, - struct instance_data *idata) - #else --static int create_dirs(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, -+static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, - struct instance_data *idata) - #endif - { - struct stat newstatbuf; - int fd; -- int newdir = 0; - - /* - * Check to make sure instance parent is valid. -@@ -1171,7 +1354,7 @@ static int create_dirs(struct polydir_s - strcpy(ipath, polyptr->instance_prefix); - } else if (mkdir(ipath, S_IRUSR) < 0) { - if (errno == EEXIST) -- goto inst_init; -+ return PAM_IGNORE; - else { - pam_syslog(idata->pamh, LOG_ERR, "Error creating %s, %m", - ipath); -@@ -1179,7 +1362,6 @@ static int create_dirs(struct polydir_s - } - } - -- newdir = 1; - /* Open a descriptor to it to prevent races */ - fd = open(ipath, O_DIRECTORY | O_RDONLY); - if (fd < 0) { -@@ -1235,33 +1417,22 @@ static int create_dirs(struct polydir_s - return PAM_SESSION_ERR; - } - close(fd); -- -- /* -- * Check to see if there is a namespace initialization script in -- * the /etc/security directory. If such a script exists -- * execute it and pass directory to polyinstantiate and instance -- * directory as arguments. -- */ -- --inst_init: -- if (polyptr->flags & POLYDIR_NOINIT) -- return PAM_SUCCESS; -- -- return inst_init(polyptr, ipath, idata, newdir); -+ return PAM_SUCCESS; - } - - - /* - * This function performs the namespace setup for a particular directory -- * that is being polyinstantiated. It creates an MD5 hash of instance -- * directory, calls create_dirs to create it with appropriate -+ * that is being polyinstantiated. It calls poly_name to create name of instance -+ * directory, calls create_instance to mkdir it with appropriate - * security attributes, and performs bind mount to setup the process - * namespace. - */ - static int ns_setup(struct polydir_s *polyptr, - struct instance_data *idata) - { -- int retval = 0; -+ int retval; -+ int newdir = 1; - char *inst_dir = NULL; - char *instname = NULL; - struct stat statbuf; -@@ -1273,37 +1444,40 @@ static int ns_setup(struct polydir_s *po - pam_syslog(idata->pamh, LOG_DEBUG, - "Set namespace for directory %s", polyptr->dir); - -- while (stat(polyptr->dir, &statbuf) < 0) { -- if (retval || !(polyptr->flags & POLYDIR_CREATE)) { -- pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", -- polyptr->dir); -- return PAM_SESSION_ERR; -- } else { -- if (create_polydir(polyptr, idata) != PAM_SUCCESS) -- return PAM_SESSION_ERR; -- retval = PAM_SESSION_ERR; /* bail out on next failed stat */ -- } -- } -+ retval = protect_dir(polyptr->dir, 0, 0, idata); - -- /* -- * Make sure we are dealing with a directory -- */ -- if (!S_ISDIR(statbuf.st_mode)) { -- pam_syslog(idata->pamh, LOG_ERR, "Polydir %s is not a dir", -+ if (retval < 0 && errno != ENOENT) { -+ pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", - polyptr->dir); -- return PAM_SESSION_ERR; -+ return PAM_SESSION_ERR; - } - -+ if (retval < 0 && (polyptr->flags & POLYDIR_CREATE)) { -+ if (create_polydir(polyptr, idata) != PAM_SUCCESS) -+ return PAM_SESSION_ERR; -+ } else { -+ close(retval); -+ } -+ - if (polyptr->method == TMPFS) { - if (mount("tmpfs", polyptr->dir, "tmpfs", 0, NULL) < 0) { - pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", - polyptr->dir); - return PAM_SESSION_ERR; - } -- /* we must call inst_init after the mount in this case */ -+ -+ if (polyptr->flags & POLYDIR_NOINIT) -+ return PAM_SUCCESS; -+ - return inst_init(polyptr, "tmpfs", idata, 1); - } - -+ if (stat(polyptr->dir, &statbuf) < 0) { -+ pam_syslog(idata->pamh, LOG_ERR, "Error stating %s: %m", -+ polyptr->dir); -+ return PAM_SESSION_ERR; -+ } -+ - /* - * Obtain the name of instance pathname based on the - * polyinstantiation method and instance context returned by -@@ -1341,14 +1515,18 @@ static int ns_setup(struct polydir_s *po - * contexts, owner, group and mode bits. - */ - #ifdef WITH_SELINUX -- retval = create_dirs(polyptr, inst_dir, &statbuf, instcontext, -+ retval = create_instance(polyptr, inst_dir, &statbuf, instcontext, - origcontext, idata); - #else -- retval = create_dirs(polyptr, inst_dir, &statbuf, idata); -+ retval = create_instance(polyptr, inst_dir, &statbuf, idata); - #endif - -- if (retval < 0) { -- pam_syslog(idata->pamh, LOG_ERR, "Error creating instance dir"); -+ if (retval == PAM_IGNORE) { -+ newdir = 0; -+ retval = PAM_SUCCESS; -+ } -+ -+ if (retval != PAM_SUCCESS) { - goto error_out; - } - -@@ -1363,6 +1541,9 @@ static int ns_setup(struct polydir_s *po - goto error_out; - } - -+ if (!(polyptr->flags & POLYDIR_NOINIT)) -+ retval = inst_init(polyptr, inst_dir, idata, newdir); -+ - goto cleanup; - - /* -@@ -1600,12 +1781,21 @@ static int setup_namespace(struct instan - } - } - out: -- if (retval != PAM_SUCCESS) -+ if (retval != PAM_SUCCESS) { -+ cleanup_tmpdirs(idata); -+ unprotect_dirs(idata->protect_dirs); -+ } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, idata->protect_dirs, -+ cleanup_protect_data) != PAM_SUCCESS) { -+ pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace protect data"); - cleanup_tmpdirs(idata); -- else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr, -- cleanup_data) != PAM_SUCCESS) { -- pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace data"); -+ unprotect_dirs(idata->protect_dirs); -+ return PAM_SYSTEM_ERR; -+ } else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr, -+ cleanup_polydir_data) != PAM_SUCCESS) { -+ pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace polydir data"); - cleanup_tmpdirs(idata); -+ pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); -+ idata->protect_dirs = NULL; - return PAM_SYSTEM_ERR; - } - return retval; -@@ -1742,6 +1932,7 @@ PAM_EXTERN int pam_sm_open_session(pam_h - /* init instance data */ - idata.flags = 0; - idata.polydirs_ptr = NULL; -+ idata.protect_dirs = NULL; - idata.pamh = pamh; - #ifdef WITH_SELINUX - if (is_selinux_enabled()) -@@ -1893,6 +2084,7 @@ PAM_EXTERN int pam_sm_close_session(pam_ - } - - pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL); -+ pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); - - return PAM_SUCCESS; - } -diff -up Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h.create Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h ---- Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h.create 2008-02-13 13:49:44.000000000 +0100 -+++ Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.h 2008-03-20 18:07:29.000000000 +0100 -@@ -107,6 +107,7 @@ - - #define NAMESPACE_MAX_DIR_LEN 80 - #define NAMESPACE_POLYDIR_DATA "pam_namespace:polydir_data" -+#define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data" - - /* - * Polyinstantiation method options, based on user, security context -@@ -156,9 +157,15 @@ struct polydir_s { - struct polydir_s *next; /* pointer to the next polydir entry */ - }; - -+struct protect_dir_s { -+ char *dir; /* protected directory */ -+ struct protect_dir_s *next; /* next entry */ -+}; -+ - struct instance_data { - pam_handle_t *pamh; /* The pam handle for this instance */ - struct polydir_s *polydirs_ptr; /* The linked list pointer */ -+ struct protect_dir_s *protect_dirs; /* The pointer to stack of mount-protected dirs */ - char user[LOGIN_NAME_MAX]; /* User name */ - char ruser[LOGIN_NAME_MAX]; /* Requesting user name */ - uid_t uid; /* The uid of the user */ -@@ -166,3 +173,4 @@ struct instance_data { - uid_t ruid; /* The uid of the requesting user */ - unsigned long flags; /* Flags for debug, selinux etc */ - }; -+ -diff -up Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml.create Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml ---- Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml.create 2008-02-13 13:49:44.000000000 +0100 -+++ Linux-PAM-1.0.1/modules/pam_namespace/namespace.conf.5.xml 2008-04-18 14:38:57.000000000 +0200 -@@ -25,8 +25,8 @@ - Directories can be polyinstantiated based on user name - or, in the case of SELinux, user name, sensitivity level or complete security context. If an - executable script /etc/security/namespace.init -- exists, it is used to initialize the namespace every time a new instance -- directory is setup. The script receives the polyinstantiated -+ exists, it is used to initialize the namespace every time an instance -+ directory is set up and mounted. The script receives the polyinstantiated - directory path and the instance directory path as its arguments. - - -diff -up Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml.create Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml ---- Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml.create 2008-02-13 13:49:44.000000000 +0100 -+++ Linux-PAM-1.0.1/modules/pam_namespace/pam_namespace.8.xml 2008-04-18 14:40:54.000000000 +0200 -@@ -64,11 +64,11 @@ - provides a different instance of itself based on user name, or when - using SELinux, user name, security context or both. If an executable - script /etc/security/namespace.init exists, it -- is used to initialize the namespace every time a new instance -- directory is setup. The script receives the polyinstantiated -- directory path, the instance directory path, flag whether the instance -- directory was newly created (0 for no, 1 for yes), and the user name -- as its arguments. -+ is used to initialize the instance directory after it is set up -+ and mounted on the polyinstantiated direcory. The script receives the -+ polyinstantiated directory path, the instance directory path, flag -+ whether the instance directory was newly created (0 for no, 1 for yes), -+ and the user name as its arguments. - - - diff --git a/pam.changes b/pam.changes index 3349695..4504c4b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + ------------------------------------------------------------------- Wed Feb 11 01:20:15 CET 2009 - ro@suse.de diff --git a/pam.spec b/pam.spec index a0f50bf..097aa11 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.0.2) +# spec file for package pam (Version 1.0.91) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,7 +17,11 @@ # norootforbuild +%if %{suse_version} < 1110 +%define enable_selinux 0 +%else %define enable_selinux 1 +%endif Name: pam Url: http://www.kernel.org/pub/linux/libs/pam/ @@ -28,9 +32,10 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.81.12 -%define libpam_misc_so_version 0.81.3 -%define libpamc_so_version 0.81.0 +BuildRequires: cracklib-dict-full pwdutils +%define libpam_so_version 0.82.1 +%define libpam_misc_so_version 0.82.0 +%define libpamc_so_version 0.82.0 License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on @@ -39,11 +44,11 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.0.2 -Release: 19 +Version: 1.0.91 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 -Source1: Linux-PAM-%{version}-SUSE-docs.tar.bz2 +Source1: Linux-PAM-%{version}-docs.tar.bz2 Source2: securetty Source3: other.pamd Source4: common-auth.pamd @@ -51,26 +56,9 @@ Source5: common-account.pamd Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment +Patch: cvs.diff +Patch1: pam_tally-deprecated.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -Patch: Linux-PAM-docu.diff -Patch1: pam_tally.diff -Patch2: pam_xauth.diff -Patch3: pam_sepermit.diff -Patch4: pam-1.0.1-namespace-create.patch -Patch5: pam-1.0.0-selinux-env-params.patch -Patch6: Linux-PAM-docu-generated.diff -Patch7: pam_mail.diff -Patch8: pam_tally-fdleak.diff -Patch9: pam_pwhistory-0.1.diff -Patch10: pam_lastlog.diff -Patch11: pam_tally2.diff -Patch12: pam_cracklib-no-pwhistory.diff -Patch13: pam_xauth-XAUTHLOCALHOSTNAME.diff -Patch14: pam_pwhistory-type.diff -Patch15: pam_time.diff -Patch16: pam_limits-doc.diff -Patch17: pam_limits-logging.diff -Patch18: libpam-password-requisite.diff %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -117,34 +105,11 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 -%patch -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p0 -%patch6 -p1 -%patch7 -p0 -%patch8 -p0 -%patch9 -p0 -chmod 755 modules/pam_pwhistory/tst-pam_pwhistory -%patch10 -p0 -%patch11 -p1 -chmod 755 modules/pam_tally2/tst-pam_tally2 -%patch12 -p0 -%patch13 -p0 -%patch14 -p0 -%patch15 -p0 -%patch16 -p0 -%patch17 -p0 -%patch18 -p0 +%patch -p0 +%patch1 -p0 %build -aclocal -I m4 --install --force -libtoolize --force --automake --copy -automake --add-missing --copy -autoreconf -CFLAGS="$RPM_OPT_FLAGS" \ +CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ ./configure \ --infodir=%{_infodir} \ --mandir=%{_mandir} \ @@ -308,6 +273,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_tally.so /%{_lib}/security/pam_tally2.so /%{_lib}/security/pam_time.so +/%{_lib}/security/pam_timestamp.so /%{_lib}/security/pam_tty_audit.so /%{_lib}/security/pam_umask.so /%{_lib}/security/pam_unix.so @@ -319,8 +285,10 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_warn.so /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so +/sbin/mkhomedir_helper /sbin/pam_tally /sbin/pam_tally2 +/sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %attr(0700,root,root) /sbin/unix_update @@ -342,6 +310,27 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Fri Mar 27 2009 kukuk@suse.de +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. * Wed Feb 11 2009 ro@suse.de - use sr@latin instead of sr@Latn * Thu Feb 05 2009 kukuk@suse.de diff --git a/pam_cracklib-no-pwhistory.diff b/pam_cracklib-no-pwhistory.diff deleted file mode 100644 index 174cef5..0000000 --- a/pam_cracklib-no-pwhistory.diff +++ /dev/null @@ -1,88 +0,0 @@ ---- modules/pam_cracklib/pam_cracklib.8.xml -+++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35 -@@ -111,15 +111,6 @@ - - - -- -- Already used -- -- -- Was the password used in the past? Previously used passwords -- are to be found in /etc/security/opasswd. -- -- -- - - - This module with no arguments will work well for standard unix ---- modules/pam_cracklib/pam_cracklib.c -+++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56 -@@ -472,43 +472,6 @@ - } - - --#define OLD_PASSWORDS_FILE "/etc/security/opasswd" -- --static const char * check_old_password(const char *forwho, const char *newpass) --{ -- static char buf[16384]; -- char *s_luser, *s_uid, *s_npas, *s_pas; -- const char *msg = NULL; -- FILE *opwfile; -- -- opwfile = fopen(OLD_PASSWORDS_FILE, "r"); -- if (opwfile == NULL) -- return NULL; -- -- while (fgets(buf, 16380, opwfile)) { -- if (!strncmp(buf, forwho, strlen(forwho))) { -- char *sptr; -- buf[strlen(buf)-1] = '\0'; -- s_luser = strtok_r(buf, ":,", &sptr); -- s_uid = strtok_r(NULL, ":,", &sptr); -- s_npas = strtok_r(NULL, ":,", &sptr); -- s_pas = strtok_r(NULL, ":,", &sptr); -- while (s_pas != NULL) { -- if (!strcmp(crypt(newpass, s_pas), s_pas)) { -- msg = _("has been already used"); -- break; -- } -- s_pas = strtok_r(NULL, ":,", &sptr); -- } -- break; -- } -- } -- fclose(opwfile); -- -- return msg; --} -- -- - static int _pam_unix_approve_pass(pam_handle_t *pamh, - unsigned int ctrl, - struct cracklib_options *opt, -@@ -516,7 +479,6 @@ - const char *pass_new) - { - const char *msg = NULL; -- const void *user; - int retval; - - if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { -@@ -532,15 +494,6 @@ - * checking this would be the place - */ - msg = password_check(opt, pass_old, pass_new); -- if (!msg) { -- retval = pam_get_item(pamh, PAM_USER, &user); -- if (retval != PAM_SUCCESS || user == NULL) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh,LOG_ERR,"Can not get username"); -- return PAM_AUTHTOK_ERR; -- } -- msg = check_old_password(user, pass_new); -- } - - if (msg) { - if (ctrl & PAM_DEBUG_ARG) diff --git a/pam_lastlog.diff b/pam_lastlog.diff deleted file mode 100644 index 80c6de4..0000000 --- a/pam_lastlog.diff +++ /dev/null @@ -1,325 +0,0 @@ -2008-09-30 Tomas Mraz - - * modules/pam_lastlog/pam_lastlog.8.xml: Document new options - noupdate and showfailed. - * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new - options. - (last_login_read): New output parameter lltime. Do not display - the last login message if it would be empty. - (last_login_date): New output parameter lltime. Do not write the - last login info when LASTLOG_UPDATE is not set. - (last_login_failed): New function to display the last bad login - attempt from btmp. - (pam_sm_open_session): Obtain lltime from last_login_date() and - call last_login_failed() when appropriate. - ---- modules/pam_lastlog/pam_lastlog.8.xml 9 Jun 2006 16:44:07 -0000 1.2 -+++ modules/pam_lastlog/pam_lastlog.8.xml 30 Sep 2008 14:40:39 -0000 1.5 -@@ -39,6 +39,12 @@ - - nowtmp - -+ -+ noupdate -+ -+ -+ showfailed -+ - - - -@@ -137,13 +143,35 @@ - - - -+ -+ -+ -+ -+ -+ -+ Don't update any file. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Display number of failed login attempts and the date of the -+ last failed attempt from btmp. The date is not displayed -+ when is specified. -+ -+ -+ - - - -- -- MODULE SERVICES PROVIDED -+ -+ MODULE TYPES PROVIDED - -- Only the service is supported. -+ Only the module type is provided. - - - -@@ -213,7 +241,7 @@ - pam.conf5 - , - -- pam.d8 -+ pam.d5 - , - - pam8 ---- modules/pam_lastlog/pam_lastlog.c 24 Aug 2006 18:29:30 -0000 1.23 -+++ modules/pam_lastlog/pam_lastlog.c 30 Sep 2008 14:40:39 -0000 1.24 -@@ -46,6 +46,10 @@ - }; - #endif /* hpux */ - -+#ifndef _PATH_BTMP -+# define _PATH_BTMP "/var/log/btmp" -+#endif -+ - /* XXX - time before ignoring lock. Is 1 sec enough? */ - #define LASTLOG_IGNORE_LOCK_TIME 1 - -@@ -75,11 +79,13 @@ - #define LASTLOG_DEBUG 020 /* send info to syslog(3) */ - #define LASTLOG_QUIET 040 /* keep quiet about things */ - #define LASTLOG_WTMP 0100 /* log to wtmp as well as lastlog */ -+#define LASTLOG_BTMP 0200 /* display failed login info from btmp */ -+#define LASTLOG_UPDATE 0400 /* update the lastlog and wtmp files (default) */ - - static int - _pam_parse(pam_handle_t *pamh, int flags, int argc, const char **argv) - { -- int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP); -+ int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE); - - /* does the appliction require quiet? */ - if (flags & PAM_SILENT) { -@@ -105,6 +111,10 @@ - ctrl |= LASTLOG_NEVER; - } else if (!strcmp(*argv,"nowtmp")) { - ctrl &= ~LASTLOG_WTMP; -+ } else if (!strcmp(*argv,"noupdate")) { -+ ctrl &= ~(LASTLOG_WTMP|LASTLOG_UPDATE); -+ } else if (!strcmp(*argv,"showfailed")) { -+ ctrl |= LASTLOG_BTMP; - } else { - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); - } -@@ -135,7 +145,7 @@ - } - - static int --last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid) -+last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t *lltime) - { - struct flock last_lock; - struct lastlog last_login; -@@ -166,6 +176,7 @@ - last_lock.l_type = F_UNLCK; - (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */ - -+ *lltime = last_login.ll_time; - if (!last_login.ll_time) { - if (announce & LASTLOG_DEBUG) { - pam_syslog(pamh, LOG_DEBUG, -@@ -216,8 +227,9 @@ - } - } - -- /* TRANSLATORS: "Last login: from on " */ -- retval = pam_info(pamh, _("Last login:%s%s%s"), -+ if (date != NULL || host != NULL || line != NULL) -+ /* TRANSLATORS: "Last login: from on " */ -+ retval = pam_info(pamh, _("Last login:%s%s%s"), - date ? date : "", - host ? host : "", - line ? line : ""); -@@ -320,13 +332,13 @@ - } - - static int --last_login_date(pam_handle_t *pamh, int announce, uid_t uid, const char *user) -+last_login_date(pam_handle_t *pamh, int announce, uid_t uid, const char *user, time_t *lltime) - { - int retval; - int last_fd; - - /* obtain the last login date and all the relevant info */ -- last_fd = open(_PATH_LASTLOG, O_RDWR); -+ last_fd = open(_PATH_LASTLOG, announce&LASTLOG_UPDATE ? O_RDWR : O_RDONLY); - if (last_fd < 0) { - if (errno == ENOENT) { - last_fd = open(_PATH_LASTLOG, O_RDWR|O_CREAT, -@@ -353,7 +365,7 @@ - return PAM_SERVICE_ERR; - } - -- retval = last_login_read(pamh, announce, last_fd, uid); -+ retval = last_login_read(pamh, announce, last_fd, uid, lltime); - if (retval != PAM_SUCCESS) - { - close(last_fd); -@@ -361,7 +373,9 @@ - return retval; - } - -- retval = last_login_write(pamh, announce, last_fd, uid, user); -+ if (announce & LASTLOG_UPDATE) { -+ retval = last_login_write(pamh, announce, last_fd, uid, user); -+ } - - close(last_fd); - D(("all done with last login")); -@@ -369,6 +383,121 @@ - return retval; - } - -+static int -+last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t lltime) -+{ -+ int retval; -+ int fd; -+ struct utmp ut; -+ struct utmp utuser; -+ int failed = 0; -+ char the_time[256]; -+ char *date = NULL; -+ char *host = NULL; -+ char *line = NULL; -+ -+ if (strlen(user) > UT_NAMESIZE) { -+ pam_syslog(pamh, LOG_WARNING, "username too long, output might be inaccurate"); -+ } -+ -+ /* obtain the failed login attempt records from btmp */ -+ fd = open(_PATH_BTMP, O_RDONLY); -+ if (fd < 0) { -+ pam_syslog(pamh, LOG_ERR, "unable to open %s: %m", _PATH_BTMP); -+ D(("unable to open %s file", _PATH_BTMP)); -+ return PAM_SERVICE_ERR; -+ } -+ -+ while ((retval=pam_modutil_read(fd, (void *)&ut, -+ sizeof(ut))) == sizeof(ut)) { -+ if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { -+ memcpy(&utuser, &ut, sizeof(utuser)); -+ failed++; -+ } -+ } -+ -+ if (failed) { -+ /* we want the date? */ -+ if (announce & LASTLOG_DATE) { -+ struct tm *tm, tm_buf; -+ time_t lf_time; -+ -+ lf_time = utuser.ut_tv.tv_sec; -+ tm = localtime_r (&lf_time, &tm_buf); -+ strftime (the_time, sizeof (the_time), -+ /* TRANSLATORS: "strftime options for date of last login" */ -+ _(" %a %b %e %H:%M:%S %Z %Y"), tm); -+ -+ date = the_time; -+ } -+ -+ /* we want & have the host? */ -+ if ((announce & LASTLOG_HOST) -+ && (utuser.ut_host[0] != '\0')) { -+ /* TRANSLATORS: " from " */ -+ if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE, -+ utuser.ut_host) < 0) { -+ pam_syslog(pamh, LOG_ERR, "out of memory"); -+ retval = PAM_BUF_ERR; -+ goto cleanup; -+ } -+ } -+ -+ /* we want and have the terminal? */ -+ if ((announce & LASTLOG_LINE) -+ && (utuser.ut_line[0] != '\0')) { -+ /* TRANSLATORS: " on " */ -+ if (asprintf(&line, _(" on %.*s"), UT_LINESIZE, -+ utuser.ut_line) < 0) { -+ pam_syslog(pamh, LOG_ERR, "out of memory"); -+ retval = PAM_BUF_ERR; -+ goto cleanup; -+ } -+ } -+ -+ if (line != NULL || date != NULL || host != NULL) { -+ /* TRANSLATORS: "Last failed login: from on " */ -+ pam_info(pamh, _("Last failed login:%s%s%s"), -+ date ? date : "", -+ host ? host : "", -+ line ? line : ""); -+ } -+ -+ _pam_drop(line); -+#if defined HAVE_DNGETTEXT && defined ENABLE_NLS -+ retval = asprintf (&line, dngettext(PACKAGE, -+ "There was %d failed login attempt since the last successful login.", -+ "There were %d failed login attempts since the last successful login.", -+ failed), -+ failed); -+#else -+ if (daysleft == 1) -+ retval = asprintf(&line, -+ _("There was %d failed login attempt since the last successful login."), -+ failed); -+ else -+ retval = asprintf(&line, -+ /* TRANSLATORS: only used if dngettext is not supported */ -+ _("There were %d failed login attempts since the last successful login."), -+ failed); -+#endif -+ if (retval >= 0) -+ retval = pam_info(pamh, "%s", line); -+ else { -+ retval = PAM_BUF_ERR; -+ line = NULL; -+ } -+ } -+ -+cleanup: -+ free(host); -+ free(line); -+ close(fd); -+ D(("all done with btmp")); -+ -+ return retval; -+} -+ - /* --- authentication management functions (only) --- */ - - PAM_EXTERN int -@@ -379,6 +508,7 @@ - const void *user; - const struct passwd *pwd; - uid_t uid; -+ time_t lltime = 0; - - /* - * this module gets the uid of the PAM_USER. Uses it to display -@@ -407,7 +537,11 @@ - - /* process the current login attempt (indicate last) */ - -- retval = last_login_date(pamh, ctrl, uid, user); -+ retval = last_login_date(pamh, ctrl, uid, user, &lltime); -+ -+ if ((ctrl & LASTLOG_BTMP) && retval == PAM_SUCCESS) { -+ retval = last_login_failed(pamh, ctrl, user, lltime); -+ } - - /* indicate success or failure */ - diff --git a/pam_limits-doc.diff b/pam_limits-doc.diff deleted file mode 100644 index de00437..0000000 --- a/pam_limits-doc.diff +++ /dev/null @@ -1,23 +0,0 @@ ---- modules/pam_limits/limits.conf.5.xml -+++ modules/pam_limits/limits.conf.5.xml 2008/11/27 14:25:16 -@@ -230,6 +230,11 @@ - - - -+ All items support the values -1, -+ unlimited or infinity indicating no limit, -+ except for priority and nice. -+ -+ - In general, individual limits have priority over group limits, so if - you impose no limits for admin group, but one of - the members in this group have a limits line, the user will have its -@@ -275,6 +280,7 @@ - pam_limits8, - pam.d5, -- pam8 -+ pam8, -+ getrlimit2 - - - diff --git a/pam_limits-logging.diff b/pam_limits-logging.diff deleted file mode 100644 index 51e304d..0000000 --- a/pam_limits-logging.diff +++ /dev/null @@ -1,125 +0,0 @@ ---- modules/pam_limits/pam_limits.c 7 Dec 2007 15:40:02 -0000 1.46 -+++ modules/pam_limits/pam_limits.c 5 Feb 2009 15:48:49 -0000 -@@ -42,7 +42,7 @@ - #include - - #ifdef HAVE_LIBAUDIT --#include -+#include - #endif - - /* Module defines */ -@@ -141,6 +141,73 @@ - return ctrl; - } - -+static const char * -+i2str (int i) -+{ -+ switch (i) { -+ case RLIMIT_CPU: -+ return "cpu"; -+ break; -+ case RLIMIT_FSIZE: -+ return "fsize"; -+ break; -+ case RLIMIT_DATA: -+ return "data"; -+ break; -+ case RLIMIT_STACK: -+ return "stack"; -+ break; -+ case RLIMIT_CORE: -+ return "core"; -+ break; -+ case RLIMIT_RSS: -+ return "rss"; -+ break; -+ case RLIMIT_NPROC: -+ return "nproc"; -+ break; -+ case RLIMIT_NOFILE: -+ return "nofile"; -+ break; -+ case RLIMIT_MEMLOCK: -+ return "memlock"; -+ break; -+#ifdef RLIMIT_AS -+ case RLIMIT_AS: -+ return "as"; -+ break; -+#endif -+#ifdef RLIMIT_LOCKS -+ case RLIMIT_LOCKS: -+ return "locks"; -+ break; -+#endif -+#ifdef RLIMIT_SIGPENDING -+ case RLIMIT_SIGPENDING: -+ return "sigpending"; -+ break; -+#endif -+#ifdef RLIMIT_MSGQUEUE -+ case RLIMIT_MSGQUEUE: -+ return "msgqueue"; -+ break; -+#endif -+#ifdef RLIMIT_NICE -+ case RLIMIT_NICE: -+ return "nice"; -+ break; -+#endif -+#ifdef RLIMIT_RTPRIO -+ case RLIMIT_RTPRIO: -+ return "rtprio"; -+ break; -+#endif -+ default: -+ return "UNKNOWN"; -+ break; -+ } -+} -+ - - #define LIMITED_OK 0 /* limit setting appeared to work */ - #define LIMIT_ERR 1 /* error setting a limit */ -@@ -416,8 +483,8 @@ - if (int_value < -20) - int_value = -20; - rlimit_value = 20 - int_value; --#endif - break; -+#endif - } - - if ( (limit_item != LIMIT_LOGIN) -@@ -575,6 +642,8 @@ - int retval = LIMITED_OK; - - for (i=0, status=LIMITED_OK; ilimits[i].supported) { - /* skip it if its not known to the system */ - continue; -@@ -586,7 +655,11 @@ - } - if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) - pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; -- status |= setrlimit(i, &pl->limits[i].limit); -+ res = setrlimit(i, &pl->limits[i].limit); -+ if (res != 0) -+ pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", -+ i2str(i)); -+ status |= res; - } - - if (status) { -@@ -595,6 +668,7 @@ - - status = setpriority(PRIO_PROCESS, 0, pl->priority); - if (status != 0) { -+ pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m"); - retval = LIMIT_ERR; - } - diff --git a/pam_mail.diff b/pam_mail.diff deleted file mode 100644 index abeb915..0000000 --- a/pam_mail.diff +++ /dev/null @@ -1,49 +0,0 @@ -2008-09-25 Thorsten Kukuk - - * modules/pam_mail/pam_mail.c (report_mail): Fix logic of - "quiet" option (Patch from Andreas Henriksson ) - - * modules/pam_mail/pam_mail.8.xml: Fix typo. - -diff -u -r1.5 pam_mail.8.xml ---- modules/pam_mail/pam_mail.8.xml 18 Aug 2008 13:29:24 -0000 1.5 -+++ modules/pam_mail/pam_mail.8.xml 25 Sep 2008 11:51:29 -0000 -@@ -40,7 +40,7 @@ - nopen - - -- quit -+ quiet - - - standard ---- modules/pam_mail/pam_mail.c 30 Apr 2007 10:56:24 -0000 1.19 -+++ modules/pam_mail/pam_mail.c 25 Sep 2008 11:51:29 -0000 -@@ -303,8 +303,13 @@ - { - int retval; - -- if (!(ctrl & PAM_MAIL_SILENT) || -- ((ctrl & PAM_QUIET_MAIL) && type == HAVE_NEW_MAIL)) -+ if ((ctrl & PAM_MAIL_SILENT) || -+ ((ctrl & PAM_QUIET_MAIL) && type != HAVE_NEW_MAIL)) -+ { -+ D(("keeping quiet")); -+ retval = PAM_SUCCESS; -+ } -+ else - { - if (ctrl & PAM_STANDARD_MAIL) - switch (type) -@@ -345,11 +350,6 @@ - break; - } - } -- else -- { -- D(("keeping quiet")); -- retval = PAM_SUCCESS; -- } - - D(("returning %s", pam_strerror(pamh, retval))); - return retval; diff --git a/pam_pwhistory-0.1.diff b/pam_pwhistory-0.1.diff deleted file mode 100644 index db71aa6..0000000 --- a/pam_pwhistory-0.1.diff +++ /dev/null @@ -1,1725 +0,0 @@ -2008-10-10 Thorsten Kukuk - - * configure.in: add modules/pam_pwhistory/Makefile. - * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. - * doc/sag/pam_pwhistory.xml: New. - * libpam/pam_static_modules.h: Add pam_pwhistory data. - * modules/Makefile.am: Add pam_pwhistory directory. - * modules/pam_pwhistory/Makefile.am: New. - * modules/pam_pwhistory/README.xml: New. - * modules/pam_pwhistory/opasswd.c: New. - * modules/pam_pwhistory/opasswd.h: New. - * modules/pam_pwhistory/pam_pwhistory.8.xml: New. - * modules/pam_pwhistory/pam_pwhistory.c: New. - * modules/pam_pwhistory/tst-pam_pwhistory: New. - * xtests/Makefile.am: New. - * xtests/run-xtests.sh: New. - * xtests/tst-pam_pwhistory1.c: New. - * xtests/tst-pam_pwhistory1.pamd: New. - * xtests/tst-pam_pwhistory1.sh: New. - * po/POTFILES.in: Add modules/pam_pwhistory/. - ---- configure.in 18 Aug 2008 13:29:21 -0000 1.126 -+++ configure.in 10 Oct 2008 06:52:40 -0000 -@@ -542,7 +542,7 @@ - modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile \ - modules/pam_namespace/Makefile \ - modules/pam_nologin/Makefile modules/pam_permit/Makefile \ -- modules/pam_rhosts/Makefile \ -+ modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile \ - modules/pam_rootok/Makefile modules/pam_exec/Makefile \ - modules/pam_securetty/Makefile modules/pam_selinux/Makefile \ - modules/pam_sepermit/Makefile \ ---- doc/sag/Linux-PAM_SAG.xml 4 Apr 2008 10:23:00 -0000 1.8 -+++ doc/sag/Linux-PAM_SAG.xml 10 Oct 2008 06:52:40 -0000 -@@ -443,6 +443,8 @@ - - -+ - -Index: doc/sag/pam_pwhistory.xml -=================================================================== -RCS file: doc/sag/pam_pwhistory.xml -diff -N doc/sag/pam_pwhistory.xml ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ doc/sag/pam_pwhistory.xml 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,38 @@ -+ -+ -+
-+ pam_pwhistory - grant access using .pwhistory file -+ -+ -+ -+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-+ -+
-+
-Index: libpam/pam_static_modules.h -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/libpam/pam_static_modules.h,v -retrieving revision 1.8 -diff -u -r1.8 pam_static_modules.h ---- libpam/pam_static_modules.h 4 Feb 2008 13:37:35 -0000 1.8 -+++ libpam/pam_static_modules.h 10 Oct 2008 06:52:40 -0000 -@@ -61,6 +61,7 @@ - #endif - extern struct pam_module _pam_nologin_modstruct; - extern struct pam_module _pam_permit_modstruct; -+extern struct pam_module _pam_pwhistory_modstruct; - extern struct pam_module _pam_rhosts_modstruct; - extern struct pam_module _pam_rhosts_auth_modstruct; - extern struct pam_module _pam_rootok_modstruct; -@@ -119,6 +120,7 @@ - #endif - &_pam_nologin_modstruct, - &_pam_permit_modstruct, -+ &_pam_pwhistory_modstruct, - &_pam_rhosts_modstruct, - &_pam_rhosts_auth_modstruct, - &_pam_rootok_modstruct, -Index: modules/Makefile.am -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/Makefile.am,v -retrieving revision 1.14 -diff -u -r1.14 Makefile.am ---- modules/Makefile.am 4 Feb 2008 14:00:20 -0000 1.14 -+++ modules/Makefile.am 10 Oct 2008 06:52:40 -0000 -@@ -1,15 +1,16 @@ - # --# Copyright (c) 2005, 2006 Thorsten Kukuk -+# Copyright (c) 2005, 2006, 2008 Thorsten Kukuk - # - - SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ -- pam_env pam_filter pam_ftp pam_group pam_issue pam_keyinit \ -- pam_lastlog pam_limits pam_listfile pam_localuser pam_mail \ -- pam_mkhomedir pam_motd pam_nologin pam_permit pam_rhosts pam_rootok \ -- pam_securetty pam_selinux pam_sepermit pam_shells pam_stress \ -+ pam_env pam_exec pam_faildelay pam_filter pam_ftp \ -+ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ -+ pam_listfile pam_localuser pam_loginuid pam_mail \ -+ pam_mkhomedir pam_motd pam_namespace pam_nologin \ -+ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ -+ pam_selinux pam_sepermit pam_shells pam_stress \ - pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \ -- pam_unix pam_userdb pam_warn pam_wheel pam_xauth pam_exec \ -- pam_namespace pam_loginuid pam_faildelay -+ pam_unix pam_userdb pam_warn pam_wheel pam_xauth - - CLEANFILES = *~ - -Index: modules/pam_pwhistory/.cvsignore -=================================================================== -RCS file: modules/pam_pwhistory/.cvsignore -diff -N modules/pam_pwhistory/.cvsignore ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/.cvsignore 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,8 @@ -+*.la -+*.lo -+.deps -+.libs -+Makefile -+Makefile.in -+README -+pam_pwhistory.8 -Index: modules/pam_pwhistory/Makefile.am -=================================================================== -RCS file: modules/pam_pwhistory/Makefile.am -diff -N modules/pam_pwhistory/Makefile.am ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/Makefile.am 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,35 @@ -+# -+# Copyright (c) 2008 Thorsten Kukuk -+# -+ -+CLEANFILES = *~ -+ -+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory -+ -+TESTS = tst-pam_pwhistory -+ -+man_MANS = pam_pwhistory.8 -+ -+XMLS = README.xml pam_pwhistory.8.xml -+ -+securelibdir = $(SECUREDIR) -+secureconfdir = $(SCONFIGDIR) -+ -+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include -+AM_LDFLAGS = -no-undefined -avoid-version -module -+if HAVE_VERSIONING -+ AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -+endif -+ -+noinst_HEADERS = opasswd.h -+ -+securelib_LTLIBRARIES = pam_pwhistory.la -+pam_pwhistory_la_LIBADD = -L$(top_builddir)/libpam -lpam @LIBCRYPT@ -+pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c -+ -+if ENABLE_REGENERATE_MAN -+noinst_DATA = README -+README: pam_pwhistory.8.xml -+-include $(top_srcdir)/Make.xml.rules -+endif -+ -Index: modules/pam_pwhistory/README.xml -=================================================================== -RCS file: modules/pam_pwhistory/README.xml -diff -N modules/pam_pwhistory/README.xml ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/README.xml 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,41 @@ -+ -+ -+--> -+]> -+ -+
-+ -+ -+ -+ -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -+ href="pam_pwhistory.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_pwhistory-name"]/*)'/> -+ -+ -+ -+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-Index: modules/pam_pwhistory/opasswd.c -=================================================================== -RCS file: modules/pam_pwhistory/opasswd.c -diff -N modules/pam_pwhistory/opasswd.c ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/opasswd.c 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,473 @@ -+/* -+ * Copyright (c) 2008 Thorsten Kukuk -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#if defined(HAVE_CONFIG_H) -+#include -+#endif -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#if defined (HAVE_XCRYPT_H) -+#include -+#elif defined (HAVE_CRYPT_H) -+#include -+#endif -+ -+#include -+#include -+ -+#include "opasswd.h" -+ -+#ifndef RANDOM_DEVICE -+#define RANDOM_DEVICE "/dev/urandom" -+#endif -+ -+#define OLD_PASSWORDS_FILE "/etc/security/opasswd" -+#define TMP_PASSWORDS_FILE OLD_PASSWORDS_FILE".tmpXXXXXX" -+ -+#define DEFAULT_BUFLEN 4096 -+ -+typedef struct { -+ char *user; -+ char *uid; -+ int count; -+ char *old_passwords; -+} opwd; -+ -+ -+static int -+parse_entry (char *line, opwd *data) -+{ -+ const char delimiters[] = ":"; -+ char *endptr; -+ -+ data->user = strsep (&line, delimiters); -+ data->uid = strsep (&line, delimiters); -+ data->count = strtol (strsep (&line, delimiters), &endptr, 10); -+ if (endptr != NULL && *endptr != '\0') -+ return 1; -+ -+ data->old_passwords = strsep (&line, delimiters); -+ -+ return 0; -+} -+ -+/* Check, if the new password is already in the opasswd file. */ -+int -+check_old_password (pam_handle_t *pamh, const char *user, -+ const char *newpass, int debug) -+{ -+ int retval = PAM_SUCCESS; -+ FILE *oldpf; -+ char *buf = NULL; -+ size_t buflen = 0; -+ opwd entry; -+ int found = 0; -+ -+ if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) -+ { -+ if (errno != ENOENT) -+ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", OLD_PASSWORDS_FILE); -+ return PAM_SUCCESS; -+ } -+ -+ while (!feof (oldpf)) -+ { -+ char *cp, *tmp; -+#if defined(HAVE_GETLINE) -+ ssize_t n = getline (&buf, &buflen, oldpf); -+#elif defined (HAVE_GETDELIM) -+ ssize_t n = getdelim (&buf, &buflen, '\n', oldpf); -+#else -+ ssize_t n; -+ -+ if (buf == NULL) -+ { -+ buflen = DEFAULT_BUFLEN; -+ buf = malloc (buflen); -+ if (buf == NULL) -+ return PAM_BUF_ERR; -+ } -+ buf[0] = '\0'; -+ fgets (buf, buflen - 1, oldpf); -+ n = strlen (buf); -+#endif /* HAVE_GETLINE / HAVE_GETDELIM */ -+ cp = buf; -+ -+ if (n < 1) -+ break; -+ -+ tmp = strchr (cp, '#'); /* remove comments */ -+ if (tmp) -+ *tmp = '\0'; -+ while (isspace ((int)*cp)) /* remove spaces and tabs */ -+ ++cp; -+ if (*cp == '\0') /* ignore empty lines */ -+ continue; -+ -+ if (cp[strlen (cp) - 1] == '\n') -+ cp[strlen (cp) - 1] = '\0'; -+ -+ if (strncmp (cp, user, strlen (user)) == 0 && -+ cp[strlen (user)] == ':') -+ { -+ /* We found the line we needed */ -+ if (parse_entry (cp, &entry) == 0) -+ { -+ found = 1; -+ break; -+ } -+ } -+ } -+ -+ fclose (oldpf); -+ -+ if (found) -+ { -+ const char delimiters[] = ","; -+ struct crypt_data output; -+ char *running; -+ char *oldpass; -+ -+ memset (&output, 0, sizeof (output)); -+ -+ running = strdupa (entry.old_passwords); -+ if (running == NULL) -+ return PAM_BUF_ERR; -+ -+ do { -+ oldpass = strsep (&running, delimiters); -+ if (oldpass && strlen (oldpass) > 0 && -+ strcmp (crypt_r (newpass, oldpass, &output), oldpass) == 0) -+ { -+ if (debug) -+ pam_syslog (pamh, LOG_DEBUG, "New password already used"); -+ retval = PAM_AUTHTOK_ERR; -+ break; -+ } -+ } while (oldpass != NULL); -+ } -+ -+ if (buf) -+ free (buf); -+ -+ return retval; -+} -+ -+int -+save_old_password (pam_handle_t *pamh, const char *user, uid_t uid, -+ const char *oldpass, int howmany, int debug UNUSED) -+{ -+ char opasswd_tmp[] = TMP_PASSWORDS_FILE; -+ struct stat opasswd_stat; -+ FILE *oldpf, *newpf; -+ int newpf_fd; -+ int do_create = 0; -+ int retval = PAM_SUCCESS; -+ char *buf = NULL; -+ size_t buflen = 0; -+ int found = 0; -+ -+ if (howmany <= 0) -+ return PAM_SUCCESS; -+ -+ if (oldpass == NULL || *oldpass == '\0') -+ return PAM_SUCCESS; -+ -+ if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) -+ { -+ if (errno == ENOENT) -+ { -+ pam_syslog (pamh, LOG_NOTICE, "Creating %s", -+ OLD_PASSWORDS_FILE); -+ do_create = 1; -+ } -+ else -+ { -+ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", -+ OLD_PASSWORDS_FILE); -+ return PAM_AUTHTOK_ERR; -+ } -+ } -+ else if (fstat (fileno (oldpf), &opasswd_stat) < 0) -+ { -+ pam_syslog (pamh, LOG_ERR, "Cannot stat %s: %m", OLD_PASSWORDS_FILE); -+ fclose (oldpf); -+ return PAM_AUTHTOK_ERR; -+ } -+ -+ /* Open a temp passwd file */ -+ newpf_fd = mkstemp (opasswd_tmp); -+ if (newpf_fd == -1) -+ { -+ pam_syslog (pamh, LOG_ERR, "Cannot create %s temp file: %m", -+ OLD_PASSWORDS_FILE); -+ fclose (oldpf); -+ return PAM_AUTHTOK_ERR; -+ } -+ if (do_create) -+ { -+ if (fchmod (newpf_fd, S_IRUSR|S_IWUSR) != 0) -+ pam_syslog (pamh, LOG_ERR, -+ "Cannot set permissions of %s temp file: %m", -+ OLD_PASSWORDS_FILE); -+ if (fchown (newpf_fd, 0, 0) != 0) -+ pam_syslog (pamh, LOG_ERR, -+ "Cannot set owner/group of %s temp file: %m", -+ OLD_PASSWORDS_FILE); -+ } -+ else -+ { -+ if (fchmod (newpf_fd, opasswd_stat.st_mode) != 0) -+ pam_syslog (pamh, LOG_ERR, -+ "Cannot set permissions of %s temp file: %m", -+ OLD_PASSWORDS_FILE); -+ if (fchown (newpf_fd, opasswd_stat.st_uid, opasswd_stat.st_gid) != 0) -+ pam_syslog (pamh, LOG_ERR, -+ "Cannot set owner/group of %s temp file: %m", -+ OLD_PASSWORDS_FILE); -+ } -+ newpf = fdopen (newpf_fd, "w+"); -+ if (newpf == NULL) -+ { -+ pam_syslog (pamh, LOG_ERR, "Cannot fdopen %s: %m", opasswd_tmp); -+ fclose (oldpf); -+ close (newpf_fd); -+ retval = PAM_AUTHTOK_ERR; -+ goto error_opasswd; -+ } -+ -+ if (!do_create) -+ while (!feof (oldpf)) -+ { -+ char *cp, *tmp, *save; -+#if defined(HAVE_GETLINE) -+ ssize_t n = getline (&buf, &buflen, oldpf); -+#elif defined (HAVE_GETDELIM) -+ ssize_t n = getdelim (&buf, &buflen, '\n', oldpf); -+#else -+ ssize_t n; -+ -+ if (buf == NULL) -+ { -+ buflen = DEFAULT_BUFLEN; -+ buf = malloc (buflen); -+ if (buf == NULL) -+ return PAM_BUF_ERR; -+ -+ } -+ buf[0] = '\0'; -+ fgets (buf, buflen - 1, oldpf); -+ n = strlen (buf); -+#endif /* HAVE_GETLINE / HAVE_GETDELIM */ -+ -+ cp = buf; -+ save = strdup (buf); /* Copy to write the original data back. */ -+ if (save == NULL) -+ return PAM_BUF_ERR; -+ -+ if (n < 1) -+ break; -+ -+ tmp = strchr (cp, '#'); /* remove comments */ -+ if (tmp) -+ *tmp = '\0'; -+ while (isspace ((int)*cp)) /* remove spaces and tabs */ -+ ++cp; -+ if (*cp == '\0') /* ignore empty lines */ -+ goto write_old_data; -+ -+ if (cp[strlen (cp) - 1] == '\n') -+ cp[strlen (cp) - 1] = '\0'; -+ -+ if (strncmp (cp, user, strlen (user)) == 0 && -+ cp[strlen (user)] == ':') -+ { -+ /* We found the line we needed */ -+ opwd entry; -+ -+ if (parse_entry (cp, &entry) == 0) -+ { -+ char *out = NULL; -+ -+ found = 1; -+ -+ /* Don't save the current password twice */ -+ if (entry.old_passwords) -+ { -+ /* there is only one password */ -+ if (strcmp (entry.old_passwords, oldpass) == 0) -+ goto write_old_data; -+ else -+ { -+ /* check last entry */ -+ cp = strstr (entry.old_passwords, oldpass); -+ -+ if (cp && strcmp (cp, oldpass) == 0) -+ { /* the end is the same, check that there -+ is a "," before. */ -+ --cp; -+ if (*cp == ',') -+ goto write_old_data; -+ } -+ } -+ } -+ -+ /* increase count. */ -+ entry.count++; -+ -+ /* check that we don't remember to many passwords. */ -+ while (entry.count > howmany) -+ { -+ char *p = strpbrk (entry.old_passwords, ","); -+ if (p != NULL) -+ entry.old_passwords = ++p; -+ entry.count--; -+ } -+ -+ if (entry.old_passwords == NULL) -+ { -+ if (asprintf (&out, "%s:%s:%d:%s\n", -+ entry.user, entry.uid, entry.count, -+ oldpass) < 0) -+ { -+ retval = PAM_AUTHTOK_ERR; -+ fclose (oldpf); -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ } -+ else -+ { -+ if (asprintf (&out, "%s:%s:%d:%s,%s\n", -+ entry.user, entry.uid, entry.count, -+ entry.old_passwords, oldpass) < 0) -+ { -+ retval = PAM_AUTHTOK_ERR; -+ fclose (oldpf); -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ } -+ -+ if (fputs (out, newpf) < 0) -+ { -+ free (out); -+ free (save); -+ retval = PAM_AUTHTOK_ERR; -+ fclose (oldpf); -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ free (out); -+ } -+ } -+ else -+ { -+ write_old_data: -+ if (fputs (save, newpf) < 0) -+ { -+ free (save); -+ retval = PAM_AUTHTOK_ERR; -+ fclose (oldpf); -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ } -+ free (save); -+ } -+ -+ if (!found) -+ { -+ char *out; -+ -+ if (asprintf (&out, "%s:%d:1:%s\n", user, uid, oldpass) < 0) -+ { -+ retval = PAM_AUTHTOK_ERR; -+ if (oldpf) -+ fclose (oldpf); -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ if (fputs (out, newpf) < 0) -+ { -+ free (out); -+ retval = PAM_AUTHTOK_ERR; -+ if (oldpf) -+ fclose (oldpf); -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ free (out); -+ } -+ -+ if (oldpf) -+ if (fclose (oldpf) != 0) -+ { -+ pam_syslog (pamh, LOG_ERR, "Error while closing old opasswd file: %m"); -+ retval = PAM_AUTHTOK_ERR; -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ -+ if (fclose (newpf) != 0) -+ { -+ pam_syslog (pamh, LOG_ERR, -+ "Error while closing temporary opasswd file: %m"); -+ retval = PAM_AUTHTOK_ERR; -+ goto error_opasswd; -+ } -+ -+ unlink (OLD_PASSWORDS_FILE".old"); -+ if (link (OLD_PASSWORDS_FILE, OLD_PASSWORDS_FILE".old") != 0 && -+ errno != ENOENT) -+ pam_syslog (pamh, LOG_ERR, "Cannot create backup file of %s: %m", -+ OLD_PASSWORDS_FILE); -+ rename (opasswd_tmp, OLD_PASSWORDS_FILE); -+ error_opasswd: -+ unlink (opasswd_tmp); -+ -+ return retval; -+} -Index: modules/pam_pwhistory/opasswd.h -=================================================================== -RCS file: modules/pam_pwhistory/opasswd.h -diff -N modules/pam_pwhistory/opasswd.h ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/opasswd.h 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,45 @@ -+/* -+ * Copyright (c) 2008 Thorsten Kukuk -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#ifndef __OPASSWD_H__ -+#define __OPASSWD_H__ -+ -+extern int check_old_password (pam_handle_t *pamh, const char *user, -+ const char *newpass, int debug); -+extern int save_old_password (pam_handle_t *pamh, const char *user, -+ uid_t uid, const char *oldpass, -+ int howmany, int debug); -+ -+#endif /* __OPASSWD_H__ */ -Index: modules/pam_pwhistory/pam_pwhistory.8.xml -=================================================================== -RCS file: modules/pam_pwhistory/pam_pwhistory.8.xml -diff -N modules/pam_pwhistory/pam_pwhistory.8.xml ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/pam_pwhistory.8.xml 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,226 @@ -+ -+ -+ -+ -+ -+ -+ pam_pwhistory -+ 8 -+ Linux-PAM Manual -+ -+ -+ -+ pam_pwhistory -+ PAM module to remember last passwords -+ -+ -+ -+ -+ pam_pwhistory.so -+ -+ debug -+ -+ -+ use_authtok -+ -+ -+ enforce_for_root -+ -+ -+ remember=N -+ -+ -+ retry=N -+ -+ -+ -+ -+ -+ -+ -+ DESCRIPTION -+ -+ -+ This module saves the last passwords for each user in order -+ to force password change history and keep the user from -+ alternating between the same password too frequently. -+ -+ -+ This module does not work togehter with kerberos. In general, -+ it does not make much sense to use this module in conjuction -+ with NIS or LDAP, since the old passwords are stored on the -+ local machine and are not available on another machine for -+ password history checking. -+ -+ -+ -+ -+ OPTIONS -+ -+ -+ -+ -+ -+ -+ -+ Turns on debugging via -+ -+ syslog3 -+ . -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ When password changing enforce the module to use the new password -+ provided by a previously stacked -+ module (this is used in the example of the stacking of the -+ pam_cracklib module documented below). -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ If this option is set, the check is enforced for root, too. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ The last N passwords for each -+ user are saved in /etc/security/opasswd. -+ The default is 10. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Prompt user at most N times -+ before returning with error. The default is -+ 1. -+ -+ -+ -+ -+ -+ -+ -+ -+ MODULE TYPES PROVIDED -+ -+ Only the module type is provided. -+ -+ -+ -+ -+ RETURN VALUES -+ -+ -+ PAM_AUTHTOK_ERR -+ -+ -+ No new password was entered, the user aborted password -+ change or new password couldn't be set. -+ -+ -+ -+ -+ PAM_IGNORE -+ -+ -+ Password history was disabled. -+ -+ -+ -+ -+ PAM_MAXTRIES -+ -+ -+ Password was rejected too often. -+ -+ -+ -+ -+ PAM_USER_UNKNOWN -+ -+ -+ User is not known to system. -+ -+ -+ -+ -+ -+ -+ -+ EXAMPLES -+ -+ An example password section would be: -+ -+#%PAM-1.0 -+password required pam_pwhistory.so -+password required pam_unix.so use_authtok -+ -+ -+ -+ In combination with pam_cracklib: -+ -+#%PAM-1.0 -+password required pam_cracklib.so retry=3 -+password required pam_pwhistory.so use_authtok -+password required pam_unix.so use_authtok -+ -+ -+ -+ -+ -+ FILES -+ -+ -+ /etc/security/opasswd -+ -+ File with password history -+ -+ -+ -+ -+ -+ -+ SEE ALSO -+ -+ -+ pam.conf5 -+ , -+ -+ pam.d5 -+ , -+ -+ pam8 -+ -+ -+ -+ -+ -+ AUTHOR -+ -+ pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> -+ -+ -+ -+ -Index: modules/pam_pwhistory/pam_pwhistory.c -=================================================================== -RCS file: modules/pam_pwhistory/pam_pwhistory.c -diff -N modules/pam_pwhistory/pam_pwhistory.c ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/pam_pwhistory.c 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,319 @@ -+/* -+ * Copyright (c) 2008 Thorsten Kukuk -+ * Author: Thorsten Kukuk -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#if defined(HAVE_CONFIG_H) -+#include -+#endif -+ -+#define PAM_SM_PASSWORD -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+#include "opasswd.h" -+ -+#define NEW_PASSWORD_PROMPT _("New %s%spassword: ") -+#define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ") -+#define MISTYPED_PASSWORD _("Sorry, passwords do not match.") -+ -+#define DEFAULT_BUFLEN 2048 -+ -+struct options_t { -+ int debug; -+ int use_authtok; -+ int enforce_for_root; -+ int remember; -+ int tries; -+}; -+typedef struct options_t options_t; -+ -+ -+static void -+parse_option (pam_handle_t *pamh, const char *argv, options_t *options) -+{ -+ if (strcasecmp (argv, "use_first_pass") == 0) -+ /* ignore */; -+ else if (strcasecmp (argv, "use_first_pass") == 0) -+ /* ignore */; -+ else if (strcasecmp (argv, "use_authtok") == 0) -+ options->use_authtok = 1; -+ else if (strcasecmp (argv, "debug") == 0) -+ options->debug = 1; -+ else if (strncasecmp (argv, "remember=", 9) == 0) -+ { -+ options->remember = strtol(&argv[9], NULL, 10); -+ if (options->remember < 0) -+ options->remember = 0; -+ if (options->remember > 400) -+ options->remember = 400; -+ } -+ else if (strncasecmp (argv, "retry=", 6) == 0) -+ { -+ options->tries = strtol(&argv[6], NULL, 10); -+ if (options->tries < 0) -+ options->tries = 1; -+ } -+ else if (strcasecmp (argv, "enforce_for_root") == 0) -+ options->enforce_for_root = 1; -+ else -+ pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); -+} -+ -+ -+PAM_EXTERN int -+pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) -+{ -+ struct passwd *pwd; -+ char *newpass; -+ const char *user; -+ void *newpass_void; -+ int retval, tries; -+ options_t options; -+ -+ memset (&options, 0, sizeof (options)); -+ -+ /* Set some default values, which could be overwritten later. */ -+ options.remember = 10; -+ options.tries = 1; -+ -+ /* Parse parameters for module */ -+ for ( ; argc-- > 0; argv++) -+ parse_option (pamh, *argv, &options); -+ -+ if (options.debug) -+ pam_syslog (pamh, LOG_DEBUG, "pam_sm_chauthtok entered"); -+ -+ -+ if (options.remember == 0) -+ return PAM_IGNORE; -+ -+ retval = pam_get_user (pamh, &user, NULL); -+ if (retval != PAM_SUCCESS) -+ return retval; -+ -+ if (user == NULL || strlen (user) == 0) -+ { -+ if (options.debug) -+ pam_syslog (pamh, LOG_DEBUG, -+ "User is not known to system"); -+ -+ return PAM_USER_UNKNOWN; -+ } -+ -+ if (flags & PAM_PRELIM_CHECK) -+ { -+ if (options.debug) -+ pam_syslog (pamh, LOG_DEBUG, -+ "pam_sm_chauthtok(PAM_PRELIM_CHECK)"); -+ -+ return PAM_SUCCESS; -+ } -+ -+ pwd = pam_modutil_getpwnam (pamh, user); -+ if (pwd == NULL) -+ return PAM_USER_UNKNOWN; -+ -+ /* Ignore root if not enforced */ -+ if (pwd->pw_uid == 0 && !options.enforce_for_root) -+ return PAM_SUCCESS; -+ -+ if ((strcmp(pwd->pw_passwd, "x") == 0) || -+ ((pwd->pw_passwd[0] == '#') && -+ (pwd->pw_passwd[1] == '#') && -+ (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0))) -+ { -+ struct spwd *spw = pam_modutil_getspnam (pamh, user); -+ if (spw == NULL) -+ return PAM_USER_UNKNOWN; -+ -+ retval = save_old_password (pamh, user, pwd->pw_uid, spw->sp_pwdp, -+ options.remember, options.debug); -+ if (retval != PAM_SUCCESS) -+ return retval; -+ } -+ else -+ { -+ retval = save_old_password (pamh, user, pwd->pw_uid, pwd->pw_passwd, -+ options.remember, options.debug); -+ if (retval != PAM_SUCCESS) -+ return retval; -+ } -+ -+ retval = pam_get_item (pamh, PAM_AUTHTOK, (const void **) &newpass_void); -+ newpass = (char *) newpass_void; -+ if (retval != PAM_SUCCESS) -+ return retval; -+ if (options.debug) -+ { -+ if (newpass) -+ pam_syslog (pamh, LOG_DEBUG, "got new auth token"); -+ else -+ pam_syslog (pamh, LOG_DEBUG, "new auth token not set"); -+ } -+ -+ /* If we haven't been given a password yet, prompt for one... */ -+ if (newpass == NULL) -+ { -+ if (options.use_authtok) -+ /* We are not allowed to ask for a new password */ -+ return PAM_AUTHTOK_ERR; -+ -+ tries = 0; -+ -+ while ((newpass == NULL) && (tries++ < options.tries)) -+ { -+ retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass, -+ NEW_PASSWORD_PROMPT, "UNIX", " "); -+ if (retval != PAM_SUCCESS) -+ { -+ _pam_drop (newpass); -+ if (retval == PAM_CONV_AGAIN) -+ retval = PAM_INCOMPLETE; -+ return retval; -+ } -+ -+ if (newpass == NULL) -+ { -+ /* We want to abort the password change */ -+ pam_error (pamh, _("Password change aborted.")); -+ return PAM_AUTHTOK_ERR; -+ } -+ -+ if (options.debug) -+ pam_syslog (pamh, LOG_DEBUG, "check against old password file"); -+ -+ if (check_old_password (pamh, user, newpass, -+ options.debug) != PAM_SUCCESS) -+ { -+ pam_error (pamh, -+ _("Password has been already used. Choose another.")); -+ _pam_overwrite (newpass); -+ _pam_drop (newpass); -+ if (tries >= options.tries) -+ { -+ if (options.debug) -+ pam_syslog (pamh, LOG_DEBUG, -+ "Aborted, too many tries"); -+ return PAM_MAXTRIES; -+ } -+ } -+ else -+ { -+ int failed; -+ char *new2; -+ -+ retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2, -+ AGAIN_PASSWORD_PROMPT, "UNIX", " "); -+ if (retval != PAM_SUCCESS) -+ return retval; -+ -+ if (new2 == NULL) -+ { /* Aborting password change... */ -+ pam_error (pamh, _("Password change aborted.")); -+ return PAM_AUTHTOK_ERR; -+ } -+ -+ failed = (strcmp (newpass, new2) != 0); -+ -+ _pam_overwrite (new2); -+ _pam_drop (new2); -+ -+ if (failed) -+ { -+ pam_error (pamh, MISTYPED_PASSWORD); -+ _pam_overwrite (newpass); -+ _pam_drop (newpass); -+ if (tries >= options.tries) -+ { -+ if (options.debug) -+ pam_syslog (pamh, LOG_DEBUG, -+ "Aborted, too many tries"); -+ return PAM_MAXTRIES; -+ } -+ } -+ } -+ } -+ -+ /* Remember new password */ -+ pam_set_item (pamh, PAM_AUTHTOK, (void *) newpass); -+ } -+ else /* newpass != NULL, we found an old password */ -+ { -+ if (options.debug) -+ pam_syslog (pamh, LOG_DEBUG, "look in old password file"); -+ -+ if (check_old_password (pamh, user, newpass, -+ options.debug) != PAM_SUCCESS) -+ { -+ pam_error (pamh, -+ _("Password has been already used. Choose another.")); -+ /* We are only here, because old password was set. -+ So overwrite it, else it will be stored! */ -+ pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL); -+ -+ return PAM_AUTHTOK_ERR; -+ } -+ } -+ -+ return PAM_SUCCESS; -+} -+ -+ -+#ifdef PAM_STATIC -+/* static module data */ -+struct pam_module _pam_pwhistory_modstruct = { -+ "pam_pwhistory", -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ NULL, -+ pam_sm_chauthtok -+}; -+#endif ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ modules/pam_pwhistory/tst-pam_pwhistory 10 Oct 2008 06:52:40 -0000 -@@ -0,0 +1,2 @@ -+#!/bin/sh -+../../tests/tst-dlopen .libs/pam_pwhistory.so ---- po/POTFILES.in 13 Feb 2008 14:39:41 -0000 1.15 -+++ po/POTFILES.in 10 Oct 2008 06:52:40 -0000 -@@ -58,6 +58,8 @@ - ./modules/pam_namespace/pam_namespace.c - ./modules/pam_nologin/pam_nologin.c - ./modules/pam_permit/pam_permit.c -+./modules/pam_pwhistory/opasswd.c -+./modules/pam_pwhistory/pam_pwhistory.c - ./modules/pam_rhosts/pam_rhosts.c - ./modules/pam_rootok/pam_rootok.c - ./modules/pam_securetty/pam_securetty.c ---- xtests/Makefile.am 18 Feb 2008 17:57:34 -0000 1.18 -+++ xtests/Makefile.am 10 Oct 2008 06:52:42 -0000 -@@ -28,7 +28,8 @@ - tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \ - tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \ - tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \ -- tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh -+ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \ -+ tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh - - XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ - tst-pam_dispatch4 tst-pam_dispatch5 \ -@@ -36,7 +37,8 @@ - tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \ - tst-pam_access1 tst-pam_access2 tst-pam_access3 \ - tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ -- tst-pam_group1 tst-pam_authfail tst-pam_authsucceed -+ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ -+ tst-pam_pwhistory1 - - NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ - tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 ---- xtests/run-xtests.sh 19 Oct 2007 17:06:29 -0000 1.8 -+++ xtests/run-xtests.sh 10 Oct 2008 06:52:42 -0000 -@@ -23,6 +23,8 @@ - install -m 644 "${SRCDIR}"/group.conf /etc/security/group.conf - cp /etc/security/limits.conf /etc/security/limits.conf-pam-xtests - install -m 644 "${SRCDIR}"/limits.conf /etc/security/limits.conf -+mv /etc/security/opasswd /etc/security/opasswd-pam-xtests -+ - for testname in $XTESTS ; do - for cfg in "${SRCDIR}"/$testname*.pamd ; do - install -m 644 $cfg /etc/pam.d/$(basename $cfg .pamd) -@@ -49,6 +51,7 @@ - mv /etc/security/access.conf-pam-xtests /etc/security/access.conf - mv /etc/security/group.conf-pam-xtests /etc/security/group.conf - mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf -+mv /etc/security/opasswd-pam-xtests /etc/security/opasswd - if test "$failed" -ne 0; then - echo "===================" - echo "$failed of $all tests failed" ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ xtests/tst-pam_pwhistory1.c 10 Oct 2008 06:52:42 -0000 -@@ -0,0 +1,169 @@ -+/* -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ * Check remember handling -+ * Change ten times the password -+ * Try the ten passwords again, should always be rejected -+ * Try a new password, should succeed -+ */ -+ -+#ifdef HAVE_CONFIG_H -+#include -+#endif -+ -+#include -+#include -+#include -+#include -+ -+static int in_test; -+ -+static const char *passwords[] = { -+ "pamhistory01", "pamhistory02", "pamhistory03", -+ "pamhistory04", "pamhistory05", "pamhistory06", -+ "pamhistory07", "pamhistory08", "pamhistory09", -+ "pamhistory10", -+ "pamhistory01", "pamhistory02", "pamhistory03", -+ "pamhistory04", "pamhistory05", "pamhistory06", -+ "pamhistory07", "pamhistory08", "pamhistory09", -+ "pamhistory10", -+ "pamhistory11", -+ "pamhistory01", "pamhistory02", "pamhistory03", -+ "pamhistory04", "pamhistory05", "pamhistory06", -+ "pamhistory07", "pamhistory08", "pamhistory09", -+ "pamhistory10"}; -+ -+static int debug; -+ -+/* A conversation function which uses an internally-stored value for -+ the responses. */ -+static int -+fake_conv (int num_msg, const struct pam_message **msgm, -+ struct pam_response **response, void *appdata_ptr UNUSED) -+{ -+ struct pam_response *reply; -+ int count; -+ -+ /* Sanity test. */ -+ if (num_msg <= 0) -+ return PAM_CONV_ERR; -+ -+ if (debug) -+ fprintf (stderr, "msg_style=%d, msg=%s\n", msgm[0]->msg_style, -+ msgm[0]->msg); -+ -+ if (msgm[0]->msg_style != 1) -+ return PAM_SUCCESS; -+ -+ /* Allocate memory for the responses. */ -+ reply = calloc (num_msg, sizeof (struct pam_response)); -+ if (reply == NULL) -+ return PAM_CONV_ERR; -+ -+ /* Each prompt elicits the same response. */ -+ for (count = 0; count < num_msg; ++count) -+ { -+ reply[count].resp_retcode = 0; -+ reply[count].resp = strdup (passwords[in_test]); -+ if (debug) -+ fprintf (stderr, "send password %s\n", reply[count].resp); -+ } -+ -+ /* Set the pointers in the response structure and return. */ -+ *response = reply; -+ return PAM_SUCCESS; -+} -+ -+static struct pam_conv conv = { -+ fake_conv, -+ NULL -+}; -+ -+ -+int -+main(int argc, char *argv[]) -+{ -+ pam_handle_t *pamh=NULL; -+ const char *user="tstpampwhistory"; -+ int retval; -+ -+ if (argc > 1 && strcmp (argv[1], "-d") == 0) -+ debug = 1; -+ -+ for (in_test = 0; -+ in_test < (int)(sizeof (passwords)/sizeof (char *)); in_test++) -+ { -+ -+ retval = pam_start("tst-pam_pwhistory1", user, &conv, &pamh); -+ if (retval != PAM_SUCCESS) -+ { -+ if (debug) -+ fprintf (stderr, "pwhistory1-%d: pam_start returned %d\n", -+ in_test, retval); -+ return 1; -+ } -+ -+ retval = pam_chauthtok (pamh, 0); -+ if (in_test < 10 || in_test == 20) -+ { -+ if (retval != PAM_SUCCESS) -+ { -+ if (debug) -+ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n", -+ in_test, retval); -+ return 1; -+ } -+ } -+ else if (in_test < 20) -+ { -+ if (retval != PAM_MAXTRIES) -+ { -+ if (debug) -+ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n", -+ in_test, retval); -+ return 1; -+ } -+ } -+ -+ retval = pam_end (pamh,retval); -+ if (retval != PAM_SUCCESS) -+ { -+ if (debug) -+ fprintf (stderr, "pwhistory1: pam_end returned %d\n", retval); -+ return 1; -+ } -+ } -+ -+ return 0; -+} -Index: xtests/tst-pam_pwhistory1.pamd -=================================================================== -RCS file: xtests/tst-pam_pwhistory1.pamd -diff -N xtests/tst-pam_pwhistory1.pamd ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ xtests/tst-pam_pwhistory1.pamd 10 Oct 2008 06:52:42 -0000 -@@ -0,0 +1,7 @@ -+#%PAM-1.0 -+auth required pam_permit.so -+account required pam_permit.so -+password required pam_pwhistory.so remember=10 retry=1 debug -+password required pam_unix.so use_authtok md5 -+session required pam_permit.so -+ -Index: xtests/tst-pam_pwhistory1.sh -=================================================================== -RCS file: xtests/tst-pam_pwhistory1.sh -diff -N xtests/tst-pam_pwhistory1.sh ---- /dev/null 1 Jan 1970 00:00:00 -0000 -+++ xtests/tst-pam_pwhistory1.sh 10 Oct 2008 06:52:42 -0000 -@@ -0,0 +1,7 @@ -+#!/bin/bash -+ -+/usr/sbin/useradd tstpampwhistory -+./tst-pam_pwhistory1 -+RET=$? -+/usr/sbin/userdel -r tstpampwhistory 2> /dev/null -+exit $RET ---- /dev/null 2008-06-06 22:36:48.000000000 +0200 -+++ modules/pam_pwhistory/pam_pwhistory.8 2008-10-11 16:23:45.000000000 +0200 -@@ -0,0 +1,127 @@ -+.\" Title: pam_pwhistory -+.\" Author: -+.\" Generator: DocBook XSL Stylesheets v1.73.2 -+.\" Date: 10/11/2008 -+.\" Manual: Linux-PAM Manual -+.\" Source: Linux-PAM Manual -+.\" -+.TH "PAM_PWHISTORY" "8" "10/11/2008" "Linux-PAM Manual" "Linux\-PAM Manual" -+.\" disable hyphenation -+.nh -+.\" disable justification (adjust text to left margin only) -+.ad l -+.SH "NAME" -+pam_pwhistory - PAM module to remember last passwords -+.SH "SYNOPSIS" -+.HP 17 -+\fBpam_pwhistory\.so\fR [debug] [use_authtok] [enforce_for_root] [remember=\fIN\fR] [retry=\fIN\fR] -+.SH "DESCRIPTION" -+.PP -+This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently\. -+.PP -+This module does not work togehter with kerberos\. In general, it does not make much sense to use this module in conjuction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking\. -+.SH "OPTIONS" -+.PP -+\fBdebug\fR -+.RS 4 -+Turns on debugging via -+\fBsyslog\fR(3)\. -+.RE -+.PP -+\fBuse_authtok\fR -+.RS 4 -+When password changing enforce the module to use the new password provided by a previously stacked -+\fBpassword\fR -+module (this is used in the example of the stacking of the -+\fBpam_cracklib\fR -+module documented below)\. -+.RE -+.PP -+\fBenforce_for_root\fR -+.RS 4 -+If this option is set, the check is enforced for root, too\. -+.RE -+.PP -+\fBremember=\fR\fB\fIN\fR\fR -+.RS 4 -+The last -+\fIN\fR -+passwords for each user are saved in -+\fI/etc/security/opasswd\fR\. The default is -+\fI10\fR\. -+.RE -+.PP -+\fBretry=\fR\fB\fIN\fR\fR -+.RS 4 -+Prompt user at most -+\fIN\fR -+times before returning with error\. The default is -+\fI1\fR\. -+.RE -+.SH "MODULE TYPES PROVIDED" -+.PP -+Only the -+\fBpassword\fR -+module type is provided\. -+.SH "RETURN VALUES" -+.PP -+PAM_AUTHTOK_ERR -+.RS 4 -+No new password was entered, the user aborted password change or new password couldn\'t be set\. -+.RE -+.PP -+PAM_IGNORE -+.RS 4 -+Password history was disabled\. -+.RE -+.PP -+PAM_MAXTRIES -+.RS 4 -+Password was rejected too often\. -+.RE -+.PP -+PAM_USER_UNKNOWN -+.RS 4 -+User is not known to system\. -+.RE -+.SH "EXAMPLES" -+.PP -+An example password section would be: -+.sp -+.RS 4 -+.nf -+#%PAM\-1\.0 -+password required pam_pwhistory\.so -+password required pam_unix\.so use_authtok -+ -+.fi -+.RE -+.PP -+In combination with -+\fBpam_cracklib\fR: -+.sp -+.RS 4 -+.nf -+#%PAM\-1\.0 -+password required pam_cracklib\.so retry=3 -+password required pam_pwhistory\.so use_authtok -+password required pam_unix\.so use_authtok -+ -+.fi -+.RE -+.sp -+.SH "FILES" -+.PP -+\fI/etc/security/opasswd\fR -+.RS 4 -+File with password history -+.RE -+.SH "SEE ALSO" -+.PP -+ -+\fBpam.conf\fR(5), -+\fBpam.d\fR(5), -+\fBpam\fR(8) -+.SH "AUTHOR" -+.PP -+pam_pwhistory was written by Thorsten Kukuk diff --git a/pam_pwhistory-type.diff b/pam_pwhistory-type.diff deleted file mode 100644 index 0fe7a01..0000000 --- a/pam_pwhistory-type.diff +++ /dev/null @@ -1,102 +0,0 @@ -Index: modules/pam_pwhistory/pam_pwhistory.8.xml -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.8.xml,v -retrieving revision 1.1 -diff -u -r1.1 pam_pwhistory.8.xml ---- modules/pam_pwhistory/pam_pwhistory.8.xml 10 Oct 2008 06:53:45 -0000 1.1 -+++ modules/pam_pwhistory/pam_pwhistory.8.xml 19 Nov 2008 14:24:00 -0000 -@@ -33,6 +33,9 @@ - - retry=N - -+ -+ type=STRING -+ - - - -@@ -119,6 +122,21 @@ - - - -+ -+ -+ -+ -+ -+ -+ The default action is for the module to use the -+ following prompts when requesting passwords: -+ "New UNIX password: " and "Retype UNIX password: ". -+ The default word UNIX can -+ be replaced with this option. -+ -+ -+ -+ - - - -Index: modules/pam_pwhistory/pam_pwhistory.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/pam_pwhistory.c,v -retrieving revision 1.1 -diff -u -r1.1 pam_pwhistory.c ---- modules/pam_pwhistory/pam_pwhistory.c 10 Oct 2008 06:53:45 -0000 1.1 -+++ modules/pam_pwhistory/pam_pwhistory.c 19 Nov 2008 14:24:00 -0000 -@@ -58,7 +58,9 @@ - - #include "opasswd.h" - -+/* For Translators: "%s%s" could be replaced with " " or "". */ - #define NEW_PASSWORD_PROMPT _("New %s%spassword: ") -+/* For Translators: "%s%s" could be replaced with " " or "". */ - #define AGAIN_PASSWORD_PROMPT _("Retype new %s%spassword: ") - #define MISTYPED_PASSWORD _("Sorry, passwords do not match.") - -@@ -70,6 +72,7 @@ - int enforce_for_root; - int remember; - int tries; -+ const char *prompt_type; - }; - typedef struct options_t options_t; - -@@ -101,6 +104,8 @@ - } - else if (strcasecmp (argv, "enforce_for_root") == 0) - options->enforce_for_root = 1; -+ else if (strncasecmp (argv, "type=", 5) == 0) -+ options->prompt_type = &argv[5]; - else - pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); - } -@@ -121,6 +126,7 @@ - /* Set some default values, which could be overwritten later. */ - options.remember = 10; - options.tries = 1; -+ options.prompt_type = "UNIX"; - - /* Parse parameters for module */ - for ( ; argc-- > 0; argv++) -@@ -209,7 +215,8 @@ - while ((newpass == NULL) && (tries++ < options.tries)) - { - retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &newpass, -- NEW_PASSWORD_PROMPT, "UNIX", " "); -+ NEW_PASSWORD_PROMPT, options.prompt_type, -+ strlen (options.prompt_type) > 0?" ":""); - if (retval != PAM_SUCCESS) - { - _pam_drop (newpass); -@@ -249,7 +256,9 @@ - char *new2; - - retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &new2, -- AGAIN_PASSWORD_PROMPT, "UNIX", " "); -+ AGAIN_PASSWORD_PROMPT, -+ options.prompt_type, -+ strlen (options.prompt_type) > 0?" ":""); - if (retval != PAM_SUCCESS) - return retval; - diff --git a/pam_sepermit.diff b/pam_sepermit.diff deleted file mode 100644 index 8989421..0000000 --- a/pam_sepermit.diff +++ /dev/null @@ -1,17 +0,0 @@ - -2008-04-17 Tomas Mraz - - * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try - to lock if euid != 0. - ---- Linux-PAM-1.0/modules/pam_sepermit/pam_sepermit.c 2008-03-31 12:31:50.000000000 +0200 -+++ Linux-PAM/modules/pam_sepermit/pam_sepermit.c 2008-04-17 16:29:02.000000000 +0200 -@@ -305,7 +305,7 @@ - free(line); - fclose(f); - if (matched) -- return exclusive ? sepermit_lock(pamh, user, debug) : 0; -+ return (geteuid() == 0 && exclusive) ? sepermit_lock(pamh, user, debug) : 0; - else - return -1; - } diff --git a/pam_tally-deprecated.diff b/pam_tally-deprecated.diff new file mode 100644 index 0000000..4bd4a14 --- /dev/null +++ b/pam_tally-deprecated.diff @@ -0,0 +1,55 @@ +--- modules/pam_tally/pam_tally.8.xml ++++ modules/pam_tally/pam_tally.8.xml 2009/03/27 10:49:17 +@@ -81,7 +81,13 @@ + + + This module maintains a count of attempted accesses, can +- reset count on success, can deny access if too many attempts fail. ++ reset count on success, can deny access if too many attempts ++ fail. ++ ++ ++ pam_tally has several limitations, which are solved with ++ pam_tally2. For this reason pam_tally is deprecated and ++ will be removed in a future release. + + + pam_tally comes in two parts: +--- modules/pam_tally/pam_tally.c ++++ modules/pam_tally/pam_tally.c 2009/03/27 10:52:56 +@@ -630,6 +630,8 @@ + const char + *user; + ++ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); ++ + rvcheck = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); + if ( rvcheck != PAM_SUCCESS ) + RETURN_ERROR( rvcheck ); +@@ -664,6 +666,8 @@ + const char + *user; + ++ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); ++ + rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); +@@ -709,6 +713,8 @@ + const char + *user; + ++ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); ++ + rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); +@@ -815,6 +821,8 @@ + exit(0); + } + ++ fprintf (stderr, "\npam_tally is deprecated and pam_tally2 should be used instead\n\n"); ++ + umask(077); + + /* diff --git a/pam_tally-fdleak.diff b/pam_tally-fdleak.diff deleted file mode 100644 index 153256d..0000000 --- a/pam_tally-fdleak.diff +++ /dev/null @@ -1,37 +0,0 @@ -2008-09-25 Tomas Mraz - - * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message. - (tally_check): Open faillog read only. Close file descriptor. - Fix typos in messages. - ---- modules/pam_tally/pam_tally.c 9 Jul 2008 12:23:23 -0000 1.30 -+++ modules/pam_tally/pam_tally.c 19 Sep 2008 12:29:21 -0000 -@@ -350,7 +350,7 @@ get_tally(pam_handle_t *pamh, tally_t *t - } - - if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) { -- pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename); -+ pam_syslog(pamh, LOG_ALERT, "Error opening %s for %s", filename, *tally!=TALLY_HI?"update":"read"); - - /* Discovering why account service fails: e/uid are target user. - * -@@ -504,7 +504,7 @@ tally_check (time_t oldtime, pam_handle_ - tally_t - deny = opts->deny; - tally_t -- tally = 0; /* !TALLY_HI --> Log opened for update */ -+ tally = TALLY_HI; - long - lock_time = opts->lock_time; - -@@ -515,6 +515,10 @@ tally_check (time_t oldtime, pam_handle_ - i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp); - if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); } - -+ if ( TALLY != NULL ) { -+ fclose(TALLY); -+ } -+ - if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) { /* magic_root skips tally check */ - - /* To deny or not to deny; that is the question */ diff --git a/pam_tally.diff b/pam_tally.diff deleted file mode 100644 index 2987152..0000000 --- a/pam_tally.diff +++ /dev/null @@ -1,173 +0,0 @@ - -2008-07-09 Thorsten Kukuk - - * modules/pam_tally/pam_tally.c: Add support for silent and - no_log_info options. - * modules/pam_tally/pam_tally.8.xml: Document silent and - no_log_info options. - ---- Linux-PAM-1.0/modules/pam_tally/pam_tally.8.xml 2007-10-10 16:10:07.000000000 +0200 -+++ Linux-PAM/modules/pam_tally/pam_tally.8.xml 2008-08-20 20:56:28.000000000 +0200 -@@ -51,6 +51,12 @@ - - audit - -+ -+ silent -+ -+ -+ no_log_info -+ - - - pam_tally -@@ -150,6 +156,26 @@ - - - -+ -+ -+ -+ -+ -+ -+ Don't print informative messages. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Don't log informative messages via syslog3. -+ -+ -+ - - - ---- Linux-PAM-1.0/modules/pam_tally/pam_tally.c 2007-11-20 11:58:11.000000000 +0100 -+++ Linux-PAM/modules/pam_tally/pam_tally.c 2008-07-16 10:09:02.000000000 +0200 -@@ -97,6 +97,8 @@ - #define OPT_NO_LOCK_TIME 020 - #define OPT_NO_RESET 040 - #define OPT_AUDIT 0100 -+#define OPT_SILENT 0200 -+#define OPT_NOLOGNOTICE 0400 - - - /*---------------------------------------------------------------------*/ -@@ -205,6 +207,12 @@ - else if ( ! strcmp ( *argv, "audit") ) { - opts->ctrl |= OPT_AUDIT; - } -+ else if ( ! strcmp ( *argv, "silent") ) { -+ opts->ctrl |= OPT_SILENT; -+ } -+ else if ( ! strcmp ( *argv, "no_log_info") ) { -+ opts->ctrl |= OPT_NOLOGNOTICE; -+ } - else { - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); - } -@@ -524,12 +532,17 @@ - { - if ( lock_time + oldtime > time(NULL) ) - { -- pam_syslog(pamh, LOG_NOTICE, -- "user %s (%lu) has time limit [%lds left]" -- " since last failure.", -- user, (unsigned long int) uid, -- oldtime+lock_time -- -time(NULL)); -+ if (!(opts->ctrl & OPT_SILENT)) -+ pam_info (pamh, -+ _("Account temporary locked (%lds seconds left)"), -+ oldtime+lock_time-time(NULL)); -+ -+ if (!(opts->ctrl & OPT_NOLOGNOTICE)) -+ pam_syslog (pamh, LOG_NOTICE, -+ "user %s (%lu) has time limit [%lds left]" -+ " since last failure.", -+ user, (unsigned long int) uid, -+ oldtime+lock_time-time(NULL)); - return PAM_AUTH_ERR; - } - } -@@ -545,9 +558,14 @@ - ( tally > deny ) && /* tally>deny means exceeded */ - ( ((opts->ctrl & OPT_DENY_ROOT) || uid) ) /* even_deny stops uid check */ - ) { -- pam_syslog(pamh, LOG_NOTICE, -- "user %s (%lu) tally "TALLY_FMT", deny "TALLY_FMT, -- user, (unsigned long int) uid, tally, deny); -+ if (!(opts->ctrl & OPT_SILENT)) -+ pam_info (pamh, _("Accounted locked due to "TALLY_FMT" failed login"), -+ tally); -+ -+ if (!(opts->ctrl & OPT_NOLOGNOTICE)) -+ pam_syslog(pamh, LOG_NOTICE, -+ "user %s (%lu) tally "TALLY_FMT", deny "TALLY_FMT, -+ user, (unsigned long int) uid, tally, deny); - return PAM_AUTH_ERR; /* Only unconditional failure */ - } - } -@@ -594,7 +612,7 @@ - #ifdef PAM_SM_AUTH - - PAM_EXTERN int --pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - int -@@ -612,6 +630,9 @@ - if ( rvcheck != PAM_SUCCESS ) - RETURN_ERROR( rvcheck ); - -+ if (flags & PAM_SILENT) -+ opts->ctrl |= OPT_SILENT; -+ - rvcheck = pam_get_uid(pamh, &uid, &user, opts); - if ( rvcheck != PAM_SUCCESS ) - RETURN_ERROR( rvcheck ); -@@ -625,7 +646,7 @@ - } - - PAM_EXTERN int --pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - int -@@ -643,6 +664,9 @@ - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); - -+ if (flags & PAM_SILENT) -+ opts->ctrl |= OPT_SILENT; -+ - rv = pam_get_uid(pamh, &uid, &user, opts); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); -@@ -667,7 +691,7 @@ - /* To reset failcount of user on successfull login */ - - PAM_EXTERN int --pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - int -@@ -685,6 +709,9 @@ - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); - -+ if (flags & PAM_SILENT) -+ opts->ctrl |= OPT_SILENT; -+ - rv = pam_get_uid(pamh, &uid, &user, opts); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); diff --git a/pam_tally2.diff b/pam_tally2.diff deleted file mode 100644 index ef6a93c..0000000 --- a/pam_tally2.diff +++ /dev/null @@ -1,1622 +0,0 @@ -diff -up pam/configure.in.pt2 pam/configure.in ---- pam/configure.in.pt2 2008-10-16 16:12:18.000000000 +0200 -+++ pam/configure.in 2008-10-15 10:28:46.000000000 +0200 -@@ -548,6 +548,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil - modules/pam_sepermit/Makefile \ - modules/pam_shells/Makefile modules/pam_stress/Makefile \ - modules/pam_succeed_if/Makefile modules/pam_tally/Makefile \ -+ modules/pam_tally2/Makefile \ - modules/pam_time/Makefile modules/pam_tty_audit/Makefile \ - modules/pam_umask/Makefile \ - modules/pam_unix/Makefile modules/pam_userdb/Makefile \ -diff -up pam/modules/Makefile.am.pt2 pam/modules/Makefile.am ---- pam/modules/Makefile.am.pt2 2008-10-16 16:12:18.000000000 +0200 -+++ pam/modules/Makefile.am 2008-10-15 10:28:13.000000000 +0200 -@@ -9,7 +9,7 @@ SUBDIRS = pam_access pam_cracklib pam_de - pam_mkhomedir pam_motd pam_namespace pam_nologin \ - pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ - pam_selinux pam_sepermit pam_shells pam_stress \ -- pam_succeed_if pam_tally pam_time pam_tty_audit pam_umask \ -+ pam_succeed_if pam_tally pam_tally2 pam_time pam_tty_audit pam_umask \ - pam_unix pam_userdb pam_warn pam_wheel pam_xauth - - CLEANFILES = *~ -diff -up pam/modules/pam_tally2/tallylog.h.pt2 pam/modules/pam_tally2/tallylog.h ---- pam/modules/pam_tally2/tallylog.h.pt2 2008-10-15 12:14:21.000000000 +0200 -+++ pam/modules/pam_tally2/tallylog.h 2008-02-27 17:08:50.000000000 +0100 -@@ -0,0 +1,52 @@ -+/* -+ * Copyright 2006, Red Hat, Inc. -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of Red Hat, Inc. nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ */ -+ -+/* -+ * tallylog.h - login failure data file format -+ * -+ * The new login failure file is not compatible with the old faillog(8) format -+ * Each record in the file represents a separate UID and the file -+ * is indexed in that fashion. -+ */ -+ -+ -+#ifndef _TALLYLOG_H -+#define _TALLYLOG_H -+ -+#include -+ -+struct tallylog { -+ char fail_line[52]; /* rhost or tty of last failure */ -+ uint16_t reserved; /* reserved for future use */ -+ uint16_t fail_cnt; /* failures since last success */ -+ uint64_t fail_time; /* time of last failure */ -+}; -+/* 64 bytes / entry */ -+ -+#endif -diff -up pam/modules/pam_tally2/pam_tally.c.pt2 pam/modules/pam_tally2/pam_tally.c ---- pam/modules/pam_tally2/pam_tally.c.pt2 2008-10-15 12:14:21.000000000 +0200 -+++ pam/modules/pam_tally2/pam_tally.c 2008-10-15 12:07:54.000000000 +0200 -@@ -0,0 +1,985 @@ -+/* -+ * pam_tally.c -+ * -+ */ -+ -+ -+/* By Tim Baverstock , Multi Media Machine Ltd. -+ * 5 March 1997 -+ * -+ * Stuff stolen from pam_rootok and pam_listfile -+ * -+ * Changes by Tomas Mraz 5 January 2005, 26 January 2006 -+ * Audit option added for Tomas patch by Sebastien Tricaud 13 January 2005 -+ * Portions Copyright 2006, Red Hat, Inc. -+ * Portions Copyright 1989 - 1993, Julianne Frances Haugh -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors -+ * may be used to endorse or promote products derived from this software -+ * without specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND -+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE -+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -+ * SUCH DAMAGE. -+ */ -+ -+#include "config.h" -+ -+#if defined(MAIN) && defined(MEMORY_DEBUG) -+# undef exit -+#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#ifdef HAVE_LIBAUDIT -+#include -+#endif -+ -+#include -+#include -+#include -+#include "tallylog.h" -+ -+#ifndef TRUE -+#define TRUE 1L -+#define FALSE 0L -+#endif -+ -+#ifndef HAVE_FSEEKO -+#define fseeko fseek -+#endif -+ -+/* -+ * here, we make a definition for the externally accessible function -+ * in this file (this definition is required for static a module -+ * but strongly encouraged generally) it is used to instruct the -+ * modules include file to define the function prototypes. -+ */ -+ -+#ifndef MAIN -+#define PAM_SM_AUTH -+#define PAM_SM_ACCOUNT -+/* #define PAM_SM_SESSION */ -+/* #define PAM_SM_PASSWORD */ -+ -+#include -+#include -+#endif -+#include -+ -+/*---------------------------------------------------------------------*/ -+ -+#define DEFAULT_LOGFILE "/var/log/tallylog" -+#define MODULE_NAME "pam_tally2" -+ -+#define tally_t uint16_t -+#define TALLY_HI ((tally_t)~0L) -+ -+struct tally_options { -+ const char *filename; -+ tally_t deny; -+ long lock_time; -+ long unlock_time; -+ long root_unlock_time; -+ unsigned int ctrl; -+}; -+ -+#define PHASE_UNKNOWN 0 -+#define PHASE_AUTH 1 -+#define PHASE_ACCOUNT 2 -+#define PHASE_SESSION 3 -+ -+#define OPT_MAGIC_ROOT 01 -+#define OPT_FAIL_ON_ERROR 02 -+#define OPT_DENY_ROOT 04 -+#define OPT_QUIET 040 -+#define OPT_AUDIT 0100 -+#define OPT_NOLOGNOTICE 0400 -+ -+ -+/*---------------------------------------------------------------------*/ -+ -+/* some syslogging */ -+ -+#ifdef MAIN -+#define pam_syslog tally_log -+static void -+tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED, -+ const char *fmt, ...) -+{ -+ va_list args; -+ -+ va_start(args, fmt); -+ fprintf(stderr, "%s: ", MODULE_NAME); -+ vfprintf(stderr, fmt, args); -+ fprintf(stderr,"\n"); -+ va_end(args); -+} -+ -+#define pam_modutil_getpwnam(pamh, user) getpwnam(user) -+#endif -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- Support function: parse arguments --- */ -+ -+#ifndef MAIN -+ -+static void -+log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) -+{ -+ if ( phase != PHASE_AUTH ) { -+ pam_syslog(pamh, LOG_ERR, -+ "option %s allowed in auth phase only", argv); -+ } -+} -+ -+static int -+tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, -+ int phase, int argc, const char **argv) -+{ -+ memset(opts, 0, sizeof(*opts)); -+ opts->filename = DEFAULT_LOGFILE; -+ opts->ctrl = OPT_FAIL_ON_ERROR; -+ opts->root_unlock_time = -1; -+ -+ for ( ; argc-- > 0; ++argv ) { -+ -+ if ( ! strncmp( *argv, "file=", 5 ) ) { -+ const char *from = *argv + 5; -+ if ( *from!='/' ) { -+ pam_syslog(pamh, LOG_ERR, -+ "filename not /rooted; %s", *argv); -+ return PAM_AUTH_ERR; -+ } -+ opts->filename = from; -+ } -+ else if ( ! strcmp( *argv, "onerr=fail" ) ) { -+ opts->ctrl |= OPT_FAIL_ON_ERROR; -+ } -+ else if ( ! strcmp( *argv, "onerr=succeed" ) ) { -+ opts->ctrl &= ~OPT_FAIL_ON_ERROR; -+ } -+ else if ( ! strcmp( *argv, "magic_root" ) ) { -+ opts->ctrl |= OPT_MAGIC_ROOT; -+ } -+ else if ( ! strcmp( *argv, "even_deny_root_account" ) || -+ ! strcmp( *argv, "even_deny_root" ) ) { -+ log_phase_no_auth(pamh, phase, *argv); -+ opts->ctrl |= OPT_DENY_ROOT; -+ } -+ else if ( ! strncmp( *argv, "deny=", 5 ) ) { -+ log_phase_no_auth(pamh, phase, *argv); -+ if ( sscanf((*argv)+5,"%hu",&opts->deny) != 1 ) { -+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -+ return PAM_AUTH_ERR; -+ } -+ } -+ else if ( ! strncmp( *argv, "lock_time=", 10 ) ) { -+ log_phase_no_auth(pamh, phase, *argv); -+ if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) { -+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -+ return PAM_AUTH_ERR; -+ } -+ } -+ else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) { -+ log_phase_no_auth(pamh, phase, *argv); -+ if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) { -+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -+ return PAM_AUTH_ERR; -+ } -+ } -+ else if ( ! strncmp( *argv, "root_unlock_time=", 17 ) ) { -+ log_phase_no_auth(pamh, phase, *argv); -+ if ( sscanf((*argv)+17,"%ld",&opts->root_unlock_time) != 1 ) { -+ pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -+ return PAM_AUTH_ERR; -+ } -+ opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */ -+ } -+ else if ( ! strcmp( *argv, "quiet" ) || -+ ! strcmp ( *argv, "silent")) { -+ opts->ctrl |= OPT_QUIET; -+ } -+ else if ( ! strcmp ( *argv, "no_log_info") ) { -+ opts->ctrl |= OPT_NOLOGNOTICE; -+ } -+ else if ( ! strcmp ( *argv, "audit") ) { -+ opts->ctrl |= OPT_AUDIT; -+ } -+ else { -+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); -+ } -+ } -+ -+ if (opts->root_unlock_time == -1) -+ opts->root_unlock_time = opts->unlock_time; -+ -+ return PAM_SUCCESS; -+} -+ -+#endif /* #ifndef MAIN */ -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- Support function: get uid (and optionally username) from PAM or -+ cline_user --- */ -+ -+#ifdef MAIN -+static char *cline_user=0; /* cline_user is used in the administration prog */ -+#endif -+ -+static int -+pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) -+{ -+ const char *user = NULL; -+ struct passwd *pw; -+ -+#ifdef MAIN -+ user = cline_user; -+#else -+ if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { -+ user = NULL; -+ } -+#endif -+ -+ if ( !user || !*user ) { -+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; user?"); -+ return PAM_AUTH_ERR; -+ } -+ -+ if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { -+ opts->ctrl & OPT_AUDIT ? -+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user %s", user) : -+ pam_syslog(pamh, LOG_ERR, "pam_get_uid; no such user"); -+ return PAM_USER_UNKNOWN; -+ } -+ -+ if ( uid ) *uid = pw->pw_uid; -+ if ( userp ) *userp = user; -+ return PAM_SUCCESS; -+} -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- Support functions: set/get tally data --- */ -+ -+#ifndef MAIN -+ -+static void -+_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) -+{ -+ free(data); -+} -+ -+ -+static void -+tally_set_data( pam_handle_t *pamh, time_t oldtime ) -+{ -+ time_t *data; -+ -+ if ( (data=malloc(sizeof(time_t))) != NULL ) { -+ *data = oldtime; -+ pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); -+ } -+} -+ -+static int -+tally_get_data( pam_handle_t *pamh, time_t *oldtime ) -+{ -+ int rv; -+ const void *data; -+ -+ rv = pam_get_data(pamh, MODULE_NAME, &data); -+ if ( rv == PAM_SUCCESS && data != NULL && oldtime != NULL ) { -+ *oldtime = *(const time_t *)data; -+ pam_set_data(pamh, MODULE_NAME, NULL, NULL); -+ } -+ else { -+ rv = -1; -+ *oldtime = 0; -+ } -+ return rv; -+} -+#endif /* #ifndef MAIN */ -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- Support function: open/create tallyfile and return tally for uid --- */ -+ -+/* If on entry tallyfile doesn't exist, creation is attempted. */ -+ -+static int -+get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, -+ FILE **tfile, struct tallylog *tally) -+{ -+ struct stat fileinfo; -+ int lstat_ret; -+ -+ lstat_ret = lstat(filename, &fileinfo); -+ if (lstat_ret) { -+ int save_errno; -+ int oldmask = umask(077); -+ *tfile=fopen(filename, "a"); -+ save_errno = errno; -+ /* Create file, or append-open in pathological case. */ -+ umask(oldmask); -+ if ( !*tfile ) { -+#ifndef MAIN -+ if (save_errno == EPERM) { -+ return PAM_IGNORE; /* called with insufficient access rights */ -+ } -+#endif -+ errno = save_errno; -+ pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename); -+ return PAM_AUTH_ERR; -+ } -+ lstat_ret = fstat(fileno(*tfile),&fileinfo); -+ fclose(*tfile); -+ *tfile = NULL; -+ } -+ -+ if ( lstat_ret ) { -+ pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); -+ return PAM_AUTH_ERR; -+ } -+ -+ if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) { -+ /* If the file is world writable or is not a -+ normal file, return error */ -+ pam_syslog(pamh, LOG_ALERT, -+ "%s is either world writable or not a normal file", -+ filename); -+ return PAM_AUTH_ERR; -+ } -+ -+ if (!(*tfile = fopen(filename, "r+"))) { -+#ifndef MAIN -+ if (errno == EPERM) /* called with insufficient access rights */ -+ return PAM_IGNORE; -+#endif -+ pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename); -+ -+ return PAM_AUTH_ERR; -+ } -+ -+ if (fseeko(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET)) { -+ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); -+ fclose(*tfile); -+ *tfile = NULL; -+ return PAM_AUTH_ERR; -+ } -+ -+ if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) { -+ memset(tally, 0, sizeof(*tally)); -+ } else if (fread(tally, sizeof(*tally), 1, *tfile) == 0) { -+ memset(tally, 0, sizeof(*tally)); -+ /* Shouldn't happen */ -+ } -+ -+ tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; -+ -+ return PAM_SUCCESS; -+} -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- Support function: update and close tallyfile with tally!=TALLY_HI --- */ -+ -+static int -+set_tally(pam_handle_t *pamh, uid_t uid, -+ const char *filename, FILE **tfile, struct tallylog *tally) -+{ -+ if (tally->fail_cnt != TALLY_HI) { -+ if (fseeko(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET)) { -+ pam_syslog(pamh, LOG_ALERT, "fseek failed for %s: %m", filename); -+ return PAM_AUTH_ERR; -+ } -+ if (fwrite(tally, sizeof(*tally), 1, *tfile) == 0) { -+ pam_syslog(pamh, LOG_ALERT, "update (fwrite) failed for %s: %m", filename); -+ return PAM_AUTH_ERR; -+ } -+ } -+ -+ if (fclose(*tfile)) { -+ *tfile = NULL; -+ pam_syslog(pamh, LOG_ALERT, "update (fclose) failed for %s: %m", filename); -+ return PAM_AUTH_ERR; -+ } -+ *tfile=NULL; -+ return PAM_SUCCESS; -+} -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- PAM bits --- */ -+ -+#ifndef MAIN -+ -+#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS)) -+ -+/*---------------------------------------------------------------------*/ -+ -+static int -+tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, -+ const char *user, struct tally_options *opts, -+ struct tallylog *tally) -+{ -+ int rv = PAM_SUCCESS; -+#ifdef HAVE_LIBAUDIT -+ char buf[64]; -+ int audit_fd = -1; -+#endif -+ -+ if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { -+ return PAM_SUCCESS; -+ } -+ /* magic_root skips tally check */ -+#ifdef HAVE_LIBAUDIT -+ audit_fd = audit_open(); -+ /* If there is an error & audit support is in the kernel report error */ -+ if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || -+ errno == EAFNOSUPPORT)) -+ return PAM_SYSTEM_ERR; -+#endif -+ if (opts->deny != 0 && /* deny==0 means no deny */ -+ tally->fail_cnt > opts->deny && /* tally>deny means exceeded */ -+ ((opts->ctrl & OPT_DENY_ROOT) || uid)) { /* even_deny stops uid check */ -+#ifdef HAVE_LIBAUDIT -+ if (tally->fail_cnt == opts->deny+1) { -+ /* First say that max number was hit. */ -+ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); -+ audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf, -+ NULL, NULL, NULL, 1); -+ } -+#endif -+ if (uid) { -+ /* Unlock time check */ -+ if (opts->unlock_time && oldtime) { -+ if (opts->unlock_time + oldtime <= time(NULL)) { -+ /* ignore deny check after unlock_time elapsed */ -+#ifdef HAVE_LIBAUDIT -+ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); -+ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, -+ NULL, NULL, NULL, 1); -+#endif -+ rv = PAM_SUCCESS; -+ goto cleanup; -+ } -+ } -+ } else { -+ /* Root unlock time check */ -+ if (opts->root_unlock_time && oldtime) { -+ if (opts->root_unlock_time + oldtime <= time(NULL)) { -+ /* ignore deny check after unlock_time elapsed */ -+#ifdef HAVE_LIBAUDIT -+ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); -+ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, -+ NULL, NULL, NULL, 1); -+#endif -+ rv = PAM_SUCCESS; -+ goto cleanup; -+ } -+ } -+ } -+ -+#ifdef HAVE_LIBAUDIT -+ if (tally->fail_cnt == opts->deny+1) { -+ /* First say that max number was hit. */ -+ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf, -+ NULL, NULL, NULL, 1); -+ } -+#endif -+ -+ if (!(opts->ctrl & OPT_QUIET)) { -+ pam_info(pamh, _("Account locked due to %hu failed logins"), -+ tally->fail_cnt); -+ } -+ if (!(opts->ctrl & OPT_NOLOGNOTICE)) { -+ pam_syslog(pamh, LOG_NOTICE, -+ "user %s (%lu) tally %hu, deny %hu", -+ user, (unsigned long)uid, tally->fail_cnt, opts->deny); -+ } -+ rv = PAM_AUTH_ERR; /* Only unconditional failure */ -+ goto cleanup; -+ } -+ -+ /* Lock time check */ -+ if (opts->lock_time && oldtime) { -+ if (opts->lock_time + oldtime > time(NULL)) { -+ /* don't increase fail_cnt or update fail_time when -+ lock_time applies */ -+ tally->fail_cnt = oldcnt; -+ tally->fail_time = oldtime; -+ -+ if (!(opts->ctrl & OPT_QUIET)) { -+ pam_info(pamh, _("Account temporary locked (%ld seconds left)"), -+ oldtime+opts->lock_time-time(NULL)); -+ } -+ if (!(opts->ctrl & OPT_NOLOGNOTICE)) { -+ pam_syslog(pamh, LOG_NOTICE, -+ "user %s (%lu) has time limit [%lds left]" -+ " since last failure.", -+ user, (unsigned long)uid, -+ oldtime+opts->lock_time-time(NULL)); -+ } -+ rv = PAM_AUTH_ERR; -+ goto cleanup; -+ } -+ } -+ -+cleanup: -+#ifdef HAVE_LIBAUDIT -+ if (audit_fd != -1) { -+ close(audit_fd); -+ } -+#endif -+ return rv; -+} -+ -+/* --- tally bump function: bump tally for uid by (signed) inc --- */ -+ -+static int -+tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, -+ uid_t uid, const char *user, struct tally_options *opts) -+{ -+ struct tallylog tally; -+ tally_t oldcnt; -+ FILE *tfile = NULL; -+ const void *remote_host = NULL; -+ int i, rv; -+ -+ tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ -+ -+ i = get_tally(pamh, uid, opts->filename, &tfile, &tally); -+ if (i != PAM_SUCCESS) { -+ if (tfile) -+ fclose(tfile); -+ RETURN_ERROR(i); -+ } -+ -+ /* to remember old fail time (for locktime) */ -+ if (oldtime) { -+ *oldtime = (time_t)tally.fail_time; -+ } -+ -+ tally.fail_time = time(NULL); -+ -+ (void) pam_get_item(pamh, PAM_RHOST, &remote_host); -+ if (!remote_host) { -+ (void) pam_get_item(pamh, PAM_TTY, &remote_host); -+ if (!remote_host) { -+ remote_host = "unknown"; -+ } -+ } -+ -+ strncpy(tally.fail_line, remote_host, -+ sizeof(tally.fail_line)-1); -+ tally.fail_line[sizeof(tally.fail_line)-1] = 0; -+ -+ oldcnt = tally.fail_cnt; -+ -+ if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) { -+ /* magic_root doesn't change tally */ -+ tally.fail_cnt += inc; -+ -+ if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */ -+ tally.fail_cnt -= inc; -+ pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s", -+ (inc<0)?"under":"over",user); -+ } -+ } -+ -+ rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally); -+ -+ i = set_tally(pamh, uid, opts->filename, &tfile, &tally); -+ if (i != PAM_SUCCESS) { -+ if (tfile) -+ fclose(tfile); -+ if (rv == PAM_SUCCESS) -+ RETURN_ERROR( i ); -+ /* fallthrough */ -+ } -+ -+ return rv; -+} -+ -+static int -+tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) -+{ -+ struct tallylog tally; -+ FILE *tfile = NULL; -+ int i; -+ -+ /* resets only if not magic root */ -+ -+ if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { -+ return PAM_SUCCESS; -+ } -+ -+ tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ -+ -+ i=get_tally(pamh, uid, opts->filename, &tfile, &tally); -+ if (i != PAM_SUCCESS) { -+ if (tfile) -+ fclose(tfile); -+ RETURN_ERROR(i); -+ } -+ -+ memset(&tally, 0, sizeof(tally)); -+ -+ i=set_tally(pamh, uid, opts->filename, &tfile, &tally); -+ if (i != PAM_SUCCESS) { -+ if (tfile) -+ fclose(tfile); -+ RETURN_ERROR(i); -+ } -+ -+ return PAM_SUCCESS; -+} -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- authentication management functions (only) --- */ -+ -+PAM_EXTERN int -+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, -+ int argc, const char **argv) -+{ -+ int -+ rv; -+ time_t -+ oldtime = 0; -+ struct tally_options -+ options, *opts = &options; -+ uid_t -+ uid; -+ const char -+ *user; -+ -+ rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); -+ if (rv != PAM_SUCCESS) -+ RETURN_ERROR(rv); -+ -+ if (flags & PAM_SILENT) -+ opts->ctrl |= OPT_QUIET; -+ -+ rv = pam_get_uid(pamh, &uid, &user, opts); -+ if (rv != PAM_SUCCESS) -+ RETURN_ERROR(rv); -+ -+ rv = tally_bump(1, &oldtime, pamh, uid, user, opts); -+ -+ tally_set_data(pamh, oldtime); -+ -+ return rv; -+} -+ -+PAM_EXTERN int -+pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, -+ int argc, const char **argv) -+{ -+ int -+ rv; -+ time_t -+ oldtime = 0; -+ struct tally_options -+ options, *opts = &options; -+ uid_t -+ uid; -+ const char -+ *user; -+ -+ rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); -+ if ( rv != PAM_SUCCESS ) -+ RETURN_ERROR( rv ); -+ -+ rv = pam_get_uid(pamh, &uid, &user, opts); -+ if ( rv != PAM_SUCCESS ) -+ RETURN_ERROR( rv ); -+ -+ if ( tally_get_data(pamh, &oldtime) != 0 ) -+ /* no data found */ -+ return PAM_SUCCESS; -+ -+ return tally_reset(pamh, uid, opts); -+} -+ -+/*---------------------------------------------------------------------*/ -+ -+/* --- authentication management functions (only) --- */ -+ -+/* To reset failcount of user on successfull login */ -+ -+PAM_EXTERN int -+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, -+ int argc, const char **argv) -+{ -+ int -+ rv; -+ time_t -+ oldtime = 0; -+ struct tally_options -+ options, *opts = &options; -+ uid_t -+ uid; -+ const char -+ *user; -+ -+ rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); -+ if ( rv != PAM_SUCCESS ) -+ RETURN_ERROR( rv ); -+ -+ rv = pam_get_uid(pamh, &uid, &user, opts); -+ if ( rv != PAM_SUCCESS ) -+ RETURN_ERROR( rv ); -+ -+ if ( tally_get_data(pamh, &oldtime) != 0 ) -+ /* no data found */ -+ return PAM_SUCCESS; -+ -+ return tally_reset(pamh, uid, opts); -+} -+ -+/*-----------------------------------------------------------------------*/ -+ -+#ifdef PAM_STATIC -+ -+/* static module data */ -+ -+struct pam_module _pam_tally_modstruct = { -+ MODULE_NAME, -+#ifdef PAM_SM_AUTH -+ pam_sm_authenticate, -+ pam_sm_setcred, -+#else -+ NULL, -+ NULL, -+#endif -+#ifdef PAM_SM_ACCOUNT -+ pam_sm_acct_mgmt, -+#else -+ NULL, -+#endif -+ NULL, -+ NULL, -+ NULL, -+}; -+ -+#endif /* #ifdef PAM_STATIC */ -+ -+/*-----------------------------------------------------------------------*/ -+ -+#else /* #ifndef MAIN */ -+ -+static const char *cline_filename = DEFAULT_LOGFILE; -+static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */ -+static int cline_quiet = 0; -+ -+/* -+ * Not going to link with pamlib just for these.. :) -+ */ -+ -+static const char * -+pam_errors( int i ) -+{ -+ switch (i) { -+ case PAM_AUTH_ERR: return _("Authentication error"); -+ case PAM_SERVICE_ERR: return _("Service error"); -+ case PAM_USER_UNKNOWN: return _("Unknown user"); -+ default: return _("Unknown error"); -+ } -+} -+ -+static int -+getopts( char **argv ) -+{ -+ const char *pname = *argv; -+ for ( ; *argv ; (void)(*argv && ++argv) ) { -+ if ( !strcmp (*argv,"--file") ) cline_filename=*++argv; -+ else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv; -+ else if ( !strncmp(*argv,"--file=",7) ) cline_filename=*argv+7; -+ else if ( !strcmp (*argv,"--user") ) cline_user=*++argv; -+ else if ( !strcmp (*argv,"-u") ) cline_user=*++argv; -+ else if ( !strncmp(*argv,"--user=",7) ) cline_user=*argv+7; -+ else if ( !strcmp (*argv,"--reset") ) cline_reset=0; -+ else if ( !strcmp (*argv,"-r") ) cline_reset=0; -+ else if ( !strncmp(*argv,"--reset=",8)) { -+ if ( sscanf(*argv+8,"%hu",&cline_reset) != 1 ) -+ fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0); -+ } -+ else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1; -+ else { -+ fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv); -+ return FALSE; -+ } -+ } -+ return TRUE; -+} -+ -+static void -+print_one(const struct tallylog *tally, uid_t uid) -+{ -+ static int once; -+ char *cp; -+ time_t fail_time; -+ struct tm *tm; -+ struct passwd *pwent; -+ const char *username = "[NONAME]"; -+ char ptime[80]; -+ -+ pwent = getpwuid(uid); -+ fail_time = tally->fail_time; -+ tm = localtime(&fail_time); -+ strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm); -+ cp = ptime; -+ if (pwent) { -+ username = pwent->pw_name; -+ } -+ if (!once) { -+ printf (_("Login Failures Latest failure From\n")); -+ once++; -+ } -+ printf ("%-15.15s %5hu ", username, tally->fail_cnt); -+ if (tally->fail_time) { -+ printf ("%-17.17s %s", cp, tally->fail_line); -+ } -+ putchar ('\n'); -+} -+ -+int -+main( int argc UNUSED, char **argv ) -+{ -+ struct tallylog tally; -+ -+ if ( ! getopts( argv+1 ) ) { -+ printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n" -+ " [-u username] [--user username]\n" -+ " [-r] [--reset[=n]] [--quiet]\n"), -+ *argv); -+ exit(2); -+ } -+ -+ umask(077); -+ -+ /* -+ * Major difference between individual user and all users: -+ * --user just handles one user, just like PAM. -+ * without --user it handles all users, sniffing cline_filename for nonzeros -+ */ -+ -+ if ( cline_user ) { -+ uid_t uid; -+ FILE *tfile=0; -+ struct tally_options opts; -+ int i; -+ -+ memset(&opts, 0, sizeof(opts)); -+ opts.ctrl = OPT_AUDIT; -+ i=pam_get_uid(NULL, &uid, NULL, &opts); -+ if ( i != PAM_SUCCESS ) { -+ fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); -+ exit(1); -+ } -+ -+ i=get_tally(NULL, uid, cline_filename, &tfile, &tally); -+ if ( i != PAM_SUCCESS ) { -+ if (tfile) -+ fclose(tfile); -+ fprintf(stderr, "%s: %s\n", *argv, pam_errors(i)); -+ exit(1); -+ } -+ -+ if ( !cline_quiet ) -+ print_one(&tally, uid); -+ -+ if (cline_reset != TALLY_HI) { -+#ifdef HAVE_LIBAUDIT -+ char buf[64]; -+ int audit_fd = audit_open(); -+ snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); -+ audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -+ buf, NULL, NULL, NULL, 1); -+ if (audit_fd >=0) -+ close(audit_fd); -+#endif -+ if (cline_reset == 0) { -+ memset(&tally, 0, sizeof(tally)); -+ } else { -+ tally.fail_cnt = cline_reset; -+ } -+ i=set_tally(NULL, uid, cline_filename, &tfile, &tally); -+ if (i != PAM_SUCCESS) { -+ if (tfile) fclose(tfile); -+ fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); -+ exit(1); -+ } -+ } else { -+ fclose(tfile); -+ } -+ } -+ else /* !cline_user (ie, operate on all users) */ { -+ FILE *tfile=fopen(cline_filename, "r"); -+ uid_t uid=0; -+ if (!tfile && cline_reset != 0) { -+ perror(*argv); -+ exit(1); -+ } -+ -+ for ( ; tfile && !feof(tfile); uid++ ) { -+ if ( !fread(&tally, sizeof(tally), 1, tfile) -+ || !tally.fail_cnt ) { -+ continue; -+ } -+ print_one(&tally, uid); -+ } -+ if (tfile) -+ fclose(tfile); -+ if ( cline_reset!=0 && cline_reset!=TALLY_HI ) { -+ fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv); -+ } -+ else if ( !cline_reset ) { -+#ifdef HAVE_LIBAUDIT -+ char buf[64]; -+ int audit_fd = audit_open(); -+ snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); -+ audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -+ buf, NULL, NULL, NULL, 1); -+ if (audit_fd >=0) -+ close(audit_fd); -+#endif -+ tfile=fopen(cline_filename, "w"); -+ if ( !tfile ) perror(*argv), exit(0); -+ fclose(tfile); -+ } -+ } -+ return 0; -+} -+ -+ -+#endif /* #ifndef MAIN */ -diff -up pam/modules/pam_tally2/README.xml.pt2 pam/modules/pam_tally2/README.xml ---- pam/modules/pam_tally2/README.xml.pt2 2008-10-15 12:14:21.000000000 +0200 -+++ pam/modules/pam_tally2/README.xml 2008-10-15 11:14:27.000000000 +0200 -@@ -0,0 +1,46 @@ -+ -+ -+--> -+]> -+ -+
-+ -+ -+ -+ -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -+ href="pam_tally2.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tally2-name"]/*)'/> -+ -+ -+ -+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-+ -+
-diff -up pam/modules/pam_tally2/tst-pam_tally2.pt2 pam/modules/pam_tally2/tst-pam_tally2 ---- pam/modules/pam_tally2/tst-pam_tally2.pt2 2008-10-15 12:14:21.000000000 +0200 -+++ pam/modules/pam_tally2/tst-pam_tally2 2008-10-15 10:23:18.000000000 +0200 -@@ -0,0 +1,2 @@ -+#!/bin/sh -+../../tests/tst-dlopen .libs/pam_tally2.so -diff -up pam/modules/pam_tally2/pam_tally2.8.xml.pt2 pam/modules/pam_tally2/pam_tally2.8.xml ---- pam/modules/pam_tally2/pam_tally2.8.xml.pt2 2008-10-15 12:14:21.000000000 +0200 -+++ pam/modules/pam_tally2/pam_tally2.8.xml 2008-10-15 11:36:00.000000000 +0200 -@@ -0,0 +1,439 @@ -+ -+ -+ -+ -+ -+ -+ pam_tally2 -+ 8 -+ Linux-PAM Manual -+ -+ -+ -+ pam_tally2 -+ The login counter (tallying) module -+ -+ -+ -+ -+ pam_tally2.so -+ -+ file=/path/to/counter -+ -+ -+ onerr=[fail|succeed] -+ -+ -+ magic_root -+ -+ -+ even_deny_root -+ -+ -+ deny=n -+ -+ -+ lock_time=n -+ -+ -+ unlock_time=n -+ -+ -+ root_unlock_time=n -+ -+ -+ audit -+ -+ -+ silent -+ -+ -+ no_log_info -+ -+ -+ -+ pam_tally2 -+ -+ --file /path/to/counter -+ -+ -+ --user username -+ -+ -+ --reset[=n] -+ -+ -+ --quiet -+ -+ -+ -+ -+ -+ -+ DESCRIPTION -+ -+ -+ This module maintains a count of attempted accesses, can -+ reset count on success, can deny access if too many attempts fail. -+ -+ -+ pam_tally2 comes in two parts: -+ pam_tally2.so and -+ pam_tally2. The former is the PAM module and -+ the latter, a stand-alone program. pam_tally2 -+ is an (optional) application which can be used to interrogate and -+ manipulate the counter file. It can display users' counts, set -+ individual counts, or clear all counts. Setting artificially high -+ counts may be useful for blocking users without changing their -+ passwords. For example, one might find it useful to clear all counts -+ every midnight from a cron job. -+ -+ -+ Normally, failed attempts to access root will -+ not cause the root account to become -+ blocked, to prevent denial-of-service: if your users aren't given -+ shell accounts and root may only login via su or -+ at the machine console (not telnet/rsh, etc), this is safe. -+ -+ -+ -+ -+ -+ OPTIONS -+ -+ -+ -+ GLOBAL OPTIONS -+ -+ -+ -+ This can be used for auth and -+ account module types. -+ -+ -+ -+ -+ -+ -+ -+ -+ If something weird happens (like unable to open the file), -+ return with PAM_SUCESS if -+ -+ is given, else with the corresponding PAM error code. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ File where to keep counts. Default is -+ /var/log/tallylog. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Will log the user name into the system log if the user is not found. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Don't print informative messages. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Don't log informative messages via syslog3. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ AUTH OPTIONS -+ -+ -+ -+ Authentication phase first increments attempted login counter and -+ checks if user should be denied access. If the user is authenticated -+ and the login process continues on call to -+ pam_setcred3 -+ it resets the attempts counter. -+ -+ -+ -+ -+ -+ -+ -+ -+ Deny access if tally for this user exceeds -+ n. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Always deny for n seconds -+ after failed attempt. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Allow access after n seconds -+ after failed attempt. If this option is used the user will -+ be locked out for the specified amount of time after he -+ exceeded his maximum allowed attempts. Otherwise the -+ account is locked until the lock is removed by a manual -+ intervention of the system administrator. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ If the module is invoked by a user with uid=0 the -+ counter is not incremented. The sys-admin should use this -+ for user launched services, like su, -+ otherwise this argument should be omitted. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Do not use the .fail_locktime field in -+ /var/log/faillog for this user. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Don't reset count on successful entry, only decrement. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Root account can become unavailable. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ This option implies option. -+ Allow access after n seconds -+ to root acccount after failed attempt. If this option is used -+ the root user will be locked out for the specified amount of -+ time after he exceeded his maximum allowed attempts. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ ACCOUNT OPTIONS -+ -+ -+ -+ Account phase resets attempts counter if the user is -+ not magic root. -+ This phase can be used optionaly for services which don't call -+ -+ pam_setcred3 -+ correctly or if the reset should be done regardless -+ of the failure of the account phase of other modules. -+ -+ -+ -+ -+ -+ -+ -+ -+ If the module is invoked by a user with uid=0 the -+ counter is not changed. The sys-admin should use this -+ for user launched services, like su, -+ otherwise this argument should be omitted. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ MODULE TYPES PROVIDED -+ -+ The and -+ module types are provided. -+ -+ -+ -+ -+ RETURN VALUES -+ -+ -+ PAM_AUTH_ERR -+ -+ -+ A invalid option was given, the module was not able -+ to retrive the user name, no valid counter file -+ was found, or too many failed logins. -+ -+ -+ -+ -+ PAM_SUCCESS -+ -+ -+ Everything was successfull. -+ -+ -+ -+ -+ PAM_USER_UNKNOWN -+ -+ -+ User not known. -+ -+ -+ -+ -+ -+ -+ -+ NOTES -+ -+ pam_tally2 is not compatible with the old pam_tally faillog file format. -+ This is caused by requirement of compatibility of the tallylog file -+ format between 32bit and 64bit architectures on multiarch systems. -+ -+ -+ There is no setuid wrapper for access to the data file such as when the -+ pam_tally2.so module is called from -+ xscreensaver. As this would make it impossible to share PAM configuration -+ with such services the following workaround is used: If the data file -+ cannot be opened because of insufficient permissions -+ (EPERM) the module returns -+ PAM_IGNORE. -+ -+ -+ -+ -+ EXAMPLES -+ -+ Add the following line to /etc/pam.d/login to -+ lock the account after 4 failed logins. Root account will be locked -+ as well. The accounts will be automatically unlocked after 20 minutes. -+ The module does not have to be called in the account phase because the -+ login calls -+ pam_setcred3 -+ correctly. -+ -+ -+auth required pam_securetty.so -+auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200 -+auth required pam_env.so -+auth required pam_unix.so -+auth required pam_nologin.so -+account required pam_unix.so -+password required pam_unix.so -+session required pam_limits.so -+session required pam_unix.so -+session required pam_lastlog.so nowtmp -+session optional pam_mail.so standard -+ -+ -+ -+ -+ FILES -+ -+ -+ /var/log/tallylog -+ -+ failure count logging file -+ -+ -+ -+ -+ -+ -+ SEE ALSO -+ -+ -+ pam.conf5 -+ , -+ -+ pam.d5 -+ , -+ -+ pam8 -+ -+ -+ -+ -+ -+ AUTHOR -+ -+ pam_tally was written by Tim Baverstock and Tomas Mraz. -+ -+ -+ -+ -+ -diff -up pam/modules/pam_tally2/Makefile.am.pt2 pam/modules/pam_tally2/Makefile.am ---- pam/modules/pam_tally2/Makefile.am.pt2 2008-10-15 12:13:43.000000000 +0200 -+++ pam/modules/pam_tally2/Makefile.am 2008-10-15 11:31:41.000000000 +0200 -@@ -0,0 +1,40 @@ -+# -+# Copyright (c) 2005, 2006, 2007 Thorsten Kukuk -+# Copyright (c) 2008 Red Hat, Inc. -+# -+ -+CLEANFILES = *~ -+ -+EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_tally2 -+ -+man_MANS = pam_tally2.8 -+XMLS = README.xml pam_tally2.8.xml -+ -+TESTS = tst-pam_tally2 -+ -+securelibdir = $(SECUREDIR) -+secureconfdir = $(SCONFIGDIR) -+ -+noinst_HEADERS = tallylog.h -+ -+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include -+ -+pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module -+pam_tally2_la_LIBADD = -L$(top_builddir)/libpam -lpam $(LIBAUDIT) -+if HAVE_VERSIONING -+ pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -+endif -+ -+pam_tally2_LDADD = $(LIBAUDIT) -+ -+securelib_LTLIBRARIES = pam_tally2.la -+sbin_PROGRAMS = pam_tally2 -+ -+pam_tally2_la_SOURCES = pam_tally.c -+pam_tally2_SOURCES = pam_tally_app.c -+ -+if ENABLE_REGENERATE_MAN -+noinst_DATA = README -+README: pam_tally2.8.xml -+-include $(top_srcdir)/Make.xml.rules -+endif -diff -up pam/modules/pam_tally2/pam_tally_app.c.pt2 pam/modules/pam_tally2/pam_tally_app.c ---- pam/modules/pam_tally2/pam_tally_app.c.pt2 2008-10-15 12:14:21.000000000 +0200 -+++ pam/modules/pam_tally2/pam_tally_app.c 2008-02-27 17:08:50.000000000 +0100 -@@ -0,0 +1,7 @@ -+/* -+ # This seemed like such a good idea at the time. :) -+ */ -+ -+#define MAIN -+#include "pam_tally.c" -+ diff --git a/pam_time.diff b/pam_time.diff deleted file mode 100644 index 8e158a0..0000000 --- a/pam_time.diff +++ /dev/null @@ -1,18 +0,0 @@ -2008-11-25 Thorsten Kukuk - - * modules/pam_time/pam_time.c (is_same): Fix check - of correct string length (debian bug #326407). - ---- modules/pam_time/pam_time.c 7 Dec 2007 15:40:02 -0000 1.16 -+++ modules/pam_time/pam_time.c 25 Nov 2008 13:37:12 -0000 -@@ -358,8 +358,8 @@ - - /* Ok, we know that b is a substring from A and does not contain - wildcards, but now the length of both strings must be the same, -- too. */ -- if (strlen (a) != strlen(b)) -+ too. In this case it means, a[i] has to be the end of the string. */ -+ if (a[i] != '\0') - return FALSE; - - return ( !len ); diff --git a/pam_xauth-XAUTHLOCALHOSTNAME.diff b/pam_xauth-XAUTHLOCALHOSTNAME.diff deleted file mode 100644 index 42a71c8..0000000 --- a/pam_xauth-XAUTHLOCALHOSTNAME.diff +++ /dev/null @@ -1,54 +0,0 @@ ---- modules/pam_xauth/pam_xauth.c 8 Apr 2008 07:01:41 -0000 1.16 -+++ modules/pam_xauth/pam_xauth.c 18 Nov 2008 12:30:58 -0000 -@@ -280,7 +280,7 @@ - return noent_code; - default: - if (debug) { -- pam_syslog(pamh, LOG_ERR, -+ pam_syslog(pamh, LOG_DEBUG, - "error opening %s: %m", path); - } - return PAM_PERM_DENIED; -@@ -293,7 +293,8 @@ - int argc, const char **argv) - { - char *cookiefile = NULL, *xauthority = NULL, -- *cookie = NULL, *display = NULL, *tmp = NULL; -+ *cookie = NULL, *display = NULL, *tmp = NULL, -+ *xauthlocalhostname = NULL; - const char *user, *xauth = NULL; - struct passwd *tpwd, *rpwd; - int fd, i, debug = 0; -@@ -588,14 +589,30 @@ - - if (asprintf(&d, "DISPLAY=%s", display) < 0) - { -- pam_syslog(pamh, LOG_DEBUG, "out of memory"); -+ pam_syslog(pamh, LOG_ERR, "out of memory"); - cookiefile = NULL; - retval = PAM_SESSION_ERR; - goto cleanup; - } - - if (pam_putenv (pamh, d) != PAM_SUCCESS) -- pam_syslog (pamh, LOG_DEBUG, -+ pam_syslog (pamh, LOG_ERR, -+ "can't set environment variable '%s'", d); -+ free (d); -+ } -+ -+ /* set XAUTHLOCALHOSTNAME to make sure that su - work under gnome */ -+ if ((xauthlocalhostname = getenv("XAUTHLOCALHOSTNAME")) != NULL) { -+ char *d; -+ -+ if (asprintf(&d, "XAUTHLOCALHOSTNAME=%s", xauthlocalhostname) < 0) { -+ pam_syslog(pamh, LOG_ERR, "out of memory"); -+ retval = PAM_SESSION_ERR; -+ goto cleanup; -+ } -+ -+ if (pam_putenv (pamh, d) != PAM_SUCCESS) -+ pam_syslog (pamh, LOG_ERR, - "can't set environment variable '%s'", d); - free (d); - } diff --git a/pam_xauth.diff b/pam_xauth.diff deleted file mode 100644 index 25d99c9..0000000 --- a/pam_xauth.diff +++ /dev/null @@ -1,26 +0,0 @@ - -2008-04-08 Tomas Mraz - - * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple - calls to sysconf() (based on patch by Sami Farin). - ---- Linux-PAM-1.0/modules/pam_xauth/pam_xauth.c 2007-10-01 11:41:32.000000000 +0200 -+++ Linux-PAM/modules/pam_xauth/pam_xauth.c 2008-06-22 09:47:33.000000000 +0200 -@@ -118,6 +118,7 @@ - size_t j; - char *args[10]; - const char *tmp; -+ int maxopened; - /* Drop privileges. */ - setgid(gid); - setgroups(0, NULL); -@@ -129,7 +130,8 @@ - * descriptors. */ - dup2(ipipe[0], STDIN_FILENO); - dup2(opipe[1], STDOUT_FILENO); -- for (i = 0; i < sysconf(_SC_OPEN_MAX); i++) { -+ maxopened = (int)sysconf(_SC_OPEN_MAX); -+ for (i = 0; i < maxopened; i++) { - if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { - close(i); - } -- 2.51.1 From f57c3f3c5f0bbb9645c1f9b3904de557fdfea5383d66acd54a20b8ab5a0b6f11 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 23 Apr 2009 18:32:12 +0000 Subject: [PATCH 028/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=28 --- pam.changes | 5 +++++ pam.spec | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index 4504c4b..95b7f52 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + ------------------------------------------------------------------- Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 097aa11..97a0875 100644 --- a/pam.spec +++ b/pam.spec @@ -32,7 +32,6 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -BuildRequires: cracklib-dict-full pwdutils %define libpam_so_version 0.82.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.0 @@ -45,7 +44,7 @@ Obsoletes: pam-64bit %endif # Version: 1.0.91 -Release: 1 +Release: 2 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -310,6 +309,8 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Fri Apr 03 2009 rguenther@suse.de +- Remove cracklib-dict-full and pwdutils BuildRequires again. * Fri Mar 27 2009 kukuk@suse.de - Update to version 1.0.91 aka 1.1 Beta2: * Changes in the behavior of the password stack. Results of @@ -610,7 +611,7 @@ rm -rf $RPM_BUILD_ROOT * Sun Jan 18 2004 meissner@suse.de - We no longer have pam in the buildsystem, so we need some buildroot magic flags for the dlopen tests. -* Thu Jan 15 2004 kukuk@suse.de +* Fri Jan 16 2004 kukuk@suse.de - Cleanup neededforbuild * Fri Dec 05 2003 kukuk@suse.de - Add manual pages from SLES8 -- 2.51.1 From 27f85de90b0882c93ebd4814bdae9f8936ee49ee1bc7894277744b813b855e91 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 6 May 2009 16:50:00 +0000 Subject: [PATCH 029/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=29 --- Linux-PAM-1.0.91-docs.tar.bz2 | 3 - Linux-PAM-1.0.91.tar.bz2 | 3 - Linux-PAM-1.0.92-docs.tar.bz2 | 3 + Linux-PAM-1.0.92.tar.bz2 | 3 + cvs.diff | 2333 --------------------------------- pam.changes | 8 + pam.spec | 17 +- 7 files changed, 24 insertions(+), 2346 deletions(-) delete mode 100644 Linux-PAM-1.0.91-docs.tar.bz2 delete mode 100644 Linux-PAM-1.0.91.tar.bz2 create mode 100644 Linux-PAM-1.0.92-docs.tar.bz2 create mode 100644 Linux-PAM-1.0.92.tar.bz2 delete mode 100644 cvs.diff diff --git a/Linux-PAM-1.0.91-docs.tar.bz2 b/Linux-PAM-1.0.91-docs.tar.bz2 deleted file mode 100644 index 4dd19e1..0000000 --- a/Linux-PAM-1.0.91-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3c6e610cae207e7af87ab471228ab3311536a27f061d86dd0c75413ae8f96d09 -size 498156 diff --git a/Linux-PAM-1.0.91.tar.bz2 b/Linux-PAM-1.0.91.tar.bz2 deleted file mode 100644 index 2c3765c..0000000 --- a/Linux-PAM-1.0.91.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b729820717cbf07a7ab07672180d070ce384ac923cc2129904fdc975342a35c4 -size 1112332 diff --git a/Linux-PAM-1.0.92-docs.tar.bz2 b/Linux-PAM-1.0.92-docs.tar.bz2 new file mode 100644 index 0000000..2c99e7b --- /dev/null +++ b/Linux-PAM-1.0.92-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1abb9e83e3108f1edc93408fba753416fe69bb5968871250a3fafa47522eb6a1 +size 494348 diff --git a/Linux-PAM-1.0.92.tar.bz2 b/Linux-PAM-1.0.92.tar.bz2 new file mode 100644 index 0000000..5ff21d7 --- /dev/null +++ b/Linux-PAM-1.0.92.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fdcd577e41642ee7b3a9712488b70adebb295e756fcc0fc45a441c5014a7b0fc +size 1102731 diff --git a/cvs.diff b/cvs.diff deleted file mode 100644 index a9517a1..0000000 --- a/cvs.diff +++ /dev/null @@ -1,2333 +0,0 @@ -Index: libpamc/include/security/pam_client.h -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/libpamc/include/security/pam_client.h,v -retrieving revision 1.7 -diff -u -r1.7 pam_client.h ---- libpamc/include/security/pam_client.h 20 May 2005 14:58:58 -0000 1.7 -+++ libpamc/include/security/pam_client.h 27 Mar 2009 10:11:14 -0000 -@@ -9,8 +9,8 @@ - #ifndef PAM_CLIENT_H - #define PAM_CLIENT_H - --#ifdef __cplusplus --extern "C" { -+#ifdef __cplusplus -+extern "C" { - #endif /* def __cplusplus */ - - #include -@@ -74,8 +74,12 @@ - #include - - #ifndef PAM_BP_ASSERT --# define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \ -- __LINE__, x) ; exit(1); } while (0) -+# ifdef NDEBUG -+# define PAM_BP_ASSERT(x) do {} while (0) -+# else -+# define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \ -+ __LINE__, x) ; exit(1); } while (0) -+# endif /* NDEBUG */ - #endif /* PAM_BP_ASSERT */ - - #ifndef PAM_BP_CALLOC -Index: modules/pam_ftp/pam_ftp.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_ftp/pam_ftp.c,v -retrieving revision 1.12 -diff -u -r1.12 pam_ftp.c ---- modules/pam_ftp/pam_ftp.c 5 Mar 2008 20:21:38 -0000 1.12 -+++ modules/pam_ftp/pam_ftp.c 27 Mar 2009 10:11:14 -0000 -@@ -1,7 +1,7 @@ - /* pam_ftp module */ - - /* -- * $Id: pam_ftp.c,v 1.12 2008/03/05 20:21:38 t8m Exp $ -+ * $Id: pam_ftp.c,v 1.13 2009/03/25 10:54:23 kukuk Exp $ - * - * Written by Andrew Morgan 1996/3/11 - * -@@ -79,7 +79,7 @@ - if (list && *list) { - const char *l; - char *list_copy, *x; -- char *sptr; -+ char *sptr = NULL; - - list_copy = x_strdup(list); - x = list_copy; -@@ -172,7 +172,7 @@ - /* XXX: Some effort should be made to verify this email address! */ - - if (!(ctrl & PAM_IGNORE_EMAIL)) { -- char *sptr; -+ char *sptr = NULL; - token = strtok_r(resp, "@", &sptr); - retval = pam_set_item(pamh, PAM_RUSER, token); - -Index: modules/pam_issue/pam_issue.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_issue/pam_issue.c,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- modules/pam_issue/pam_issue.c 19 Sep 2005 16:47:20 -0000 1.14 -+++ modules/pam_issue/pam_issue.c 25 Mar 2009 10:54:23 -0000 1.15 -@@ -145,7 +145,7 @@ - return PAM_BUF_ERR; - } - -- if (fread(issue, 1, st.st_size, fp) != st.st_size) { -+ if ((off_t)fread(issue, 1, st.st_size, fp) != st.st_size) { - pam_syslog(pamh, LOG_ERR, "read error: %m"); - _pam_drop(issue); - return PAM_SERVICE_ERR; -Index: modules/pam_mkhomedir/pam_mkhomedir.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c,v -retrieving revision 1.27 -retrieving revision 1.28 -diff -u -r1.27 -r1.28 ---- modules/pam_mkhomedir/pam_mkhomedir.c 3 Mar 2009 08:10:53 -0000 1.27 -+++ modules/pam_mkhomedir/pam_mkhomedir.c 25 Mar 2009 10:54:23 -0000 1.28 -@@ -64,50 +64,52 @@ - #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ - #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ - --static char UMask[16] = "0022"; --static char SkelDir[BUFSIZ] = "/etc/skel"; /* THIS MODULE IS NOT THREAD SAFE */ -+struct options_t { -+ int ctrl; -+ const char *umask; -+ const char *skeldir; -+}; -+typedef struct options_t options_t; - --static int --_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv) -+static void -+_pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, -+ options_t *opt) - { -- int ctrl = 0; -+ opt->ctrl = 0; -+ opt->umask = "0022"; -+ opt->skeldir = "/etc/skel"; - - /* does the appliction require quiet? */ - if ((flags & PAM_SILENT) == PAM_SILENT) -- ctrl |= MKHOMEDIR_QUIET; -+ opt->ctrl |= MKHOMEDIR_QUIET; - - /* step through arguments */ - for (; argc-- > 0; ++argv) - { - if (!strcmp(*argv, "silent")) { -- ctrl |= MKHOMEDIR_QUIET; -+ opt->ctrl |= MKHOMEDIR_QUIET; - } else if (!strcmp(*argv, "debug")) { -- ctrl |= MKHOMEDIR_DEBUG; -+ opt->ctrl |= MKHOMEDIR_DEBUG; - } else if (!strncmp(*argv,"umask=",6)) { -- strncpy(SkelDir,*argv+6,sizeof(UMask)); -- UMask[sizeof(UMask)-1] = '\0'; -+ opt->umask = *argv+6; - } else if (!strncmp(*argv,"skel=",5)) { -- strncpy(SkelDir,*argv+5,sizeof(SkelDir)); -- SkelDir[sizeof(SkelDir)-1] = '\0'; -+ opt->skeldir = *argv+5; - } else { - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); - } - } -- -- D(("ctrl = %o", ctrl)); -- return ctrl; - } - - /* Do the actual work of creating a home dir */ - static int --create_homedir (pam_handle_t *pamh, int ctrl, -+create_homedir (pam_handle_t *pamh, options_t *opt, - const struct passwd *pwd) - { - int retval, child; - struct sigaction newsa, oldsa; - - /* Mention what is happening, if the notification fails that is OK */ -- if (!(ctrl & MKHOMEDIR_QUIET)) -+ if (!(opt->ctrl & MKHOMEDIR_QUIET)) - pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); - - -@@ -121,8 +123,8 @@ - memset(&newsa, '\0', sizeof(newsa)); - newsa.sa_handler = SIG_DFL; - sigaction(SIGCHLD, &newsa, &oldsa); -- -- if (ctrl & MKHOMEDIR_DEBUG) { -+ -+ if (opt->ctrl & MKHOMEDIR_DEBUG) { - pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); - } - -@@ -145,8 +147,8 @@ - /* exec the mkhomedir helper */ - args[0] = x_strdup(MKHOMEDIR_HELPER); - args[1] = pwd->pw_name; -- args[2] = UMask; -- args[3] = SkelDir; -+ args[2] = x_strdup(opt->umask); -+ args[3] = x_strdup(opt->skeldir); - - execve(MKHOMEDIR_HELPER, args, envp); - -@@ -173,11 +175,11 @@ - - sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ - -- if (ctrl & MKHOMEDIR_DEBUG) { -+ if (opt->ctrl & MKHOMEDIR_DEBUG) { - pam_syslog(pamh, LOG_DEBUG, "mkhomedir_helper returned %d", retval); - } - -- if (retval != PAM_SUCCESS && !(ctrl & MKHOMEDIR_QUIET)) { -+ if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { - pam_error(pamh, _("Unable to create and initialize directory '%s'."), - pwd->pw_dir); - } -@@ -192,13 +194,14 @@ - pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -- int retval, ctrl; -+ int retval; -+ options_t opt; - const void *user; - const struct passwd *pwd; - struct stat St; - - /* Parse the flag values */ -- ctrl = _pam_parse(pamh, flags, argc, argv); -+ _pam_parse(pamh, flags, argc, argv, &opt); - - /* Determine the user name so we can get the home directory */ - retval = pam_get_item(pamh, PAM_USER, &user); -@@ -220,14 +223,14 @@ - /* Stat the home directory, if something exists then we assume it is - correct and return a success*/ - if (stat(pwd->pw_dir, &St) == 0) { -- if (ctrl & MKHOMEDIR_DEBUG) { -+ if (opt.ctrl & MKHOMEDIR_DEBUG) { - pam_syslog(pamh, LOG_DEBUG, "Home directory %s already exists.", - pwd->pw_dir); - } - return PAM_SUCCESS; - } - -- return create_homedir(pamh, ctrl, pwd); -+ return create_homedir(pamh, &opt, pwd); - } - - /* Ignore */ -Index: modules/pam_pwhistory/opasswd.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_pwhistory/opasswd.c,v -retrieving revision 1.2 -retrieving revision 1.3 -diff -u -r1.2 -r1.3 ---- modules/pam_pwhistory/opasswd.c 25 Nov 2008 14:29:41 -0000 1.2 -+++ modules/pam_pwhistory/opasswd.c 24 Mar 2009 16:33:21 -0000 1.3 -@@ -452,6 +452,15 @@ - goto error_opasswd; - } - -+ if (fflush (newpf) != 0 || fsync (fileno (newpf)) != 0) -+ { -+ pam_syslog (pamh, LOG_ERR, -+ "Error while syncing temporary opasswd file: %m"); -+ retval = PAM_AUTHTOK_ERR; -+ fclose (newpf); -+ goto error_opasswd; -+ } -+ - if (fclose (newpf) != 0) - { - pam_syslog (pamh, LOG_ERR, -Index: modules/pam_timestamp/pam_timestamp.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_timestamp/pam_timestamp.c,v -retrieving revision 1.1 -diff -u -r1.1 pam_timestamp.c ---- modules/pam_timestamp/pam_timestamp.c 28 Nov 2008 14:29:12 -0000 1.1 -+++ modules/pam_timestamp/pam_timestamp.c 27 Mar 2009 10:11:14 -0000 -@@ -194,7 +194,7 @@ - } - - static int --check_login_time(const char *ruser, time_t timestamp) -+check_login_time(const char *ruser, time_t timestamp) - { - struct utmp utbuf, *ut; - time_t oldest_login = 0; -@@ -237,14 +237,14 @@ - if (pwd != NULL) { - ruser = pwd->pw_name; - } -- } -+ } - if (ruser == NULL || strlen(ruser) >= ruserbuflen) { - *ruserbuf = '\0'; - return -1; - } - strcpy(ruserbuf, ruser); - return 0; --} -+} - - /* Get the path to the timestamp to use. */ - static int -@@ -299,7 +299,7 @@ - tty = NULL; - } else { - tty = void_tty; -- } -+ } - if ((tty == NULL) || (strlen(tty) == 0)) { - tty = ttyname(STDIN_FILENO); - if ((tty == NULL) || (strlen(tty) == 0)) { -@@ -413,7 +413,7 @@ - int count; - void *mac; - size_t maclen; -- char ruser[BUFLEN]; -+ char ruser[BUFLEN]; - - /* Check that the file is owned by the superuser. */ - if ((st.st_uid != 0) || (st.st_gid != 0)) { -@@ -483,7 +483,7 @@ - free(mac); - memmove(&then, message + strlen(path) + 1, sizeof(then)); - free(message); -- -+ - /* Check oldest login against timestamp */ - if (get_ruser(pamh, ruser, sizeof(ruser))) - { -@@ -565,7 +565,14 @@ - subdir[i] = '\0'; - if (mkdir(subdir, 0700) == 0) { - /* Attempt to set the owner to the superuser. */ -- lchown(subdir, 0, 0); -+ if (lchown(subdir, 0, 0) != 0) { -+ if (debug) { -+ pam_syslog(pamh, LOG_DEBUG, -+ "error setting permissions on `%s': %m", -+ subdir); -+ } -+ return PAM_SESSION_ERR; -+ } - } else { - if (errno != EEXIST) { - if (debug) { -@@ -617,7 +624,15 @@ - } - - /* Attempt to set the owner to the superuser. */ -- fchown(fd, 0, 0); -+ if (fchown(fd, 0, 0) != 0) { -+ if (debug) { -+ pam_syslog(pamh, LOG_DEBUG, -+ "error setting ownership of `%s': %m", -+ path); -+ } -+ return PAM_SESSION_ERR; -+ } -+ - - /* Write the timestamp to the file. */ - if (write(fd, text, p - text) != p - text) { -Index: modules/pam_unix/passverify.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/passverify.c,v -retrieving revision 1.10 -retrieving revision 1.12 -diff -u -r1.10 -r1.12 ---- modules/pam_unix/passverify.c 27 Feb 2009 14:29:40 -0000 1.10 -+++ modules/pam_unix/passverify.c 25 Mar 2009 10:54:23 -0000 1.12 -@@ -680,8 +680,13 @@ - } - } - -+ if (fflush(pwfile) || fsync(fileno(pwfile))) { -+ D(("fflush or fsync error writing entries to old passwords file: %m")); -+ err = 1; -+ } -+ - if (fclose(pwfile)) { -- D(("error writing entries to old passwords file: %m")); -+ D(("fclose error writing entries to old passwords file: %m")); - err = 1; - } - -@@ -795,8 +800,13 @@ - } - fclose(opwfile); - -+ if (fflush(pwfile) || fsync(fileno(pwfile))) { -+ D(("fflush or fsync error writing entries to password file: %m")); -+ err = 1; -+ } -+ - if (fclose(pwfile)) { -- D(("error writing entries to password file: %m")); -+ D(("fclose error writing entries to password file: %m")); - err = 1; - } - -@@ -916,8 +926,13 @@ - } - fclose(opwfile); - -+ if (fflush(pwfile) || fsync(fileno(pwfile))) { -+ D(("fflush or fsync error writing entries to shadow file: %m")); -+ err = 1; -+ } -+ - if (fclose(pwfile)) { -- D(("error writing entries to shadow file: %m")); -+ D(("fclose error writing entries to shadow file: %m")); - err = 1; - } - -@@ -996,7 +1011,7 @@ - /* emulate the behaviour of the SA_RESETHAND flag */ - if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { - struct sigaction sa; -- memset(&sa, '\0, sizeof(sa)); -+ memset(&sa, '\0', sizeof(sa)); - sa.sa_handler = SIG_DFL; - sigaction(sig, &sa, NULL); - } -Index: modules/pam_unix/support.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/support.c,v -retrieving revision 1.52 -diff -u -r1.52 support.c ---- modules/pam_unix/support.c 3 Mar 2009 08:10:53 -0000 1.52 -+++ modules/pam_unix/support.c 27 Mar 2009 10:11:14 -0000 -@@ -120,13 +120,13 @@ - D(("DISALLOW_NULL_AUTHTOK")); - set(UNIX__NONULL, ctrl); - } -- -+ - /* Set default rounds for blowfish */ - if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) { - *rounds = 5; - set(UNIX_ALGO_ROUNDS, ctrl); - } -- -+ - /* Enforce sane "rounds" values */ - if (on(UNIX_ALGO_ROUNDS, ctrl)) { - if (on(UNIX_BLOWFISH_PASS, ctrl)) { -@@ -478,10 +478,18 @@ - /* if the stored password is NULL */ - int rc=0; - if (passwd != NULL) { /* send the password to the child */ -- write(fds[1], passwd, strlen(passwd)+1); -+ if (write(fds[1], passwd, strlen(passwd)+1) == -1) { -+ pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); -+ close(fds[1]); -+ retval = PAM_AUTH_ERR; -+ } - passwd = NULL; -- } else { -- write(fds[1], "", 1); /* blank password */ -+ } else { /* blank password */ -+ if (write(fds[1], "", 1) == -1) { -+ pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); -+ close(fds[1]); -+ retval = PAM_AUTH_ERR; -+ } - } - close(fds[0]); /* close here to avoid possible SIGPIPE above */ - close(fds[1]); -@@ -871,7 +879,7 @@ - } - - /* ****************************************************************** * -- * Copyright (c) Jan Rkorajski 1999. -+ * Copyright (c) Jan Rêkorajski 1999. - * Copyright (c) Andrew G. Morgan 1996-8. - * Copyright (c) Alex O. Yuriev, 1996. - * Copyright (c) Cristian Gafton 1996. -Index: po/Linux-PAM.pot -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/Linux-PAM.pot,v -retrieving revision 1.52 -retrieving revision 1.53 -diff -u -r1.52 -r1.53 ---- po/Linux-PAM.pot 9 Mar 2009 13:07:35 -0000 1.52 -+++ po/Linux-PAM.pot 25 Mar 2009 10:54:23 -0000 1.53 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/ar.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ar.po,v -retrieving revision 1.19 -retrieving revision 1.20 -diff -u -r1.19 -r1.20 ---- po/ar.po 9 Mar 2009 13:07:35 -0000 1.19 -+++ po/ar.po 25 Mar 2009 10:54:23 -0000 1.20 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: @PACKAGE@\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2001-07-13 15:36+0200\n" - "Last-Translator: Novell Language \n" - "Language-Team: Novell Language \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "لديك بريد في مجلد %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/as.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/as.po,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- po/as.po 9 Mar 2009 13:07:35 -0000 1.14 -+++ po/as.po 25 Mar 2009 10:54:23 -0000 1.15 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-13 11:23+0530\n" - "Last-Translator: Amitakhya Phukan \n" - "Language-Team: Assamese\n" -@@ -351,12 +351,12 @@ - msgid "You have mail in folder %s." - msgstr "%s ফোল্ডাৰত আপোনাৰ ডাক আছে ।" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "'%s' পঞ্জিকা সৃষ্টি কৰা হৈছে ।" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "%s পঞ্জিকা সৃষ্টি কৰিব নোৱাৰি: %m" -Index: po/bn_IN.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/bn_IN.po,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- po/bn_IN.po 9 Mar 2009 13:07:35 -0000 1.14 -+++ po/bn_IN.po 25 Mar 2009 10:54:23 -0000 1.15 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-20 12:40+0530\n" - "Last-Translator: Runa Bhattacharjee \n" - "Language-Team: Bengali INDIA \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "%s ফোল্ডারে মেইল উপস্থিত রয়েছে।" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "'%s' ডিরেক্টরি নির্মাণ করা হচ্ছে।" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "ডিরেক্টরি %s নির্মাণ করতে ব্যর্থ: %m" -Index: po/ca.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ca.po,v -retrieving revision 1.20 -retrieving revision 1.21 -diff -u -r1.20 -r1.21 ---- po/ca.po 9 Mar 2009 13:07:35 -0000 1.20 -+++ po/ca.po 25 Mar 2009 10:54:23 -0000 1.21 -@@ -17,7 +17,7 @@ - msgstr "" - "Project-Id-Version: linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-15 16:10+0200\n" - "Last-Translator: Xavier Queralt Mateu \n" - "Language-Team: Catalan \n" -@@ -359,12 +359,12 @@ - msgid "You have mail in folder %s." - msgstr "Teniu correu a la carpeta %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Creant el directori '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "No s'ha pogut crear el directori %s: %m" -Index: po/cs.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/cs.po,v -retrieving revision 1.55 -retrieving revision 1.57 -diff -u -r1.55 -r1.57 ---- po/cs.po 9 Mar 2009 13:07:35 -0000 1.55 -+++ po/cs.po 25 Mar 2009 10:54:23 -0000 1.57 -@@ -1,14 +1,14 @@ - # translation of Linux-PAM.po to cs_CZ --# This file is distributed under the same license as the PACKAGE package. --# Copyright (C) YEAR Linux-PAM Project. -+# This file is distributed under the same license as the Linux-PAM package. -+# Copyright (C) 2005-2009 Linux-PAM Project. - # Klara Cihlarova , 2005, 2006. --# Tomas Mraz , 2005, 2008. -+# Tomas Mraz , 2005, 2008, 2009. - msgid "" - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" --"PO-Revision-Date: 2008-11-28 15:22+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" -+"PO-Revision-Date: 2009-03-24 15:22+0100\n" - "Last-Translator: Tomas Mraz \n" - "Language-Team: cs_CZ \n" - "MIME-Version: 1.0\n" -@@ -52,7 +52,7 @@ - #: libpam/pam_get_authtok.c:127 - #, c-format - msgid "Retype %s" --msgstr "" -+msgstr "Opakujte %s" - - #: libpam/pam_get_authtok.c:146 - msgid "Password change aborted." -@@ -350,15 +350,15 @@ - msgid "You have mail in folder %s." - msgstr "Máte poštu ve složce %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Vytváření adresáře '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 --#, fuzzy, c-format -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 -+#, c-format - msgid "Unable to create and initialize directory '%s'." --msgstr "Nezdařilo se vytvořit adresář %s: %m" -+msgstr "Nezdařilo se vytvořit a inicializovat adresář '%s'." - - #: modules/pam_pwhistory/pam_pwhistory.c:218 - #: modules/pam_unix/pam_unix_passwd.c:475 -Index: po/da.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/da.po,v -retrieving revision 1.19 -retrieving revision 1.20 -diff -u -r1.19 -r1.20 ---- po/da.po 9 Mar 2009 13:07:35 -0000 1.19 -+++ po/da.po 25 Mar 2009 10:54:23 -0000 1.20 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: @PACKAGE@\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2005-08-16 20:00+0200\n" - "Last-Translator: Novell Language \n" - "Language-Team: Novell Language \n" -@@ -354,12 +354,12 @@ - msgid "You have mail in folder %s." - msgstr "Du har e-mail i mappe %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/de.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/de.po,v -retrieving revision 1.63 -retrieving revision 1.64 -diff -u -r1.63 -r1.64 ---- po/de.po 9 Mar 2009 13:07:35 -0000 1.63 -+++ po/de.po 25 Mar 2009 10:54:23 -0000 1.64 -@@ -6,7 +6,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2009-02-25 18:04+01:00\n" - "Last-Translator: Fabian Affolter \n" - "Language-Team: German \n" -@@ -355,12 +355,12 @@ - msgid "You have mail in folder %s." - msgstr "Sie haben Nachrichten in %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Erstelle Verzeichnis '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Verzeichnis %s kann nicht erstellt und initialisiert werden: %m" -Index: po/es.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/es.po,v -retrieving revision 1.56 -retrieving revision 1.58 -diff -u -r1.56 -r1.58 ---- po/es.po 9 Mar 2009 13:07:35 -0000 1.56 -+++ po/es.po 25 Mar 2009 10:54:23 -0000 1.58 -@@ -10,10 +10,10 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip.es\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" --"PO-Revision-Date: 2009-02-21 02:08-0300\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" -+"PO-Revision-Date: 2009-03-18 22:51-0300\n" - "Last-Translator: Domingo Becker \n" --"Language-Team: Spanish \n" -+"Language-Team: Fedora Spanish \n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" -@@ -357,15 +357,15 @@ - msgid "You have mail in folder %s." - msgstr "Tiene correo en la carpeta %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Creando directorio '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 --#, fuzzy, c-format -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 -+#, c-format - msgid "Unable to create and initialize directory '%s'." --msgstr "No se pudo crear el directorio %s: %m" -+msgstr "No se pudo crear e inicializar el directorio '%s'." - - #: modules/pam_pwhistory/pam_pwhistory.c:218 - #: modules/pam_unix/pam_unix_passwd.c:475 -Index: po/fi.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/fi.po,v -retrieving revision 1.47 -retrieving revision 1.48 -diff -u -r1.47 -r1.48 ---- po/fi.po 9 Mar 2009 13:07:35 -0000 1.47 -+++ po/fi.po 25 Mar 2009 10:54:23 -0000 1.48 -@@ -10,7 +10,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2006-05-04 08:30+0200\n" - "Last-Translator: Jyri Palokangas \n" - "Language-Team: \n" -@@ -352,12 +352,12 @@ - msgid "You have mail in folder %s." - msgstr "Sinulla on postia kansiossa %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/fr.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/fr.po,v -retrieving revision 1.57 -retrieving revision 1.58 -diff -u -r1.57 -r1.58 ---- po/fr.po 9 Mar 2009 13:07:35 -0000 1.57 -+++ po/fr.po 25 Mar 2009 10:54:23 -0000 1.58 -@@ -9,7 +9,7 @@ - msgstr "" - "Project-Id-Version: pam.fr2\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-19 18:59+0200\n" - "Last-Translator: Pablo Martin-Gomez \n" - "Language-Team: Français \n" -@@ -362,12 +362,12 @@ - msgid "You have mail in folder %s." - msgstr "Vous avez des messages dans le dossier %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Création du répertoire « %s »." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Impossible de créer le répertoire %s : %m" -Index: po/gu.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/gu.po,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- po/gu.po 9 Mar 2009 13:07:35 -0000 1.14 -+++ po/gu.po 25 Mar 2009 10:54:23 -0000 1.15 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip.gu\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-03-13 14:29+0530\n" - "Last-Translator: Ankit Patel \n" - "Language-Team: Gujarati \n" -@@ -352,12 +352,12 @@ - msgid "You have mail in folder %s." - msgstr "તમારી પાસે ફોલ્ડર %s માં મેઈલ છે." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "ડિરેક્ટરી '%s' બનાવી રહ્યા છીએ." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "ડિરેક્ટરી %s બનાવવામાં અસમર્થ: %m" -Index: po/hi.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/hi.po,v -retrieving revision 1.13 -retrieving revision 1.14 -diff -u -r1.13 -r1.14 ---- po/hi.po 9 Mar 2009 13:07:35 -0000 1.13 -+++ po/hi.po 25 Mar 2009 10:54:23 -0000 1.14 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: hi\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2007-06-21 15:22+0530\n" - "Last-Translator: Rajesh Ranjan \n" - "Language-Team: Hindi \n" -@@ -352,12 +352,12 @@ - msgid "You have mail in folder %s." - msgstr "आपके लिए %s फोल्डर में मेल है." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/hu.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/hu.po,v -retrieving revision 1.55 -retrieving revision 1.57 -diff -u -r1.55 -r1.57 ---- po/hu.po 9 Mar 2009 13:07:35 -0000 1.55 -+++ po/hu.po 25 Mar 2009 10:54:23 -0000 1.57 -@@ -2,27 +2,24 @@ - # translation of Linux-pam.po to - # translation of hu.po to - # This file is distributed under the same license as the PACKAGE package. --# Copyright (C) YEAR Linux-PAM Project. --# -+# Copyright (C) 2009 Linux-PAM Project. - # Papp Zsolt , 2006. - # Keresztes Ákos , 2006. - # Kalman Kemenczy , 2006, 2007. -+# -+# - msgid "" - msgstr "" - "Project-Id-Version: pam\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" --"PO-Revision-Date: 2008-04-30 08:23+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" -+"PO-Revision-Date: 2009-03-20 20:53+0100\n" - "Last-Translator: Sulyok Péter \n" - "Language-Team: Hungarian \n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" --"X-Generator: KBabel 1.11.4\n" - "Plural-Forms: nplurals=2; plural=(n!=1);\n" --"X-Poedit-Language: Hungarian\n" --"X-Poedit-Country: HUNGARY\n" --"X-Poedit-SourceCharset: utf-8\n" - - #: libpam_misc/misc_conv.c:33 - msgid "...Time is running out...\n" -@@ -59,12 +56,11 @@ - #: libpam/pam_get_authtok.c:127 - #, c-format - msgid "Retype %s" --msgstr "" -+msgstr "Ismét %s" - - #: libpam/pam_get_authtok.c:146 --#, fuzzy - msgid "Password change aborted." --msgstr "Változatlan jelszó" -+msgstr "Jelszó változtatás elvetve." - - #: libpam/pam_item.c:310 - msgid "login:" -@@ -234,11 +230,11 @@ - - #: modules/pam_cracklib/pam_cracklib.c:522 - msgid "contains too many same characters consecutively" --msgstr "" -+msgstr "túl sok egymást követő betű egyezik meg" - - #: modules/pam_cracklib/pam_cracklib.c:525 - msgid "contains the user name in some form" --msgstr "" -+msgstr "valahogy tartalmazza a használó nevét" - - #: modules/pam_cracklib/pam_cracklib.c:555 - #: modules/pam_unix/pam_unix_passwd.c:454 -@@ -300,23 +296,23 @@ - - #. TRANSLATORS: "Last failed login: from on " - #: modules/pam_lastlog/pam_lastlog.c:460 --#, fuzzy, c-format -+#, c-format - msgid "Last failed login:%s%s%s" --msgstr "Utolsó belépés:%s%s%s" -+msgstr "Utolsó sikertelen belépés:%s %s %s" - - #: modules/pam_lastlog/pam_lastlog.c:469 modules/pam_lastlog/pam_lastlog.c:476 - #, c-format - msgid "There was %d failed login attempt since the last successful login." - msgid_plural "" - "There were %d failed login attempts since the last successful login." --msgstr[0] "" --msgstr[1] "" -+msgstr[0] "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." -+msgstr[1] "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." - - #. TRANSLATORS: only used if dngettext is not supported - #: modules/pam_lastlog/pam_lastlog.c:481 - #, c-format - msgid "There were %d failed login attempts since the last successful login." --msgstr "" -+msgstr "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." - - #: modules/pam_limits/pam_limits.c:786 - #, c-format -@@ -359,15 +355,15 @@ - msgid "You have mail in folder %s." - msgstr "%s mappában levelek vannak." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "\"%s\" mappa teremtése" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 --#, fuzzy, c-format -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 -+#, c-format - msgid "Unable to create and initialize directory '%s'." --msgstr "%s mapa nem teremthető meg: %m" -+msgstr "„%s” mapa nem teremthető meg." - - #: modules/pam_pwhistory/pam_pwhistory.c:218 - #: modules/pam_unix/pam_unix_passwd.c:475 -@@ -454,12 +450,12 @@ - #: modules/pam_tally/pam_tally.c:541 modules/pam_tally2/pam_tally2.c:596 - #, c-format - msgid "Account temporary locked (%ld seconds left)" --msgstr "" -+msgstr "Számla ideiglenesen lakat alatt (még %ld másodpercig)" - - #: modules/pam_tally/pam_tally.c:566 modules/pam_tally2/pam_tally2.c:575 - #, c-format - msgid "Account locked due to %u failed logins" --msgstr "" -+msgstr "Számla lakat alatt %u sikertelen belépés miatt" - - #: modules/pam_tally/pam_tally.c:777 modules/pam_tally2/pam_tally2.c:884 - msgid "Authentication error" -@@ -502,21 +498,23 @@ - #: modules/pam_tally2/pam_tally2.c:937 - #, c-format - msgid "Login Failures Latest failure From\n" --msgstr "" -+msgstr "Belépés bukások Utolsó bukás innen\n" - - #: modules/pam_tally2/pam_tally2.c:953 --#, fuzzy, c-format -+#, c-format - msgid "" - "%s: [-f rooted-filename] [--file rooted-filename]\n" - " [-u username] [--user username]\n" - " [-r] [--reset[=n]] [--quiet]\n" - msgstr "" --"%s: [--file rooted-fájlnév] [--user használó] [--reset[=n]] [--quiet]\n" -+"%s: [-f rooted-fájlnév] [--file rooted-fájlnév]\n" -+" [-u használó] [--user használó]\n" -+" [-r] [--reset[=n]] [--quiet]\n" - - #: modules/pam_timestamp/pam_timestamp.c:339 - #, c-format - msgid "Access granted (last access was %ld seconds ago)." --msgstr "" -+msgstr "Hozzáférés megadva (utolsó hozzáférés %ld másodperce volt)." - - #: modules/pam_unix/pam_unix_acct.c:235 modules/pam_unix/pam_unix_acct.c:257 - msgid "Your account has expired; please contact your system administrator" -@@ -572,6 +570,13 @@ - msgid "Retype new UNIX password: " - msgstr "Írja be újra a UNIX jelszót: " - -+#~ msgid "" -+#~ "There was %d failed login attempt since the last successful login.There " -+#~ "were %d failed login attempts since the last successful login." -+#~ msgstr "" -+#~ "%d sikertelen belépés kísérlet volt az utolsó sikeres belépés óta.%d " -+#~ "sikertelen belépés kísérlet volt az utolsó sikeres belépés óta." -+ - #~ msgid "has been already used" - #~ msgstr "használt" - -Index: po/it.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/it.po,v -retrieving revision 1.56 -retrieving revision 1.57 -diff -u -r1.56 -r1.57 ---- po/it.po 9 Mar 2009 13:07:35 -0000 1.56 -+++ po/it.po 25 Mar 2009 10:54:23 -0000 1.57 -@@ -9,7 +9,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-21 13:21+1000\n" - "Last-Translator: \n" - "Language-Team: \n" -@@ -361,12 +361,12 @@ - msgid "You have mail in folder %s." - msgstr "La cartella %s contiene email." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Creazione della directory \"%s\"." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Impossibile creare la directory %s: %m" -Index: po/ja.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ja.po,v -retrieving revision 1.56 -retrieving revision 1.57 -diff -u -r1.56 -r1.57 ---- po/ja.po 9 Mar 2009 13:07:35 -0000 1.56 -+++ po/ja.po 25 Mar 2009 10:54:23 -0000 1.57 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip.ja\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-21 15:08+1000\n" - "Last-Translator: Kiyoto Hashida \n" - "Language-Team: Japanese \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "フォルダ%sにメールがあります。" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "ディレクトリ '%s' を作成中" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "ディレクトリ %s を作成できません: %m" -Index: po/kk.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/kk.po,v -retrieving revision 1.2 -retrieving revision 1.3 -diff -u -r1.2 -r1.3 ---- po/kk.po 9 Mar 2009 13:07:35 -0000 1.2 -+++ po/kk.po 25 Mar 2009 10:54:23 -0000 1.3 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM 1.0.3\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2009-02-26 13:07+0600\n" - "Last-Translator: Baurzhan M. \n" - "Language-Team: Kazakh \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "Сізде %s бумасында поштаңыз бар." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "'%s' бумасын құру." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "%s бумасын құру мүмкін емес: %m" -Index: po/km.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/km.po,v -retrieving revision 1.30 -retrieving revision 1.31 -diff -u -r1.30 -r1.31 ---- po/km.po 9 Mar 2009 13:07:35 -0000 1.30 -+++ po/km.po 25 Mar 2009 10:54:23 -0000 1.31 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2006-03-17 10:32+0700\n" - "Last-Translator: Khoem Sokhem \n" - "Language-Team: Khmer \n" -@@ -353,12 +353,12 @@ - msgid "You have mail in folder %s." - msgstr "អ្នក​មាន​សំបុត្រ​នៅ​ក្នុង​ថត %s ។" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/kn.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/kn.po,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- po/kn.po 9 Mar 2009 13:07:35 -0000 1.14 -+++ po/kn.po 25 Mar 2009 10:54:23 -0000 1.15 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip.kn\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-20 12:29+0530\n" - "Last-Translator: Shankar Prasad \n" - "Language-Team: Kannada \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "%s ಫೋಲ್ಡರಿನಲ್ಲಿ ನಿಮಗಾಗಿ ಮೈಲ್ ಇದೆ." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲಾಗುತ್ತಿದೆ." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "ಕೋಶ '%s' ಅನ್ನು ರಚಿಸಲು ಸಾಧ್ಯವಾಗಿಲ್ಲ.: %m" -Index: po/ko.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ko.po,v -retrieving revision 1.13 -retrieving revision 1.14 -diff -u -r1.13 -r1.14 ---- po/ko.po 9 Mar 2009 13:07:35 -0000 1.13 -+++ po/ko.po 25 Mar 2009 10:54:23 -0000 1.14 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: ko\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2007-06-22 10:02+1000\n" - "Last-Translator: Eunju Kim \n" - "Language-Team: Korean \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "%s 폴더에 메일이 있습니다." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/ml.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ml.po,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- po/ml.po 9 Mar 2009 13:07:35 -0000 1.14 -+++ po/ml.po 25 Mar 2009 10:54:23 -0000 1.15 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip.ml\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-20 12:50+0530\n" - "Last-Translator: \n" - "Language-Team: \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "%s ഫോള്‍ഡറില്‍ നിങ്ങള്‍ക്ക് മെയില്‍ ഉണ്ട്." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "'%s' ഡയറക്ടറി ഉണ്ടാക്കുന്നു." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "%s ഡയറക്ടറി ഉണ്ടാക്കുവാന്‍ സാധ്യമായില്ല: %m" -Index: po/mr.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/mr.po,v -retrieving revision 1.7 -retrieving revision 1.8 -diff -u -r1.7 -r1.8 ---- po/mr.po 9 Mar 2009 13:07:35 -0000 1.7 -+++ po/mr.po 25 Mar 2009 10:54:23 -0000 1.8 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-10 07:07+0530\n" - "Last-Translator: Sandeep Shedmake \n" - "Language-Team: marathi\n" -@@ -350,12 +350,12 @@ - msgid "You have mail in folder %s." - msgstr "संचयीका %s अंतर्गत मेल आढळले गेले." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "संचयीका '%s' बनवित आहे." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "संचयीका %s बनवू शकत नाही: %m" -Index: po/ms.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ms.po,v -retrieving revision 1.7 -retrieving revision 1.8 -diff -u -r1.7 -r1.8 ---- po/ms.po 9 Mar 2009 13:07:35 -0000 1.7 -+++ po/ms.po 25 Mar 2009 10:54:23 -0000 1.8 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: linux-pam\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-09-25 23:52+0800\n" - "Last-Translator: Sharuzzaman Ahmat Raslan \n" - "Language-Team: Malay \n" -@@ -379,12 +379,12 @@ - msgid "You have mail in folder %s." - msgstr "Pemindahan mel dalam proses" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, fuzzy, c-format - msgid "Creating directory '%s'." - msgstr "Menbuat direktori initrd" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "gagal untuk mencipta direktori %s: %s\n" -Index: po/nb.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/nb.po,v -retrieving revision 1.53 -retrieving revision 1.54 -diff -u -r1.53 -r1.54 ---- po/nb.po 9 Mar 2009 13:07:35 -0000 1.53 -+++ po/nb.po 25 Mar 2009 10:54:23 -0000 1.54 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-04-30 12:59+0200\n" - "Last-Translator: Olav Pettershagen \n" - "Language-Team: \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "Du har e-post i mappen %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Oppretter katalog «%s»." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Kan ikke opprette katalog %s: %m" -Index: po/nl.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/nl.po,v -retrieving revision 1.31 -retrieving revision 1.32 -diff -u -r1.31 -r1.32 ---- po/nl.po 9 Mar 2009 13:07:35 -0000 1.31 -+++ po/nl.po 25 Mar 2009 10:54:23 -0000 1.32 -@@ -9,7 +9,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-20 23:45+0200\n" - "Last-Translator: Peter van Egdom \n" - "Language-Team: Dutch \n" -@@ -355,12 +355,12 @@ - msgid "You have mail in folder %s." - msgstr "U hebt e-mail in map %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Aanmaken van map '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Niet in staat om map %s aan te maken: %m" -Index: po/or.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/or.po,v -retrieving revision 1.14 -retrieving revision 1.15 -diff -u -r1.14 -r1.15 ---- po/or.po 9 Mar 2009 13:07:35 -0000 1.14 -+++ po/or.po 25 Mar 2009 10:54:23 -0000 1.15 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip.or\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-09-30 11:42+0530\n" - "Last-Translator: Manoj Kumar Giri \n" - "Language-Team: Oriya\n" -@@ -354,12 +354,12 @@ - msgid "You have mail in folder %s." - msgstr "ଆପଣଙ୍କ ନିକଟରେ %s ଫୋଲଡରରେ ଚିଠି ଅଛି।" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରୁଅଛି." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "ଡ଼ିରେକ୍ଟୋରୀ '%s' ନିର୍ମାଣ କରିବାରେ ଅସମର୍ଥ: %m" -Index: po/pa.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/pa.po,v -retrieving revision 1.51 -retrieving revision 1.52 -diff -u -r1.51 -r1.52 ---- po/pa.po 9 Mar 2009 13:07:35 -0000 1.51 -+++ po/pa.po 25 Mar 2009 10:54:23 -0000 1.52 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.pa\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2005-08-06 08:34+0530\n" - "Last-Translator: Amanpreet Singh Alam[ਆਲਮ] \n" - "Language-Team: Panjabi \n" -@@ -354,12 +354,12 @@ - msgid "You have mail in folder %s." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/pl.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/pl.po,v -retrieving revision 1.58 -retrieving revision 1.60 -diff -u -r1.58 -r1.60 ---- po/pl.po 9 Mar 2009 13:07:35 -0000 1.58 -+++ po/pl.po 25 Mar 2009 10:54:23 -0000 1.60 -@@ -7,8 +7,8 @@ - msgstr "" - "Project-Id-Version: pl\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" --"PO-Revision-Date: 2009-01-04 23:16+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" -+"PO-Revision-Date: 2009-02-26 22:10+0100\n" - "Last-Translator: Piotr Drąg \n" - "Language-Team: Polish \n" - "MIME-Version: 1.0\n" -@@ -355,15 +355,15 @@ - msgid "You have mail in folder %s." - msgstr "Wiadomości w folderze %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Tworzenie katalogu \"%s\"." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 --#, fuzzy, c-format -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 -+#, c-format - msgid "Unable to create and initialize directory '%s'." --msgstr "Nie można utworzyć katalogu %s: %m" -+msgstr "Nie można utworzyć i zainicjować katalogu \"%s\"." - - #: modules/pam_pwhistory/pam_pwhistory.c:218 - #: modules/pam_unix/pam_unix_passwd.c:475 -Index: po/pt.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/pt.po,v -retrieving revision 1.53 -retrieving revision 1.54 -diff -u -r1.53 -r1.54 ---- po/pt.po 9 Mar 2009 13:07:35 -0000 1.53 -+++ po/pt.po 25 Mar 2009 10:54:23 -0000 1.54 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.pt\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2006-05-03 21:54+0200\n" - "Last-Translator: Antonio Cardoso Martins \n" - "Language-Team: portuguese\n" -@@ -350,12 +350,12 @@ - msgid "You have mail in folder %s." - msgstr "Tem correio electrónico na pasta %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/pt_BR.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/pt_BR.po,v -retrieving revision 1.56 -retrieving revision 1.58 -diff -u -r1.56 -r1.58 ---- po/pt_BR.po 9 Mar 2009 13:07:35 -0000 1.56 -+++ po/pt_BR.po 25 Mar 2009 10:54:23 -0000 1.58 -@@ -10,7 +10,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2009-02-20 12:41-0300\n" - "Last-Translator: Taylon \n" - "Language-Team: Brazilian Portuguese \n" -@@ -352,15 +352,15 @@ - msgid "You have mail in folder %s." - msgstr "Há mensagens na pasta %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Criando o diretório '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 --#, fuzzy, c-format -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 -+#, c-format - msgid "Unable to create and initialize directory '%s'." --msgstr "Impossível criar o diretório %s: %m" -+msgstr "Impossível criar e inicializar o diretório \"%s\"." - - #: modules/pam_pwhistory/pam_pwhistory.c:218 - #: modules/pam_unix/pam_unix_passwd.c:475 -Index: po/ru.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ru.po,v -retrieving revision 1.20 -retrieving revision 1.21 -diff -u -r1.20 -r1.21 ---- po/ru.po 9 Mar 2009 13:07:35 -0000 1.20 -+++ po/ru.po 25 Mar 2009 10:54:23 -0000 1.21 -@@ -11,7 +11,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-02-23 20:11+0300\n" - "Last-Translator: Andrew Martynov \n" - "Language-Team: Russian \n" -@@ -362,12 +362,12 @@ - msgid "You have mail in folder %s." - msgstr "Есть почта в папке %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Создание каталога '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Невозможно создать каталог %s: %m" -Index: po/si.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/si.po,v -retrieving revision 1.13 -retrieving revision 1.14 -diff -u -r1.13 -r1.14 ---- po/si.po 9 Mar 2009 13:07:35 -0000 1.13 -+++ po/si.po 25 Mar 2009 10:54:23 -0000 1.14 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: si\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2007-06-22 12:24+0530\n" - "Last-Translator: Danishka Navin \n" - "Language-Team: Sinhala \n" -@@ -350,12 +350,12 @@ - msgid "You have mail in folder %s." - msgstr "%s බහලුම තුළ ඔබට තැපැල් ඇත." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/sk.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/sk.po,v -retrieving revision 1.8 -retrieving revision 1.10 -diff -u -r1.8 -r1.10 ---- po/sk.po 9 Mar 2009 13:07:35 -0000 1.8 -+++ po/sk.po 25 Mar 2009 10:54:23 -0000 1.10 -@@ -2,19 +2,19 @@ - # This file is distributed under the same license as the Linux-PAM package. - # - # Ondrej Šulek , 2008. -+# Pavol Šimo , 2009. - msgid "" - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" --"PO-Revision-Date: 2008-10-21 09:13+0200\n" --"Last-Translator: Ondrej Šulek \n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" -+"PO-Revision-Date: 2009-03-24 22:24+0100\n" -+"Last-Translator: Pavol Šimo \n" - "Language-Team: Slovak \n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" --"X-Generator: Lokalize 0.2\n" - - #: libpam_misc/misc_conv.c:33 - msgid "...Time is running out...\n" -@@ -27,7 +27,7 @@ - #: libpam_misc/misc_conv.c:342 - #, c-format - msgid "erroneous conversation (%d)\n" --msgstr "nesprávna konverzácia (%d)\n" -+msgstr "chybná konverzácia (%d)\n" - - #: libpam/pam_get_authtok.c:39 modules/pam_exec/pam_exec.c:142 - #: modules/pam_unix/pam_unix_auth.c:159 modules/pam_userdb/pam_userdb.c:63 -@@ -46,16 +46,16 @@ - - #: libpam/pam_get_authtok.c:44 modules/pam_cracklib/pam_cracklib.c:69 - msgid "Sorry, passwords do not match." --msgstr "Heslá sa nezhodujú." -+msgstr "Prepáčte, heslá sa nezhodujú." - - #: libpam/pam_get_authtok.c:127 - #, c-format - msgid "Retype %s" --msgstr "" -+msgstr "Opakujte %s" - - #: libpam/pam_get_authtok.c:146 - msgid "Password change aborted." --msgstr "Zmena hesla prerušená." -+msgstr "Zmena hesla zrušená." - - #: libpam/pam_item.c:310 - msgid "login:" -@@ -67,7 +67,7 @@ - - #: libpam/pam_strerror.c:42 - msgid "Critical error - immediate abort" --msgstr "Kritická chyba - okamžité prerušenie" -+msgstr "Kritická chyba - okamžité zrušenie" - - #: libpam/pam_strerror.c:44 - msgid "Failed to load module" -@@ -95,19 +95,19 @@ - - #: libpam/pam_strerror.c:56 - msgid "Authentication failure" --msgstr "Zlyhanie autentifikácie" -+msgstr "Zlyhanie overenia" - - #: libpam/pam_strerror.c:58 - msgid "Insufficient credentials to access authentication data" --msgstr "Nedostatočné oprávnenia pre prístup k autentifikačným dátam" -+msgstr "Nedostatočné oprávnenia pre prístup k údajom overenia" - - #: libpam/pam_strerror.c:60 - msgid "Authentication service cannot retrieve authentication info" --msgstr "Autentifikačná služba nemôže získať informácie pre autentifikáciu" -+msgstr "Overovacia služba nemôže získať informácie pre overenie" - - #: libpam/pam_strerror.c:62 - msgid "User not known to the underlying authentication module" --msgstr "Používateľ nie je známy pre podriadený autentifikačný modul" -+msgstr "Používateľ nie je známy pre podriadený overovací modul" - - #: libpam/pam_strerror.c:64 - msgid "Have exhausted maximum number of retries for service" -@@ -115,7 +115,7 @@ - - #: libpam/pam_strerror.c:66 - msgid "Authentication token is no longer valid; new one required" --msgstr "Autentifikačný token už nie je platný; požadovaný nový" -+msgstr "Overovací token už nie je platný; požadovaný je nový" - - #: libpam/pam_strerror.c:68 - msgid "User account has expired" -@@ -123,11 +123,11 @@ - - #: libpam/pam_strerror.c:70 - msgid "Cannot make/remove an entry for the specified session" --msgstr "Pre zadané sedenie nie je možné vytvoriť/odstrániť záznam" -+msgstr "Pre zadanú reláciu nie je možné vytvoriť/odstrániť záznam" - - #: libpam/pam_strerror.c:72 - msgid "Authentication service cannot retrieve user credentials" --msgstr "Autentifikačná služba nemôže získať oprávnenia používateľa" -+msgstr "Overovacia služba nemôže získať oprávnenia používateľa" - - #: libpam/pam_strerror.c:74 - msgid "User credentials expired" -@@ -151,19 +151,19 @@ - - #: libpam/pam_strerror.c:84 - msgid "Authentication token manipulation error" --msgstr "Chyba pri manipulácii s autentifikačným tokenom" -+msgstr "Chyba pri manipulácii s overovacím tokenom" - - #: libpam/pam_strerror.c:86 - msgid "Authentication information cannot be recovered" --msgstr "Autentifikačnú informáciu nie je možné obnoviť" -+msgstr "Overovaciu informáciu nie je možné obnoviť" - - #: libpam/pam_strerror.c:88 - msgid "Authentication token lock busy" --msgstr "Autentifikačný token je uzamknutý" -+msgstr "Overovací token je uzamknutý" - - #: libpam/pam_strerror.c:90 - msgid "Authentication token aging disabled" --msgstr "Starnutie autentifikačného tokenu zakázané" -+msgstr "Starnutie overovacieho tokenu zakázané" - - #: libpam/pam_strerror.c:92 - msgid "Failed preliminary check by password service" -@@ -179,7 +179,7 @@ - - #: libpam/pam_strerror.c:98 - msgid "Authentication token expired" --msgstr "Vypršala platnosť autentifikačného tokenu" -+msgstr "Vypršala platnosť overovacieho tokenu" - - #: libpam/pam_strerror.c:100 - msgid "Conversation is waiting for event" -@@ -219,7 +219,7 @@ - - #: modules/pam_cracklib/pam_cracklib.c:519 - msgid "not enough character classes" --msgstr "dostatok rôznych druhov znakov" -+msgstr "nedostatok rôznych druhov znakov" - - #: modules/pam_cracklib/pam_cracklib.c:522 - msgid "contains too many same characters consecutively" -@@ -248,22 +248,22 @@ - #: modules/pam_exec/pam_exec.c:215 - #, c-format - msgid "%s failed: exit code %d" --msgstr "%s zlyhal: výstupný kód %d" -+msgstr "%s zlyhalo: výstupný kód %d" - - #: modules/pam_exec/pam_exec.c:224 - #, c-format - msgid "%s failed: caught signal %d%s" --msgstr "%s zlyhal: dostal signál %d%s" -+msgstr "%s zlyhalo: dostal signál %d%s" - - #: modules/pam_exec/pam_exec.c:233 - #, c-format - msgid "%s failed: unknown status 0x%x" --msgstr "%s zlyhal: neznámy stav 0x%x" -+msgstr "%s zlyhalo: neznámy stav 0x%x" - - #. TRANSLATORS: "strftime options for date of last login" - #: modules/pam_lastlog/pam_lastlog.c:201 modules/pam_lastlog/pam_lastlog.c:429 - msgid " %a %b %e %H:%M:%S %Z %Y" --msgstr "%a %d.%m.%Y %H:%M:%S %Z" -+msgstr " %a %d.%m.%Y %H:%M:%S %Z" - - #. TRANSLATORS: " from " - #: modules/pam_lastlog/pam_lastlog.c:210 modules/pam_lastlog/pam_lastlog.c:438 -@@ -285,7 +285,7 @@ - - #: modules/pam_lastlog/pam_lastlog.c:238 - msgid "Welcome to your new account!" --msgstr "Vítajte vo vašom novom účte!" -+msgstr "Vitajte vo vašom novom účte!" - - #. TRANSLATORS: "Last failed login: from on " - #: modules/pam_lastlog/pam_lastlog.c:460 -@@ -357,24 +357,24 @@ - msgid "You have mail in folder %s." - msgstr "Máte poštu v priečinku %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Vytváranie priečinka '%s'." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 --#, fuzzy, c-format -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 -+#, c-format - msgid "Unable to create and initialize directory '%s'." --msgstr "Nedá sa vytvoriť priečinok %s: %m" -+msgstr "Nedá sa vytvoriť a inicializovať priečinok '%s'." - - #: modules/pam_pwhistory/pam_pwhistory.c:218 - #: modules/pam_unix/pam_unix_passwd.c:475 - msgid "Password has been already used. Choose another." --msgstr "Heslo už bolo použité. Vyberte iné." -+msgstr "Heslo už bolo použité. Zvoľte si iné." - - #: modules/pam_selinux/pam_selinux.c:172 - msgid "Would you like to enter a security context? [N] " --msgstr "Chcete zadať kontext zabezpečenia? [N] " -+msgstr "Želáte si zadať kontext zabezpečenia? [N] " - - #: modules/pam_selinux/pam_selinux.c:191 modules/pam_selinux/pam_selinux.c:282 - msgid "role:" -@@ -395,7 +395,7 @@ - - #: modules/pam_selinux/pam_selinux.c:269 - msgid "Would you like to enter a different role or level?" --msgstr "Chcete zadať inú rolu alebo úroveň?" -+msgstr "Želáte si zadať inú rolu alebo úroveň?" - - #: modules/pam_selinux/pam_selinux.c:285 - #, c-format -@@ -405,7 +405,7 @@ - #: modules/pam_selinux/pam_selinux.c:677 - #, c-format - msgid "Unable to get valid context for %s" --msgstr "Nepodaril sa získať platný kontext zabezpečenia pre %s" -+msgstr "Nepodarilo sa získať platný kontext zabezpečenia pre %s" - - #: modules/pam_selinux/pam_selinux.c:728 - #, c-format -@@ -425,7 +425,7 @@ - #: modules/pam_selinux/pam_selinux_check.c:105 - #, c-format - msgid "failed to pam_set_item()\n" --msgstr "chyba pam_set_item()\n" -+msgstr "chyba pri pam_set_item()\n" - - #: modules/pam_selinux/pam_selinux_check.c:133 - #, c-format -@@ -443,7 +443,7 @@ - - #: modules/pam_stress/pam_stress.c:492 - msgid "Retype new STRESS password: " --msgstr "Znovu zadajte nové STRESS heslo: " -+msgstr "Znovu zadajte nové STRESS heslo: " - - #: modules/pam_stress/pam_stress.c:521 - msgid "Verification mis-typed; password unchanged" -@@ -461,7 +461,7 @@ - - #: modules/pam_tally/pam_tally.c:777 modules/pam_tally2/pam_tally2.c:884 - msgid "Authentication error" --msgstr "Chyba autentifikácie" -+msgstr "Chyba overenia" - - #: modules/pam_tally/pam_tally.c:778 modules/pam_tally2/pam_tally2.c:885 - msgid "Service error" -@@ -478,12 +478,12 @@ - #: modules/pam_tally/pam_tally.c:796 modules/pam_tally2/pam_tally2.c:906 - #, c-format - msgid "%s: Bad number given to --reset=\n" --msgstr "%s: Zadaná zlá hodnota --reset=\n" -+msgstr "%s: Zadané zlé číslo pre --reset=\n" - - #: modules/pam_tally/pam_tally.c:800 modules/pam_tally2/pam_tally2.c:910 - #, c-format - msgid "%s: Unrecognised option %s\n" --msgstr "%s: Neznáma možnosť %s\n" -+msgstr "%s: Neznáma voľba %s\n" - - #: modules/pam_tally/pam_tally.c:812 - #, c-format -@@ -501,22 +501,23 @@ - #: modules/pam_tally2/pam_tally2.c:937 - #, c-format - msgid "Login Failures Latest failure From\n" --msgstr "" -+msgstr "Login Zlyhaní Ostatné zlyhanie Z\n" - - #: modules/pam_tally2/pam_tally2.c:953 --#, fuzzy, c-format -+#, c-format - msgid "" - "%s: [-f rooted-filename] [--file rooted-filename]\n" - " [-u username] [--user username]\n" - " [-r] [--reset[=n]] [--quiet]\n" - msgstr "" --"%s: [--file meno_suboru] [--user pouzivatelske_meno] [--reset[=n]] [--" --"quiet]\n" -+"%s: [-f meno_suboru] [--file meno_suboru]\n" -+" [-u pouzivatelske_meno] [--user pouzivatelske_meno]\n" -+" [-r] [--reset[=n]] [--quiet]\n" - - #: modules/pam_timestamp/pam_timestamp.c:339 - #, c-format - msgid "Access granted (last access was %ld seconds ago)." --msgstr "" -+msgstr "Prístup povolený (ostatný prístup pred %ld sekundami)." - - #: modules/pam_unix/pam_unix_acct.c:235 modules/pam_unix/pam_unix_acct.c:257 - msgid "Your account has expired; please contact your system administrator" -@@ -525,7 +526,7 @@ - - #: modules/pam_unix/pam_unix_acct.c:243 - msgid "You are required to change your password immediately (root enforced)" --msgstr "Je vyžadovaná okamžitá zmena vašeho hesla (vynútené rootom)" -+msgstr "Je vyžadovaná okamžitá zmena vašeho hesla (vynútené správcom)" - - #: modules/pam_unix/pam_unix_acct.c:249 - msgid "You are required to change your password immediately (password aged)" -@@ -551,7 +552,7 @@ - - #: modules/pam_unix/pam_unix_passwd.c:471 - msgid "You must choose a longer password" --msgstr "Musíte vybrať dlhšie heslo" -+msgstr "Musíte si zvoliť dlhšie heslo" - - #: modules/pam_unix/pam_unix_passwd.c:576 - #, c-format -Index: po/sr.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/sr.po,v -retrieving revision 1.11 -retrieving revision 1.12 -diff -u -r1.11 -r1.12 ---- po/sr.po 9 Mar 2009 13:07:35 -0000 1.11 -+++ po/sr.po 25 Mar 2009 10:54:23 -0000 1.12 -@@ -9,7 +9,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-04-05 10:48+0100\n" - "Last-Translator: Miloš Komarčević \n" - "Language-Team: Serbian (sr) \n" -@@ -355,12 +355,12 @@ - msgid "You have mail in folder %s." - msgstr "Имате поруке у директоријуму %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Правим директоријум „%s“." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Не могу да направим директоријум %s: %m" -Index: po/sr@latin.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/sr@latin.po,v -retrieving revision 1.11 -retrieving revision 1.12 -diff -u -r1.11 -r1.12 ---- po/sr@latin.po 9 Mar 2009 13:07:35 -0000 1.11 -+++ po/sr@latin.po 25 Mar 2009 10:54:23 -0000 1.12 -@@ -9,7 +9,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-04-05 10:48+0100\n" - "Last-Translator: Miloš Komarčević \n" - "Language-Team: Serbian (sr) \n" -@@ -355,12 +355,12 @@ - msgid "You have mail in folder %s." - msgstr "Imate poruke u direktorijumu %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Pravim direktorijum „%s“." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Ne mogu da napravim direktorijum %s: %m" -Index: po/sv.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/sv.po,v -retrieving revision 1.21 -retrieving revision 1.22 -diff -u -r1.21 -r1.22 ---- po/sv.po 9 Mar 2009 13:07:35 -0000 1.21 -+++ po/sv.po 25 Mar 2009 10:54:23 -0000 1.22 -@@ -8,7 +8,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2009-02-11 12:22+0100\n" - "Last-Translator: Daniel Nylander \n" - "Language-Team: Swedish \n" -@@ -355,12 +355,12 @@ - msgid "You have mail in folder %s." - msgstr "Du har brev i katalogen %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "Skapar katalogen \"%s\"." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "Kan inte skapa katalogen %s: %m" -Index: po/ta.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/ta.po,v -retrieving revision 1.13 -retrieving revision 1.14 -diff -u -r1.13 -r1.14 ---- po/ta.po 9 Mar 2009 13:07:35 -0000 1.13 -+++ po/ta.po 25 Mar 2009 10:54:23 -0000 1.14 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: ta\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2007-06-21 15:33+0530\n" - "Last-Translator: I felix \n" - "Language-Team: Tamil \n" -@@ -352,12 +352,12 @@ - msgid "You have mail in folder %s." - msgstr "உங்களுக்கு %s அடைவில் அஞ்சல் உள்ளது." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/te.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/te.po,v -retrieving revision 1.7 -retrieving revision 1.8 -diff -u -r1.7 -r1.8 ---- po/te.po 9 Mar 2009 13:07:35 -0000 1.7 -+++ po/te.po 25 Mar 2009 10:54:23 -0000 1.8 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: te\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-22 16:24+0530\n" - "Last-Translator: Krishna Babu K \n" - "Language-Team: Telugu \n" -@@ -352,12 +352,12 @@ - msgid "You have mail in folder %s." - msgstr "మీరు ఫోల్డరు %sనందు మెయిల్‌ను కలిగివున్నారు." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "డెరెక్టరీ '%s' సృష్టించుట." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "డైరెక్టరీ %sను సృష్టించలేక పోయింది: %m" -Index: po/tr.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/tr.po,v -retrieving revision 1.26 -retrieving revision 1.27 -diff -u -r1.26 -r1.27 ---- po/tr.po 9 Mar 2009 13:07:35 -0000 1.26 -+++ po/tr.po 25 Mar 2009 10:54:23 -0000 1.27 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2006-05-03 19:00+0200\n" - "Last-Translator: Koray Löker \n" - "Language-Team: Türkçe \n" -@@ -349,12 +349,12 @@ - msgid "You have mail in folder %s." - msgstr "%s dizininde iletiniz var" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/uk.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/uk.po,v -retrieving revision 1.26 -retrieving revision 1.27 -diff -u -r1.26 -r1.27 ---- po/uk.po 9 Mar 2009 13:07:35 -0000 1.26 -+++ po/uk.po 25 Mar 2009 10:54:23 -0000 1.27 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.uk\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2006-05-03 18:59+0200\n" - "Last-Translator: Ivan Petrouchtchak \n" - "Language-Team: Ukrainian \n" -@@ -352,12 +352,12 @@ - msgid "You have mail in folder %s." - msgstr "Ви маєте пошту в теці %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" -Index: po/zh_CN.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/zh_CN.po,v -retrieving revision 1.56 -retrieving revision 1.57 -diff -u -r1.56 -r1.57 ---- po/zh_CN.po 9 Mar 2009 13:07:35 -0000 1.56 -+++ po/zh_CN.po 25 Mar 2009 10:54:23 -0000 1.57 -@@ -9,7 +9,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-20 15:43+1000\n" - "Last-Translator: Leah Liu \n" - "Language-Team: Simplified Chinese \n" -@@ -350,12 +350,12 @@ - msgid "You have mail in folder %s." - msgstr "您在文件夹 %s 中有邮件。" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "创建目录 '%s'。" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "无法创建目录 %s:%m" -Index: po/zh_TW.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/zh_TW.po,v -retrieving revision 1.54 -retrieving revision 1.55 -diff -u -r1.54 -r1.55 ---- po/zh_TW.po 9 Mar 2009 13:07:35 -0000 1.54 -+++ po/zh_TW.po 25 Mar 2009 10:54:23 -0000 1.55 -@@ -7,7 +7,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM.tip\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2008-10-21 15:51+1000\n" - "Last-Translator: Terry Chuang \n" - "Language-Team: \n" -@@ -350,12 +350,12 @@ - msgid "You have mail in folder %s." - msgstr "資料夾 %s 中有您的郵件。" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "建立目錄「%s」。" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, fuzzy, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "無法建立 %s 目錄:%m" -Index: po/zu.po -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/po/zu.po,v -retrieving revision 1.19 -retrieving revision 1.20 -diff -u -r1.19 -r1.20 ---- po/zu.po 9 Mar 2009 13:07:35 -0000 1.19 -+++ po/zu.po 25 Mar 2009 10:54:23 -0000 1.20 -@@ -5,7 +5,7 @@ - msgstr "" - "Project-Id-Version: Linux-PAM\n" - "Report-Msgid-Bugs-To: http://sourceforge.net/projects/pam\n" --"POT-Creation-Date: 2009-03-03 14:56+0100\n" -+"POT-Creation-Date: 2009-03-25 11:53+0100\n" - "PO-Revision-Date: 2006-11-03 12:03\n" - "Last-Translator: Novell Language \n" - "Language-Team: Novell Language \n" -@@ -346,12 +346,12 @@ - msgid "You have mail in folder %s." - msgstr "Unemeyili kwifolda %s." - --#: modules/pam_mkhomedir/pam_mkhomedir.c:111 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:113 - #, c-format - msgid "Creating directory '%s'." - msgstr "" - --#: modules/pam_mkhomedir/pam_mkhomedir.c:181 -+#: modules/pam_mkhomedir/pam_mkhomedir.c:183 - #, c-format - msgid "Unable to create and initialize directory '%s'." - msgstr "" diff --git a/pam.changes b/pam.changes index 95b7f52..17044b5 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to versin 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + ------------------------------------------------------------------- Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de diff --git a/pam.spec b/pam.spec index 97a0875..9973b23 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.0.91) +# spec file for package pam (Version 1.0.92) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -34,7 +34,7 @@ BuildRequires: libselinux-devel %endif %define libpam_so_version 0.82.1 %define libpam_misc_so_version 0.82.0 -%define libpamc_so_version 0.82.0 +%define libpamc_so_version 0.82.1 License: BSD 3-Clause; GPL v2 or later Group: System/Libraries AutoReqProv: on @@ -43,8 +43,8 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.0.91 -Release: 2 +Version: 1.0.92 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -55,8 +55,7 @@ Source5: common-account.pamd Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment -Patch: cvs.diff -Patch1: pam_tally-deprecated.diff +Patch: pam_tally-deprecated.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -105,7 +104,6 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch -p0 -%patch1 -p0 %build CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ @@ -309,6 +307,11 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog +* Tue May 05 2009 kukuk@suse.de +- Update to versin 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options * Fri Apr 03 2009 rguenther@suse.de - Remove cracklib-dict-full and pwdutils BuildRequires again. * Fri Mar 27 2009 kukuk@suse.de -- 2.51.1 From 408eab8861bd95f1e9322dbb4bdaaf14b708c23a0a6e43d9fcdfa6686c61cdc9 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 29 Jun 2009 12:50:11 +0000 Subject: [PATCH 030/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=30 --- Linux-PAM-1.0.92-docs.tar.bz2 | 3 - Linux-PAM-1.0.92.tar.bz2 | 3 - Linux-PAM-1.1.0-docs.tar.bz2 | 3 + Linux-PAM-1.1.0.tar.bz2 | 3 + pam.changes | 7 +- pam.spec | 525 +--------------------------------- 6 files changed, 17 insertions(+), 527 deletions(-) delete mode 100644 Linux-PAM-1.0.92-docs.tar.bz2 delete mode 100644 Linux-PAM-1.0.92.tar.bz2 create mode 100644 Linux-PAM-1.1.0-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.0.tar.bz2 diff --git a/Linux-PAM-1.0.92-docs.tar.bz2 b/Linux-PAM-1.0.92-docs.tar.bz2 deleted file mode 100644 index 2c99e7b..0000000 --- a/Linux-PAM-1.0.92-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1abb9e83e3108f1edc93408fba753416fe69bb5968871250a3fafa47522eb6a1 -size 494348 diff --git a/Linux-PAM-1.0.92.tar.bz2 b/Linux-PAM-1.0.92.tar.bz2 deleted file mode 100644 index 5ff21d7..0000000 --- a/Linux-PAM-1.0.92.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fdcd577e41642ee7b3a9712488b70adebb295e756fcc0fc45a441c5014a7b0fc -size 1102731 diff --git a/Linux-PAM-1.1.0-docs.tar.bz2 b/Linux-PAM-1.1.0-docs.tar.bz2 new file mode 100644 index 0000000..b7a6964 --- /dev/null +++ b/Linux-PAM-1.1.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7d8e4455cf44937ccc0c7fb370d469c9bef33c68979b23f706fb37727bf8812b +size 494697 diff --git a/Linux-PAM-1.1.0.tar.bz2 b/Linux-PAM-1.1.0.tar.bz2 new file mode 100644 index 0000000..ca928f1 --- /dev/null +++ b/Linux-PAM-1.1.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eafd3e4367224b5b0c1212ca7096175f707c554d7daf32f85b4662ce4c2bd322 +size 1106368 diff --git a/pam.changes b/pam.changes index 17044b5..1db3034 100644 --- a/pam.changes +++ b/pam.changes @@ -1,7 +1,12 @@ +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + ------------------------------------------------------------------- Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de -- Update to versin 1.0.92: +- Update to version 1.0.92: * Update translations * pam_succeed_if: Use provided username * pam_mkhomedir: Fix handling of options diff --git a/pam.spec b/pam.spec index 9973b23..11420a5 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.0.92) +# spec file for package pam (Version 1.1.0) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -35,7 +35,7 @@ BuildRequires: libselinux-devel %define libpam_so_version 0.82.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 -License: BSD 3-Clause; GPL v2 or later +License: BSD 3-clause (or similar) ; GPL v2 or later Group: System/Libraries AutoReqProv: on # bug437293 @@ -43,7 +43,7 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.0.92 +Version: 1.1.0 Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 @@ -66,7 +66,7 @@ having to recompile programs that do authentication. %package doc -License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later +License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML @@ -80,7 +80,7 @@ This package contains the documentation. %package devel -License: Beerware, Cardware, Shareware (not restricted); BSD 3-Clause; GPL v2 or later +License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: pam = %{version} glibc-devel @@ -307,518 +307,3 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libpam_misc.so %changelog -* Tue May 05 2009 kukuk@suse.de -- Update to versin 1.0.92: - * Update translations - * pam_succeed_if: Use provided username - * pam_mkhomedir: Fix handling of options -* Fri Apr 03 2009 rguenther@suse.de -- Remove cracklib-dict-full and pwdutils BuildRequires again. -* Fri Mar 27 2009 kukuk@suse.de -- Update to version 1.0.91 aka 1.1 Beta2: - * Changes in the behavior of the password stack. Results of - PRELIM_CHECK are not used for the final run. - * Redefine LOCAL keyword of pam_access configuration file - * Add support for try_first_pass and use_first_pass to - pam_cracklib - * New password quality tests in pam_cracklib - * Add support for passing PAM_AUTHTOK to stdin of helpers from - pam_exec - * New options for pam_lastlog to show last failed login attempt and - to disable lastlog update - * New pam_pwhistory module to store last used passwords - * New pam_tally2 module similar to pam_tally with wordsize independent - tally data format, obsoletes pam_tally - * Make libpam not log missing module if its type is prepended with '-' - * New pam_timestamp module for authentication based on recent successful - login. - * Add blowfish support to pam_unix. - * Add support for user specific environment file to pam_env. - * Add pam_get_authtok to libpam as Linux-PAM extension. -* Wed Feb 11 2009 ro@suse.de -- use sr@latin instead of sr@Latn -* Thu Feb 05 2009 kukuk@suse.de -- Log failures of setrlimit in pam_limits [bnc#448314] -- Fix using of requisite in password stack [bnc#470337] -* Tue Jan 20 2009 kukuk@suse.de -- Regenerate documentation [bnc#448314] -* Wed Dec 10 2008 olh@suse.de -- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade - (bnc#437293) -* Thu Dec 04 2008 olh@suse.de -- obsolete old -XXbit packages (bnc#437293) -* Thu Nov 27 2008 mc@suse.de -- enhance the man page for limits.conf (bnc#448314) -* Mon Nov 24 2008 kukuk@suse.de -- pam_time: fix parsing if '|' is used [bdo#326407] -* Wed Nov 19 2008 kukuk@suse.de -- pam_xauth: update last patch -- pam_pwhistory: add missing type option -* Tue Nov 04 2008 mc@suse.de -- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment - (bnc#441314) -* Fri Oct 17 2008 kukuk@suse.de -- Add pam_tally2 -- Regenerate Documentation -* Sat Oct 11 2008 kukuk@suse.de -- Enhance pam_lastlog with status output -- Add pam_pwhistory as tech preview -* Fri Sep 26 2008 kukuk@suse.de -- pam_tally: fix fd leak -- pam_mail: fix "quiet" option -* Fri Aug 29 2008 kukuk@suse.de -- Update to version 1.0.2 (fix SELinux regression) -- enhance pam_tally [FATE#303753] -- Backport fixes from CVS -* Wed Aug 20 2008 prusnak@suse.cz -- enabled SELinux support [Fate#303662] -* Wed Apr 16 2008 kukuk@suse.de -- Update to version 1.0.1: - - Fixes regression in pam_set_item(). -* Thu Apr 10 2008 ro@suse.de -- added baselibs.conf file to build xxbit packages - for multilib support -* Fri Apr 04 2008 kukuk@suse.de -- Remove devfs lines from securetty [bnc#372241] -* Thu Apr 03 2008 kukuk@suse.de -- Update to version 1.0.0: - - Official first "stable" release - - bug fixes - - translation updates -* Fri Feb 15 2008 kukuk@suse.de -- Update to version 0.99.10.0: - - New substack directive in config file syntax - - New module pam_tty_audit.so for enabling and disabling tty - auditing - - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA - - Improved functionality of pam_namespace.so module (method flags, - namespace.d configuration directory, new options). - - Finaly removed deprecated pam_rhosts_auth module. -* Wed Oct 10 2007 kukuk@suse.de -- Update to version 0.99.9.0: - - misc_conv no longer blocks SIGINT; applications that don't want - user-interruptable prompts should block SIGINT themselves - - Merge fixes from Debian - - Fix parser for pam_group and pam_time -* Wed Jul 18 2007 kukuk@suse.de -- Update to version 0.99.8.1: - - Fix regression in pam_audit -* Fri Jul 06 2007 kukuk@suse.de -- Update to version 0.99.8.0: - - Add translations for ar, ca, da, ru, sv and zu. - - Update hungarian translation. - - Add support for limits.d directory to pam_limits. - - Add minclass option to pam_cracklib - - Add new group syntax to pam_access -* Thu Apr 19 2007 mc@suse.de -- move the documentation into a seperate package (pam-doc) - [partly fixes Bug #265733] -* Mon Mar 26 2007 rguenther@suse.de -- add flex and bison BuildRequires -* Wed Jan 24 2007 mc@suse.de -- add %%verify_permissions for /sbin/unix_chkpwd - [#237625] -* Tue Jan 23 2007 kukuk@suse.de -- Update to Version 0.99.7.1 (security fix) -* Wed Jan 17 2007 kukuk@suse.de -- Update to Version 0.99.7.0 - * Add manual page for pam_unix.so. - * Add pam_faildelay module to set pam_fail_delay() value. - * Fix possible seg.fault in libpam/pam_set_data(). - * Cleanup of configure options. - * Update hungarian translation, fix german translation. -* Wed Jan 17 2007 lnussel@suse.de -- install unix_chkpwd setuid root instead of setgid shadow (#216816) -* Tue Oct 24 2006 kukuk@suse.de -- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] -- pam_namespace.so: Fix two possible buffer overflow -- link against libxcrypt -* Sat Oct 07 2006 kukuk@suse.de -- Update hungarian translation [#210091] -* Tue Sep 19 2006 kukuk@suse.de -- Don't remove pam_unix.so -- Use cracklib again (goes lost with one of the last cleanups) -* Thu Sep 14 2006 kukuk@suse.de -- Add pam_umask.so to common-session [Fate#3621] -* Wed Sep 06 2006 kukuk@suse.de -- Update to Linux-PAM 0.99.6.3 (merges all patches) -* Wed Aug 30 2006 kukuk@suse.de -- Update to Linux-PAM 0.99.6.2 (incorporate last change) -- Add pam_loginuid and fixes from CVS [Fate#300486] -* Wed Aug 23 2006 kukuk@suse.de -- Fix seg.fault in pam_cracklib if retyped password is empty -* Tue Aug 22 2006 kukuk@suse.de -- Remove use_first_pass from pam_unix2.so in password section -* Fri Aug 11 2006 kukuk@suse.de -- Update to Linux-PAM 0.99.6.1 (big documentation update) -* Fri Jul 28 2006 kukuk@suse.de -- Add missing namespace.init script -* Thu Jul 27 2006 kukuk@suse.de -- Reenable audit subsystem [Fate#300486] -* Wed Jun 28 2006 kukuk@suse.de -- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM - modules: pam_keyinit, pam_namespace, pam_rhosts) -* Mon Jun 12 2006 kukuk@suse.de -- Update to current CVS (lot of new manual pages and docu) -* Tue May 30 2006 kukuk@suse.de -- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) -* Wed May 24 2006 kukuk@suse.de -- Fix problems found by Coverity -* Wed May 17 2006 schwab@suse.de -- Don't strip binaries. -* Fri May 05 2006 kukuk@suse.de -- Fix pam_tally LFS support [#172492] -* Fri Apr 21 2006 kukuk@suse.de -- Update fr.po and pl.po -* Tue Apr 11 2006 kukuk@suse.de -- Update km.po -* Tue Apr 04 2006 kukuk@suse.de -- Remove obsolete pam-laus from the system -* Mon Mar 27 2006 kukuk@suse.de -- Update translations for pt, pl, fr, fi and cs -- Add translation for uk -* Tue Mar 21 2006 kukuk@suse.de -- Update hu.po -* Tue Mar 21 2006 kukuk@suse.de -- Add translation for tr -* Mon Mar 13 2006 kukuk@suse.de -- Fix order of NULL checks in pam_get_user -- Fix comment in pam_lastlog for translators to be visible in - pot file -- Docu update, remove pam_selinux docu -* Thu Mar 02 2006 kukuk@suse.de -- Update km translation -* Thu Feb 23 2006 kukuk@suse.de -- pam_lastlog: - - Initialize correct struct member [SF#1427401] - - Mark strftime fmt string for translation [SF#1428269] -* Sun Feb 19 2006 kukuk@suse.de -- Update more manual pages -* Sat Feb 18 2006 ro@suse.de -- really disable audit if header file not present -* Tue Feb 14 2006 kukuk@suse.de -- Update fi.po -- Add km.po -- Update pl.po -* Mon Feb 13 2006 kukuk@suse.de -- Update with better manual pages -* Thu Feb 09 2006 kukuk@suse.de -- Add translation for nl, update pt translation -* Fri Jan 27 2006 kukuk@suse.de -- Move devel manual pages to -devel package -- Mark PAM config files as noreplace -- Mark /etc/securetty as noreplace -- Run ldconfig -- Fix libdb/ndbm compat detection with gdbm -- Adjust german translation -- Add all services to pam_listfile -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Fri Jan 13 2006 kukuk@suse.de -- Update to Linux-PAM 0.99.3.0 release candiate tar balls - (new translations) -* Mon Jan 09 2006 kukuk@suse.de -- Fix NULL handling for LSB-pam test suite [#141240] -* Sun Jan 08 2006 kukuk@suse.de -- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR -* Fri Jan 06 2006 kukuk@suse.de -- NULL is allowed as thirs argument for pam_get_item [#141240] -* Wed Dec 21 2005 kukuk@suse.de -- Add fixes from CVS -* Thu Dec 15 2005 kukuk@suse.de -- Fix pam_lastlog: don't report error on first login -* Tue Dec 13 2005 kukuk@suse.de -- Update to 0.99.2.1 -* Fri Dec 09 2005 kukuk@suse.de -- Add /etc/environment to avoid warnings in syslog -* Mon Dec 05 2005 kukuk@suse.de -- disable SELinux -* Wed Nov 23 2005 kukuk@suse.de -- Update getlogin() fix to final one -* Mon Nov 21 2005 kukuk@suse.de -- Fix PAM getlogin() implementation -* Mon Nov 21 2005 kukuk@suse.de -- Update to official 0.99.2.0 release -* Tue Nov 08 2005 kukuk@suse.de -- Update to new snapshot -* Mon Oct 10 2005 kukuk@suse.de -- Enable original pam_wheel module -* Tue Sep 27 2005 kukuk@suse.de -- Update to current CVS -- Compile libpam_misc with -fno-strict-aliasing -* Mon Sep 19 2005 kukuk@suse.de -- Update to current CVS -- Fix compiling of pammodutil with -fPIC -* Sun Sep 18 2005 kukuk@suse.de -- Update to current CVS -* Tue Aug 23 2005 kukuk@suse.de -- Update to new snapshot (Major version is back to 0) -* Fri Aug 19 2005 kukuk@suse.de -- Update to Linux-PAM 0.99.0.3 snapshot -* Mon Jul 11 2005 kukuk@suse.de -- Add pam_umask -* Mon Jul 04 2005 kukuk@suse.de -- Update to current CVS snapshot -* Thu Jun 23 2005 kukuk@suse.de -- Update to current CVS snapshot -- Add pam_loginuid -* Thu Jun 09 2005 kukuk@suse.de -- Update to current CVS snapshot -* Mon Jun 06 2005 kukuk@suse.de -- Don't reset priority [#81690] -- Fix creating of symlinks -* Fri May 20 2005 kukuk@suse.de -- Update to current CVS snapshot -- Real fix for [#82687] (don't include kernel header files) -* Thu May 12 2005 schubi@suse.de -- Bug 82687 - pam_client.h redefines __u8 and __u32 -* Fri Apr 29 2005 kukuk@suse.de -- Apply lot of fixes from CVS (including SELinux support) -* Fri Apr 01 2005 kukuk@suse.de -- Update to final 0.79 release -* Mon Mar 14 2005 kukuk@suse.de -- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] -* Mon Jan 24 2005 kukuk@suse.de -- Compile with large file support -* Mon Jan 24 2005 schubi@suse.de -- Made patch of latest CVS tree -- Removed patch pam_handler.diff ( included in CVS now ) -- moved Linux-PAM-0.78.dif to pam_group_time.diff -* Wed Jan 05 2005 kukuk@suse.de -- Fix seg.fault, if a PAM config line is incomplete -* Thu Nov 18 2004 kukuk@suse.de -- Update to final 0.78 -* Mon Nov 08 2004 kukuk@suse.de -- Add pam_env.so to common-auth -- Add pam_limit.so to common-session -* Wed Oct 13 2004 kukuk@suse.de -- Update to 0.78-Beta1 -* Wed Sep 22 2004 kukuk@suse.de -- Create pam.d/common-{auth,account,password,session} and include - them in pam.d/other -- Update to current CVS version of upcoming 0.78 release -* Mon Aug 23 2004 kukuk@suse.de -- Update "code cleanup" patch -- Disable reading of /etc/environment in pam_env.so per default -* Thu Aug 19 2004 kukuk@suse.de -- Reenable a "fixed" version of "code cleanup" patch -- Use pam_wheel from pam-modules package -* Wed Aug 18 2004 kukuk@suse.de -- Disable "code cleanup" patch (no more comments about security - fixes) -* Fri Aug 13 2004 kukuk@suse.de -- Apply big "code cleanup" patch [Bug #39673] -* Fri Mar 12 2004 kukuk@suse.de -- pam_wheel: Use original getlogin again, PAM internal does not - work without application help [Bug #35682] -* Sun Jan 18 2004 meissner@suse.de -- We no longer have pam in the buildsystem, so we - need some buildroot magic flags for the dlopen tests. -* Fri Jan 16 2004 kukuk@suse.de -- Cleanup neededforbuild -* Fri Dec 05 2003 kukuk@suse.de -- Add manual pages from SLES8 -* Fri Nov 28 2003 kukuk@suse.de -- Fix installing manual pages of modules -- Remove pthread check (db is now linked against pthread) -* Thu Nov 27 2003 kukuk@suse.de -- Merge with current CVS -- Apply bug fixes from bugtracking system -- Build as normal user -* Fri Nov 21 2003 kukuk@suse.de -- Compile with noexecstack -* Thu Nov 06 2003 kukuk@suse.de -- Fix pam_securetty CVS patch -* Wed Oct 29 2003 kukuk@suse.de -- Sync with current CVS version -* Thu Oct 02 2003 kukuk@suse.de -- Add patch to implement "include" statement in pamd files -* Wed Sep 10 2003 uli@suse.de -- added ttyS1 (VT220) to securetty on s390* (bug #29239) -* Mon Jul 28 2003 kukuk@suse.de -- Apply lot of fixes for various problems -* Tue Jun 10 2003 kukuk@suse.de -- Fix getlogin handling in pam_wheel.so -* Tue May 27 2003 ro@suse.de -- added cracklib-devel to neededforbuild -* Thu Feb 13 2003 kukuk@suse.de -- Update pam_localuser and pam_xauth. -* Wed Nov 13 2002 kukuk@suse.de -- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) -* Mon Nov 11 2002 ro@suse.de -- changed neededforbuild to -* Sat Sep 14 2002 ro@suse.de -- changed securetty / use extra file -* Fri Sep 13 2002 bk@suse.de -- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty -* Tue Aug 27 2002 kukuk@suse.de -- Call password checking helper from pam_unix.so whenever the - passwd field is invalid. -* Sat Aug 24 2002 kukuk@suse.de -- Don't build ps and pdf documentation -* Fri Aug 09 2002 kukuk@suse.de -- pam-devel requires pam [Bug #17543] -* Wed Jul 17 2002 kukuk@suse.de -- Remove explicit requires -* Wed Jul 10 2002 kukuk@suse.de -- Update to Linux-PAM 0.76 -- Remove reentrant patch for original PAM modules (needs to be - rewritten for new PAM version) -- Add docu in PDF format -* Thu Jul 04 2002 kukuk@suse.de -- Fix build on different partitions -* Tue Apr 16 2002 mmj@suse.de -- Fix to not own /usr/shar/man/man3 -* Wed Mar 13 2002 kukuk@suse.de -- Add /usr/include/security to pam-devel filelist -* Mon Feb 11 2002 ro@suse.de -- tar option for bz2 is "j" -* Fri Jan 25 2002 kukuk@suse.de -- Fix last pam_securetty patch -* Thu Jan 24 2002 kukuk@suse.de -- Use reentrant getpwnam functions for most modules -- Fix unresolved symbols in pam_access and pam_userdb -* Sun Jan 20 2002 kukuk@suse.de -- libpam_misc: Don't handle Ctrl-D as error. -* Wed Jan 16 2002 kukuk@suse.de -- Remove SuSEconfig.pam -- Update pam_localuser and pam_xauth -- Add new READMEs about blowfish and cracklib -* Mon Nov 12 2001 kukuk@suse.de -- Remove pam_unix.so (is part of pam-modules) -* Fri Nov 09 2001 kukuk@suse.de -- Move extra PAM modules to separate package -- Require pam-modules package -* Fri Aug 24 2001 kukuk@suse.de -- Move susehelp config file to susehelp package -* Mon Aug 13 2001 ro@suse.de -- changed neededforbuild to -* Tue Aug 07 2001 kukuk@suse.de -- Fixes wrong symlink handling of pam_homecheck [Bug #3905] -* Wed Jul 11 2001 kukuk@suse.de -- Sync pam_homecheck and pam_unix2 fixes from 7.2 -- Always ask for the old password if it is expired -* Sat May 05 2001 kukuk@suse.de -- Cleanup Patches, make tar archive from extra pam modules -* Fri May 04 2001 kukuk@suse.de -- Use LOG_NOTICE for trace option [Bug #7673] -* Thu Apr 12 2001 kukuk@suse.de -- Linux-PAM: link pam_access against libnsl -- Add pam.conf for susehelp/pam html docu -* Tue Apr 10 2001 kukuk@suse.de -- Linux-PAM: Update to version 0.75 -* Tue Apr 03 2001 kukuk@suse.de -- Linux-PAM: link libpam_misc against libpam [Bug #6890] -* Thu Mar 08 2001 kukuk@suse.de -- Linux-PAM: Fix manual pages (.so reference) -- pam_pwcheck: fix Makefile -* Tue Mar 06 2001 kukuk@suse.de -- Update for Linux-PAM 0.74 -- Drop pwdb subpackage -* Tue Feb 13 2001 kukuk@suse.de -- pam_unix2: Create temp files with permission 0600 -* Tue Feb 06 2001 ro@suse.de -- pam_issue.c: include time.h to make it compile -* Fri Jan 05 2001 kukuk@suse.de -- Don't print error message about failed initialization from - pam_limits with kernel 2.2 [Bug #5198] -* Thu Jan 04 2001 kukuk@suse.de -- Adjust docu for pam_limits -* Sun Dec 17 2000 kukuk@suse.de -- Adjust docu for pam_pwcheck -* Thu Dec 07 2000 kukuk@suse.de -- Add fix for pam_limits from 0.73 -* Thu Oct 26 2000 kukuk@suse.de -- Add db-devel to need for build -* Fri Oct 20 2000 kukuk@suse.de -- Don't link PAM modules against old libpam library -* Wed Oct 18 2000 kukuk@suse.de -- Create new "devel" subpackage -* Thu Oct 12 2000 kukuk@suse.de -- Add SuSEconfig.pam -* Tue Oct 03 2000 kukuk@suse.de -- Fix problems with new gcc and glibc 2.2 header files -* Wed Sep 13 2000 kukuk@suse.de -- Fix problem with passwords longer then PASS_MAX_LEN -* Wed Sep 06 2000 kukuk@suse.de -- Add missing PAM modules to filelist -- Fix seg.fault in pam_pwcheck [BUG #3894] -- Clean spec file -* Fri Jun 23 2000 kukuk@suse.de -- Lot of bug fixes in pam_unix2 and pam_pwcheck -- compress postscript docu -* Mon May 15 2000 kukuk@suse.de -- Move docu to /usr/share/doc/pam -- Fix some bugs in pam_unix2 and pam_pwcheck -* Tue Apr 25 2000 kukuk@suse.de -- Add pam_homecheck Module -* Tue Apr 25 2000 kukuk@suse.de -- Add devfs devices to /etc/securetty -* Wed Mar 01 2000 kukuk@suse.de -- Fix handling of changing passwords to empty one -* Tue Feb 22 2000 kukuk@suse.de -- Set correct attr for unix_chkpwd and pwdb_chkpwd -* Tue Feb 15 2000 kukuk@suse.de -- Update pam_pwcheck -- Update pam_unix2 -* Mon Feb 07 2000 kukuk@suse.de -- pwdb: Update to 0.61 -* Thu Jan 27 2000 kukuk@suse.de -- Add config files and README for md5 passwords -- Update pam_pwcheck -- Update pam_unix2 -* Thu Jan 13 2000 kukuk@suse.de -- Update pam_unix2 -- New: pam_pwcheck -- Update to Linux-PAM 0.72 -* Wed Oct 13 1999 kukuk@suse.de -- pam_pwdb: Add security fixes from RedHat -* Mon Oct 11 1999 kukuk@suse.de -- Update to Linux-PAM 0.70 -- Update to pwdb-0.60 -- Fix more pam_unix2 shadow bugs -* Fri Oct 08 1999 kukuk@suse.de -- Add more PAM fixes -- Implement Password changing request (sp_lstchg == 0) -* Mon Sep 13 1999 bs@suse.de -- ran old prepare_spec on spec file to switch to new prepare_spec. -* Sat Sep 11 1999 kukuk@suse.de -- Add pam_wheel to file list -- pam_wheel: Minor fixes -- pam_unix2: root is allowed to change passwords with wrong - password aging information -* Mon Aug 30 1999 kukuk@suse.de -- pam_unix2: Fix typo -* Thu Aug 19 1999 kukuk@suse.de -- Linux-PAM: Update to version 0.69 -* Fri Jul 16 1999 kukuk@suse.de -- pam_unix2: Root is allowed to use the old password again. -* Tue Jul 13 1999 kukuk@suse.de -- pam_unix2: Allow root to set an empty password. -* Sat Jul 10 1999 kukuk@suse.de -- Add HP-UX password aging to pam_unix2. -* Wed Jul 07 1999 kukuk@suse.de -- Don't install .cvsignore files -- Make sure, /etc/shadow has the correct rights -* Tue Jul 06 1999 kukuk@suse.de -- Update to Linux-PAM 0.68 -* Wed Jun 30 1999 kukuk@suse.de -- pam_unix2: more bug fixes -* Tue Jun 29 1999 kukuk@suse.de -- pam_unix2: Fix "inactive" password -* Mon Jun 28 1999 kukuk@suse.de -- pam_warn: Add missing functions -- other.pamd: Update -- Add more doku -* Thu Jun 24 1999 kukuk@suse.de -- Add securetty config file -- Fix Debian pam_env patch -* Mon Jun 21 1999 kukuk@suse.de -- Update to Linux-PAM 0.67 -- Add Debian pam_env patch -* Thu Jun 17 1999 kukuk@suse.de -- pam_ftp malloc (core dump) fix -* Tue Jun 15 1999 kukuk@suse.de -- pam_unix2 fixes -* Mon Jun 07 1999 kukuk@suse.de -- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 -- 2.51.1 From b6040d5db8b8ecb0ca21237eb2927a999f11c23d9b871bf16e69d4d1def7643b Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 3 Jul 2009 14:56:58 +0000 Subject: [PATCH 031/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=31 --- Linux-PAM-1.1.0-CVS.diff | 185 +++++++++++++++++++++++++++++++++++++++ pam.changes | 5 ++ pam.spec | 10 ++- 3 files changed, 199 insertions(+), 1 deletion(-) create mode 100644 Linux-PAM-1.1.0-CVS.diff diff --git a/Linux-PAM-1.1.0-CVS.diff b/Linux-PAM-1.1.0-CVS.diff new file mode 100644 index 0000000..43ed339 --- /dev/null +++ b/Linux-PAM-1.1.0-CVS.diff @@ -0,0 +1,185 @@ +? make.log +Index: ChangeLog +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/ChangeLog,v +retrieving revision 1.464 +retrieving revision 1.467 +diff -u -r1.464 -r1.467 +--- ChangeLog 19 Jun 2009 14:45:29 -0000 1.464 ++++ ChangeLog 26 Jun 2009 12:23:28 -0000 1.467 +@@ -1,3 +1,16 @@ ++2009-06-26 Thorsten Kukuk ++ ++ * modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux ++ code. ++ ++ * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Fix ++ usage of wrong variable [bug#2809661]. ++ ++2009-06-25 Thorsten Kukuk ++ ++ * configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r ++ * modules/pam_unix/passverify.c: Likewise. ++ + 2009-06-19 Thorsten Kukuk + + * release version 1.1.0 +Index: configure.in +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/configure.in,v +retrieving revision 1.135 +retrieving revision 1.136 +diff -u -r1.135 -r1.136 +--- configure.in 19 Jun 2009 14:45:30 -0000 1.135 ++++ configure.in 26 Jun 2009 09:55:25 -0000 1.136 +@@ -363,8 +363,8 @@ + AC_CHECK_HEADERS(xcrypt.h crypt.h) + BACKUP_LIBS=$LIBS + AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="") +-AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn) +-LIBS=$BACKUP_LIBS ++AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) ++Libs=$BACKUP_LIBS + AC_SUBST(LIBCRYPT) + if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then + AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) +Index: modules/pam_lastlog/pam_lastlog.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_lastlog/pam_lastlog.c,v +retrieving revision 1.24 +retrieving revision 1.25 +diff -u -r1.24 -r1.25 +--- modules/pam_lastlog/pam_lastlog.c 30 Sep 2008 14:40:39 -0000 1.24 ++++ modules/pam_lastlog/pam_lastlog.c 26 Jun 2009 12:07:11 -0000 1.25 +@@ -454,7 +454,7 @@ + goto cleanup; + } + } +- ++ + if (line != NULL || date != NULL || host != NULL) { + /* TRANSLATORS: "Last failed login: from on " */ + pam_info(pamh, _("Last failed login:%s%s%s"), +@@ -471,7 +471,7 @@ + failed), + failed); + #else +- if (daysleft == 1) ++ if (failed == 1) + retval = asprintf(&line, + _("There was %d failed login attempt since the last successful login."), + failed); +Index: modules/pam_unix/pam_unix_passwd.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c,v +retrieving revision 1.55 +retrieving revision 1.56 +diff -u -r1.55 -r1.56 +--- modules/pam_unix/pam_unix_passwd.c 11 May 2009 14:52:31 -0000 1.55 ++++ modules/pam_unix/pam_unix_passwd.c 26 Jun 2009 12:23:28 -0000 1.56 +@@ -1,7 +1,7 @@ + /* + * Main coding by Elliot Lee , Red Hat Software. + * Copyright (C) 1996. +- * Copyright (c) Jan Rkorajski, 1999. ++ * Copyright (c) Jan Rêkorajski, 1999. + * Copyright (c) Red Hat, Inc., 2007, 2008. + * + * Redistribution and use in source and binary forms, with or without +@@ -61,11 +61,6 @@ + #include + #include + #include +-#ifdef WITH_SELINUX +-static int selinux_enabled=-1; +-#include +-#define SELINUX_ENABLED (selinux_enabled!=-1 ? selinux_enabled : (selinux_enabled=is_selinux_enabled()>0)) +-#endif + + #include + +@@ -196,7 +191,7 @@ + + snprintf(buffer, sizeof(buffer), "%d", remember); + args[4] = x_strdup(buffer); +- ++ + execve(UPDATE_HELPER, args, envp); + + /* should not get here: exit with error */ +@@ -698,7 +693,7 @@ + pass_new = NULL; + } + retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); +- ++ + if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) { + pam_set_item(pamh, PAM_AUTHTOK, NULL); + } +Index: modules/pam_unix/passverify.c +=================================================================== +RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/passverify.c,v +retrieving revision 1.12 +retrieving revision 1.13 +diff -u -r1.12 -r1.13 +--- modules/pam_unix/passverify.c 25 Mar 2009 10:54:23 -0000 1.12 ++++ modules/pam_unix/passverify.c 26 Jun 2009 09:55:25 -0000 1.13 +@@ -274,7 +274,7 @@ + } + if ((curdays - spent->sp_lstchg < spent->sp_min) + && (spent->sp_min != -1)) { +- /* ++ /* + * The last password change was too recent. This error will be ignored + * if no password change is attempted. + */ +@@ -403,11 +403,11 @@ + return crypted; + } + +-#ifdef HAVE_CRYPT_GENSALT_RN ++#ifdef HAVE_CRYPT_GENSALT_R + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + char entropy[17]; + crypt_make_salt(entropy, sizeof(entropy) - 1); +- sp = crypt_gensalt_rn(algoid, rounds, ++ sp = crypt_gensalt_r (algoid, rounds, + entropy, sizeof(entropy), + salt, sizeof(salt)); + } else { +@@ -420,7 +420,7 @@ + /* For now be conservative so the resulting hashes + * are not too long. 8 bytes of salt prevents dictionary + * attacks well enough. */ +-#ifdef HAVE_CRYPT_GENSALT_RN ++#ifdef HAVE_CRYPT_GENSALT_R + } + #endif + sp = crypt(password, salt); +@@ -684,7 +684,7 @@ + D(("fflush or fsync error writing entries to old passwords file: %m")); + err = 1; + } +- ++ + if (fclose(pwfile)) { + D(("fclose error writing entries to old passwords file: %m")); + err = 1; +@@ -804,7 +804,7 @@ + D(("fflush or fsync error writing entries to password file: %m")); + err = 1; + } +- ++ + if (fclose(pwfile)) { + D(("fclose error writing entries to password file: %m")); + err = 1; +@@ -930,7 +930,7 @@ + D(("fflush or fsync error writing entries to shadow file: %m")); + err = 1; + } +- ++ + if (fclose(pwfile)) { + D(("fclose error writing entries to shadow file: %m")); + err = 1; diff --git a/pam.changes b/pam.changes index 1db3034..eb233f8 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + ------------------------------------------------------------------- Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 11420a5..d381ac1 100644 --- a/pam.spec +++ b/pam.spec @@ -44,7 +44,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.0 -Release: 1 +Release: 2 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -56,6 +56,7 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Patch: pam_tally-deprecated.diff +Patch1: Linux-PAM-1.1.0-CVS.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -104,8 +105,15 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch -p0 +%patch1 -p0 %build +aclocal -I m4 --install --force +autoheader +libtoolize --force --automake --copy +automake --add-missing --copy +autoreconf +chmod 755 configure CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ ./configure \ --infodir=%{_infodir} \ -- 2.51.1 From 8d0977bae6a1260b0e3ff7c7f80f8ba8e5d4d417dc639dc397ae29d1b59df0e2 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 18 Dec 2009 11:34:28 +0000 Subject: [PATCH 032/226] Accepting request 26914 from Linux-PAM Copy from Linux-PAM/pam based on submit request 26914 from user kukuk OBS-URL: https://build.opensuse.org/request/show/26914 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=33 --- Linux-PAM-1.1.0-CVS.diff | 185 ----------------------------------- Linux-PAM-1.1.0-docs.tar.bz2 | 3 - Linux-PAM-1.1.0.tar.bz2 | 3 - Linux-PAM-1.1.1-docs.tar.bz2 | 3 + Linux-PAM-1.1.1.tar.bz2 | 3 + pam.changes | 15 +++ pam.spec | 28 +++--- 7 files changed, 32 insertions(+), 208 deletions(-) delete mode 100644 Linux-PAM-1.1.0-CVS.diff delete mode 100644 Linux-PAM-1.1.0-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.0.tar.bz2 create mode 100644 Linux-PAM-1.1.1-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.1.tar.bz2 diff --git a/Linux-PAM-1.1.0-CVS.diff b/Linux-PAM-1.1.0-CVS.diff deleted file mode 100644 index 43ed339..0000000 --- a/Linux-PAM-1.1.0-CVS.diff +++ /dev/null @@ -1,185 +0,0 @@ -? make.log -Index: ChangeLog -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/ChangeLog,v -retrieving revision 1.464 -retrieving revision 1.467 -diff -u -r1.464 -r1.467 ---- ChangeLog 19 Jun 2009 14:45:29 -0000 1.464 -+++ ChangeLog 26 Jun 2009 12:23:28 -0000 1.467 -@@ -1,3 +1,16 @@ -+2009-06-26 Thorsten Kukuk -+ -+ * modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux -+ code. -+ -+ * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Fix -+ usage of wrong variable [bug#2809661]. -+ -+2009-06-25 Thorsten Kukuk -+ -+ * configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r -+ * modules/pam_unix/passverify.c: Likewise. -+ - 2009-06-19 Thorsten Kukuk - - * release version 1.1.0 -Index: configure.in -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/configure.in,v -retrieving revision 1.135 -retrieving revision 1.136 -diff -u -r1.135 -r1.136 ---- configure.in 19 Jun 2009 14:45:30 -0000 1.135 -+++ configure.in 26 Jun 2009 09:55:25 -0000 1.136 -@@ -363,8 +363,8 @@ - AC_CHECK_HEADERS(xcrypt.h crypt.h) - BACKUP_LIBS=$LIBS - AC_SEARCH_LIBS([crypt],[xcrypt crypt], LIBCRYPT="-l$ac_lib", LIBCRYPT="") --AC_CHECK_FUNCS(crypt_r crypt_gensalt_rn) --LIBS=$BACKUP_LIBS -+AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) -+Libs=$BACKUP_LIBS - AC_SUBST(LIBCRYPT) - if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then - AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) -Index: modules/pam_lastlog/pam_lastlog.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_lastlog/pam_lastlog.c,v -retrieving revision 1.24 -retrieving revision 1.25 -diff -u -r1.24 -r1.25 ---- modules/pam_lastlog/pam_lastlog.c 30 Sep 2008 14:40:39 -0000 1.24 -+++ modules/pam_lastlog/pam_lastlog.c 26 Jun 2009 12:07:11 -0000 1.25 -@@ -454,7 +454,7 @@ - goto cleanup; - } - } -- -+ - if (line != NULL || date != NULL || host != NULL) { - /* TRANSLATORS: "Last failed login: from on " */ - pam_info(pamh, _("Last failed login:%s%s%s"), -@@ -471,7 +471,7 @@ - failed), - failed); - #else -- if (daysleft == 1) -+ if (failed == 1) - retval = asprintf(&line, - _("There was %d failed login attempt since the last successful login."), - failed); -Index: modules/pam_unix/pam_unix_passwd.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/pam_unix_passwd.c,v -retrieving revision 1.55 -retrieving revision 1.56 -diff -u -r1.55 -r1.56 ---- modules/pam_unix/pam_unix_passwd.c 11 May 2009 14:52:31 -0000 1.55 -+++ modules/pam_unix/pam_unix_passwd.c 26 Jun 2009 12:23:28 -0000 1.56 -@@ -1,7 +1,7 @@ - /* - * Main coding by Elliot Lee , Red Hat Software. - * Copyright (C) 1996. -- * Copyright (c) Jan Rkorajski, 1999. -+ * Copyright (c) Jan Rêkorajski, 1999. - * Copyright (c) Red Hat, Inc., 2007, 2008. - * - * Redistribution and use in source and binary forms, with or without -@@ -61,11 +61,6 @@ - #include - #include - #include --#ifdef WITH_SELINUX --static int selinux_enabled=-1; --#include --#define SELINUX_ENABLED (selinux_enabled!=-1 ? selinux_enabled : (selinux_enabled=is_selinux_enabled()>0)) --#endif - - #include - -@@ -196,7 +191,7 @@ - - snprintf(buffer, sizeof(buffer), "%d", remember); - args[4] = x_strdup(buffer); -- -+ - execve(UPDATE_HELPER, args, envp); - - /* should not get here: exit with error */ -@@ -698,7 +693,7 @@ - pass_new = NULL; - } - retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); -- -+ - if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) { - pam_set_item(pamh, PAM_AUTHTOK, NULL); - } -Index: modules/pam_unix/passverify.c -=================================================================== -RCS file: /cvsroot/pam/Linux-PAM/modules/pam_unix/passverify.c,v -retrieving revision 1.12 -retrieving revision 1.13 -diff -u -r1.12 -r1.13 ---- modules/pam_unix/passverify.c 25 Mar 2009 10:54:23 -0000 1.12 -+++ modules/pam_unix/passverify.c 26 Jun 2009 09:55:25 -0000 1.13 -@@ -274,7 +274,7 @@ - } - if ((curdays - spent->sp_lstchg < spent->sp_min) - && (spent->sp_min != -1)) { -- /* -+ /* - * The last password change was too recent. This error will be ignored - * if no password change is attempted. - */ -@@ -403,11 +403,11 @@ - return crypted; - } - --#ifdef HAVE_CRYPT_GENSALT_RN -+#ifdef HAVE_CRYPT_GENSALT_R - if (on(UNIX_BLOWFISH_PASS, ctrl)) { - char entropy[17]; - crypt_make_salt(entropy, sizeof(entropy) - 1); -- sp = crypt_gensalt_rn(algoid, rounds, -+ sp = crypt_gensalt_r (algoid, rounds, - entropy, sizeof(entropy), - salt, sizeof(salt)); - } else { -@@ -420,7 +420,7 @@ - /* For now be conservative so the resulting hashes - * are not too long. 8 bytes of salt prevents dictionary - * attacks well enough. */ --#ifdef HAVE_CRYPT_GENSALT_RN -+#ifdef HAVE_CRYPT_GENSALT_R - } - #endif - sp = crypt(password, salt); -@@ -684,7 +684,7 @@ - D(("fflush or fsync error writing entries to old passwords file: %m")); - err = 1; - } -- -+ - if (fclose(pwfile)) { - D(("fclose error writing entries to old passwords file: %m")); - err = 1; -@@ -804,7 +804,7 @@ - D(("fflush or fsync error writing entries to password file: %m")); - err = 1; - } -- -+ - if (fclose(pwfile)) { - D(("fclose error writing entries to password file: %m")); - err = 1; -@@ -930,7 +930,7 @@ - D(("fflush or fsync error writing entries to shadow file: %m")); - err = 1; - } -- -+ - if (fclose(pwfile)) { - D(("fclose error writing entries to shadow file: %m")); - err = 1; diff --git a/Linux-PAM-1.1.0-docs.tar.bz2 b/Linux-PAM-1.1.0-docs.tar.bz2 deleted file mode 100644 index b7a6964..0000000 --- a/Linux-PAM-1.1.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7d8e4455cf44937ccc0c7fb370d469c9bef33c68979b23f706fb37727bf8812b -size 494697 diff --git a/Linux-PAM-1.1.0.tar.bz2 b/Linux-PAM-1.1.0.tar.bz2 deleted file mode 100644 index ca928f1..0000000 --- a/Linux-PAM-1.1.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eafd3e4367224b5b0c1212ca7096175f707c554d7daf32f85b4662ce4c2bd322 -size 1106368 diff --git a/Linux-PAM-1.1.1-docs.tar.bz2 b/Linux-PAM-1.1.1-docs.tar.bz2 new file mode 100644 index 0000000..1048de8 --- /dev/null +++ b/Linux-PAM-1.1.1-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:89950180aba6e5e05671c43d970d9738fd2b71b1421a2cf4d504f5c529586ac6 +size 495534 diff --git a/Linux-PAM-1.1.1.tar.bz2 b/Linux-PAM-1.1.1.tar.bz2 new file mode 100644 index 0000000..8ffcd7b --- /dev/null +++ b/Linux-PAM-1.1.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cc0168c1dbfc474e765c2034eb1022c965ef615a1d293145d41775b0aeccf65d +size 1120046 diff --git a/pam.changes b/pam.changes index eb233f8..a9ad02d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + ------------------------------------------------------------------- Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index d381ac1..5d77364 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.1.0) +# spec file for package pam (Version 1.1.1) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -32,10 +32,10 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.82.1 +%define libpam_so_version 0.82.2 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 -License: BSD 3-clause (or similar) ; GPL v2 or later +License: BSD3c ; GPLv2+ Group: System/Libraries AutoReqProv: on # bug437293 @@ -43,8 +43,8 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.1.0 -Release: 2 +Version: 1.1.1 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -55,8 +55,8 @@ Source5: common-account.pamd Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment +Source9: baselibs.conf Patch: pam_tally-deprecated.diff -Patch1: Linux-PAM-1.1.0-CVS.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -67,9 +67,10 @@ having to recompile programs that do authentication. %package doc -License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later +License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML +BuildArch: noarch %description doc PAM (Pluggable Authentication Modules) is a system security tool that @@ -81,7 +82,7 @@ This package contains the documentation. %package devel -License: Beerware, Cardware, Shareware (not restricted) ; BSD 3-clause (or similar) ; GPL v2 or later +License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: pam = %{version} glibc-devel @@ -105,15 +106,8 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch -p0 -%patch1 -p0 %build -aclocal -I m4 --install --force -autoheader -libtoolize --force --automake --copy -automake --add-missing --copy -autoreconf -chmod 755 configure CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ ./configure \ --infodir=%{_infodir} \ @@ -124,10 +118,10 @@ CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security -make +make %{?jobs:-j%jobs}; %check -make check +make %{?jobs:-j%jobs} check %install mkdir -p $RPM_BUILD_ROOT/etc/pam.d -- 2.51.1 From cefc2a2846e88fe6c65e3a99dc4685a650fd6f9802fd0be3814c3d4bd3e16723 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 12 Mar 2010 16:36:09 +0000 Subject: [PATCH 033/226] Accepting request 34610 from Linux-PAM Copy from Linux-PAM/pam based on submit request 34610 from user kukuk OBS-URL: https://build.opensuse.org/request/show/34610 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=34 --- pam.changes | 5 +++++ pam.spec | 11 +++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/pam.changes b/pam.changes index a9ad02d..658b7ee 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + ------------------------------------------------------------------- Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 5d77364..3c14b48 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam (Version 1.1.1) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -44,7 +44,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.1 -Release: 1 +Release: 2 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -174,7 +174,7 @@ mkdir -p $DOC/modules # # Install misc docu and md5.config # -install -m 644 CHANGELOG Copyright README $DOC +install -m 644 NEWS COPYING $DOC # Not for CODE10 and older %if %{suse_version} <= 1010 rm $DOC/modules/README.pam_keyinit @@ -215,9 +215,8 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_sysconfdir}/security/namespace.init %endif -%doc %{_defaultdocdir}/pam/CHANGELOG -%doc %{_defaultdocdir}/pam/Copyright -%doc %{_defaultdocdir}/pam/README +%doc %{_defaultdocdir}/pam/NEWS +%doc %{_defaultdocdir}/pam/COPYING %doc %{_mandir}/man5/*.conf.5* %doc %{_mandir}/man5/pam.d.5* %doc %{_mandir}/man8/* -- 2.51.1 From de541926e2cd04efb553d442a4f7c14b998f633f1b40b3dd439cd473a60e6f4e Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 18 Mar 2010 15:14:32 +0000 Subject: [PATCH 034/226] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=35 --- ready | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 ready diff --git a/ready b/ready deleted file mode 100644 index 473a0f4..0000000 -- 2.51.1 From b9748d9c659c6f15f3831c12938e270375e6ad5d8c103a48590e48caca5da53f Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Wed, 12 May 2010 14:12:43 +0000 Subject: [PATCH 035/226] Accepting request 39727 from Linux-PAM Copy from Linux-PAM/pam based on submit request 39727 from user kukuk OBS-URL: https://build.opensuse.org/request/show/39727 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=36 --- Linux-PAM-1.1.1-docs.tar.bz2 | 3 --- Linux-PAM-1.1.1.90-docs.tar.bz2 | 3 +++ Linux-PAM-1.1.1.90.tar.bz2 | 3 +++ Linux-PAM-1.1.1.tar.bz2 | 3 --- pam.changes | 6 ++++++ pam.spec | 27 ++++----------------------- 6 files changed, 16 insertions(+), 29 deletions(-) delete mode 100644 Linux-PAM-1.1.1-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.1.90-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.1.90.tar.bz2 delete mode 100644 Linux-PAM-1.1.1.tar.bz2 diff --git a/Linux-PAM-1.1.1-docs.tar.bz2 b/Linux-PAM-1.1.1-docs.tar.bz2 deleted file mode 100644 index 1048de8..0000000 --- a/Linux-PAM-1.1.1-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:89950180aba6e5e05671c43d970d9738fd2b71b1421a2cf4d504f5c529586ac6 -size 495534 diff --git a/Linux-PAM-1.1.1.90-docs.tar.bz2 b/Linux-PAM-1.1.1.90-docs.tar.bz2 new file mode 100644 index 0000000..7447043 --- /dev/null +++ b/Linux-PAM-1.1.1.90-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:103c6a77ba26229a72ffb5b7eadce5c483d4076c6c868b329fc875eb2c395fd8 +size 498133 diff --git a/Linux-PAM-1.1.1.90.tar.bz2 b/Linux-PAM-1.1.1.90.tar.bz2 new file mode 100644 index 0000000..84f6bab --- /dev/null +++ b/Linux-PAM-1.1.1.90.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2341ee08fed5cc549ef662c19a4398028ebe830092852072920160906aff4300 +size 1112185 diff --git a/Linux-PAM-1.1.1.tar.bz2 b/Linux-PAM-1.1.1.tar.bz2 deleted file mode 100644 index 8ffcd7b..0000000 --- a/Linux-PAM-1.1.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cc0168c1dbfc474e765c2034eb1022c965ef615a1d293145d41775b0aeccf65d -size 1120046 diff --git a/pam.changes b/pam.changes index 658b7ee..b6a9174 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + ------------------------------------------------------------------- Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 3c14b48..f973b6c 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.1.1) +# spec file for package pam (Version 1.1.1.90) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,25 +17,19 @@ # norootforbuild -%if %{suse_version} < 1110 -%define enable_selinux 0 -%else %define enable_selinux 1 -%endif Name: pam Url: http://www.kernel.org/pub/linux/libs/pam/ BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel -%if %{suse_version} > 1000 BuildRequires: audit-devel -%endif %if %{enable_selinux} BuildRequires: libselinux-devel %endif %define libpam_so_version 0.82.2 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 -License: BSD3c ; GPLv2+ +License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ Group: System/Libraries AutoReqProv: on # bug437293 @@ -43,8 +37,8 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.1.1 -Release: 2 +Version: 1.1.1.90 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -175,13 +169,6 @@ mkdir -p $DOC/modules # Install misc docu and md5.config # install -m 644 NEWS COPYING $DOC -# Not for CODE10 and older -%if %{suse_version} <= 1010 -rm $DOC/modules/README.pam_keyinit -rm $DOC/modules/README.pam_namespace -rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_keyinit* -rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_keyinit.so -%endif # Create filelist with translatins %{find_lang} Linux-PAM @@ -211,10 +198,8 @@ rm -rf $RPM_BUILD_ROOT %config(noreplace) %{_sysconfdir}/security/sepermit.conf %endif %config(noreplace) %{_sysconfdir}/security/time.conf -%if %{suse_version} > 1010 %config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_sysconfdir}/security/namespace.init -%endif %doc %{_defaultdocdir}/pam/NEWS %doc %{_defaultdocdir}/pam/COPYING %doc %{_mandir}/man5/*.conf.5* @@ -241,9 +226,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_ftp.so /%{_lib}/security/pam_group.so /%{_lib}/security/pam_issue.so -%if %{suse_version} > 1010 /%{_lib}/security/pam_keyinit.so -%endif /%{_lib}/security/pam_lastlog.so /%{_lib}/security/pam_limits.so /%{_lib}/security/pam_listfile.so @@ -252,9 +235,7 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/security/pam_mail.so /%{_lib}/security/pam_mkhomedir.so /%{_lib}/security/pam_motd.so -%if %{suse_version} > 1010 /%{_lib}/security/pam_namespace.so -%endif /%{_lib}/security/pam_nologin.so /%{_lib}/security/pam_permit.so /%{_lib}/security/pam_pwhistory.so -- 2.51.1 From 1d0b3c49902fa5abbef6a95ae750351db21b5240e8f83c3d8f917de8c7a474ca Mon Sep 17 00:00:00 2001 From: Stephan Kulow Date: Mon, 28 Jun 2010 21:33:32 +0000 Subject: [PATCH 036/226] Accepting request 42153 from home:jengelh:smp Copy from home:jengelh:smp/pam via accept of submit request 42153 revision 2. Request was accepted with message: Reviewed ok OBS-URL: https://build.opensuse.org/request/show/42153 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=70 --- pam.changes | 5 +++++ pam.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pam.changes b/pam.changes index b6a9174..85abd87 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + ------------------------------------------------------------------- Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index f973b6c..94b27d4 100644 --- a/pam.spec +++ b/pam.spec @@ -112,10 +112,10 @@ CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security -make %{?jobs:-j%jobs}; +make %{?_smp_mflags}; %check -make %{?jobs:-j%jobs} check +make %{?_smp_mflags} check %install mkdir -p $RPM_BUILD_ROOT/etc/pam.d -- 2.51.1 From 564d8fe15454203e784cca19c09cc1eb5686974ecb524e746d3c4a769909dc24 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 31 Aug 2010 11:38:59 +0000 Subject: [PATCH 037/226] - Update to Linux-PAM 1.1.2 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=71 --- Linux-PAM-1.1.1.90-docs.tar.bz2 | 3 --- Linux-PAM-1.1.1.90.tar.bz2 | 3 --- Linux-PAM-1.1.2-docs.tar.bz2 | 3 +++ Linux-PAM-1.1.2.tar.bz2 | 3 +++ pam.changes | 5 +++++ pam.spec | 6 +++--- pam_tally-deprecated.diff | 17 ----------------- 7 files changed, 14 insertions(+), 26 deletions(-) delete mode 100644 Linux-PAM-1.1.1.90-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.1.90.tar.bz2 create mode 100644 Linux-PAM-1.1.2-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.2.tar.bz2 diff --git a/Linux-PAM-1.1.1.90-docs.tar.bz2 b/Linux-PAM-1.1.1.90-docs.tar.bz2 deleted file mode 100644 index 7447043..0000000 --- a/Linux-PAM-1.1.1.90-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:103c6a77ba26229a72ffb5b7eadce5c483d4076c6c868b329fc875eb2c395fd8 -size 498133 diff --git a/Linux-PAM-1.1.1.90.tar.bz2 b/Linux-PAM-1.1.1.90.tar.bz2 deleted file mode 100644 index 84f6bab..0000000 --- a/Linux-PAM-1.1.1.90.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2341ee08fed5cc549ef662c19a4398028ebe830092852072920160906aff4300 -size 1112185 diff --git a/Linux-PAM-1.1.2-docs.tar.bz2 b/Linux-PAM-1.1.2-docs.tar.bz2 new file mode 100644 index 0000000..ac08269 --- /dev/null +++ b/Linux-PAM-1.1.2-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7d336f696c4338dac7630fbb36c818c0dcfb59e180cf42361069a8bf6d422958 +size 495644 diff --git a/Linux-PAM-1.1.2.tar.bz2 b/Linux-PAM-1.1.2.tar.bz2 new file mode 100644 index 0000000..57628f3 --- /dev/null +++ b/Linux-PAM-1.1.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2779f7dc145772669f8a1d1a184ab793e7e462cdfc11cf17428526588fa752b3 +size 1114495 diff --git a/pam.changes b/pam.changes index 85abd87..3ad2199 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + ------------------------------------------------------------------- Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de diff --git a/pam.spec b/pam.spec index 94b27d4..c70ba01 100644 --- a/pam.spec +++ b/pam.spec @@ -26,7 +26,7 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.82.2 +%define libpam_so_version 0.82.3 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ @@ -37,7 +37,7 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.1.1.90 +Version: 1.1.2 Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 @@ -64,7 +64,7 @@ having to recompile programs that do authentication. License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML -BuildArch: noarch +###BuildArch: noarch %description doc PAM (Pluggable Authentication Modules) is a system security tool that diff --git a/pam_tally-deprecated.diff b/pam_tally-deprecated.diff index 4bd4a14..dc22524 100644 --- a/pam_tally-deprecated.diff +++ b/pam_tally-deprecated.diff @@ -1,20 +1,3 @@ ---- modules/pam_tally/pam_tally.8.xml -+++ modules/pam_tally/pam_tally.8.xml 2009/03/27 10:49:17 -@@ -81,7 +81,13 @@ - - - This module maintains a count of attempted accesses, can -- reset count on success, can deny access if too many attempts fail. -+ reset count on success, can deny access if too many attempts -+ fail. -+ -+ -+ pam_tally has several limitations, which are solved with -+ pam_tally2. For this reason pam_tally is deprecated and -+ will be removed in a future release. - - - pam_tally comes in two parts: --- modules/pam_tally/pam_tally.c +++ modules/pam_tally/pam_tally.c 2009/03/27 10:52:56 @@ -630,6 +630,8 @@ -- 2.51.1 From 34b12e7e5568f4982f4cf68c30afc4c21dce465430515eb2e8c0ca63171eb7a1 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 3 Sep 2010 10:51:23 +0000 Subject: [PATCH 038/226] Accepting request 46812 from Linux-PAM checked in (request 46812) OBS-URL: https://build.opensuse.org/request/show/46812 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=72 --- Linux-PAM-1.1.1.90-docs.tar.bz2 | 3 +++ Linux-PAM-1.1.1.90.tar.bz2 | 3 +++ Linux-PAM-1.1.2-docs.tar.bz2 | 3 --- Linux-PAM-1.1.2.tar.bz2 | 3 --- pam.changes | 10 ---------- pam.spec | 10 +++++----- pam_tally-deprecated.diff | 17 +++++++++++++++++ 7 files changed, 28 insertions(+), 21 deletions(-) create mode 100644 Linux-PAM-1.1.1.90-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.1.90.tar.bz2 delete mode 100644 Linux-PAM-1.1.2-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.2.tar.bz2 diff --git a/Linux-PAM-1.1.1.90-docs.tar.bz2 b/Linux-PAM-1.1.1.90-docs.tar.bz2 new file mode 100644 index 0000000..7447043 --- /dev/null +++ b/Linux-PAM-1.1.1.90-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:103c6a77ba26229a72ffb5b7eadce5c483d4076c6c868b329fc875eb2c395fd8 +size 498133 diff --git a/Linux-PAM-1.1.1.90.tar.bz2 b/Linux-PAM-1.1.1.90.tar.bz2 new file mode 100644 index 0000000..84f6bab --- /dev/null +++ b/Linux-PAM-1.1.1.90.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2341ee08fed5cc549ef662c19a4398028ebe830092852072920160906aff4300 +size 1112185 diff --git a/Linux-PAM-1.1.2-docs.tar.bz2 b/Linux-PAM-1.1.2-docs.tar.bz2 deleted file mode 100644 index ac08269..0000000 --- a/Linux-PAM-1.1.2-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7d336f696c4338dac7630fbb36c818c0dcfb59e180cf42361069a8bf6d422958 -size 495644 diff --git a/Linux-PAM-1.1.2.tar.bz2 b/Linux-PAM-1.1.2.tar.bz2 deleted file mode 100644 index 57628f3..0000000 --- a/Linux-PAM-1.1.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2779f7dc145772669f8a1d1a184ab793e7e462cdfc11cf17428526588fa752b3 -size 1114495 diff --git a/pam.changes b/pam.changes index 3ad2199..b6a9174 100644 --- a/pam.changes +++ b/pam.changes @@ -1,13 +1,3 @@ -------------------------------------------------------------------- -Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de - -- Update to Linux-PAM 1.1.2 - -------------------------------------------------------------------- -Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de - -- use %_smp_mflags - ------------------------------------------------------------------- Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index c70ba01..f973b6c 100644 --- a/pam.spec +++ b/pam.spec @@ -26,7 +26,7 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.82.3 +%define libpam_so_version 0.82.2 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ @@ -37,7 +37,7 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.1.2 +Version: 1.1.1.90 Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 @@ -64,7 +64,7 @@ having to recompile programs that do authentication. License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML -###BuildArch: noarch +BuildArch: noarch %description doc PAM (Pluggable Authentication Modules) is a system security tool that @@ -112,10 +112,10 @@ CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security -make %{?_smp_mflags}; +make %{?jobs:-j%jobs}; %check -make %{?_smp_mflags} check +make %{?jobs:-j%jobs} check %install mkdir -p $RPM_BUILD_ROOT/etc/pam.d diff --git a/pam_tally-deprecated.diff b/pam_tally-deprecated.diff index dc22524..4bd4a14 100644 --- a/pam_tally-deprecated.diff +++ b/pam_tally-deprecated.diff @@ -1,3 +1,20 @@ +--- modules/pam_tally/pam_tally.8.xml ++++ modules/pam_tally/pam_tally.8.xml 2009/03/27 10:49:17 +@@ -81,7 +81,13 @@ + + + This module maintains a count of attempted accesses, can +- reset count on success, can deny access if too many attempts fail. ++ reset count on success, can deny access if too many attempts ++ fail. ++ ++ ++ pam_tally has several limitations, which are solved with ++ pam_tally2. For this reason pam_tally is deprecated and ++ will be removed in a future release. + + + pam_tally comes in two parts: --- modules/pam_tally/pam_tally.c +++ modules/pam_tally/pam_tally.c 2009/03/27 10:52:56 @@ -630,6 +630,8 @@ -- 2.51.1 From a45a9d66b58f016e7d360fe8987472804d937db3e3c18aa20f4f6360460355d3 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Fri, 3 Sep 2010 10:51:24 +0000 Subject: [PATCH 039/226] Updating link to change in openSUSE:Factory/pam revision 39.0 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=69a0a3856f420ec01bcad32fbf106f28 --- Linux-PAM-1.1.1.90-docs.tar.bz2 | 3 --- Linux-PAM-1.1.1.90.tar.bz2 | 3 --- Linux-PAM-1.1.2-docs.tar.bz2 | 3 +++ Linux-PAM-1.1.2.tar.bz2 | 3 +++ pam.changes | 10 ++++++++++ pam.spec | 12 ++++++------ pam_tally-deprecated.diff | 17 ----------------- 7 files changed, 22 insertions(+), 29 deletions(-) delete mode 100644 Linux-PAM-1.1.1.90-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.1.90.tar.bz2 create mode 100644 Linux-PAM-1.1.2-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.2.tar.bz2 diff --git a/Linux-PAM-1.1.1.90-docs.tar.bz2 b/Linux-PAM-1.1.1.90-docs.tar.bz2 deleted file mode 100644 index 7447043..0000000 --- a/Linux-PAM-1.1.1.90-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:103c6a77ba26229a72ffb5b7eadce5c483d4076c6c868b329fc875eb2c395fd8 -size 498133 diff --git a/Linux-PAM-1.1.1.90.tar.bz2 b/Linux-PAM-1.1.1.90.tar.bz2 deleted file mode 100644 index 84f6bab..0000000 --- a/Linux-PAM-1.1.1.90.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2341ee08fed5cc549ef662c19a4398028ebe830092852072920160906aff4300 -size 1112185 diff --git a/Linux-PAM-1.1.2-docs.tar.bz2 b/Linux-PAM-1.1.2-docs.tar.bz2 new file mode 100644 index 0000000..ac08269 --- /dev/null +++ b/Linux-PAM-1.1.2-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7d336f696c4338dac7630fbb36c818c0dcfb59e180cf42361069a8bf6d422958 +size 495644 diff --git a/Linux-PAM-1.1.2.tar.bz2 b/Linux-PAM-1.1.2.tar.bz2 new file mode 100644 index 0000000..57628f3 --- /dev/null +++ b/Linux-PAM-1.1.2.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2779f7dc145772669f8a1d1a184ab793e7e462cdfc11cf17428526588fa752b3 +size 1114495 diff --git a/pam.changes b/pam.changes index b6a9174..3ad2199 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + ------------------------------------------------------------------- Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index f973b6c..5f34f34 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.1.1.90) +# spec file for package pam (Version 1.1.2) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -26,7 +26,7 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.82.2 +%define libpam_so_version 0.82.3 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ @@ -37,7 +37,7 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.1.1.90 +Version: 1.1.2 Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 @@ -64,7 +64,7 @@ having to recompile programs that do authentication. License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML -BuildArch: noarch +###BuildArch: noarch %description doc PAM (Pluggable Authentication Modules) is a system security tool that @@ -112,10 +112,10 @@ CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security -make %{?jobs:-j%jobs}; +make %{?_smp_mflags}; %check -make %{?jobs:-j%jobs} check +make %{?_smp_mflags} check %install mkdir -p $RPM_BUILD_ROOT/etc/pam.d diff --git a/pam_tally-deprecated.diff b/pam_tally-deprecated.diff index 4bd4a14..dc22524 100644 --- a/pam_tally-deprecated.diff +++ b/pam_tally-deprecated.diff @@ -1,20 +1,3 @@ ---- modules/pam_tally/pam_tally.8.xml -+++ modules/pam_tally/pam_tally.8.xml 2009/03/27 10:49:17 -@@ -81,7 +81,13 @@ - - - This module maintains a count of attempted accesses, can -- reset count on success, can deny access if too many attempts fail. -+ reset count on success, can deny access if too many attempts -+ fail. -+ -+ -+ pam_tally has several limitations, which are solved with -+ pam_tally2. For this reason pam_tally is deprecated and -+ will be removed in a future release. - - - pam_tally comes in two parts: --- modules/pam_tally/pam_tally.c +++ modules/pam_tally/pam_tally.c 2009/03/27 10:52:56 @@ -630,6 +630,8 @@ -- 2.51.1 From 4dabda590d0d4a9e239bcce9c388825d2255a5f3742687b37409dcc643b59971 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 28 Oct 2010 14:27:30 +0000 Subject: [PATCH 040/226] - Update to Linux-PAM 1.1.3 - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 - pam_unix: Add minlen option, change default from 6 to 0 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=73 --- Linux-PAM-1.1.2-docs.tar.bz2 | 3 --- Linux-PAM-1.1.2.tar.bz2 | 3 --- Linux-PAM-1.1.3-docs.tar.bz2 | 3 +++ Linux-PAM-1.1.3.tar.bz2 | 3 +++ pam.changes | 7 +++++++ pam.spec | 4 ++-- 6 files changed, 15 insertions(+), 8 deletions(-) delete mode 100644 Linux-PAM-1.1.2-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.2.tar.bz2 create mode 100644 Linux-PAM-1.1.3-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.3.tar.bz2 diff --git a/Linux-PAM-1.1.2-docs.tar.bz2 b/Linux-PAM-1.1.2-docs.tar.bz2 deleted file mode 100644 index ac08269..0000000 --- a/Linux-PAM-1.1.2-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7d336f696c4338dac7630fbb36c818c0dcfb59e180cf42361069a8bf6d422958 -size 495644 diff --git a/Linux-PAM-1.1.2.tar.bz2 b/Linux-PAM-1.1.2.tar.bz2 deleted file mode 100644 index 57628f3..0000000 --- a/Linux-PAM-1.1.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2779f7dc145772669f8a1d1a184ab793e7e462cdfc11cf17428526588fa752b3 -size 1114495 diff --git a/Linux-PAM-1.1.3-docs.tar.bz2 b/Linux-PAM-1.1.3-docs.tar.bz2 new file mode 100644 index 0000000..02a0600 --- /dev/null +++ b/Linux-PAM-1.1.3-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4afc3c02f295ed1a3e09876da7eb8738ce48a3c8ea1bc0861e4999730489df12 +size 495577 diff --git a/Linux-PAM-1.1.3.tar.bz2 b/Linux-PAM-1.1.3.tar.bz2 new file mode 100644 index 0000000..223e3aa --- /dev/null +++ b/Linux-PAM-1.1.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ab4e684846e3a1cdacc516d0626df81568ae2eded557a03c958080293ac587b8 +size 1132897 diff --git a/pam.changes b/pam.changes index 3ad2199..7c25c8c 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + ------------------------------------------------------------------- Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 5f34f34..d2978e1 100644 --- a/pam.spec +++ b/pam.spec @@ -26,7 +26,7 @@ BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.82.3 +%define libpam_so_version 0.83.0 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ @@ -37,7 +37,7 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.1.2 +Version: 1.1.3 Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 -- 2.51.1 From 726aa970ebc02ffc46a30e0ed4c94f7f2d1fdee68763525aaa45f5359d6978ef Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 28 Oct 2010 15:02:45 +0000 Subject: [PATCH 041/226] Autobuild autoformatter for 51597 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=41 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index d2978e1..001f3a7 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.1.2) +# spec file for package pam (Version 1.1.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # -- 2.51.1 From 677002b327adc0f6260000a5ec94c941aa41f2150c633c3623dadf9a012b24cb Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 24 Feb 2011 12:18:28 +0000 Subject: [PATCH 042/226] Accepting request 62683 from home:vitezslav_cizek:branches:Linux-PAM reviewed ok. OBS-URL: https://build.opensuse.org/request/show/62683 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=75 --- pam.changes | 17 +++++++++++++++++ pam.spec | 9 ++++++--- pam_listfile-quiet.patch | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 pam_listfile-quiet.patch diff --git a/pam.changes b/pam.changes index 7c25c8c..6bdf36c 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- + +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + ------------------------------------------------------------------- Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index d2978e1..32fc774 100644 --- a/pam.spec +++ b/pam.spec @@ -1,5 +1,5 @@ # -# spec file for package pam (Version 1.1.2) +# spec file for package pam (Version 1.1.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -50,7 +50,9 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf -Patch: pam_tally-deprecated.diff +Patch0: pam_tally-deprecated.diff +# fix for bnc#673826 (pam_listfile logging) +Patch1: pam_listfile-quiet.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -99,7 +101,8 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 -%patch -p0 +%patch0 -p0 +%patch1 -p1 %build CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ diff --git a/pam_listfile-quiet.patch b/pam_listfile-quiet.patch new file mode 100644 index 0000000..edd1391 --- /dev/null +++ b/pam_listfile-quiet.patch @@ -0,0 +1,38 @@ +diff -u -r Linux-PAM-1.1.3.orig/modules/pam_listfile/pam_listfile.c Linux-PAM-1.1.3/modules/pam_listfile/pam_listfile.c +--- Linux-PAM-1.1.3.orig/modules/pam_listfile/pam_listfile.c 2009-12-08 15:41:41.000000000 +0100 ++++ Linux-PAM-1.1.3/modules/pam_listfile/pam_listfile.c 2011-02-23 13:27:04.356265509 +0100 +@@ -78,8 +78,14 @@ + { + const char *junk; + ++ /* option quiet has no value */ ++ if(!strcmp(argv[i],"quiet")) { ++ quiet = 1; ++ continue; ++ } ++ + memset(mybuf,'\0',sizeof(mybuf)); +- memset(myval,'\0',sizeof(mybuf)); ++ memset(myval,'\0',sizeof(myval)); + junk = strchr(argv[i], '='); + if((junk == NULL) || (junk - argv[i]) >= (int) sizeof(mybuf)) { + pam_syslog(pamh,LOG_ERR, "Bad option: \"%s\"", +@@ -142,8 +148,6 @@ + apply_type=APPLY_TYPE_USER; + strncpy(apply_val,myval,sizeof(apply_val)-1); + } +- } else if (!strcmp(mybuf,"quiet")) { +- quiet = 1; + } else { + free(ifname); + pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); +@@ -283,7 +287,8 @@ + ifname, citem, citemp, sense); + #endif + if(lstat(ifname,&fileinfo)) { +- pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); ++ if(!quiet) ++ pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); + free(ifname); + return onerr; + } -- 2.51.1 From d41b1e46ef6c1189ea5f5081eae5bf9ada8fd885ccd2bb978ac3993618c2df84 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 24 Feb 2011 14:19:29 +0000 Subject: [PATCH 043/226] Updating link to change in openSUSE:Factory/pam revision 44.0 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=21494b789d0a4ba545b75b00b8e5e549 --- pam.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pam.spec b/pam.spec index 32fc774..b22b282 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # -# spec file for package pam (Version 1.1.3) +# spec file for package pam # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,7 +38,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.3 -Release: 1 +Release: 6 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 -- 2.51.1 From 3776b041e2515dd8b07b6dde972fc6707a46b8bbd4c15c7fd8bf89b69432f0fb Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Thu, 24 Feb 2011 14:19:29 +0000 Subject: [PATCH 044/226] Autobuild autoformatter for 62693 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=44 --- pam.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pam.spec b/pam.spec index 32fc774..b22b282 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # -# spec file for package pam (Version 1.1.3) +# spec file for package pam # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,7 +38,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.3 -Release: 1 +Release: 6 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 -- 2.51.1 From 94094fc2a2ea13387ea6ecd97523193bac869316e6decc96a443ab376c32852d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 25 May 2011 14:09:26 +0000 Subject: [PATCH 045/226] Remove unneeded libxcrypt-devel from BuildRequire OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=77 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index b22b282..ecf276a 100644 --- a/pam.spec +++ b/pam.spec @@ -21,7 +21,7 @@ Name: pam Url: http://www.kernel.org/pub/linux/libs/pam/ -BuildRequires: bison cracklib-devel db-devel flex libxcrypt-devel +BuildRequires: bison cracklib-devel db-devel flex BuildRequires: audit-devel %if %{enable_selinux} BuildRequires: libselinux-devel -- 2.51.1 From f2c0510e8ec6f75e196594209e95efac7ab136afb42a80663f3f2bafcc7c1741 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 25 May 2011 14:16:00 +0000 Subject: [PATCH 046/226] - Remove libxcrypt-devel from BuildRequires OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=78 --- pam.changes | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pam.changes b/pam.changes index 6bdf36c..d753d54 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + ------------------------------------------------------------------- Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com -- 2.51.1 From e3f14fda0ab28f8c7fa30c0a1b6e48df29122169638a9c06be73418407e0b521 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 26 May 2011 09:48:17 +0000 Subject: [PATCH 047/226] Accepting request 71387 from home:babelworx:ldig:branches:Linux-PAM license update: GPL-2.0+ or BSD-3-Clause Updating to spdx.org/licenses syntax as legal-auto for some reason did not accept the previous spec file license OBS-URL: https://build.opensuse.org/request/show/71387 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=79 --- pam.changes | 7 +++++++ pam.spec | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index d753d54..2d8e0ca 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + ------------------------------------------------------------------- Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index ecf276a..a3972ee 100644 --- a/pam.spec +++ b/pam.spec @@ -29,7 +29,7 @@ BuildRequires: libselinux-devel %define libpam_so_version 0.83.0 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 -License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ +License: GPL-2.0+ or BSD-3-Clause Group: System/Libraries AutoReqProv: on # bug437293 @@ -63,7 +63,7 @@ having to recompile programs that do authentication. %package doc -License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ +License: GPL-2.0+ or BSD-3-Clause Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML ###BuildArch: noarch @@ -78,7 +78,7 @@ This package contains the documentation. %package devel -License: Beerware, Cardware, Shareware (not restricted) ; BSD3c ; GPLv2+ +License: GPL-2.0+ or BSD-3-Clause Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: pam = %{version} glibc-devel -- 2.51.1 From bfd33af5db33dcbc82424397a9f2d2398ab5af6419aac97bd609bf34973daa6b Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Thu, 26 May 2011 14:17:43 +0000 Subject: [PATCH 048/226] Updating link to change in openSUSE:Factory/pam revision 46.0 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=103286a3bed4d3cad097bab011dddcfa --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index a3972ee..6fffb68 100644 --- a/pam.spec +++ b/pam.spec @@ -38,7 +38,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.3 -Release: 6 +Release: 7 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 -- 2.51.1 From 6baed3302559d9895bf422b22f1552b3a5a51b919339866957279b1222279fc6 Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Thu, 26 May 2011 14:17:43 +0000 Subject: [PATCH 049/226] Autobuild autoformatter for 71391 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=46 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index a3972ee..6fffb68 100644 --- a/pam.spec +++ b/pam.spec @@ -38,7 +38,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.3 -Release: 6 +Release: 7 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 -- 2.51.1 From a9c0827316b4516d3ab7f4e6c088b3c068c0c86eaf327005e4931b951f525d05 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 27 Jun 2011 13:45:48 +0000 Subject: [PATCH 050/226] - Update to version 1.1.4 * pam_securetty: Honour console= kernel option, add noconsole option * pam_limits: Add %group syntax, drop change_uid option, add set_all option * Lot of small bug fixes * Add support for libtirpc - Build against libtirpc OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=81 --- Linux-PAM-1.1.3-docs.tar.bz2 | 3 --- Linux-PAM-1.1.3.tar.bz2 | 3 --- Linux-PAM-1.1.4-docs.tar.bz2 | 3 +++ Linux-PAM-1.1.4.tar.bz2 | 3 +++ pam.changes | 10 ++++++++++ pam.spec | 8 +++----- pam_listfile-quiet.patch | 38 ------------------------------------ 7 files changed, 19 insertions(+), 49 deletions(-) delete mode 100644 Linux-PAM-1.1.3-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.3.tar.bz2 create mode 100644 Linux-PAM-1.1.4-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.4.tar.bz2 delete mode 100644 pam_listfile-quiet.patch diff --git a/Linux-PAM-1.1.3-docs.tar.bz2 b/Linux-PAM-1.1.3-docs.tar.bz2 deleted file mode 100644 index 02a0600..0000000 --- a/Linux-PAM-1.1.3-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4afc3c02f295ed1a3e09876da7eb8738ce48a3c8ea1bc0861e4999730489df12 -size 495577 diff --git a/Linux-PAM-1.1.3.tar.bz2 b/Linux-PAM-1.1.3.tar.bz2 deleted file mode 100644 index 223e3aa..0000000 --- a/Linux-PAM-1.1.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ab4e684846e3a1cdacc516d0626df81568ae2eded557a03c958080293ac587b8 -size 1132897 diff --git a/Linux-PAM-1.1.4-docs.tar.bz2 b/Linux-PAM-1.1.4-docs.tar.bz2 new file mode 100644 index 0000000..e0d6375 --- /dev/null +++ b/Linux-PAM-1.1.4-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a3bcdbcede0865f0ce40aa1c1363afc2c51a878334a31689f959b0bdcf53cc6e +size 498363 diff --git a/Linux-PAM-1.1.4.tar.bz2 b/Linux-PAM-1.1.4.tar.bz2 new file mode 100644 index 0000000..013f369 --- /dev/null +++ b/Linux-PAM-1.1.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:13cf4775ffd4fdd8c79a88610d569ebacef738eb2be729eaf8655c942bcd9e50 +size 1123198 diff --git a/pam.changes b/pam.changes index 2d8e0ca..121210d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + ------------------------------------------------------------------- Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com diff --git a/pam.spec b/pam.spec index 6fffb68..99aaed3 100644 --- a/pam.spec +++ b/pam.spec @@ -23,10 +23,11 @@ Name: pam Url: http://www.kernel.org/pub/linux/libs/pam/ BuildRequires: bison cracklib-devel db-devel flex BuildRequires: audit-devel +BuildRequires: libtirpc-devel %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.83.0 +%define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 License: GPL-2.0+ or BSD-3-Clause @@ -37,7 +38,7 @@ AutoReqProv: on Obsoletes: pam-64bit %endif # -Version: 1.1.3 +Version: 1.1.4 Release: 7 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 @@ -51,8 +52,6 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff -# fix for bnc#673826 (pam_listfile logging) -Patch1: pam_listfile-quiet.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -102,7 +101,6 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 -%patch1 -p1 %build CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ diff --git a/pam_listfile-quiet.patch b/pam_listfile-quiet.patch deleted file mode 100644 index edd1391..0000000 --- a/pam_listfile-quiet.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -u -r Linux-PAM-1.1.3.orig/modules/pam_listfile/pam_listfile.c Linux-PAM-1.1.3/modules/pam_listfile/pam_listfile.c ---- Linux-PAM-1.1.3.orig/modules/pam_listfile/pam_listfile.c 2009-12-08 15:41:41.000000000 +0100 -+++ Linux-PAM-1.1.3/modules/pam_listfile/pam_listfile.c 2011-02-23 13:27:04.356265509 +0100 -@@ -78,8 +78,14 @@ - { - const char *junk; - -+ /* option quiet has no value */ -+ if(!strcmp(argv[i],"quiet")) { -+ quiet = 1; -+ continue; -+ } -+ - memset(mybuf,'\0',sizeof(mybuf)); -- memset(myval,'\0',sizeof(mybuf)); -+ memset(myval,'\0',sizeof(myval)); - junk = strchr(argv[i], '='); - if((junk == NULL) || (junk - argv[i]) >= (int) sizeof(mybuf)) { - pam_syslog(pamh,LOG_ERR, "Bad option: \"%s\"", -@@ -142,8 +148,6 @@ - apply_type=APPLY_TYPE_USER; - strncpy(apply_val,myval,sizeof(apply_val)-1); - } -- } else if (!strcmp(mybuf,"quiet")) { -- quiet = 1; - } else { - free(ifname); - pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); -@@ -283,7 +287,8 @@ - ifname, citem, citemp, sense); - #endif - if(lstat(ifname,&fileinfo)) { -- pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); -+ if(!quiet) -+ pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); - free(ifname); - return onerr; - } -- 2.51.1 From 9ec6d0f92740f4942aad61e41eba8ca8e3d54f8365e5ab2f50181ceb836eef5f Mon Sep 17 00:00:00 2001 From: Sascha Peilicke Date: Mon, 11 Jul 2011 06:52:44 +0000 Subject: [PATCH 051/226] Autobuild autoformatter for 74833 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=48 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 99aaed3..9920bef 100644 --- a/pam.spec +++ b/pam.spec @@ -39,7 +39,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.4 -Release: 7 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 -- 2.51.1 From 28de8ae255e88d267c7af30ee23e09291b2bb34dc1c44c63e73f170d3e3988d0 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Tue, 25 Oct 2011 12:29:41 +0000 Subject: [PATCH 052/226] - pam_tally2: remove invalid options from manpage (bnc#726071) - fix possible overflow and DOS in pam_env (bnc#724480) CVE-2011-3148, CVE-2011-3149 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=83 --- bug-724480_pam_env-fix-dos.patch | 33 ++++++++++++++++ bug-724480_pam_env-fix-overflow.patch | 29 ++++++++++++++ pam.changes | 7 ++++ pam.spec | 8 +++- pam_tally2-man.dif | 55 +++++++++++++++++++++++++++ 5 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 bug-724480_pam_env-fix-dos.patch create mode 100644 bug-724480_pam_env-fix-overflow.patch create mode 100644 pam_tally2-man.dif diff --git a/bug-724480_pam_env-fix-dos.patch b/bug-724480_pam_env-fix-dos.patch new file mode 100644 index 0000000..7b886a9 --- /dev/null +++ b/bug-724480_pam_env-fix-dos.patch @@ -0,0 +1,33 @@ +Description: abort when encountering an overflowed environment variable + expansion (CVE-2011-3149). +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 +Author: Kees Cook + +Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c +=================================================================== +--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c ++++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c +@@ -570,6 +570,7 @@ static int _expand_arg(pam_handle_t *pam + D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); + pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", + tmp, tmpptr); ++ return PAM_ABORT; + } + continue; + } +@@ -631,6 +632,7 @@ static int _expand_arg(pam_handle_t *pam + D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); + pam_syslog (pamh, LOG_ERR, + "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); ++ return PAM_ABORT; + } + } + } /* if ('{' != *orig++) */ +@@ -642,6 +644,7 @@ static int _expand_arg(pam_handle_t *pam + D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); + pam_syslog(pamh, LOG_ERR, + "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); ++ return PAM_ABORT; + } + } + } /* for (;*orig;) */ diff --git a/bug-724480_pam_env-fix-overflow.patch b/bug-724480_pam_env-fix-overflow.patch new file mode 100644 index 0000000..de74d06 --- /dev/null +++ b/bug-724480_pam_env-fix-overflow.patch @@ -0,0 +1,29 @@ +Description: correctly count leading whitespace when parsing environment + file (CVE-2011-3148). +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 +Author: Kees Cook + +Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c +=================================================================== +--- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c ++++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c +@@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char + char *p = buffer; + char *s, *os; + int used = 0; ++ int whitespace; + + /* loop broken with a 'break' when a non-'\\n' ended line is read */ + +@@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char + + /* skip leading spaces --- line may be blank */ + +- s = p + strspn(p, " \n\t"); ++ whitespace = strspn(p, " \n\t"); ++ s = p + whitespace; + if (*s && (*s != '#')) { ++ used += whitespace; + os = s; + + /* diff --git a/pam.changes b/pam.changes index 121210d..c27c06d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + ------------------------------------------------------------------- Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 99aaed3..e032480 100644 --- a/pam.spec +++ b/pam.spec @@ -39,7 +39,7 @@ Obsoletes: pam-64bit %endif # Version: 1.1.4 -Release: 7 +Release: 1 Summary: A Security Tool that Provides Authentication for Applications Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -52,6 +52,9 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff +Patch1: bug-724480_pam_env-fix-overflow.patch +Patch2: bug-724480_pam_env-fix-dos.patch +Patch3: pam_tally2-man.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -101,6 +104,9 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ diff --git a/pam_tally2-man.dif b/pam_tally2-man.dif new file mode 100644 index 0000000..cee8222 --- /dev/null +++ b/pam_tally2-man.dif @@ -0,0 +1,55 @@ +Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8 +=================================================================== +--- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8 ++++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8 +@@ -269,13 +269,6 @@ If the module is invoked by a user with + \fBsu\fR, otherwise this argument should be omitted\&. + .RE + .PP +-\fBno_lock_time\fR +-.RS 4 +-Do not use the \&.fail_locktime field in +-\FC/var/log/faillog\F[] +-for this user\&. +-.RE +-.PP + \fBeven_deny_root\fR + .RS 4 + Root account can become unavailable\&. +Index: Linux-PAM-1.1.4/modules/pam_tally2/README +=================================================================== +--- Linux-PAM-1.1.4.orig/modules/pam_tally2/README ++++ Linux-PAM-1.1.4/modules/pam_tally2/README +@@ -76,10 +76,6 @@ AUTH OPTIONS + incremented. The sysadmin should use this for user launched services, + like su, otherwise this argument should be omitted. + +- no_lock_time +- +- Do not use the .fail_locktime field in /var/log/faillog for this user. +- + even_deny_root + + Root account can become unavailable. +Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml +=================================================================== +--- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8.xml ++++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml +@@ -238,17 +238,6 @@ + + + +- +- +- +- +- Do not use the .fail_locktime field in +- /var/log/faillog for this user. +- +- +- +- +- + + + -- 2.51.1 From 04ace596ecc1352dc83e4deeb002e18c8e2fbae28d166011505d5eb5dba68343 Mon Sep 17 00:00:00 2001 From: Wolfgang Engel Date: Mon, 19 Mar 2012 12:00:58 +0000 Subject: [PATCH 053/226] Accepting request 107892 from home:jengelh:branches:Linux-PAM - Update to new upstream release 1.1.5 * pam_env: Fix CVE-2011-3148: correctly count leading whitespace when parsing environment file in pam_env * Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in pam_env * pam_access: Add hostname resolution cache OBS-URL: https://build.opensuse.org/request/show/107892 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=86 --- Linux-PAM-1.1.4-docs.tar.bz2 | 3 -- Linux-PAM-1.1.4.tar.bz2 | 3 -- Linux-PAM-1.1.5-docs.tar.bz2 | 3 ++ Linux-PAM-1.1.5.tar.bz2 | 3 ++ bug-724480_pam_env-fix-dos.patch | 33 ---------------- bug-724480_pam_env-fix-overflow.patch | 29 -------------- pam.changes | 10 +++++ pam.spec | 52 +++++++++++-------------- pam_tally2-man.dif | 55 --------------------------- 9 files changed, 39 insertions(+), 152 deletions(-) delete mode 100644 Linux-PAM-1.1.4-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.4.tar.bz2 create mode 100644 Linux-PAM-1.1.5-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.5.tar.bz2 delete mode 100644 bug-724480_pam_env-fix-dos.patch delete mode 100644 bug-724480_pam_env-fix-overflow.patch delete mode 100644 pam_tally2-man.dif diff --git a/Linux-PAM-1.1.4-docs.tar.bz2 b/Linux-PAM-1.1.4-docs.tar.bz2 deleted file mode 100644 index e0d6375..0000000 --- a/Linux-PAM-1.1.4-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a3bcdbcede0865f0ce40aa1c1363afc2c51a878334a31689f959b0bdcf53cc6e -size 498363 diff --git a/Linux-PAM-1.1.4.tar.bz2 b/Linux-PAM-1.1.4.tar.bz2 deleted file mode 100644 index 013f369..0000000 --- a/Linux-PAM-1.1.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:13cf4775ffd4fdd8c79a88610d569ebacef738eb2be729eaf8655c942bcd9e50 -size 1123198 diff --git a/Linux-PAM-1.1.5-docs.tar.bz2 b/Linux-PAM-1.1.5-docs.tar.bz2 new file mode 100644 index 0000000..889234a --- /dev/null +++ b/Linux-PAM-1.1.5-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e4b10ffebe2e5cc355bd37c4e17a2288eb90d1396b06961738a7e7ef848c754c +size 498228 diff --git a/Linux-PAM-1.1.5.tar.bz2 b/Linux-PAM-1.1.5.tar.bz2 new file mode 100644 index 0000000..0c2ab97 --- /dev/null +++ b/Linux-PAM-1.1.5.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:65def4df04254dc4c5156859d36c34ad6d7afbcf3adbf2780530ebc4dbf2a116 +size 1123524 diff --git a/bug-724480_pam_env-fix-dos.patch b/bug-724480_pam_env-fix-dos.patch deleted file mode 100644 index 7b886a9..0000000 --- a/bug-724480_pam_env-fix-dos.patch +++ /dev/null @@ -1,33 +0,0 @@ -Description: abort when encountering an overflowed environment variable - expansion (CVE-2011-3149). -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 -Author: Kees Cook - -Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c -=================================================================== ---- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c -+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c -@@ -570,6 +570,7 @@ static int _expand_arg(pam_handle_t *pam - D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); - pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", - tmp, tmpptr); -+ return PAM_ABORT; - } - continue; - } -@@ -631,6 +632,7 @@ static int _expand_arg(pam_handle_t *pam - D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); - pam_syslog (pamh, LOG_ERR, - "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); -+ return PAM_ABORT; - } - } - } /* if ('{' != *orig++) */ -@@ -642,6 +644,7 @@ static int _expand_arg(pam_handle_t *pam - D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); - pam_syslog(pamh, LOG_ERR, - "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); -+ return PAM_ABORT; - } - } - } /* for (;*orig;) */ diff --git a/bug-724480_pam_env-fix-overflow.patch b/bug-724480_pam_env-fix-overflow.patch deleted file mode 100644 index de74d06..0000000 --- a/bug-724480_pam_env-fix-overflow.patch +++ /dev/null @@ -1,29 +0,0 @@ -Description: correctly count leading whitespace when parsing environment - file (CVE-2011-3148). -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 -Author: Kees Cook - -Index: Linux-PAM-1.1.4/modules/pam_env/pam_env.c -=================================================================== ---- Linux-PAM-1.1.4.orig/modules/pam_env/pam_env.c -+++ Linux-PAM-1.1.4/modules/pam_env/pam_env.c -@@ -290,6 +290,7 @@ static int _assemble_line(FILE *f, char - char *p = buffer; - char *s, *os; - int used = 0; -+ int whitespace; - - /* loop broken with a 'break' when a non-'\\n' ended line is read */ - -@@ -312,8 +313,10 @@ static int _assemble_line(FILE *f, char - - /* skip leading spaces --- line may be blank */ - -- s = p + strspn(p, " \n\t"); -+ whitespace = strspn(p, " \n\t"); -+ s = p + whitespace; - if (*s && (*s != '#')) { -+ used += whitespace; - os = s; - - /* diff --git a/pam.changes b/pam.changes index c27c06d..5ba943a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + ------------------------------------------------------------------- Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de diff --git a/pam.spec b/pam.spec index e032480..41de528 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,32 +15,36 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %define enable_selinux 1 Name: pam Url: http://www.kernel.org/pub/linux/libs/pam/ -BuildRequires: bison cracklib-devel db-devel flex BuildRequires: audit-devel -BuildRequires: libtirpc-devel +BuildRequires: bison +BuildRequires: cracklib-devel +BuildRequires: db-devel +BuildRequires: flex +BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif %define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 -License: GPL-2.0+ or BSD-3-Clause -Group: System/Libraries -AutoReqProv: on # bug437293 %ifarch ppc64 Obsoletes: pam-64bit %endif # -Version: 1.1.4 -Release: 1 +Version: 1.1.5 +Release: 0 Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0+ or BSD-3-Clause +Group: System/Libraries + +###DL-URL: http://www.kernel.org/pub/linux/libs/pam/library/ +#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 Source2: securetty @@ -52,9 +56,6 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff -Patch1: bug-724480_pam_env-fix-overflow.patch -Patch2: bug-724480_pam_env-fix-dos.patch -Patch3: pam_tally2-man.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -65,10 +66,11 @@ having to recompile programs that do authentication. %package doc -License: GPL-2.0+ or BSD-3-Clause Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML -###BuildArch: noarch +%if 0%{?suse_version} >= 1140 +BuildArch: noarch +%endif %description doc PAM (Pluggable Authentication Modules) is a system security tool that @@ -80,11 +82,9 @@ This package contains the documentation. %package devel -License: GPL-2.0+ or BSD-3-Clause Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: pam = %{version} glibc-devel -AutoReqProv: on # bug437293 %ifarch ppc64 Obsoletes: pam-devel-64bit @@ -104,15 +104,12 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build -CFLAGS="$RPM_OPT_FLAGS -DNDEBUG" \ -./configure \ - --infodir=%{_infodir} \ - --mandir=%{_mandir} \ +export CFLAGS="%optflags -DNDEBUG" +%configure \ + --sbindir=/sbin \ + --includedir=%_includedir/security \ --docdir=%{_docdir}/pam \ --htmldir=%{_docdir}/pam/html \ --pdfdir=%{_docdir}/pam/pdf \ @@ -179,15 +176,12 @@ install -m 644 NEWS COPYING $DOC # Create filelist with translatins %{find_lang} Linux-PAM -%clean -rm -rf $RPM_BUILD_ROOT +%verifyscript +%verify_permissions -e /sbin/unix_chkpwd %post -p /sbin/ldconfig -%postun -/sbin/ldconfig -%verifyscript -%verify_permissions -e /sbin/unix_chkpwd +%postun -p /sbin/ldconfig %files -f Linux-PAM.lang %defattr(-,root,root) diff --git a/pam_tally2-man.dif b/pam_tally2-man.dif deleted file mode 100644 index cee8222..0000000 --- a/pam_tally2-man.dif +++ /dev/null @@ -1,55 +0,0 @@ -Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8 -=================================================================== ---- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8 -+++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8 -@@ -269,13 +269,6 @@ If the module is invoked by a user with - \fBsu\fR, otherwise this argument should be omitted\&. - .RE - .PP --\fBno_lock_time\fR --.RS 4 --Do not use the \&.fail_locktime field in --\FC/var/log/faillog\F[] --for this user\&. --.RE --.PP - \fBeven_deny_root\fR - .RS 4 - Root account can become unavailable\&. -Index: Linux-PAM-1.1.4/modules/pam_tally2/README -=================================================================== ---- Linux-PAM-1.1.4.orig/modules/pam_tally2/README -+++ Linux-PAM-1.1.4/modules/pam_tally2/README -@@ -76,10 +76,6 @@ AUTH OPTIONS - incremented. The sysadmin should use this for user launched services, - like su, otherwise this argument should be omitted. - -- no_lock_time -- -- Do not use the .fail_locktime field in /var/log/faillog for this user. -- - even_deny_root - - Root account can become unavailable. -Index: Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml -=================================================================== ---- Linux-PAM-1.1.4.orig/modules/pam_tally2/pam_tally2.8.xml -+++ Linux-PAM-1.1.4/modules/pam_tally2/pam_tally2.8.xml -@@ -238,17 +238,6 @@ - - - -- -- -- -- -- Do not use the .fail_locktime field in -- /var/log/faillog for this user. -- -- -- -- -- - - - -- 2.51.1 From eded56e30d92ede01ece1816f75436080baf022159d0e78aec1200147de0d62d Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Thu, 10 May 2012 03:15:08 +0000 Subject: [PATCH 054/226] Accepting request 115130 from home:jengelh:dev - Update homepage URL in specfile OBS-URL: https://build.opensuse.org/request/show/115130 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=88 --- pam.changes | 5 +++++ pam.spec | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pam.changes b/pam.changes index 5ba943a..3d067e2 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + ------------------------------------------------------------------- Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de diff --git a/pam.spec b/pam.spec index 41de528..f3e61f5 100644 --- a/pam.spec +++ b/pam.spec @@ -16,10 +16,11 @@ # +# %define enable_selinux 1 Name: pam -Url: http://www.kernel.org/pub/linux/libs/pam/ +Url: http://fedorahosted.org/linux-pam/ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -84,7 +85,8 @@ This package contains the documentation. %package devel Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ -Requires: pam = %{version} glibc-devel +Requires: glibc-devel +Requires: pam = %{version} # bug437293 %ifarch ppc64 Obsoletes: pam-devel-64bit -- 2.51.1 From 73ec5dd486e0025771295a3c56c1a8019b5b636f3cb694ad08986ef8c28b9b43 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 22 Jun 2012 07:40:29 +0000 Subject: [PATCH 055/226] Accepting request 125670 from home:a_jaeger:devel-glibc Include correct headers for getrlimit. OBS-URL: https://build.opensuse.org/request/show/125670 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=90 --- pam-fix-includes.patch | 25 +++++++++++++++++++++++++ pam.changes | 5 +++++ pam.spec | 2 ++ 3 files changed, 32 insertions(+) create mode 100644 pam-fix-includes.patch diff --git a/pam-fix-includes.patch b/pam-fix-includes.patch new file mode 100644 index 0000000..9898b94 --- /dev/null +++ b/pam-fix-includes.patch @@ -0,0 +1,25 @@ +Index: Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c +=================================================================== +--- Linux-PAM-1.1.5.orig/modules/pam_unix/pam_unix_acct.c ++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c +@@ -47,6 +47,8 @@ + #include /* for time() */ + #include + #include ++#include ++#include + + #include + +Index: Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c +=================================================================== +--- Linux-PAM-1.1.5.orig/modules/pam_unix/pam_unix_passwd.c ++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c +@@ -54,6 +54,7 @@ + #include + #include + #include ++#include + + #include + #include diff --git a/pam.changes b/pam.changes index 3d067e2..7cedb87 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit. + ------------------------------------------------------------------- Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de diff --git a/pam.spec b/pam.spec index f3e61f5..7abb120 100644 --- a/pam.spec +++ b/pam.spec @@ -57,6 +57,7 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff +Patch1: pam-fix-includes.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -106,6 +107,7 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 +%patch1 -p1 %build export CFLAGS="%optflags -DNDEBUG" -- 2.51.1 From 0c8101438e8a6ef742d4c19d04cb404b9de778f66131aea2b66e5cf80d757017 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 19 Sep 2012 12:21:10 +0000 Subject: [PATCH 056/226] - Fix building in Factory - Update to Linux-PAM 1.1.6 - Update translations - pam_cracklib: Add more checks for weak passwords - pam_lastlog: Never lock out root - Lot of bug fixes and smaller enhancements OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=92 --- Linux-PAM-1.1.5-docs.tar.bz2 | 3 --- Linux-PAM-1.1.5.tar.bz2 | 3 --- Linux-PAM-1.1.6-docs.tar.bz2 | 3 +++ Linux-PAM-1.1.6.tar.bz2 | 3 +++ missing-DESTDIR.diff | 38 ++++++++++++++++++++++++++++++++++++ pam-fix-includes.patch | 25 ------------------------ pam.changes | 14 +++++++++++++ pam.spec | 9 +++++++-- 8 files changed, 65 insertions(+), 33 deletions(-) delete mode 100644 Linux-PAM-1.1.5-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.5.tar.bz2 create mode 100644 Linux-PAM-1.1.6-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.6.tar.bz2 create mode 100644 missing-DESTDIR.diff delete mode 100644 pam-fix-includes.patch diff --git a/Linux-PAM-1.1.5-docs.tar.bz2 b/Linux-PAM-1.1.5-docs.tar.bz2 deleted file mode 100644 index 889234a..0000000 --- a/Linux-PAM-1.1.5-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e4b10ffebe2e5cc355bd37c4e17a2288eb90d1396b06961738a7e7ef848c754c -size 498228 diff --git a/Linux-PAM-1.1.5.tar.bz2 b/Linux-PAM-1.1.5.tar.bz2 deleted file mode 100644 index 0c2ab97..0000000 --- a/Linux-PAM-1.1.5.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:65def4df04254dc4c5156859d36c34ad6d7afbcf3adbf2780530ebc4dbf2a116 -size 1123524 diff --git a/Linux-PAM-1.1.6-docs.tar.bz2 b/Linux-PAM-1.1.6-docs.tar.bz2 new file mode 100644 index 0000000..e8d827a --- /dev/null +++ b/Linux-PAM-1.1.6-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0244321b1c4b8a71064d984880566890cc809b1c77bdd0550f121fa7d8450497 +size 147359 diff --git a/Linux-PAM-1.1.6.tar.bz2 b/Linux-PAM-1.1.6.tar.bz2 new file mode 100644 index 0000000..0b4e759 --- /dev/null +++ b/Linux-PAM-1.1.6.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2 +size 1147538 diff --git a/missing-DESTDIR.diff b/missing-DESTDIR.diff new file mode 100644 index 0000000..4ec7bf4 --- /dev/null +++ b/missing-DESTDIR.diff @@ -0,0 +1,38 @@ +From d7e6b921cd34f7ad8fc4d05065c75d13ba330896 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 17 Aug 2012 12:46:40 +0000 +Subject: Add missing $(DESTDIR) when making directories on install. + +modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making +$(namespaceddir) on install. +modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making +$(sepermitlockdir) on install. +--- +diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +index a28f196..ebb00f3 100644 +--- a/modules/pam_namespace/Makefile.am ++++ b/modules/pam_namespace/Makefile.am +@@ -40,7 +40,7 @@ if HAVE_UNSHARE + secureconf_SCRIPTS = namespace.init + + install-data-local: +- mkdir -p $(namespaceddir) ++ mkdir -p $(DESTDIR)$(namespaceddir) + endif + + +diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am +index cfc5594..bc82275 100644 +--- a/modules/pam_sepermit/Makefile.am ++++ b/modules/pam_sepermit/Makefile.am +@@ -35,7 +35,7 @@ if HAVE_LIBSELINUX + securelib_LTLIBRARIES = pam_sepermit.la + + install-data-local: +- mkdir -p $(sepermitlockdir) ++ mkdir -p $(DESTDIR)$(sepermitlockdir) + endif + if ENABLE_REGENERATE_MAN + noinst_DATA = README pam_sepermit.8 sepermit.conf.5 +-- +cgit v0.9.0.2 diff --git a/pam-fix-includes.patch b/pam-fix-includes.patch deleted file mode 100644 index 9898b94..0000000 --- a/pam-fix-includes.patch +++ /dev/null @@ -1,25 +0,0 @@ -Index: Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c -=================================================================== ---- Linux-PAM-1.1.5.orig/modules/pam_unix/pam_unix_acct.c -+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c -@@ -47,6 +47,8 @@ - #include /* for time() */ - #include - #include -+#include -+#include - - #include - -Index: Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c -=================================================================== ---- Linux-PAM-1.1.5.orig/modules/pam_unix/pam_unix_passwd.c -+++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c -@@ -54,6 +54,7 @@ - #include - #include - #include -+#include - - #include - #include diff --git a/pam.changes b/pam.changes index 7cedb87..ffa3513 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + ------------------------------------------------------------------- Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de diff --git a/pam.spec b/pam.spec index 7abb120..7a48c3a 100644 --- a/pam.spec +++ b/pam.spec @@ -30,6 +30,8 @@ BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif +BuildRequires: autoconf +BuildRequires: automake %define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 @@ -38,7 +40,7 @@ BuildRequires: libselinux-devel Obsoletes: pam-64bit %endif # -Version: 1.1.5 +Version: 1.1.6 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause @@ -58,6 +60,7 @@ Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff Patch1: pam-fix-includes.patch +Patch2: missing-DESTDIR.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -107,9 +110,11 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 -%patch1 -p1 +%patch1 -p0 +%patch2 -p1 %build +autoreconf export CFLAGS="%optflags -DNDEBUG" %configure \ --sbindir=/sbin \ -- 2.51.1 From fabc3d549b4d5c5abeba945b70606ddf51a14f0d67f0127ca6e8aaae5ba16fad Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 20 Sep 2012 13:38:57 +0000 Subject: [PATCH 057/226] Patch got lost ... OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=93 --- pam-fix-includes.patch | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 pam-fix-includes.patch diff --git a/pam-fix-includes.patch b/pam-fix-includes.patch new file mode 100644 index 0000000..9cc771e --- /dev/null +++ b/pam-fix-includes.patch @@ -0,0 +1,10 @@ +--- modules/pam_unix/pam_unix_passwd.c ++++ modules/pam_unix/pam_unix_passwd.c +@@ -54,6 +54,7 @@ + #include + #include + #include ++#include + + #include + #include -- 2.51.1 From 9fba8c6758d7dc5e06224c3bffeaeea00d8531b902d30c892fc23bb257be0e84 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Tue, 25 Sep 2012 08:56:56 +0000 Subject: [PATCH 058/226] Accepting request 135827 from home:a_jaeger:FactoryFix Add patch names to recent changes. OBS-URL: https://build.opensuse.org/request/show/135827 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=94 --- pam.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pam.changes b/pam.changes index ffa3513..e12a6a7 100644 --- a/pam.changes +++ b/pam.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de -- Fix building in Factory +- Fix building in Factory (add patch pam-fix-includes.patch) ------------------------------------------------------------------- Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de @@ -15,7 +15,7 @@ Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de ------------------------------------------------------------------- Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de -- Include correct headers for getrlimit. +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). ------------------------------------------------------------------- Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de -- 2.51.1 From 9f88532c59c0b3e0e17f3d910140c5708905fa6ede7ac9507462b5a3de0056a7 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Tue, 25 Sep 2012 12:12:12 +0000 Subject: [PATCH 059/226] Accepting request 135862 from home:a_jaeger:FactoryFix Fix patch name OBS-URL: https://build.opensuse.org/request/show/135862 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=95 --- pam.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index e12a6a7..db3555c 100644 --- a/pam.changes +++ b/pam.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de -- Fix building in Factory (add patch pam-fix-includes.patch) +- Fix building in Factory (add patch missing-DESTDIR.diff) ------------------------------------------------------------------- Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de -- 2.51.1 From 32a24404b4af9e807a14e911fc9ec4c3759d15bc5cd1157333f02503ae6d31e3 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 12 Nov 2012 13:43:46 +0000 Subject: [PATCH 060/226] - Sync common-*.pamd config with pam-config (use pam_unix.so as default). OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=97 --- common-account.pamd | 2 +- common-auth.pamd | 2 +- common-password.pamd | 19 ++++--------------- common-session.pamd | 5 +++-- pam.changes | 6 ++++++ 5 files changed, 15 insertions(+), 19 deletions(-) diff --git a/common-account.pamd b/common-account.pamd index 779c73c..d1ba7b5 100644 --- a/common-account.pamd +++ b/common-account.pamd @@ -6,4 +6,4 @@ # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired. # -account required pam_unix2.so +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd index 58e4952..b4d5dc3 100644 --- a/common-auth.pamd +++ b/common-auth.pamd @@ -8,4 +8,4 @@ # traditional Unix authentication mechanisms. # auth required pam_env.so -auth required pam_unix2.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd index 15afcc9..a8dc0a1 100644 --- a/common-password.pamd +++ b/common-password.pamd @@ -3,21 +3,10 @@ # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be -# used to change user passwords. The default is pam_unix2 in combination -# with pam_pwcheck. - +# used to change user passwords. +# # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # -# To enable Blowfish or MD5 passwords, you should edit -# /etc/default/passwd. -# -# Alternate strength checking for passwords should be configured -# in /etc/security/pam_pwcheck.conf. -# -# pam_make can be used to rebuild NIS maps after password change. -# -password required pam_pwcheck.so nullok cracklib -password required pam_unix2.so nullok use_authtok -#password required pam_make.so /var/yp - +password requisite pam_cracklib.so +password required pam_unix.so use_authtok nullok try_first_pas diff --git a/common-session.pamd b/common-session.pamd index f67f6ac..9fc9e37 100644 --- a/common-session.pamd +++ b/common-session.pamd @@ -4,8 +4,9 @@ # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and -# non-interactive). The default is pam_unix2. +# non-interactive). # session required pam_limits.so -session required pam_unix2.so +session required pam_unix.so try_first_pass session optional pam_umask.so +session optional pam_env.so diff --git a/pam.changes b/pam.changes index db3555c..81194c3 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + ------------------------------------------------------------------- Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de -- 2.51.1 From f64850a1484d4f35a8d241a2102d8fd13957d18c5a38591cff65dab27781d134 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 25 Jan 2013 13:50:35 +0000 Subject: [PATCH 061/226] - Remove deprecated pam_tally.so module, it's too buggy and can destroy config and log files. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=99 --- pam.changes | 6 ++++++ pam.spec | 10 +++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index 81194c3..3e620d5 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + ------------------------------------------------------------------- Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 7a48c3a..ba9c688 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -168,6 +168,12 @@ for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do ln -f $RPM_BUILD_ROOT/%{_lib}/security/pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/$x.so done # +# pam_tally is deprecated since ages +# +rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so +rm -f $RPM_BUILD_ROOT/sbin/pam_tally +rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* +# # Install READMEs of PAM modules # DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam @@ -259,7 +265,6 @@ install -m 644 NEWS COPYING $DOC /%{_lib}/security/pam_shells.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so -/%{_lib}/security/pam_tally.so /%{_lib}/security/pam_tally2.so /%{_lib}/security/pam_time.so /%{_lib}/security/pam_timestamp.so @@ -275,7 +280,6 @@ install -m 644 NEWS COPYING $DOC /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so /sbin/mkhomedir_helper -/sbin/pam_tally /sbin/pam_tally2 /sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd -- 2.51.1 From 9c8c5632c1ac1b36f118fc0f3c56d0d49687a6d401b1a98e7dfb94fd14516ced Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 5 Feb 2013 13:10:24 +0000 Subject: [PATCH 062/226] - Adjust URL - Add set_permission macro and PreReq - Read default encryption method from /etc/login.defs (pam_unix-login.defs.diff) OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=101 --- pam.changes | 8 ++ pam.spec | 21 ++--- pam_unix-login.defs.diff | 164 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 180 insertions(+), 13 deletions(-) create mode 100644 pam_unix-login.defs.diff diff --git a/pam.changes b/pam.changes index 3e620d5..9e67946 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + ------------------------------------------------------------------- Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com diff --git a/pam.spec b/pam.spec index ba9c688..805c238 100644 --- a/pam.spec +++ b/pam.spec @@ -20,7 +20,7 @@ %define enable_selinux 1 Name: pam -Url: http://fedorahosted.org/linux-pam/ +Url: http://www.linux-pam.org/ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -35,18 +35,14 @@ BuildRequires: automake %define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 -# bug437293 -%ifarch ppc64 -Obsoletes: pam-64bit -%endif -# + Version: 1.1.6 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause Group: System/Libraries +PreReq: permissions -###DL-URL: http://www.kernel.org/pub/linux/libs/pam/library/ #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ Source: Linux-PAM-%{version}.tar.bz2 Source1: Linux-PAM-%{version}-docs.tar.bz2 @@ -61,6 +57,7 @@ Source9: baselibs.conf Patch0: pam_tally-deprecated.diff Patch1: pam-fix-includes.patch Patch2: missing-DESTDIR.diff +Patch3: pam_unix-login.defs.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -91,11 +88,6 @@ Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: pam = %{version} -# bug437293 -%ifarch ppc64 -Obsoletes: pam-devel-64bit -%endif -# %description devel PAM (Pluggable Authentication Modules) is a system security tool which @@ -112,6 +104,7 @@ building both PAM-aware applications and modules for use with PAM. %patch0 -p0 %patch1 -p0 %patch2 -p1 +%patch3 -p0 %build autoreconf @@ -194,7 +187,9 @@ install -m 644 NEWS COPYING $DOC %verifyscript %verify_permissions -e /sbin/unix_chkpwd -%post -p /sbin/ldconfig +%post +/sbin/ldconfig +%set_permissions /sbin/unix_chkpwd %postun -p /sbin/ldconfig diff --git a/pam_unix-login.defs.diff b/pam_unix-login.defs.diff new file mode 100644 index 0000000..b13e1ab --- /dev/null +++ b/pam_unix-login.defs.diff @@ -0,0 +1,164 @@ +2013-02-05 Thorsten Kukuk + +Use hash from /etc/login.defs as default if no +other one is specified as argument. + +* modules/pam_unix/support.c: Add search_key, call from __set_ctrl +* modules/pam_unix/support.h: Add define for /etc/login.defs +* modules/pam_unix/pam_unix.8.xml: Document new behavior. + +--- modules/pam_unix/support.c ++++ modules/pam_unix/support.c +@@ -37,6 +37,76 @@ + #define SELINUX_ENABLED 0 + #endif + ++static char * ++search_key (const char *filename) ++{ ++ FILE *fp; ++ char *buf = NULL; ++ size_t buflen = 0; ++ char *retval = NULL; ++ ++ fp = fopen (filename, "r"); ++ if (NULL == fp) ++ return NULL; ++ ++ while (!feof (fp)) ++ { ++ char *tmp, *cp; ++#if defined(HAVE_GETLINE) ++ ssize_t n = getline (&buf, &buflen, fp); ++#elif defined (HAVE_GETDELIM) ++ ssize_t n = getdelim (&buf, &buflen, '\n', fp); ++#else ++ ssize_t n; ++ ++ if (buf == NULL) ++ { ++ buflen = BUF_SIZE; ++ buf = malloc (buflen); ++ } ++ buf[0] = '\0'; ++ if (fgets (buf, buflen - 1, fp) == NULL) ++ break; ++ else if (buf != NULL) ++ n = strlen (buf); ++ else ++ n = 0; ++#endif /* HAVE_GETLINE / HAVE_GETDELIM */ ++ cp = buf; ++ ++ if (n < 1) ++ break; ++ ++ tmp = strchr (cp, '#'); /* remove comments */ ++ if (tmp) ++ *tmp = '\0'; ++ while (isspace ((int)*cp)) /* remove spaces and tabs */ ++ ++cp; ++ if (*cp == '\0') /* ignore empty lines */ ++ continue; ++ ++ if (cp[strlen (cp) - 1] == '\n') ++ cp[strlen (cp) - 1] = '\0'; ++ ++ tmp = strsep (&cp, " \t="); ++ if (cp != NULL) ++ while (isspace ((int)*cp) || *cp == '=') ++ ++cp; ++ ++ if (strcasecmp (tmp, "ENCRYPT_METHOD") == 0) ++ { ++ retval = strdup (cp); ++ break; ++ } ++ } ++ fclose (fp); ++ ++ free (buf); ++ ++ return retval; ++} ++ ++ + /* this is a front-end for module-application conversations */ + + int _make_remark(pam_handle_t * pamh, unsigned int ctrl, +@@ -58,6 +128,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + int *pass_min_len, int argc, const char **argv) + { + unsigned int ctrl; ++ char *val; ++ int j; + + D(("called.")); + +@@ -81,10 +153,27 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + D(("SILENT")); + set(UNIX__QUIET, ctrl); + } ++ ++ /* preset encryption method with value from /etc/login.defs */ ++ val = search_key (LOGIN_DEFS); ++ if (val) { ++ for (j = 0; j < UNIX_CTRLS_; ++j) { ++ if (unix_args[j].token ++ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { ++ break; ++ } ++ } ++ if (j >= UNIX_CTRLS_) { ++ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPTION_METHOD value [%s]", val); ++ } else { ++ ctrl &= unix_args[j].mask; /* for turning things off */ ++ ctrl |= unix_args[j].flag; /* for turning things on */ ++ } ++ } ++ + /* now parse the arguments to this module */ + + for (; argc-- > 0; ++argv) { +- int j; + + D(("pam_unix arg: %s", *argv)); + +--- modules/pam_unix/support.h ++++ modules/pam_unix/support.h +@@ -8,6 +8,12 @@ + #include + + /* ++ * File to read value of ENCRYPT_METHOD from. ++ */ ++#define LOGIN_DEFS "/etc/login.defs" ++ ++ ++/* + * here is the string to inform the user that the new passwords they + * typed were not the same. + */ +--- modules/pam_unix/pam_unix.8.xml ++++ modules/pam_unix/pam_unix.8.xml +@@ -81,7 +81,9 @@ + + + The password component of this module performs the task of updating +- the user's password. ++ the user's password. The default encryption hash is taken from the ++ ENCYPTION_METHOD variable from ++ /etc/login.defs + + + +@@ -393,6 +395,9 @@ session required pam_unix.so + SEE ALSO + + ++ login.defs5 ++ , ++ + pam.conf5 + , + -- 2.51.1 From 59a3466dd89f1030e7f58a7eef6e7b338f0e36bd46a913a58bf34f602f86f177 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 5 Feb 2013 16:28:46 +0000 Subject: [PATCH 063/226] - Update pam_unix-login.defs.diff patch to the final upstream version. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=102 --- pam.changes | 6 +++ pam_unix-login.defs.diff | 98 ++++++++++++++++++++++++++-------------- 2 files changed, 71 insertions(+), 33 deletions(-) diff --git a/pam.changes b/pam.changes index 9e67946..cd646e3 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + ------------------------------------------------------------------- Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de diff --git a/pam_unix-login.defs.diff b/pam_unix-login.defs.diff index b13e1ab..613683a 100644 --- a/pam_unix-login.defs.diff +++ b/pam_unix-login.defs.diff @@ -1,15 +1,63 @@ -2013-02-05 Thorsten Kukuk - Use hash from /etc/login.defs as default if no other one is specified as argument. * modules/pam_unix/support.c: Add search_key, call from __set_ctrl * modules/pam_unix/support.h: Add define for /etc/login.defs * modules/pam_unix/pam_unix.8.xml: Document new behavior. +* modules/pam_umask/pam_umask.c: Add missing NULL pointer check ---- modules/pam_unix/support.c -+++ modules/pam_unix/support.c -@@ -37,6 +37,76 @@ +diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c +index 6d2ec1a..863f038 100644 +--- a/modules/pam_umask/pam_umask.c ++++ b/modules/pam_umask/pam_umask.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2005, 2006, 2007, 2010 Thorsten Kukuk ++ * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -112,6 +112,10 @@ search_key (const char *filename) + { + buflen = BUF_SIZE; + buf = malloc (buflen); ++ if (buf == NULL) { ++ fclose (fp); ++ return NULL; ++ } + } + buf[0] = '\0'; + if (fgets (buf, buflen - 1, fp) == NULL) +diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml +index 0a42d7a..9ce084e 100644 +--- a/modules/pam_unix/pam_unix.8.xml ++++ b/modules/pam_unix/pam_unix.8.xml +@@ -81,7 +81,9 @@ + + + The password component of this module performs the task of updating +- the user's password. ++ the user's password. The default encryption hash is taken from the ++ ENCRYPT_METHOD variable from ++ /etc/login.defs + + + +@@ -393,6 +395,9 @@ session required pam_unix.so + SEE ALSO + + ++ login.defs5 ++ , ++ + pam.conf5 + , + +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index ab04535..527c380 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -37,6 +37,80 @@ #define SELINUX_ENABLED 0 #endif @@ -39,6 +87,10 @@ other one is specified as argument. + { + buflen = BUF_SIZE; + buf = malloc (buflen); ++ if (buf == NULL) { ++ fclose (fp); ++ return NULL; ++ } + } + buf[0] = '\0'; + if (fgets (buf, buflen - 1, fp) == NULL) @@ -86,7 +138,7 @@ other one is specified as argument. /* this is a front-end for module-application conversations */ int _make_remark(pam_handle_t * pamh, unsigned int ctrl, -@@ -58,6 +128,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, +@@ -58,6 +132,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, int *pass_min_len, int argc, const char **argv) { unsigned int ctrl; @@ -95,7 +147,7 @@ other one is specified as argument. D(("called.")); -@@ -81,10 +153,27 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, +@@ -81,10 +157,28 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, D(("SILENT")); set(UNIX__QUIET, ctrl); } @@ -110,11 +162,12 @@ other one is specified as argument. + } + } + if (j >= UNIX_CTRLS_) { -+ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPTION_METHOD value [%s]", val); ++ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD value [%s]", val); + } else { + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } ++ free (val); + } + /* now parse the arguments to this module */ @@ -124,8 +177,10 @@ other one is specified as argument. D(("pam_unix arg: %s", *argv)); ---- modules/pam_unix/support.h -+++ modules/pam_unix/support.h +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index db4cd95..d21e349 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h @@ -8,6 +8,12 @@ #include @@ -139,26 +194,3 @@ other one is specified as argument. * here is the string to inform the user that the new passwords they * typed were not the same. */ ---- modules/pam_unix/pam_unix.8.xml -+++ modules/pam_unix/pam_unix.8.xml -@@ -81,7 +81,9 @@ - - - The password component of this module performs the task of updating -- the user's password. -+ the user's password. The default encryption hash is taken from the -+ ENCYPTION_METHOD variable from -+ /etc/login.defs - - - -@@ -393,6 +395,9 @@ session required pam_unix.so - SEE ALSO - - -+ login.defs5 -+ , -+ - pam.conf5 - , - -- 2.51.1 From 158efa6eb7ab110e2c6fe30a9d5adb29dfd67a023435b5d1865bd518756ca8d8 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 5 Feb 2013 16:29:29 +0000 Subject: [PATCH 064/226] Fix Typo OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=103 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 805c238..3a64fcc 100644 --- a/pam.spec +++ b/pam.spec @@ -104,7 +104,7 @@ building both PAM-aware applications and modules for use with PAM. %patch0 -p0 %patch1 -p0 %patch2 -p1 -%patch3 -p0 +%patch3 -p1 %build autoreconf -- 2.51.1 From 859183f330748f2c835101baeddb4569b0963fb2fd03f69a929e18922f484e45 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sun, 28 Apr 2013 14:35:39 +0000 Subject: [PATCH 065/226] Accepting request 173486 from openSUSE:Factory:Staging:Automake - Added libtool as BuildRequire, and autoreconf -i option to fix build with new automake OBS-URL: https://build.opensuse.org/request/show/173486 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=105 --- pam.changes | 6 ++++++ pam.spec | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index cd646e3..e33c86a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + ------------------------------------------------------------------- Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 3a64fcc..7ed92bb 100644 --- a/pam.spec +++ b/pam.spec @@ -32,6 +32,7 @@ BuildRequires: libselinux-devel %endif BuildRequires: autoconf BuildRequires: automake +BuildRequires: libtool %define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 @@ -107,7 +108,7 @@ building both PAM-aware applications and modules for use with PAM. %patch3 -p1 %build -autoreconf +autoreconf -i export CFLAGS="%optflags -DNDEBUG" %configure \ --sbindir=/sbin \ -- 2.51.1 From 0591e4b1124351f76a07ae5814e39d1096d20f579e61c6f4e5932d350e1f3d08 Mon Sep 17 00:00:00 2001 From: Factory Maintainer Date: Mon, 3 Jun 2013 15:25:22 +0000 Subject: [PATCH 066/226] resolved conflict OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=108 --- common-password.pamd | 2 +- pam.changes | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/common-password.pamd b/common-password.pamd index a8dc0a1..1baf490 100644 --- a/common-password.pamd +++ b/common-password.pamd @@ -9,4 +9,4 @@ # empty passwords are treated as locked accounts. # password requisite pam_cracklib.so -password required pam_unix.so use_authtok nullok try_first_pas +password required pam_unix.so use_authtok nullok try_first_pass diff --git a/pam.changes b/pam.changes index e33c86a..8099750 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + ------------------------------------------------------------------- Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com -- 2.51.1 From ecd568a2d8d5008d3278a8736f3f9fcfd5a6a9c3ec6498e2678fadbd3f7948b2 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Tue, 6 Aug 2013 08:36:19 +0000 Subject: [PATCH 067/226] - adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=110 --- pam.changes | 5 +++++ pam.spec | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/pam.changes b/pam.changes index 8099750..bb5fd56 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + ------------------------------------------------------------------- Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 7ed92bb..2b24df7 100644 --- a/pam.spec +++ b/pam.spec @@ -141,6 +141,14 @@ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc %ifarch s390 s390x echo "ttyS0" >> $RPM_BUILD_ROOT/etc/securetty echo "ttyS1" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc0" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc1" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc2" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc3" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc4" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc5" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc6" >> $RPM_BUILD_ROOT/etc/securetty +echo "hvc7" >> $RPM_BUILD_ROOT/etc/securetty %endif # install other.pamd and common-*.pamd install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other -- 2.51.1 From 0539a57d53971be4b5430b8c81f6ef48698b7439f0207c6c07915e7cd5ea735d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 12 Sep 2013 08:06:49 +0000 Subject: [PATCH 068/226] - Remove pam_unix-login.defs.diff, not needed anymore OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=115 --- Linux-PAM-1.1.6-docs.tar.bz2 | 3 - Linux-PAM-1.1.6.tar.bz2 | 3 - Linux-PAM-1.1.7-docs.tar.bz2 | 3 + Linux-PAM-1.1.7.tar.bz2 | 3 + fix-compiler-warnings.diff | 41 ++++++++ missing-DESTDIR.diff | 38 ------- pam-fix-includes.patch | 10 -- pam.changes | 12 +++ pam.spec | 14 +-- pam_unix-login.defs.diff | 196 ----------------------------------- 10 files changed, 62 insertions(+), 261 deletions(-) delete mode 100644 Linux-PAM-1.1.6-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.6.tar.bz2 create mode 100644 Linux-PAM-1.1.7-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.7.tar.bz2 create mode 100644 fix-compiler-warnings.diff delete mode 100644 missing-DESTDIR.diff delete mode 100644 pam-fix-includes.patch delete mode 100644 pam_unix-login.defs.diff diff --git a/Linux-PAM-1.1.6-docs.tar.bz2 b/Linux-PAM-1.1.6-docs.tar.bz2 deleted file mode 100644 index e8d827a..0000000 --- a/Linux-PAM-1.1.6-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0244321b1c4b8a71064d984880566890cc809b1c77bdd0550f121fa7d8450497 -size 147359 diff --git a/Linux-PAM-1.1.6.tar.bz2 b/Linux-PAM-1.1.6.tar.bz2 deleted file mode 100644 index 0b4e759..0000000 --- a/Linux-PAM-1.1.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bab887d6280f47fc3963df3b95735a27a16f0f663636163ddf3acab5f1149fc2 -size 1147538 diff --git a/Linux-PAM-1.1.7-docs.tar.bz2 b/Linux-PAM-1.1.7-docs.tar.bz2 new file mode 100644 index 0000000..411e830 --- /dev/null +++ b/Linux-PAM-1.1.7-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4b0d4824888c509214a216487caa636ee8a456268b3a51f7ba7920175e9ac24d +size 147833 diff --git a/Linux-PAM-1.1.7.tar.bz2 b/Linux-PAM-1.1.7.tar.bz2 new file mode 100644 index 0000000..19330d7 --- /dev/null +++ b/Linux-PAM-1.1.7.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7fef52d86f16f8b39b13211dc3092b8eeb5bc2890e64e64cb7731629c6438e63 +size 1149359 diff --git a/fix-compiler-warnings.diff b/fix-compiler-warnings.diff new file mode 100644 index 0000000..7c817de --- /dev/null +++ b/fix-compiler-warnings.diff @@ -0,0 +1,41 @@ +--- modules/pam_unix/pam_unix_acct.c ++++ modules/pam_unix/pam_unix_acct.c 2013/09/12 07:19:05 +@@ -121,7 +121,12 @@ + if (geteuid() == 0) { + /* must set the real uid to 0 so the helper will not error + out if pam is called from setuid binary (su, sudo...) */ +- setuid(0); ++ if (setuid(0) == -1) { ++ pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); ++ printf("-1\n"); ++ fflush(stdout); ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } + } + + /* exec binary helper */ +--- modules/pam_unix/pam_unix_passwd.c ++++ modules/pam_unix/pam_unix_passwd.c 2013/09/12 07:24:40 +@@ -255,7 +255,7 @@ + close(fds[0]); /* close here to avoid possible SIGPIPE above */ + close(fds[1]); + /* wait for helper to complete: */ +- while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); ++ while ((rc=waitpid(child, &retval, 0) < 0) && errno == EINTR); + if (rc<0) { + pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); + retval = PAM_AUTHTOK_ERR; +--- modules/pam_unix/support.c ++++ modules/pam_unix/support.c 2013/09/12 07:20:51 +@@ -586,7 +586,10 @@ + if (geteuid() == 0) { + /* must set the real uid to 0 so the helper will not error + out if pam is called from setuid binary (su, sudo...) */ +- setuid(0); ++ if (setuid(0) == -1) { ++ D(("setuid failed")); ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } + } + + /* exec binary helper */ diff --git a/missing-DESTDIR.diff b/missing-DESTDIR.diff deleted file mode 100644 index 4ec7bf4..0000000 --- a/missing-DESTDIR.diff +++ /dev/null @@ -1,38 +0,0 @@ -From d7e6b921cd34f7ad8fc4d05065c75d13ba330896 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Fri, 17 Aug 2012 12:46:40 +0000 -Subject: Add missing $(DESTDIR) when making directories on install. - -modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making -$(namespaceddir) on install. -modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making -$(sepermitlockdir) on install. ---- -diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am -index a28f196..ebb00f3 100644 ---- a/modules/pam_namespace/Makefile.am -+++ b/modules/pam_namespace/Makefile.am -@@ -40,7 +40,7 @@ if HAVE_UNSHARE - secureconf_SCRIPTS = namespace.init - - install-data-local: -- mkdir -p $(namespaceddir) -+ mkdir -p $(DESTDIR)$(namespaceddir) - endif - - -diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am -index cfc5594..bc82275 100644 ---- a/modules/pam_sepermit/Makefile.am -+++ b/modules/pam_sepermit/Makefile.am -@@ -35,7 +35,7 @@ if HAVE_LIBSELINUX - securelib_LTLIBRARIES = pam_sepermit.la - - install-data-local: -- mkdir -p $(sepermitlockdir) -+ mkdir -p $(DESTDIR)$(sepermitlockdir) - endif - if ENABLE_REGENERATE_MAN - noinst_DATA = README pam_sepermit.8 sepermit.conf.5 --- -cgit v0.9.0.2 diff --git a/pam-fix-includes.patch b/pam-fix-includes.patch deleted file mode 100644 index 9cc771e..0000000 --- a/pam-fix-includes.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- modules/pam_unix/pam_unix_passwd.c -+++ modules/pam_unix/pam_unix_passwd.c -@@ -54,6 +54,7 @@ - #include - #include - #include -+#include - - #include - #include diff --git a/pam.changes b/pam.changes index bb5fd56..d01ccbe 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + ------------------------------------------------------------------- Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de diff --git a/pam.spec b/pam.spec index 2b24df7..23ea606 100644 --- a/pam.spec +++ b/pam.spec @@ -30,14 +30,11 @@ BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool %define libpam_so_version 0.83.1 %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 - -Version: 1.1.6 +# +Version: 1.1.7 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause @@ -56,9 +53,7 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff -Patch1: pam-fix-includes.patch -Patch2: missing-DESTDIR.diff -Patch3: pam_unix-login.defs.diff +Patch1: fix-compiler-warnings.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -104,11 +99,8 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 %patch1 -p0 -%patch2 -p1 -%patch3 -p1 %build -autoreconf -i export CFLAGS="%optflags -DNDEBUG" %configure \ --sbindir=/sbin \ diff --git a/pam_unix-login.defs.diff b/pam_unix-login.defs.diff deleted file mode 100644 index 613683a..0000000 --- a/pam_unix-login.defs.diff +++ /dev/null @@ -1,196 +0,0 @@ -Use hash from /etc/login.defs as default if no -other one is specified as argument. - -* modules/pam_unix/support.c: Add search_key, call from __set_ctrl -* modules/pam_unix/support.h: Add define for /etc/login.defs -* modules/pam_unix/pam_unix.8.xml: Document new behavior. -* modules/pam_umask/pam_umask.c: Add missing NULL pointer check - -diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c -index 6d2ec1a..863f038 100644 ---- a/modules/pam_umask/pam_umask.c -+++ b/modules/pam_umask/pam_umask.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2005, 2006, 2007, 2010 Thorsten Kukuk -+ * Copyright (c) 2005, 2006, 2007, 2010, 2013 Thorsten Kukuk - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions -@@ -112,6 +112,10 @@ search_key (const char *filename) - { - buflen = BUF_SIZE; - buf = malloc (buflen); -+ if (buf == NULL) { -+ fclose (fp); -+ return NULL; -+ } - } - buf[0] = '\0'; - if (fgets (buf, buflen - 1, fp) == NULL) -diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml -index 0a42d7a..9ce084e 100644 ---- a/modules/pam_unix/pam_unix.8.xml -+++ b/modules/pam_unix/pam_unix.8.xml -@@ -81,7 +81,9 @@ - - - The password component of this module performs the task of updating -- the user's password. -+ the user's password. The default encryption hash is taken from the -+ ENCRYPT_METHOD variable from -+ /etc/login.defs - - - -@@ -393,6 +395,9 @@ session required pam_unix.so - SEE ALSO - - -+ login.defs5 -+ , -+ - pam.conf5 - , - -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index ab04535..527c380 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -37,6 +37,80 @@ - #define SELINUX_ENABLED 0 - #endif - -+static char * -+search_key (const char *filename) -+{ -+ FILE *fp; -+ char *buf = NULL; -+ size_t buflen = 0; -+ char *retval = NULL; -+ -+ fp = fopen (filename, "r"); -+ if (NULL == fp) -+ return NULL; -+ -+ while (!feof (fp)) -+ { -+ char *tmp, *cp; -+#if defined(HAVE_GETLINE) -+ ssize_t n = getline (&buf, &buflen, fp); -+#elif defined (HAVE_GETDELIM) -+ ssize_t n = getdelim (&buf, &buflen, '\n', fp); -+#else -+ ssize_t n; -+ -+ if (buf == NULL) -+ { -+ buflen = BUF_SIZE; -+ buf = malloc (buflen); -+ if (buf == NULL) { -+ fclose (fp); -+ return NULL; -+ } -+ } -+ buf[0] = '\0'; -+ if (fgets (buf, buflen - 1, fp) == NULL) -+ break; -+ else if (buf != NULL) -+ n = strlen (buf); -+ else -+ n = 0; -+#endif /* HAVE_GETLINE / HAVE_GETDELIM */ -+ cp = buf; -+ -+ if (n < 1) -+ break; -+ -+ tmp = strchr (cp, '#'); /* remove comments */ -+ if (tmp) -+ *tmp = '\0'; -+ while (isspace ((int)*cp)) /* remove spaces and tabs */ -+ ++cp; -+ if (*cp == '\0') /* ignore empty lines */ -+ continue; -+ -+ if (cp[strlen (cp) - 1] == '\n') -+ cp[strlen (cp) - 1] = '\0'; -+ -+ tmp = strsep (&cp, " \t="); -+ if (cp != NULL) -+ while (isspace ((int)*cp) || *cp == '=') -+ ++cp; -+ -+ if (strcasecmp (tmp, "ENCRYPT_METHOD") == 0) -+ { -+ retval = strdup (cp); -+ break; -+ } -+ } -+ fclose (fp); -+ -+ free (buf); -+ -+ return retval; -+} -+ -+ - /* this is a front-end for module-application conversations */ - - int _make_remark(pam_handle_t * pamh, unsigned int ctrl, -@@ -58,6 +132,8 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - int *pass_min_len, int argc, const char **argv) - { - unsigned int ctrl; -+ char *val; -+ int j; - - D(("called.")); - -@@ -81,10 +157,28 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - D(("SILENT")); - set(UNIX__QUIET, ctrl); - } -+ -+ /* preset encryption method with value from /etc/login.defs */ -+ val = search_key (LOGIN_DEFS); -+ if (val) { -+ for (j = 0; j < UNIX_CTRLS_; ++j) { -+ if (unix_args[j].token -+ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { -+ break; -+ } -+ } -+ if (j >= UNIX_CTRLS_) { -+ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD value [%s]", val); -+ } else { -+ ctrl &= unix_args[j].mask; /* for turning things off */ -+ ctrl |= unix_args[j].flag; /* for turning things on */ -+ } -+ free (val); -+ } -+ - /* now parse the arguments to this module */ - - for (; argc-- > 0; ++argv) { -- int j; - - D(("pam_unix arg: %s", *argv)); - -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index db4cd95..d21e349 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -8,6 +8,12 @@ - #include - - /* -+ * File to read value of ENCRYPT_METHOD from. -+ */ -+#define LOGIN_DEFS "/etc/login.defs" -+ -+ -+/* - * here is the string to inform the user that the new passwords they - * typed were not the same. - */ -- 2.51.1 From 7e0a049e634fb38e3f5a9f052029e0a0de8e899e4eff9353f1fdec1f274e5bbe Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 16 Sep 2013 09:59:31 +0000 Subject: [PATCH 069/226] - Replace fix-compiler-warnings.diff with current git snapshot (git-20130916.diff) for pam_unix.so: - fix glibc warnings - fix syntax error in SELinux code - fix crash at login OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=117 --- fix-compiler-warnings.diff | 41 ---------------------------- git-20130916.diff | 56 ++++++++++++++++++++++++++++++++++++++ pam.changes | 9 ++++++ pam.spec | 4 +-- 4 files changed, 67 insertions(+), 43 deletions(-) delete mode 100644 fix-compiler-warnings.diff create mode 100644 git-20130916.diff diff --git a/fix-compiler-warnings.diff b/fix-compiler-warnings.diff deleted file mode 100644 index 7c817de..0000000 --- a/fix-compiler-warnings.diff +++ /dev/null @@ -1,41 +0,0 @@ ---- modules/pam_unix/pam_unix_acct.c -+++ modules/pam_unix/pam_unix_acct.c 2013/09/12 07:19:05 -@@ -121,7 +121,12 @@ - if (geteuid() == 0) { - /* must set the real uid to 0 so the helper will not error - out if pam is called from setuid binary (su, sudo...) */ -- setuid(0); -+ if (setuid(0) == -1) { -+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); -+ printf("-1\n"); -+ fflush(stdout); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - } - - /* exec binary helper */ ---- modules/pam_unix/pam_unix_passwd.c -+++ modules/pam_unix/pam_unix_passwd.c 2013/09/12 07:24:40 -@@ -255,7 +255,7 @@ - close(fds[0]); /* close here to avoid possible SIGPIPE above */ - close(fds[1]); - /* wait for helper to complete: */ -- while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); -+ while ((rc=waitpid(child, &retval, 0) < 0) && errno == EINTR); - if (rc<0) { - pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); - retval = PAM_AUTHTOK_ERR; ---- modules/pam_unix/support.c -+++ modules/pam_unix/support.c 2013/09/12 07:20:51 -@@ -586,7 +586,10 @@ - if (geteuid() == 0) { - /* must set the real uid to 0 so the helper will not error - out if pam is called from setuid binary (su, sudo...) */ -- setuid(0); -+ if (setuid(0) == -1) { -+ D(("setuid failed")); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - } - - /* exec binary helper */ diff --git a/git-20130916.diff b/git-20130916.diff new file mode 100644 index 0000000..62efb2c --- /dev/null +++ b/git-20130916.diff @@ -0,0 +1,56 @@ +diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c +index 865dc29..8ec4449 100644 +--- a/modules/pam_unix/pam_unix_acct.c ++++ b/modules/pam_unix/pam_unix_acct.c +@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, + if (geteuid() == 0) { + /* must set the real uid to 0 so the helper will not error + out if pam is called from setuid binary (su, sudo...) */ +- setuid(0); ++ if (setuid(0) == -1) { ++ pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); ++ printf("-1\n"); ++ fflush(stdout); ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } + } + + /* exec binary helper */ +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 9bc1cd9..9aae3b0 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const + close(fds[0]); /* close here to avoid possible SIGPIPE above */ + close(fds[1]); + /* wait for helper to complete: */ +- while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); ++ while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); + if (rc<0) { + pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); + retval = PAM_AUTHTOK_ERR; +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index d8f4a6f..19d72e6 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + free (val); + + /* read number of rounds for crypt algo */ +- if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { ++ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { + val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + + if (val) { +@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, + if (geteuid() == 0) { + /* must set the real uid to 0 so the helper will not error + out if pam is called from setuid binary (su, sudo...) */ +- setuid(0); ++ if (setuid(0) == -1) { ++ D(("setuid failed")); ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } + } + + /* exec binary helper */ diff --git a/pam.changes b/pam.changes index d01ccbe..847d710 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + ------------------------------------------------------------------- Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 23ea606..c670f8a 100644 --- a/pam.spec +++ b/pam.spec @@ -53,7 +53,7 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: pam_tally-deprecated.diff -Patch1: fix-compiler-warnings.diff +Patch1: git-20130916.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -98,7 +98,7 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p0 -%patch1 -p0 +%patch1 -p1 %build export CFLAGS="%optflags -DNDEBUG" -- 2.51.1 From 6916c2ed44be62eb94fd0ba5e2c48112ed4c942af5e02ebdb7711d4e7eb667d4 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 20 Sep 2013 07:47:31 +0000 Subject: [PATCH 070/226] - Update to official release 1.1.8 (1.1.7 + git-20130916.diff) - Remove needless pam_tally-deprecated.diff patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=119 --- Linux-PAM-1.1.7-docs.tar.bz2 | 3 -- Linux-PAM-1.1.7.tar.bz2 | 3 -- Linux-PAM-1.1.8-docs.tar.bz2 | 3 ++ Linux-PAM-1.1.8.tar.bz2 | 3 ++ git-20130916.diff | 56 ------------------------------------ pam.changes | 6 ++++ pam.spec | 6 +--- pam_tally-deprecated.diff | 38 ------------------------ 8 files changed, 13 insertions(+), 105 deletions(-) delete mode 100644 Linux-PAM-1.1.7-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.7.tar.bz2 create mode 100644 Linux-PAM-1.1.8-docs.tar.bz2 create mode 100644 Linux-PAM-1.1.8.tar.bz2 delete mode 100644 git-20130916.diff delete mode 100644 pam_tally-deprecated.diff diff --git a/Linux-PAM-1.1.7-docs.tar.bz2 b/Linux-PAM-1.1.7-docs.tar.bz2 deleted file mode 100644 index 411e830..0000000 --- a/Linux-PAM-1.1.7-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4b0d4824888c509214a216487caa636ee8a456268b3a51f7ba7920175e9ac24d -size 147833 diff --git a/Linux-PAM-1.1.7.tar.bz2 b/Linux-PAM-1.1.7.tar.bz2 deleted file mode 100644 index 19330d7..0000000 --- a/Linux-PAM-1.1.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7fef52d86f16f8b39b13211dc3092b8eeb5bc2890e64e64cb7731629c6438e63 -size 1149359 diff --git a/Linux-PAM-1.1.8-docs.tar.bz2 b/Linux-PAM-1.1.8-docs.tar.bz2 new file mode 100644 index 0000000..476906e --- /dev/null +++ b/Linux-PAM-1.1.8-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 +size 147887 diff --git a/Linux-PAM-1.1.8.tar.bz2 b/Linux-PAM-1.1.8.tar.bz2 new file mode 100644 index 0000000..2b0db42 --- /dev/null +++ b/Linux-PAM-1.1.8.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 +size 1148944 diff --git a/git-20130916.diff b/git-20130916.diff deleted file mode 100644 index 62efb2c..0000000 --- a/git-20130916.diff +++ /dev/null @@ -1,56 +0,0 @@ -diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c -index 865dc29..8ec4449 100644 ---- a/modules/pam_unix/pam_unix_acct.c -+++ b/modules/pam_unix/pam_unix_acct.c -@@ -121,7 +121,12 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, - if (geteuid() == 0) { - /* must set the real uid to 0 so the helper will not error - out if pam is called from setuid binary (su, sudo...) */ -- setuid(0); -+ if (setuid(0) == -1) { -+ pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); -+ printf("-1\n"); -+ fflush(stdout); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - } - - /* exec binary helper */ -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index 9bc1cd9..9aae3b0 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -255,7 +255,7 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const - close(fds[0]); /* close here to avoid possible SIGPIPE above */ - close(fds[1]); - /* wait for helper to complete: */ -- while ((rc=waitpid(child, &retval, 0) < 0 && errno == EINTR); -+ while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); - if (rc<0) { - pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m"); - retval = PAM_AUTHTOK_ERR; -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index d8f4a6f..19d72e6 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -176,7 +176,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - free (val); - - /* read number of rounds for crypt algo */ -- if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { -+ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { - val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); - - if (val) { -@@ -586,7 +586,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, - if (geteuid() == 0) { - /* must set the real uid to 0 so the helper will not error - out if pam is called from setuid binary (su, sudo...) */ -- setuid(0); -+ if (setuid(0) == -1) { -+ D(("setuid failed")); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - } - - /* exec binary helper */ diff --git a/pam.changes b/pam.changes index 847d710..7385c2d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + ------------------------------------------------------------------- Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index c670f8a..315c885 100644 --- a/pam.spec +++ b/pam.spec @@ -34,7 +34,7 @@ BuildRequires: libselinux-devel %define libpam_misc_so_version 0.82.0 %define libpamc_so_version 0.82.1 # -Version: 1.1.7 +Version: 1.1.8 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause @@ -52,8 +52,6 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf -Patch0: pam_tally-deprecated.diff -Patch1: git-20130916.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -97,8 +95,6 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 -%patch0 -p0 -%patch1 -p1 %build export CFLAGS="%optflags -DNDEBUG" diff --git a/pam_tally-deprecated.diff b/pam_tally-deprecated.diff deleted file mode 100644 index dc22524..0000000 --- a/pam_tally-deprecated.diff +++ /dev/null @@ -1,38 +0,0 @@ ---- modules/pam_tally/pam_tally.c -+++ modules/pam_tally/pam_tally.c 2009/03/27 10:52:56 -@@ -630,6 +630,8 @@ - const char - *user; - -+ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); -+ - rvcheck = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); - if ( rvcheck != PAM_SUCCESS ) - RETURN_ERROR( rvcheck ); -@@ -664,6 +666,8 @@ - const char - *user; - -+ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); -+ - rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); -@@ -709,6 +713,8 @@ - const char - *user; - -+ pam_syslog (pamh, LOG_INFO, "pam_tally is deprecated and obsoleted by pam_tally2"); -+ - rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); -@@ -815,6 +821,8 @@ - exit(0); - } - -+ fprintf (stderr, "\npam_tally is deprecated and pam_tally2 should be used instead\n\n"); -+ - umask(077); - - /* -- 2.51.1 From 90822429c9660117874345e899cef43f5e2b5b86475dae227efbee734270ed8a Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Thu, 26 Sep 2013 13:04:12 +0000 Subject: [PATCH 071/226] Accepting request 199888 from home:sumski:branches:Linux-PAM Explicitly add pam_systemd.so to list of modules in common-session.pamd (bnc#812462) OBS-URL: https://build.opensuse.org/request/show/199888 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=121 --- common-session.pamd | 1 + pam.changes | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/common-session.pamd b/common-session.pamd index 9fc9e37..6bb7c37 100644 --- a/common-session.pamd +++ b/common-session.pamd @@ -10,3 +10,4 @@ session required pam_limits.so session required pam_unix.so try_first_pass session optional pam_umask.so session optional pam_env.so +session optional pam_systemd.so \ No newline at end of file diff --git a/pam.changes b/pam.changes index 7385c2d..bdd895e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + ------------------------------------------------------------------- Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de -- 2.51.1 From 0ac08f401790250ed38c6708ab6243c7eb2bafe5f028a0e136a2e781847aa765 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 28 Sep 2013 09:29:22 +0000 Subject: [PATCH 072/226] - fix manpages links (bnc#842872) [fix-man-links.dif] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=123 --- fix-man-links.dif | 56 +++++++++++++++++++++++++++++++++++++++++++++++ pam.changes | 5 +++++ pam.spec | 2 ++ 3 files changed, 63 insertions(+) create mode 100644 fix-man-links.dif diff --git a/fix-man-links.dif b/fix-man-links.dif new file mode 100644 index 0000000..04fe917 --- /dev/null +++ b/fix-man-links.dif @@ -0,0 +1,56 @@ +Index: Linux-PAM-1.1.8/doc/man/pam.8 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam.8 ++++ Linux-PAM-1.1.8/doc/man/pam.8 +@@ -1 +1 @@ +-.so PAM.8 ++.so man8/PAM.8 +Index: Linux-PAM-1.1.8/doc/man/pam.d.5 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam.d.5 ++++ Linux-PAM-1.1.8/doc/man/pam.d.5 +@@ -1 +1 @@ +-.so pam.conf.5 ++.so man5/pam.conf.5 +Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_noverify.3 ++++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 +@@ -1 +1 @@ +-.so pam_get_authtok.3 ++.so man3/pam_get_authtok.3 +Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_verify.3 ++++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 +@@ -1 +1 @@ +-.so pam_get_authtok.3 ++.so man3/pam_get_authtok.3 +Index: Linux-PAM-1.1.8/doc/man/pam_verror.3 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam_verror.3 ++++ Linux-PAM-1.1.8/doc/man/pam_verror.3 +@@ -1 +1 @@ +-.so pam_error.3 ++.so man3/pam_error.3 +Index: Linux-PAM-1.1.8/doc/man/pam_vinfo.3 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam_vinfo.3 ++++ Linux-PAM-1.1.8/doc/man/pam_vinfo.3 +@@ -1 +1 @@ +-.so pam_info.3 ++.so man3/pam_info.3 +Index: Linux-PAM-1.1.8/doc/man/pam_vprompt.3 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam_vprompt.3 ++++ Linux-PAM-1.1.8/doc/man/pam_vprompt.3 +@@ -1 +1 @@ +-.so pam_prompt.3 ++.so man3/pam_prompt.3 +Index: Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 +=================================================================== +--- Linux-PAM-1.1.8.orig/doc/man/pam_vsyslog.3 ++++ Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 +@@ -1 +1 @@ +-.so pam_syslog.3 ++.so man3/pam_syslog.3 diff --git a/pam.changes b/pam.changes index bdd895e..69b9d20 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + ------------------------------------------------------------------- Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com diff --git a/pam.spec b/pam.spec index 315c885..31955c5 100644 --- a/pam.spec +++ b/pam.spec @@ -52,6 +52,7 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf +Patch0: fix-man-links.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -95,6 +96,7 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 +%patch0 -p1 %build export CFLAGS="%optflags -DNDEBUG" -- 2.51.1 From e2cdd21691670a4c9be27e08a088935cc3ee496978939a2a4a5382804a1987cc Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 12 Nov 2013 12:46:50 +0000 Subject: [PATCH 073/226] - Add encryption_method_nis.diff: - implement pam_unix2 functionality to use another hash for NIS passwords. - Add pam_unix.diff: - fix if /etc/login.defs uses DES - ask always for old password if a NIS password will be changed OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=125 --- encryption_method_nis.diff | 77 ++++++++++++++++++++++++++++++++++++++ pam.changes | 14 +++++++ pam.spec | 4 ++ pam_unix.diff | 37 ++++++++++++++++++ 4 files changed, 132 insertions(+) create mode 100644 encryption_method_nis.diff create mode 100644 pam_unix.diff diff --git a/encryption_method_nis.diff b/encryption_method_nis.diff new file mode 100644 index 0000000..55980bf --- /dev/null +++ b/encryption_method_nis.diff @@ -0,0 +1,77 @@ +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 0cfc0f4..2239206 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + * rebuild the password database file. + */ + ++ ++ /* if it is a NIS account, check for special hash algo */ ++ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { ++ /* preset encryption method with value from /etc/login.defs */ ++ int j; ++ char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); ++ if (val) { ++ for (j = 0; j < UNIX_CTRLS_; ++j) { ++ if (unix_args[j].token && unix_args[j].is_hash_algo ++ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { ++ break; ++ } ++ } ++ if (j >= UNIX_CTRLS_) { ++ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); ++ } else { ++ ctrl &= unix_args[j].mask; /* for turning things off */ ++ ctrl |= unix_args[j].flag; /* for turning things on */ ++ } ++ free (val); ++ } ++ } ++ + /* + * First we encrypt the new password. + */ +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index 19d72e6..dafa9f0 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -37,8 +37,8 @@ + #define SELINUX_ENABLED 0 + #endif + +-static char * +-search_key (const char *key, const char *filename) ++char * ++_unix_search_key (const char *key, const char *filename) + { + FILE *fp; + char *buf = NULL; +@@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + } + + /* preset encryption method with value from /etc/login.defs */ +- val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); ++ val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo +@@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + + /* read number of rounds for crypt algo */ + if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { +- val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); ++ val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + + if (val) { + *rounds = strtol(val, NULL, 10); +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 6f5b2eb..a35a8a8 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh + + extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned int ctrl, const char *user, int *daysleft); ++extern char *_unix_search_key(const char *key, const char *filename); + #endif /* _PAM_UNIX_SUPPORT_H */ diff --git a/pam.changes b/pam.changes index 69b9d20..2e45a7d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + ------------------------------------------------------------------- Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com diff --git a/pam.spec b/pam.spec index 31955c5..6aa9047 100644 --- a/pam.spec +++ b/pam.spec @@ -53,6 +53,8 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif +Patch1: pam_unix.diff +Patch2: encryption_method_nis.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -97,6 +99,8 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 +%patch1 -p1 +%patch2 -p1 %build export CFLAGS="%optflags -DNDEBUG" diff --git a/pam_unix.diff b/pam_unix.diff new file mode 100644 index 0000000..39bcb29 --- /dev/null +++ b/pam_unix.diff @@ -0,0 +1,37 @@ +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 6575938..6f5b2eb 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -97,8 +97,9 @@ typedef struct { + password hash algorithms */ + #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ ++#define UNIX_DES 28 /* DES, default */ + /* -------------- */ +-#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + +@@ -135,6 +136,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = + /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, + /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 9aae3b0..d5f2540 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -614,7 +614,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + + if (_unix_blankpasswd(pamh, ctrl, user)) { + return PAM_SUCCESS; +- } else if (off(UNIX__IAMROOT, ctrl)) { ++ } else if (off(UNIX__IAMROOT, ctrl) || ++ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { + /* instruct user what is happening */ + if (asprintf(&Announce, _("Changing password for %s."), + user) < 0) { -- 2.51.1 From 54b459547e5a8841f968f4a457b64005c12208efe34c3cca15e4b53eb5c6ac92 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 28 Nov 2013 11:01:38 +0000 Subject: [PATCH 074/226] - Remove libtrpc support to solve dependency/build cycles, plain glibc is enough for now. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=127 --- pam.changes | 6 ++++++ pam.spec | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index 2e45a7d..6bd3842 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + ------------------------------------------------------------------- Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 6aa9047..e184fcc 100644 --- a/pam.spec +++ b/pam.spec @@ -26,7 +26,7 @@ BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: db-devel BuildRequires: flex -BuildRequires: pkgconfig(libtirpc) +#BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif -- 2.51.1 From 29c9d812b85dda09e525f637d724c0240528f19bcdd098e31125cc867521725e Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Wed, 18 Dec 2013 11:09:26 +0000 Subject: [PATCH 075/226] Accepting request 209746 from home:AndreasSchwab:f - common-session.pamd: add missing newline OBS-URL: https://build.opensuse.org/request/show/209746 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=129 --- common-session.pamd | 2 +- pam.changes | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/common-session.pamd b/common-session.pamd index 6bb7c37..0a8ae2c 100644 --- a/common-session.pamd +++ b/common-session.pamd @@ -10,4 +10,4 @@ session required pam_limits.so session required pam_unix.so try_first_pass session optional pam_umask.so session optional pam_env.so -session optional pam_systemd.so \ No newline at end of file +session optional pam_systemd.so diff --git a/pam.changes b/pam.changes index 6bd3842..8372f47 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + ------------------------------------------------------------------- Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de -- 2.51.1 From 33a265dc7c96d6874f9972d9ebad292cf057db452d1f47dfae6c6fc33b230657 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 9 Jan 2014 16:43:05 +0000 Subject: [PATCH 076/226] - Update to current git (Linux-PAM-git-20140109.diff, which replaces pam_unix.diff and encryption_method_nis.diff) - pam_access: fix debug level logging - pam_warn: log flags passed to the module - pam_securetty: check return value of fgets - pam_lastlog: fix format string - pam_loginuid: If the correct loginuid is already set, skip writing it OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=131 --- Linux-PAM-git-20140109.diff | 268 ++++++++++++++++++++++++++++++++++++ encryption_method_nis.diff | 77 ----------- pam.changes | 11 ++ pam.spec | 8 +- pam_unix.diff | 37 ----- 5 files changed, 282 insertions(+), 119 deletions(-) create mode 100644 Linux-PAM-git-20140109.diff delete mode 100644 encryption_method_nis.diff delete mode 100644 pam_unix.diff diff --git a/Linux-PAM-git-20140109.diff b/Linux-PAM-git-20140109.diff new file mode 100644 index 0000000..359ad59 --- /dev/null +++ b/Linux-PAM-git-20140109.diff @@ -0,0 +1,268 @@ +--- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_access/pam_access.c 2014-01-09 16:28:39.000000000 +0100 +@@ -573,7 +573,7 @@ + + if (debug) + pam_syslog (pamh, LOG_DEBUG, +- "group_match: grp=%s, user=%s", grptok, usr); ++ "group_match: grp=%s, user=%s", tok, usr); + + if (strlen(tok) < 3) + return NO; +--- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-11-28 11:37:54.000000000 +0100 +@@ -628,7 +628,8 @@ + lltime = (time(NULL) - lltime) / (24*60*60); + + if (lltime > inactive_days) { +- pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime); ++ pam_syslog(pamh, LOG_INFO, "user %s inactive for %ld days - denied", ++ user, (long) lltime); + return PAM_AUTH_ERR; + } + +--- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-11-28 11:37:54.000000000 +0100 +@@ -52,10 +52,10 @@ + static int set_loginuid(pam_handle_t *pamh, uid_t uid) + { + int fd, count, rc = 0; +- char loginuid[24]; ++ char loginuid[24], buf[24]; + + count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); +- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); ++ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); + if (fd < 0) { + if (errno != ENOENT) { + rc = 1; +@@ -64,8 +64,13 @@ + } + return rc; + } +- if (pam_modutil_write(fd, loginuid, count) != count) ++ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && ++ memcmp(buf, loginuid, count) == 0) ++ goto done; /* already correct */ ++ if (lseek(fd, 0, SEEK_SET) == -1 || (ftruncate(fd, 0) == -1 || ++ pam_modutil_write(fd, loginuid, count) != count)) + rc = 1; ++ done: + close(fd); + return rc; + } +--- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_securetty/pam_securetty.c 2013-11-28 11:37:54.000000000 +0100 +@@ -159,11 +159,10 @@ + if (cmdlinefile != NULL) { + char line[LINE_MAX], *p; + +- line[0] = 0; +- fgets(line, sizeof(line), cmdlinefile); ++ p = fgets(line, sizeof(line), cmdlinefile); + fclose(cmdlinefile); + +- for (p = line; p; p = strstr(p+1, "console=")) { ++ for (; p; p = strstr(p+1, "console=")) { + char *e; + + /* Test whether this is a beginning of a word? */ +--- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-09-16 11:09:47.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-11-12 13:05:47.000000000 +0100 +@@ -614,7 +614,8 @@ + + if (_unix_blankpasswd(pamh, ctrl, user)) { + return PAM_SUCCESS; +- } else if (off(UNIX__IAMROOT, ctrl)) { ++ } else if (off(UNIX__IAMROOT, ctrl) || ++ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { + /* instruct user what is happening */ + if (asprintf(&Announce, _("Changing password for %s."), + user) < 0) { +@@ -795,6 +796,29 @@ + * rebuild the password database file. + */ + ++ ++ /* if it is a NIS account, check for special hash algo */ ++ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { ++ /* preset encryption method with value from /etc/login.defs */ ++ int j; ++ char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); ++ if (val) { ++ for (j = 0; j < UNIX_CTRLS_; ++j) { ++ if (unix_args[j].token && unix_args[j].is_hash_algo ++ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { ++ break; ++ } ++ } ++ if (j >= UNIX_CTRLS_) { ++ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); ++ } else { ++ ctrl &= unix_args[j].mask; /* for turning things off */ ++ ctrl |= unix_args[j].flag; /* for turning things on */ ++ } ++ free (val); ++ } ++ } ++ + /* + * First we encrypt the new password. + */ +--- old/Linux-PAM-1.1.8/modules/pam_unix/README 2013-09-19 10:02:20.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/README 2014-01-09 16:29:02.000000000 +0100 +@@ -36,7 +36,8 @@ + + The password component of this module performs the task of updating the user's + password. The default encryption hash is taken from the ENCRYPT_METHOD variable +-from /etc/login.defs ++from /etc/login.defs. For NIS accounts, the ENCRYPT_METHOD_NIS variable from / ++etc/login.defs is preferred. + + The session component of this module logs when a user logins or leave the + system. +--- old/Linux-PAM-1.1.8/modules/pam_unix/support.c 2013-09-16 11:11:51.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/support.c 2013-11-12 13:05:24.000000000 +0100 +@@ -37,8 +37,8 @@ + #define SELINUX_ENABLED 0 + #endif + +-static char * +-search_key (const char *key, const char *filename) ++char * ++_unix_search_key (const char *key, const char *filename) + { + FILE *fp; + char *buf = NULL; +@@ -159,7 +159,7 @@ + } + + /* preset encryption method with value from /etc/login.defs */ +- val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); ++ val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo +@@ -177,7 +177,7 @@ + + /* read number of rounds for crypt algo */ + if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { +- val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); ++ val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + + if (val) { + *rounds = strtol(val, NULL, 10); +--- old/Linux-PAM-1.1.8/modules/pam_unix/support.h 2013-06-18 16:24:05.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/support.h 2013-11-12 13:05:04.000000000 +0100 +@@ -97,8 +97,9 @@ + password hash algorithms */ + #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ ++#define UNIX_DES 28 /* DES, default */ + /* -------------- */ +-#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + +@@ -135,6 +136,7 @@ + /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, + /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) +@@ -172,4 +174,5 @@ + + extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned int ctrl, const char *user, int *daysleft); ++extern char *_unix_search_key(const char *key, const char *filename); + #endif /* _PAM_UNIX_SUPPORT_H */ +--- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_warn/pam_warn.c 2013-11-28 11:37:54.000000000 +0100 +@@ -33,7 +33,7 @@ + value = value ? value : default_value ; \ + } while (0) + +-static void log_items(pam_handle_t *pamh, const char *function) ++static void log_items(pam_handle_t *pamh, const char *function, int flags) + { + const void *service=NULL, *user=NULL, *terminal=NULL, + *rhost=NULL, *ruser=NULL; +@@ -45,8 +45,8 @@ + OBTAIN(PAM_RHOST, rhost, ""); + + pam_syslog(pamh, LOG_NOTICE, +- "function=[%s] service=[%s] terminal=[%s] user=[%s]" +- " ruser=[%s] rhost=[%s]\n", function, ++ "function=[%s] flags=%#x service=[%s] terminal=[%s] user=[%s]" ++ " ruser=[%s] rhost=[%s]\n", function, flags, + (const char *) service, (const char *) terminal, + (const char *) user, (const char *) ruser, + (const char *) rhost); +@@ -55,52 +55,52 @@ + /* --- authentication management functions (only) --- */ + + PAM_EXTERN +-int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN +-int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + /* password updating functions */ + + PAM_EXTERN +-int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + diff --git a/encryption_method_nis.diff b/encryption_method_nis.diff deleted file mode 100644 index 55980bf..0000000 --- a/encryption_method_nis.diff +++ /dev/null @@ -1,77 +0,0 @@ -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index 0cfc0f4..2239206 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - * rebuild the password database file. - */ - -+ -+ /* if it is a NIS account, check for special hash algo */ -+ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { -+ /* preset encryption method with value from /etc/login.defs */ -+ int j; -+ char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); -+ if (val) { -+ for (j = 0; j < UNIX_CTRLS_; ++j) { -+ if (unix_args[j].token && unix_args[j].is_hash_algo -+ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { -+ break; -+ } -+ } -+ if (j >= UNIX_CTRLS_) { -+ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); -+ } else { -+ ctrl &= unix_args[j].mask; /* for turning things off */ -+ ctrl |= unix_args[j].flag; /* for turning things on */ -+ } -+ free (val); -+ } -+ } -+ - /* - * First we encrypt the new password. - */ -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index 19d72e6..dafa9f0 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -37,8 +37,8 @@ - #define SELINUX_ENABLED 0 - #endif - --static char * --search_key (const char *key, const char *filename) -+char * -+_unix_search_key (const char *key, const char *filename) - { - FILE *fp; - char *buf = NULL; -@@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - } - - /* preset encryption method with value from /etc/login.defs */ -- val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); -+ val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); - if (val) { - for (j = 0; j < UNIX_CTRLS_; ++j) { - if (unix_args[j].token && unix_args[j].is_hash_algo -@@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, - - /* read number of rounds for crypt algo */ - if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { -- val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); -+ val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); - - if (val) { - *rounds = strtol(val, NULL, 10); -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index 6f5b2eb..a35a8a8 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh - - extern int _unix_run_verify_binary(pam_handle_t *pamh, - unsigned int ctrl, const char *user, int *daysleft); -+extern char *_unix_search_key(const char *key, const char *filename); - #endif /* _PAM_UNIX_SUPPORT_H */ diff --git a/pam.changes b/pam.changes index 8372f47..f838e22 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + ------------------------------------------------------------------- Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org diff --git a/pam.spec b/pam.spec index e184fcc..3896347 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -53,8 +53,7 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif -Patch1: pam_unix.diff -Patch2: encryption_method_nis.diff +Patch1: Linux-PAM-git-20140109.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -99,8 +98,7 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 -%patch1 -p1 -%patch2 -p1 +%patch1 -p2 %build export CFLAGS="%optflags -DNDEBUG" diff --git a/pam_unix.diff b/pam_unix.diff deleted file mode 100644 index 39bcb29..0000000 --- a/pam_unix.diff +++ /dev/null @@ -1,37 +0,0 @@ -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index 6575938..6f5b2eb 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -97,8 +97,9 @@ typedef struct { - password hash algorithms */ - #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ - #define UNIX_MIN_PASS_LEN 27 /* min length for password */ -+#define UNIX_DES 28 /* DES, default */ - /* -------------- */ --#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ - - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) - -@@ -135,6 +136,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = - /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, - /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, - /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index 9aae3b0..d5f2540 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -614,7 +614,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - - if (_unix_blankpasswd(pamh, ctrl, user)) { - return PAM_SUCCESS; -- } else if (off(UNIX__IAMROOT, ctrl)) { -+ } else if (off(UNIX__IAMROOT, ctrl) || -+ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { - /* instruct user what is happening */ - if (asprintf(&Announce, _("Changing password for %s."), - user) < 0) { -- 2.51.1 From 9e8981cb0426e4da6f91b596fa0b756b4c4dd287df96c0e27e43467195a58788 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 10 Jan 2014 10:58:11 +0000 Subject: [PATCH 077/226] - Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid - Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=132 --- pam.changes | 6 +++ pam.spec | 4 ++ pam_loginuid-part1.diff | 115 ++++++++++++++++++++++++++++++++++++++++ pam_loginuid-part2.diff | 74 ++++++++++++++++++++++++++ 4 files changed, 199 insertions(+) create mode 100644 pam_loginuid-part1.diff create mode 100644 pam_loginuid-part2.diff diff --git a/pam.changes b/pam.changes index f838e22..19f76b7 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + ------------------------------------------------------------------- Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 3896347..4a5dcb9 100644 --- a/pam.spec +++ b/pam.spec @@ -54,6 +54,8 @@ Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif Patch1: Linux-PAM-git-20140109.diff +Patch2: pam_loginuid-part1.diff +Patch3: pam_loginuid-part2.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -99,6 +101,8 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 %patch1 -p2 +%patch2 -p1 +%patch3 -p1 %build export CFLAGS="%optflags -DNDEBUG" diff --git a/pam_loginuid-part1.diff b/pam_loginuid-part1.diff new file mode 100644 index 0000000..ab621dd --- /dev/null +++ b/pam_loginuid-part1.diff @@ -0,0 +1,115 @@ +commit 5825450540e6620ac331c64345b42fdcbb1d6e87 +Author: Dmitry V. Levin +Date: Wed Jan 8 15:53:30 2014 -0800 + + pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist + + When /proc/self/loginuid does not exist, return PAM_IGNORE instead of + PAM_SUCCESS, so that we can distinguish between "loginuid set + successfully" and "loginuid not set, but this is expected". + + Suggested by Steve Langasek. + + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return + code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid + does not exist, PAM_SESSION_ERR in case of any other error. + (_pam_loginuid): Forward the PAM error code returned by set_loginuid. + + modules/pam_loginuid/pam_loginuid.c | 43 ++++++++++++++++++++++------------ + 1 files changed, 28 insertions(+), 15 deletions(-) +--- +diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c +index a903845..96f8ffa 100644 +--- a/modules/pam_loginuid/pam_loginuid.c ++++ b/modules/pam_loginuid/pam_loginuid.c +@@ -47,29 +47,35 @@ + + /* + * This function writes the loginuid to the /proc system. It returns +- * 0 on success and 1 on failure. ++ * PAM_SUCCESS on success, ++ * PAM_IGNORE when /proc/self/loginuid does not exist, ++ * PAM_SESSION_ERR in case of any other error. + */ + static int set_loginuid(pam_handle_t *pamh, uid_t uid) + { +- int fd, count, rc = 0; ++ int fd, count, rc = PAM_SESSION_ERR; + char loginuid[24], buf[24]; + + count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); + fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); + if (fd < 0) { +- if (errno != ENOENT) { +- rc = 1; ++ if (errno == ENOENT) { ++ rc = PAM_IGNORE; ++ } else { + pam_syslog(pamh, LOG_ERR, + "Cannot open /proc/self/loginuid: %m"); + } + return rc; + } ++ + if (pam_modutil_read(fd, buf, sizeof(buf)) == count && +- memcmp(buf, loginuid, count) == 0) ++ memcmp(buf, loginuid, count) == 0) { ++ rc = PAM_SUCCESS; + goto done; /* already correct */ +- if (lseek(fd, 0, SEEK_SET) == -1 || (ftruncate(fd, 0) == -1 || +- pam_modutil_write(fd, loginuid, count) != count)) +- rc = 1; ++ } ++ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && ++ pam_modutil_write(fd, loginuid, count) == count) ++ rc = PAM_SUCCESS; + done: + close(fd); + return rc; +@@ -170,6 +176,7 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, + { + const char *user = NULL; + struct passwd *pwd; ++ int ret; + #ifdef HAVE_LIBAUDIT + int require_auditd = 0; + #endif +@@ -188,9 +195,14 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, + return PAM_SESSION_ERR; + } + +- if (set_loginuid(pamh, pwd->pw_uid)) { +- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); +- return PAM_SESSION_ERR; ++ ret = set_loginuid(pamh, pwd->pw_uid); ++ switch (ret) { ++ case PAM_SUCCESS: ++ case PAM_IGNORE: ++ break; ++ default: ++ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); ++ return ret; + } + + #ifdef HAVE_LIBAUDIT +@@ -200,11 +212,12 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, + argv++; + } + +- if (require_auditd) +- return check_auditd(); +- else ++ if (require_auditd) { ++ int rc = check_auditd(); ++ return rc != PAM_SUCCESS ? rc : ret; ++ } else + #endif +- return PAM_SUCCESS; ++ return ret; + } + + /* +_______________________________________________ +linux-pam-commits mailing list +linux-pam-commits@lists.fedorahosted.org +https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits diff --git a/pam_loginuid-part2.diff b/pam_loginuid-part2.diff new file mode 100644 index 0000000..0980f1f --- /dev/null +++ b/pam_loginuid-part2.diff @@ -0,0 +1,74 @@ +commit 24f3a88e7de52fbfcb7b8a1ebdae0cdbef420edf +Author: Stéphane Graber +Date: Tue Jan 7 16:12:03 2014 -0800 + + pam_loginuid: Ignore failure in user namespaces + + When running pam_loginuid in a container using the user namespaces, even + uid 0 isn't allowed to set the loginuid property. + + This change catches the EACCES from opening loginuid, checks if the user + is in the host namespace (by comparing the uid_map with the host's one) + and only if that's the case, sets rc to 1. + + Should uid_map not exist or be unreadable for some reason, it'll be + assumed that the process is running on the host's namespace. + + The initial reason behind this change was failure to ssh into an + unprivileged container (using a 3.13 kernel and current LXC) when using + a standard pam profile for sshd (which requires success from + pam_loginuid). + + I believe this solution doesn't have any drawback and will allow people + to use unprivileged containers normally. An alternative would be to have + all distros set pam_loginuid as optional but that'd be bad for any of + the other potential failure case which people may care about. + + There has also been some discussions to get some of the audit features + tied with the user namespaces but currently none of that has been merged + upstream and the currently proposed implementation doesn't cover + loginuid (nor is it clear how this should even work when loginuid is set + as immutable after initial write). + + Signed-off-by: Steve Langasek + Signed-off-by: Dmitry V. Levin + + modules/pam_loginuid/pam_loginuid.c | 15 ++++++++++++++- + 1 files changed, 14 insertions(+), 1 deletions(-) +--- +diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c +index 96f8ffa..54ae6f0 100644 +--- a/modules/pam_loginuid/pam_loginuid.c ++++ b/modules/pam_loginuid/pam_loginuid.c +@@ -55,13 +55,26 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) + { + int fd, count, rc = PAM_SESSION_ERR; + char loginuid[24], buf[24]; ++ static const char host_uid_map[] = " 0 0 4294967295\n"; ++ char uid_map[sizeof(host_uid_map)]; + + count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); + fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); + if (fd < 0) { + if (errno == ENOENT) { + rc = PAM_IGNORE; +- } else { ++ } else if (errno == EACCES) { ++ fd = open("/proc/self/uid_map", O_RDONLY); ++ if (fd >= 0) { ++ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); ++ if (strncmp(uid_map, host_uid_map, count) != 0) ++ rc = PAM_IGNORE; ++ close(fd); ++ } ++ if (rc != PAM_IGNORE) ++ errno = EACCES; ++ } ++ if (rc != PAM_IGNORE) { + pam_syslog(pamh, LOG_ERR, + "Cannot open /proc/self/loginuid: %m"); + } +_______________________________________________ +linux-pam-commits mailing list +linux-pam-commits@lists.fedorahosted.org +https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits -- 2.51.1 From fbe6371c54707d534ba4c4078b3fe8470a90cc2ccde7c2ccff811c5f646d2c50 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 27 Jan 2014 14:48:02 +0000 Subject: [PATCH 078/226] - Update to current git (Linux-PAM-git-20140127.diff), which obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and Linux-PAM-git-20140109.diff. - Fix gratuitous use of strdup and x_strdup - pam_xauth: log fatal errors preventing xauth process execution - pam_loginuid: cleanup loginuid buffer initialization - libpam_misc: fix an inconsistency in handling memory allocation errors - pam_limits: fix utmp->ut_user handling - pam_mkhomedir: check and create home directory for the same user - pam_limits: detect and ignore stale utmp entries - Disable pam_userdb (remove db-devel from build requires) OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=134 --- Linux-PAM-git-20140109.diff | 268 --------- Linux-PAM-git-20140127.diff | 1015 +++++++++++++++++++++++++++++++++++ pam.changes | 15 + pam.spec | 9 +- pam_loginuid-part1.diff | 115 ---- pam_loginuid-part2.diff | 74 --- 6 files changed, 1032 insertions(+), 464 deletions(-) delete mode 100644 Linux-PAM-git-20140109.diff create mode 100644 Linux-PAM-git-20140127.diff delete mode 100644 pam_loginuid-part1.diff delete mode 100644 pam_loginuid-part2.diff diff --git a/Linux-PAM-git-20140109.diff b/Linux-PAM-git-20140109.diff deleted file mode 100644 index 359ad59..0000000 --- a/Linux-PAM-git-20140109.diff +++ /dev/null @@ -1,268 +0,0 @@ ---- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_access/pam_access.c 2014-01-09 16:28:39.000000000 +0100 -@@ -573,7 +573,7 @@ - - if (debug) - pam_syslog (pamh, LOG_DEBUG, -- "group_match: grp=%s, user=%s", grptok, usr); -+ "group_match: grp=%s, user=%s", tok, usr); - - if (strlen(tok) < 3) - return NO; ---- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-11-28 11:37:54.000000000 +0100 -@@ -628,7 +628,8 @@ - lltime = (time(NULL) - lltime) / (24*60*60); - - if (lltime > inactive_days) { -- pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime); -+ pam_syslog(pamh, LOG_INFO, "user %s inactive for %ld days - denied", -+ user, (long) lltime); - return PAM_AUTH_ERR; - } - ---- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-11-28 11:37:54.000000000 +0100 -@@ -52,10 +52,10 @@ - static int set_loginuid(pam_handle_t *pamh, uid_t uid) - { - int fd, count, rc = 0; -- char loginuid[24]; -+ char loginuid[24], buf[24]; - - count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); -- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); -+ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); - if (fd < 0) { - if (errno != ENOENT) { - rc = 1; -@@ -64,8 +64,13 @@ - } - return rc; - } -- if (pam_modutil_write(fd, loginuid, count) != count) -+ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && -+ memcmp(buf, loginuid, count) == 0) -+ goto done; /* already correct */ -+ if (lseek(fd, 0, SEEK_SET) == -1 || (ftruncate(fd, 0) == -1 || -+ pam_modutil_write(fd, loginuid, count) != count)) - rc = 1; -+ done: - close(fd); - return rc; - } ---- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_securetty/pam_securetty.c 2013-11-28 11:37:54.000000000 +0100 -@@ -159,11 +159,10 @@ - if (cmdlinefile != NULL) { - char line[LINE_MAX], *p; - -- line[0] = 0; -- fgets(line, sizeof(line), cmdlinefile); -+ p = fgets(line, sizeof(line), cmdlinefile); - fclose(cmdlinefile); - -- for (p = line; p; p = strstr(p+1, "console=")) { -+ for (; p; p = strstr(p+1, "console=")) { - char *e; - - /* Test whether this is a beginning of a word? */ ---- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-09-16 11:09:47.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-11-12 13:05:47.000000000 +0100 -@@ -614,7 +614,8 @@ - - if (_unix_blankpasswd(pamh, ctrl, user)) { - return PAM_SUCCESS; -- } else if (off(UNIX__IAMROOT, ctrl)) { -+ } else if (off(UNIX__IAMROOT, ctrl) || -+ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { - /* instruct user what is happening */ - if (asprintf(&Announce, _("Changing password for %s."), - user) < 0) { -@@ -795,6 +796,29 @@ - * rebuild the password database file. - */ - -+ -+ /* if it is a NIS account, check for special hash algo */ -+ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { -+ /* preset encryption method with value from /etc/login.defs */ -+ int j; -+ char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); -+ if (val) { -+ for (j = 0; j < UNIX_CTRLS_; ++j) { -+ if (unix_args[j].token && unix_args[j].is_hash_algo -+ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { -+ break; -+ } -+ } -+ if (j >= UNIX_CTRLS_) { -+ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); -+ } else { -+ ctrl &= unix_args[j].mask; /* for turning things off */ -+ ctrl |= unix_args[j].flag; /* for turning things on */ -+ } -+ free (val); -+ } -+ } -+ - /* - * First we encrypt the new password. - */ ---- old/Linux-PAM-1.1.8/modules/pam_unix/README 2013-09-19 10:02:20.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/README 2014-01-09 16:29:02.000000000 +0100 -@@ -36,7 +36,8 @@ - - The password component of this module performs the task of updating the user's - password. The default encryption hash is taken from the ENCRYPT_METHOD variable --from /etc/login.defs -+from /etc/login.defs. For NIS accounts, the ENCRYPT_METHOD_NIS variable from / -+etc/login.defs is preferred. - - The session component of this module logs when a user logins or leave the - system. ---- old/Linux-PAM-1.1.8/modules/pam_unix/support.c 2013-09-16 11:11:51.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/support.c 2013-11-12 13:05:24.000000000 +0100 -@@ -37,8 +37,8 @@ - #define SELINUX_ENABLED 0 - #endif - --static char * --search_key (const char *key, const char *filename) -+char * -+_unix_search_key (const char *key, const char *filename) - { - FILE *fp; - char *buf = NULL; -@@ -159,7 +159,7 @@ - } - - /* preset encryption method with value from /etc/login.defs */ -- val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); -+ val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); - if (val) { - for (j = 0; j < UNIX_CTRLS_; ++j) { - if (unix_args[j].token && unix_args[j].is_hash_algo -@@ -177,7 +177,7 @@ - - /* read number of rounds for crypt algo */ - if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { -- val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); -+ val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); - - if (val) { - *rounds = strtol(val, NULL, 10); ---- old/Linux-PAM-1.1.8/modules/pam_unix/support.h 2013-06-18 16:24:05.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/support.h 2013-11-12 13:05:04.000000000 +0100 -@@ -97,8 +97,9 @@ - password hash algorithms */ - #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ - #define UNIX_MIN_PASS_LEN 27 /* min length for password */ -+#define UNIX_DES 28 /* DES, default */ - /* -------------- */ --#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ - - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) - -@@ -135,6 +136,7 @@ - /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, - /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, - /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) -@@ -172,4 +174,5 @@ - - extern int _unix_run_verify_binary(pam_handle_t *pamh, - unsigned int ctrl, const char *user, int *daysleft); -+extern char *_unix_search_key(const char *key, const char *filename); - #endif /* _PAM_UNIX_SUPPORT_H */ ---- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_warn/pam_warn.c 2013-11-28 11:37:54.000000000 +0100 -@@ -33,7 +33,7 @@ - value = value ? value : default_value ; \ - } while (0) - --static void log_items(pam_handle_t *pamh, const char *function) -+static void log_items(pam_handle_t *pamh, const char *function, int flags) - { - const void *service=NULL, *user=NULL, *terminal=NULL, - *rhost=NULL, *ruser=NULL; -@@ -45,8 +45,8 @@ - OBTAIN(PAM_RHOST, rhost, ""); - - pam_syslog(pamh, LOG_NOTICE, -- "function=[%s] service=[%s] terminal=[%s] user=[%s]" -- " ruser=[%s] rhost=[%s]\n", function, -+ "function=[%s] flags=%#x service=[%s] terminal=[%s] user=[%s]" -+ " ruser=[%s] rhost=[%s]\n", function, flags, - (const char *) service, (const char *) terminal, - (const char *) user, (const char *) ruser, - (const char *) rhost); -@@ -55,52 +55,52 @@ - /* --- authentication management functions (only) --- */ - - PAM_EXTERN --int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN --int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - /* password updating functions */ - - PAM_EXTERN --int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - diff --git a/Linux-PAM-git-20140127.diff b/Linux-PAM-git-20140127.diff new file mode 100644 index 0000000..7c23d18 --- /dev/null +++ b/Linux-PAM-git-20140127.diff @@ -0,0 +1,1015 @@ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/ChangeLog new/linux-pam-1.1.8/ChangeLog +--- old/Linux-PAM-1.1.8/ChangeLog 2013-09-19 11:33:00.000000000 +0200 ++++ new/linux-pam-1.1.8/ChangeLog 2014-01-27 15:04:04.000000000 +0100 +@@ -1,3 +1,272 @@ ++2014-01-27 Dmitry V. Levin ++ ++ Fix gratuitous use of strdup and x_strdup. ++ There is no need to copy strings passed as arguments to execve, ++ the only potentially noticeable effect of using strdup/x_strdup ++ would be a malformed argument list in case of memory allocation error. ++ ++ Also, x_strdup, being a thin wrapper around strdup, is of no benefit ++ when its argument is known to be non-NULL, and should not be used in ++ such cases. ++ ++ * modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup ++ instead of x_strdup, the latter is of no benefit in this case. ++ * modules/pam_ftp/pam_ftp.c (lookup): Likewise. ++ * modules/pam_userdb/pam_userdb.c (user_lookup): Likewise. ++ * modules/pam_userdb/pam_userdb.h (x_strdup): Remove. ++ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use ++ x_strdup for strings passed as arguments to execve. ++ * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. ++ * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. ++ * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. ++ (_unix_verify_password): Use strdup instead of x_strdup, the latter ++ is of no benefit in this case. ++ * modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for ++ strings passed as arguments to execv. ++ ++ pam_userdb: fix password hash comparison. ++ Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed ++ passwords support in pam_userdb, hashes are compared case-insensitively. ++ This bug leads to accepting hashes for completely different passwords in ++ addition to those that should be accepted. ++ ++ Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for ++ modern password hashes with different lengths and settings, did not ++ update the hash comparison accordingly, which leads to accepting ++ computed hashes longer than stored hashes when the latter is a prefix ++ of the former. ++ ++ * modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed ++ hash whose length differs from the stored hash length. ++ Compare computed and stored hashes case-sensitively. ++ Fixes CVE-2013-7041. ++ ++ Bug-Debian: http://bugs.debian.org/731368 ++ ++2014-01-24 Dmitry V. Levin ++ ++ pam_xauth: log fatal errors preventing xauth process execution. ++ * modules/pam_xauth/pam_xauth.c (run_coprocess): Log errors from pipe() ++ and fork() calls. ++ ++2014-01-22 Dmitry V. Levin ++ ++ pam_loginuid: cleanup loginuid buffer initialization. ++ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Move loginuid ++ buffer initialization closer to its first use. ++ ++ libpam_misc: fix an inconsistency in handling memory allocation errors. ++ When misc_conv fails to allocate memory for pam_response array, it ++ returns PAM_CONV_ERR. However, when read_string fails to allocate ++ memory for a response string, it loses the response string and silently ++ ignores the error, with net result as if EOF has been read. ++ ++ * libpam_misc/misc_conv.c (read_string): Use strdup instead of x_strdup, ++ the latter is of no benefit in this case. ++ Do not ignore potential memory allocation errors returned by strdup, ++ forward them to misc_conv. ++ ++2014-01-20 Dmitry V. Levin ++ ++ pam_limits: fix utmp->ut_user handling. ++ ut_user member of struct utmp is a string that is not necessarily ++ null-terminated, so extra care should be taken when using it. ++ ++ * modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to ++ a null-terminated string and consistently use it where a null-terminated ++ string is expected. ++ ++ pam_mkhomedir: check and create home directory for the same user (ticket #22) ++ Before pam_mkhomedir helper was introduced in commit ++ 7b14630ef39e71f603aeca0c47edf2f384717176, pam_mkhomedir was checking for ++ existance and creating the same directory - the home directory of the ++ user NAME returned by pam_get_item(PAM_USER). ++ ++ The change in behaviour accidentally introduced along with ++ mkhomedir_helper is not consistent: while the module still checks for ++ getpwnam(NAME)->pw_dir, the directory created by mkhomedir_helper is ++ getpwnam(getpwnam(NAME)->pw_name)->pw_dir, which is not necessarily ++ the same as the directory being checked. ++ ++ This change brings check and creation back in sync, both handling ++ getpwnam(NAME)->pw_dir. ++ ++ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Replace ++ "struct passwd *" argument with user's name and home directory. ++ Pass user's name to MKHOMEDIR_HELPER. ++ (pam_sm_open_session): Update create_homedir call. ++ ++2014-01-20 Tomas Mraz ++ ++ pam_limits: detect and ignore stale utmp entries. ++ Original idea by Christopher Hailey ++ ++ * modules/pam_limits/pam_limits.c (check_logins): Use kill() to ++ detect if pid of the utmp entry is still running and ignore the entry ++ if it is not. ++ ++2014-01-19 Stéphane Graber ++ ++ pam_loginuid: Always return PAM_IGNORE in userns. ++ The previous patch to support user namespaces works fine with containers ++ that are started from a desktop/terminal session but fails when dealing ++ with containers that were started from a remote session such as ssh. ++ ++ I haven't looked at the exact reason for that in the kernel but on the ++ userspace side of things, the difference is that containers started from ++ an ssh session will happily let pam open /proc/self/loginuid read-write, ++ will let it read its content but will then fail with EPERM when trying ++ to write to it. ++ ++ So to make the userns support bullet proof, this commit moves the userns ++ check earlier in the function (which means a small performance impact as ++ it'll now happen everytime on kernels that have userns support) and will ++ set rc = PAM_IGNORE instead of rc = PAM_ERROR. ++ ++ The rest of the code is still executed in the event that PAM is run on a ++ future kernel where we have some kind of audit namespace that includes a ++ working loginuid. ++ ++2014-01-15 Steve Langasek ++ ++ pam_namespace: don't use bashisms in default namespace.init script. ++ * modules/pam_namespace/pam_namespace.c: call setuid() before execing the ++ namespace init script, so that scripts run with maximum privilege regardless ++ of the shell implementation. ++ * modules/pam_namespace/namespace.init: drop the '-p' bashism from the ++ shebang line ++ ++ This is not a POSIX standard option, it's a bashism. The bash manpage says ++ that it's used to prevent the effective user id from being reset to the real ++ user id on startup, and to ignore certain unsafe variables from the ++ environment. ++ ++ In the case of pam_namespace, the -p is not necessary for environment ++ sanitizing because the PAM module (properly) sanitizes the environment ++ before execing the script. ++ ++ The stated reason given in CVS history for passing -p is to "preserve euid ++ when called from setuid apps (su, newrole)." This should be done more ++ portably, by calling setuid() before spawning the shell. ++ ++ Bug-Debian: http://bugs.debian.org/624842 ++ Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 ++ ++2014-01-10 Stéphane Graber ++ ++ pam_loginuid: Ignore failure in user namespaces. ++ When running pam_loginuid in a container using the user namespaces, even ++ uid 0 isn't allowed to set the loginuid property. ++ ++ This change catches the EACCES from opening loginuid, checks if the user ++ is in the host namespace (by comparing the uid_map with the host's one) ++ and only if that's the case, sets rc to 1. ++ ++ Should uid_map not exist or be unreadable for some reason, it'll be ++ assumed that the process is running on the host's namespace. ++ ++ The initial reason behind this change was failure to ssh into an ++ unprivileged container (using a 3.13 kernel and current LXC) when using ++ a standard pam profile for sshd (which requires success from ++ pam_loginuid). ++ ++ I believe this solution doesn't have any drawback and will allow people ++ to use unprivileged containers normally. An alternative would be to have ++ all distros set pam_loginuid as optional but that'd be bad for any of ++ the other potential failure case which people may care about. ++ ++ There has also been some discussions to get some of the audit features ++ tied with the user namespaces but currently none of that has been merged ++ upstream and the currently proposed implementation doesn't cover ++ loginuid (nor is it clear how this should even work when loginuid is set ++ as immutable after initial write). ++ ++2014-01-10 Dmitry V. Levin ++ ++ pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist. ++ When /proc/self/loginuid does not exist, return PAM_IGNORE instead of ++ PAM_SUCCESS, so that we can distinguish between "loginuid set ++ successfully" and "loginuid not set, but this is expected". ++ ++ Suggested by Steve Langasek. ++ ++ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return ++ code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid ++ does not exist, PAM_SESSION_ERR in case of any other error. ++ (_pam_loginuid): Forward the PAM error code returned by set_loginuid. ++ ++2013-11-20 Dmitry V. Levin ++ ++ pam_access: fix debug level logging (ticket #19) ++ * modules/pam_access/pam_access.c (group_match): Log the group token ++ passed to the function, not an uninitialized data on the stack. ++ ++ pam_warn: log flags passed to the module (ticket #25) ++ * modules/pam_warn/pam_warn.c (log_items): Take "flags" argument and ++ log it using pam_syslog. ++ (pam_sm_authenticate, pam_sm_setcred, pam_sm_chauthtok, ++ pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session): Pass ++ "flags" argument to log_items. ++ ++ Modernize AM_INIT_AUTOMAKE invocation. ++ Before this change, automake complained that two- and three-arguments ++ forms of AM_INIT_AUTOMAKE are deprecated. ++ ++ * configure.in: Pass PACKAGE and VERSION arguments to AC_INIT instead ++ of AM_INIT_AUTOMAKE. ++ ++ Fix autoconf warnings. ++ Before this change, autoconf complained that AC_COMPILE_IFELSE ++ and AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS. ++ ++ * configure.in: Call AC_USE_SYSTEM_EXTENSIONS before LT_INIT. ++ ++ pam_securetty: check return value of fgets. ++ Checking return value of fgets not only silences the warning from glibc ++ but also leads to a cleaner code. ++ ++ * modules/pam_securetty/pam_securetty.c (securetty_perform_check): ++ Check return value of fgets. ++ ++ pam_lastlog: fix format string. ++ gcc -Wformat justly complains: ++ format '%d' expects argument of type 'int', but argument 5 has type 'time_t' ++ ++ * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format ++ string. ++ ++2013-11-20 Darren Tucker ++ ++ If the correct loginuid is set already, skip writing it. ++ modules/pam_loginuid/pam_loginuid.c (set_loginuid): Read the current loginuid ++ and skip writing if already correctly set. ++ ++2013-11-11 Thorsten Kukuk ++ ++ Always ask for old password if changing NIS account. ++ * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask ++ for old password if NIS account. ++ ++2013-11-08 Thorsten Kukuk ++ ++ Allow DES as compatibility option for /etc/login.defs. ++ * modules/pam_unix/support.h: Add UNIX_DES ++ ++2013-10-14 Tomas Mraz ++ ++ Docfix: pam_prompt() and pam_vprompt() return int. ++ doc/man/pam_prompt.3.xml: pam_prompt() and pam_vprompt() return int. ++ ++ Make pam_tty_audit work with old kernels not supporting log_passwd. ++ modules/pam_tty_audit/pam_tty_audit.c(nl_recv): Pad result with zeros ++ if message is short from older kernel. ++ ++2013-09-25 Tomas Mraz ++ ++ Fix pam_tty_audit log_passwd support and regression. ++ modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include. ++ (pam_sm_open_session): Always copy the old status as initialization of new. ++ + 2013-09-19 Thorsten Kukuk + + Release version 1.1.8. +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml new/linux-pam-1.1.8/doc/man/pam_prompt.3.xml +--- old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/doc/man/pam_prompt.3.xml 2013-11-08 14:33:32.000000000 +0100 +@@ -22,7 +22,7 @@ + + #include <security/pam_ext.h> + +- void pam_prompt ++ int pam_prompt + pam_handle_t *pamh + int style + char **response +@@ -30,7 +30,7 @@ + ... + + +- void pam_vprompt ++ int pam_vprompt + pam_handle_t *pamh + int style + char **response +@@ -75,7 +75,7 @@ + PAM_SUCCESS + + +- Transaction was successful created. ++ Conversation succeded, response is set. + + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c new/linux-pam-1.1.8/libpam_misc/misc_conv.c +--- old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/libpam_misc/misc_conv.c 2014-01-25 07:35:59.000000000 +0100 +@@ -210,8 +210,12 @@ + } + line[nc] = '\0'; + } +- *retstr = x_strdup(line); ++ *retstr = strdup(line); + _pam_overwrite(line); ++ if (!*retstr) { ++ D(("no memory for response string")); ++ nc = -1; ++ } + + goto cleanexit; /* return malloc()ed string */ + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c new/linux-pam-1.1.8/modules/pam_access/pam_access.c +--- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_access/pam_access.c 2014-01-09 16:28:39.000000000 +0100 +@@ -573,7 +573,7 @@ + + if (debug) + pam_syslog (pamh, LOG_DEBUG, +- "group_match: grp=%s, user=%s", grptok, usr); ++ "group_match: grp=%s, user=%s", tok, usr); + + if (strlen(tok) < 3) + return NO; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c new/linux-pam-1.1.8/modules/pam_cracklib/pam_cracklib.c +--- old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_cracklib/pam_cracklib.c 2014-01-27 15:02:50.000000000 +0100 +@@ -619,16 +619,16 @@ + return msg; + } + +- newmono = str_lower(x_strdup(new)); ++ newmono = str_lower(strdup(new)); + if (!newmono) + msg = _("memory allocation error"); + +- usermono = str_lower(x_strdup(user)); ++ usermono = str_lower(strdup(user)); + if (!usermono) + msg = _("memory allocation error"); + + if (!msg && old) { +- oldmono = str_lower(x_strdup(old)); ++ oldmono = str_lower(strdup(old)); + if (oldmono) + wrapped = malloc(strlen(oldmono) * 2 + 1); + if (wrapped) { +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c new/linux-pam-1.1.8/modules/pam_ftp/pam_ftp.c +--- old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_ftp/pam_ftp.c 2014-01-27 15:02:50.000000000 +0100 +@@ -81,7 +81,7 @@ + char *list_copy, *x; + char *sptr = NULL; + +- list_copy = x_strdup(list); ++ list_copy = strdup(list); + x = list_copy; + while (list_copy && (l = strtok_r(x, ",", &sptr))) { + x = NULL; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c +--- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-11-28 11:37:54.000000000 +0100 +@@ -628,7 +628,8 @@ + lltime = (time(NULL) - lltime) / (24*60*60); + + if (lltime > inactive_days) { +- pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime); ++ pam_syslog(pamh, LOG_INFO, "user %s inactive for %ld days - denied", ++ user, (long) lltime); + return PAM_AUTH_ERR; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c new/linux-pam-1.1.8/modules/pam_limits/pam_limits.c +--- old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_limits/pam_limits.c 2014-01-25 07:35:59.000000000 +0100 +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -269,16 +270,27 @@ + continue; + } + if (!pl->flag_numsyslogins) { ++ char user[sizeof(ut->UT_USER) + 1]; ++ user[0] = '\0'; ++ strncat(user, ut->UT_USER, sizeof(ut->UT_USER)); ++ + if (((pl->login_limit_def == LIMITS_DEF_USER) + || (pl->login_limit_def == LIMITS_DEF_GROUP) + || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) +- && strncmp(name, ut->UT_USER, sizeof(ut->UT_USER)) != 0) { ++ && strcmp(name, user) != 0) { + continue; + } + if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) +- && !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { ++ && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { + continue; + } ++ if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { ++ /* process does not exist anymore */ ++ pam_syslog(pamh, LOG_WARNING, ++ "Stale utmp entry (pid %d) for '%s' ignored", ++ ut->ut_pid, user); ++ continue; ++ } + } + if (++count > limit) { + break; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c +--- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c 2014-01-25 07:35:59.000000000 +0100 +@@ -47,25 +47,50 @@ + + /* + * This function writes the loginuid to the /proc system. It returns +- * 0 on success and 1 on failure. ++ * PAM_SUCCESS on success, ++ * PAM_IGNORE when /proc/self/loginuid does not exist, ++ * PAM_SESSION_ERR in case of any other error. + */ + static int set_loginuid(pam_handle_t *pamh, uid_t uid) + { +- int fd, count, rc = 0; +- char loginuid[24]; ++ int fd, count, rc = PAM_SESSION_ERR; ++ char loginuid[24], buf[24]; ++ static const char host_uid_map[] = " 0 0 4294967295\n"; ++ char uid_map[sizeof(host_uid_map)]; ++ ++ /* loginuid in user namespaces currently isn't writable and in some ++ case, not even readable, so consider any failure as ignorable (but try ++ anyway, in case we hit a kernel which supports it). */ ++ fd = open("/proc/self/uid_map", O_RDONLY); ++ if (fd >= 0) { ++ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); ++ if (strncmp(uid_map, host_uid_map, count) != 0) ++ rc = PAM_IGNORE; ++ close(fd); ++ } + +- count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); +- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); ++ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); + if (fd < 0) { +- if (errno != ENOENT) { +- rc = 1; ++ if (errno == ENOENT) { ++ rc = PAM_IGNORE; ++ } ++ if (rc != PAM_IGNORE) { + pam_syslog(pamh, LOG_ERR, + "Cannot open /proc/self/loginuid: %m"); + } + return rc; + } +- if (pam_modutil_write(fd, loginuid, count) != count) +- rc = 1; ++ ++ count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); ++ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && ++ memcmp(buf, loginuid, count) == 0) { ++ rc = PAM_SUCCESS; ++ goto done; /* already correct */ ++ } ++ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && ++ pam_modutil_write(fd, loginuid, count) == count) ++ rc = PAM_SUCCESS; ++ done: + close(fd); + return rc; + } +@@ -165,6 +190,7 @@ + { + const char *user = NULL; + struct passwd *pwd; ++ int ret; + #ifdef HAVE_LIBAUDIT + int require_auditd = 0; + #endif +@@ -183,9 +209,14 @@ + return PAM_SESSION_ERR; + } + +- if (set_loginuid(pamh, pwd->pw_uid)) { +- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); +- return PAM_SESSION_ERR; ++ ret = set_loginuid(pamh, pwd->pw_uid); ++ switch (ret) { ++ case PAM_SUCCESS: ++ case PAM_IGNORE: ++ break; ++ default: ++ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); ++ return ret; + } + + #ifdef HAVE_LIBAUDIT +@@ -195,11 +226,12 @@ + argv++; + } + +- if (require_auditd) +- return check_auditd(); +- else ++ if (require_auditd) { ++ int rc = check_auditd(); ++ return rc != PAM_SUCCESS ? rc : ret; ++ } else + #endif +- return PAM_SUCCESS; ++ return ret; + } + + /* +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c new/linux-pam-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c +--- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2014-01-27 15:02:50.000000000 +0100 +@@ -103,14 +103,14 @@ + /* Do the actual work of creating a home dir */ + static int + create_homedir (pam_handle_t *pamh, options_t *opt, +- const struct passwd *pwd) ++ const char *user, const char *dir) + { + int retval, child; + struct sigaction newsa, oldsa; + + /* Mention what is happening, if the notification fails that is OK */ + if (!(opt->ctrl & MKHOMEDIR_QUIET)) +- pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); ++ pam_info(pamh, _("Creating directory '%s'."), dir); + + + D(("called.")); +@@ -134,7 +134,7 @@ + int i; + struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL, NULL }; + + if (getrlimit(RLIMIT_NOFILE, &rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) +@@ -145,12 +145,12 @@ + } + + /* exec the mkhomedir helper */ +- args[0] = x_strdup(MKHOMEDIR_HELPER); +- args[1] = pwd->pw_name; +- args[2] = x_strdup(opt->umask); +- args[3] = x_strdup(opt->skeldir); ++ args[0] = MKHOMEDIR_HELPER; ++ args[1] = user; ++ args[2] = opt->umask; ++ args[3] = opt->skeldir; + +- execve(MKHOMEDIR_HELPER, args, envp); ++ execve(MKHOMEDIR_HELPER, (char *const *) args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); +@@ -181,7 +181,7 @@ + + if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { + pam_error(pamh, _("Unable to create and initialize directory '%s'."), +- pwd->pw_dir); ++ dir); + } + + D(("returning %d", retval)); +@@ -230,7 +230,7 @@ + return PAM_SUCCESS; + } + +- return create_homedir(pamh, &opt, pwd); ++ return create_homedir(pamh, &opt, user, pwd->pw_dir); + } + + /* Ignore */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init new/linux-pam-1.1.8/modules/pam_namespace/namespace.init +--- old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_namespace/namespace.init 2014-01-25 07:35:59.000000000 +0100 +@@ -1,4 +1,4 @@ +-#!/bin/sh -p ++#!/bin/sh + # It receives polydir path as $1, the instance path as $2, + # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, + # and user name in $4. +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c new/linux-pam-1.1.8/modules/pam_namespace/pam_namespace.c +--- old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_namespace/pam_namespace.c 2014-01-25 07:35:59.000000000 +0100 +@@ -1205,6 +1205,11 @@ + _exit(1); + } + #endif ++ /* Pass maximum privs when we exec() */ ++ if (setuid(geteuid()) < 0) { ++ /* ignore failures, they don't matter */ ++ } ++ + if (execle(init_script, init_script, + polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) + _exit(1); +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c new/linux-pam-1.1.8/modules/pam_securetty/pam_securetty.c +--- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_securetty/pam_securetty.c 2013-11-28 11:37:54.000000000 +0100 +@@ -159,11 +159,10 @@ + if (cmdlinefile != NULL) { + char line[LINE_MAX], *p; + +- line[0] = 0; +- fgets(line, sizeof(line), cmdlinefile); ++ p = fgets(line, sizeof(line), cmdlinefile); + fclose(cmdlinefile); + +- for (p = line; p; p = strstr(p+1, "console=")) { ++ for (; p; p = strstr(p+1, "console=")) { + char *e; + + /* Test whether this is a beginning of a word? */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c new/linux-pam-1.1.8/modules/pam_tty_audit/pam_tty_audit.c +--- old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2013-08-28 10:53:40.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2013-11-08 14:33:32.000000000 +0100 +@@ -36,6 +36,7 @@ + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + DAMAGE. */ + ++#include "config.h" + #include + #include + #include +@@ -108,7 +109,7 @@ + struct msghdr msg; + struct nlmsghdr nlm; + struct iovec iov[2]; +- ssize_t res; ++ ssize_t res, resdiff; + + again: + iov[0].iov_base = &nlm; +@@ -160,12 +161,17 @@ + res = recvmsg (fd, &msg, 0); + if (res == -1) + return -1; +- if ((size_t)res != NLMSG_LENGTH (size) ++ resdiff = NLMSG_LENGTH(size) - (size_t)res; ++ if (resdiff < 0 + || nlm.nlmsg_type != type) + { + errno = EIO; + return -1; + } ++ else if (resdiff > 0) ++ { ++ memset((char *)buf + size - resdiff, 0, resdiff); ++ } + return 0; + } + +@@ -275,6 +281,8 @@ + return PAM_SESSION_ERR; + } + ++ memcpy(&new_status, old_status, sizeof(new_status)); ++ + new_status.enabled = (command == CMD_ENABLE ? 1 : 0); + #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD + new_status.log_passwd = log_passwd; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c new/linux-pam-1.1.8/modules/pam_unix/pam_unix_acct.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c 2013-09-16 11:11:51.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/pam_unix_acct.c 2014-01-27 15:02:50.000000000 +0100 +@@ -101,7 +101,7 @@ + int i=0; + struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL }; + + /* reopen stdout as pipe */ + dup2(fds[1], STDOUT_FILENO); +@@ -130,11 +130,11 @@ + } + + /* exec binary helper */ +- args[0] = x_strdup(CHKPWD_HELPER); +- args[1] = x_strdup(user); +- args[2] = x_strdup("chkexpiry"); ++ args[0] = CHKPWD_HELPER; ++ args[1] = user; ++ args[2] = "chkexpiry"; + +- execve(CHKPWD_HELPER, args, envp); ++ execve(CHKPWD_HELPER, (char *const *) args, envp); + + pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); + /* should not get here: exit with error */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c new/linux-pam-1.1.8/modules/pam_unix/pam_unix_passwd.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-09-16 11:09:47.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/pam_unix_passwd.c 2014-01-27 15:02:50.000000000 +0100 +@@ -204,7 +204,7 @@ + int i=0; + struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; + char buffer[16]; + + /* XXX - should really tidy up PAM here too */ +@@ -222,18 +222,18 @@ + } + + /* exec binary helper */ +- args[0] = x_strdup(UPDATE_HELPER); +- args[1] = x_strdup(user); +- args[2] = x_strdup("update"); ++ args[0] = UPDATE_HELPER; ++ args[1] = user; ++ args[2] = "update"; + if (on(UNIX_SHADOW, ctrl)) +- args[3] = x_strdup("1"); ++ args[3] = "1"; + else +- args[3] = x_strdup("0"); ++ args[3] = "0"; + + snprintf(buffer, sizeof(buffer), "%d", remember); +- args[4] = x_strdup(buffer); ++ args[4] = buffer; + +- execve(UPDATE_HELPER, args, envp); ++ execve(UPDATE_HELPER, (char *const *) args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); +@@ -614,7 +614,8 @@ + + if (_unix_blankpasswd(pamh, ctrl, user)) { + return PAM_SUCCESS; +- } else if (off(UNIX__IAMROOT, ctrl)) { ++ } else if (off(UNIX__IAMROOT, ctrl) || ++ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { + /* instruct user what is happening */ + if (asprintf(&Announce, _("Changing password for %s."), + user) < 0) { +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.c new/linux-pam-1.1.8/modules/pam_unix/support.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/support.c 2013-09-16 11:11:51.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/support.c 2014-01-27 15:02:50.000000000 +0100 +@@ -567,7 +567,7 @@ + int i=0; + struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL }; + + /* XXX - should really tidy up PAM here too */ + +@@ -593,15 +593,15 @@ + } + + /* exec binary helper */ +- args[0] = strdup(CHKPWD_HELPER); +- args[1] = x_strdup(user); ++ args[0] = CHKPWD_HELPER; ++ args[1] = user; + if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ +- args[2]=strdup("nullok"); ++ args[2]="nullok"; + } else { +- args[2]=strdup("nonull"); ++ args[2]="nonull"; + } + +- execve(CHKPWD_HELPER, args, envp); ++ execve(CHKPWD_HELPER, (char *const *) args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); +@@ -788,10 +788,10 @@ + login_name = ""; + } + +- new->user = x_strdup(name ? name : ""); ++ new->user = strdup(name ? name : ""); + new->uid = getuid(); + new->euid = geteuid(); +- new->name = x_strdup(login_name); ++ new->name = strdup(login_name); + + /* any previous failures for this user ? */ + if (pam_get_data(pamh, data_name, &void_old) +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.h new/linux-pam-1.1.8/modules/pam_unix/support.h +--- old/Linux-PAM-1.1.8/modules/pam_unix/support.h 2013-06-18 16:24:05.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_unix/support.h 2014-01-27 15:02:38.000000000 +0100 +@@ -97,8 +97,9 @@ + password hash algorithms */ + #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ ++#define UNIX_DES 28 /* DES, default */ + /* -------------- */ +-#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + +@@ -135,6 +136,7 @@ + /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, + /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.c +--- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.c 2014-01-27 15:02:50.000000000 +0100 +@@ -184,7 +184,7 @@ + else + key.dsize = strlen(key.dptr); + } else { +- key.dptr = x_strdup(user); ++ key.dptr = strdup(user); + key.dsize = strlen(user); + } + +@@ -222,12 +222,15 @@ + } else { + cryptpw = crypt (pass, data.dptr); + +- if (cryptpw) { +- compare = strncasecmp (data.dptr, cryptpw, data.dsize); ++ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { ++ compare = memcmp(data.dptr, cryptpw, data.dsize); + } else { + compare = -2; + if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); ++ if (cryptpw) ++ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); ++ else ++ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); + } + }; + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.h +--- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.h 2014-01-27 15:02:50.000000000 +0100 +@@ -15,9 +15,6 @@ + #define PAM_USE_FPASS_ARG 0x0040 + #define PAM_TRY_FPASS_ARG 0x0080 + +-/* Useful macros */ +-#define x_strdup(s) ( (s) ? strdup(s):NULL ) +- + /* The name of the module we are compiling */ + #ifndef MODULE_NAME + #define MODULE_NAME "pam_userdb" +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c new/linux-pam-1.1.8/modules/pam_warn/pam_warn.c +--- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_warn/pam_warn.c 2013-11-28 11:37:54.000000000 +0100 +@@ -33,7 +33,7 @@ + value = value ? value : default_value ; \ + } while (0) + +-static void log_items(pam_handle_t *pamh, const char *function) ++static void log_items(pam_handle_t *pamh, const char *function, int flags) + { + const void *service=NULL, *user=NULL, *terminal=NULL, + *rhost=NULL, *ruser=NULL; +@@ -45,8 +45,8 @@ + OBTAIN(PAM_RHOST, rhost, ""); + + pam_syslog(pamh, LOG_NOTICE, +- "function=[%s] service=[%s] terminal=[%s] user=[%s]" +- " ruser=[%s] rhost=[%s]\n", function, ++ "function=[%s] flags=%#x service=[%s] terminal=[%s] user=[%s]" ++ " ruser=[%s] rhost=[%s]\n", function, flags, + (const char *) service, (const char *) terminal, + (const char *) user, (const char *) ruser, + (const char *) rhost); +@@ -55,52 +55,52 @@ + /* --- authentication management functions (only) --- */ + + PAM_EXTERN +-int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN +-int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + /* password updating functions */ + + PAM_EXTERN +-int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c new/linux-pam-1.1.8/modules/pam_xauth/pam_xauth.c +--- old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/linux-pam-1.1.8/modules/pam_xauth/pam_xauth.c 2014-01-27 15:02:50.000000000 +0100 +@@ -103,9 +103,11 @@ + + /* Create stdio pipery. */ + if (pipe(ipipe) == -1) { ++ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); + return -1; + } + if (pipe(opipe) == -1) { ++ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); + close(ipipe[0]); + close(ipipe[1]); + return -1; +@@ -114,6 +116,7 @@ + /* Fork off a child. */ + child = fork(); + if (child == -1) { ++ pam_syslog(pamh, LOG_ERR, "Could not fork: %m"); + close(ipipe[0]); + close(ipipe[1]); + close(opipe[0]); +@@ -124,8 +127,7 @@ + if (child == 0) { + /* We're the child. */ + size_t j; +- char *args[10]; +- const char *tmp; ++ const char *args[10]; + int maxopened; + /* Drop privileges. */ + if (setgid(gid) == -1) +@@ -163,16 +165,15 @@ + } + /* Convert the varargs list into a regular array of strings. */ + va_start(ap, command); +- args[0] = strdup(command); ++ args[0] = command; + for (j = 1; j < ((sizeof(args) / sizeof(args[0])) - 1); j++) { +- tmp = va_arg(ap, const char*); +- if (tmp == NULL) { ++ args[j] = va_arg(ap, const char*); ++ if (args[j] == NULL) { + break; + } +- args[j] = strdup(tmp); + } + /* Run the command. */ +- execv(command, args); ++ execv(command, (char *const *) args); + /* Never reached. */ + _exit(1); + } diff --git a/pam.changes b/pam.changes index 19f76b7..7c2e232 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + ------------------------------------------------------------------- Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com diff --git a/pam.spec b/pam.spec index 4a5dcb9..8dfa6ad 100644 --- a/pam.spec +++ b/pam.spec @@ -24,7 +24,6 @@ Url: http://www.linux-pam.org/ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel -BuildRequires: db-devel BuildRequires: flex #BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} @@ -53,9 +52,7 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif -Patch1: Linux-PAM-git-20140109.diff -Patch2: pam_loginuid-part1.diff -Patch3: pam_loginuid-part2.diff +Patch1: Linux-PAM-git-20140127.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -101,8 +98,6 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 %patch1 -p2 -%patch2 -p1 -%patch3 -p1 %build export CFLAGS="%optflags -DNDEBUG" @@ -275,7 +270,7 @@ install -m 644 NEWS COPYING $DOC /%{_lib}/security/pam_unix_auth.so /%{_lib}/security/pam_unix_passwd.so /%{_lib}/security/pam_unix_session.so -/%{_lib}/security/pam_userdb.so +#/%{_lib}/security/pam_userdb.so /%{_lib}/security/pam_warn.so /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so diff --git a/pam_loginuid-part1.diff b/pam_loginuid-part1.diff deleted file mode 100644 index ab621dd..0000000 --- a/pam_loginuid-part1.diff +++ /dev/null @@ -1,115 +0,0 @@ -commit 5825450540e6620ac331c64345b42fdcbb1d6e87 -Author: Dmitry V. Levin -Date: Wed Jan 8 15:53:30 2014 -0800 - - pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist - - When /proc/self/loginuid does not exist, return PAM_IGNORE instead of - PAM_SUCCESS, so that we can distinguish between "loginuid set - successfully" and "loginuid not set, but this is expected". - - Suggested by Steve Langasek. - - * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return - code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid - does not exist, PAM_SESSION_ERR in case of any other error. - (_pam_loginuid): Forward the PAM error code returned by set_loginuid. - - modules/pam_loginuid/pam_loginuid.c | 43 ++++++++++++++++++++++------------ - 1 files changed, 28 insertions(+), 15 deletions(-) ---- -diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c -index a903845..96f8ffa 100644 ---- a/modules/pam_loginuid/pam_loginuid.c -+++ b/modules/pam_loginuid/pam_loginuid.c -@@ -47,29 +47,35 @@ - - /* - * This function writes the loginuid to the /proc system. It returns -- * 0 on success and 1 on failure. -+ * PAM_SUCCESS on success, -+ * PAM_IGNORE when /proc/self/loginuid does not exist, -+ * PAM_SESSION_ERR in case of any other error. - */ - static int set_loginuid(pam_handle_t *pamh, uid_t uid) - { -- int fd, count, rc = 0; -+ int fd, count, rc = PAM_SESSION_ERR; - char loginuid[24], buf[24]; - - count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); - fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); - if (fd < 0) { -- if (errno != ENOENT) { -- rc = 1; -+ if (errno == ENOENT) { -+ rc = PAM_IGNORE; -+ } else { - pam_syslog(pamh, LOG_ERR, - "Cannot open /proc/self/loginuid: %m"); - } - return rc; - } -+ - if (pam_modutil_read(fd, buf, sizeof(buf)) == count && -- memcmp(buf, loginuid, count) == 0) -+ memcmp(buf, loginuid, count) == 0) { -+ rc = PAM_SUCCESS; - goto done; /* already correct */ -- if (lseek(fd, 0, SEEK_SET) == -1 || (ftruncate(fd, 0) == -1 || -- pam_modutil_write(fd, loginuid, count) != count)) -- rc = 1; -+ } -+ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && -+ pam_modutil_write(fd, loginuid, count) == count) -+ rc = PAM_SUCCESS; - done: - close(fd); - return rc; -@@ -170,6 +176,7 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, - { - const char *user = NULL; - struct passwd *pwd; -+ int ret; - #ifdef HAVE_LIBAUDIT - int require_auditd = 0; - #endif -@@ -188,9 +195,14 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, - return PAM_SESSION_ERR; - } - -- if (set_loginuid(pamh, pwd->pw_uid)) { -- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); -- return PAM_SESSION_ERR; -+ ret = set_loginuid(pamh, pwd->pw_uid); -+ switch (ret) { -+ case PAM_SUCCESS: -+ case PAM_IGNORE: -+ break; -+ default: -+ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); -+ return ret; - } - - #ifdef HAVE_LIBAUDIT -@@ -200,11 +212,12 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, - argv++; - } - -- if (require_auditd) -- return check_auditd(); -- else -+ if (require_auditd) { -+ int rc = check_auditd(); -+ return rc != PAM_SUCCESS ? rc : ret; -+ } else - #endif -- return PAM_SUCCESS; -+ return ret; - } - - /* -_______________________________________________ -linux-pam-commits mailing list -linux-pam-commits@lists.fedorahosted.org -https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits diff --git a/pam_loginuid-part2.diff b/pam_loginuid-part2.diff deleted file mode 100644 index 0980f1f..0000000 --- a/pam_loginuid-part2.diff +++ /dev/null @@ -1,74 +0,0 @@ -commit 24f3a88e7de52fbfcb7b8a1ebdae0cdbef420edf -Author: Stéphane Graber -Date: Tue Jan 7 16:12:03 2014 -0800 - - pam_loginuid: Ignore failure in user namespaces - - When running pam_loginuid in a container using the user namespaces, even - uid 0 isn't allowed to set the loginuid property. - - This change catches the EACCES from opening loginuid, checks if the user - is in the host namespace (by comparing the uid_map with the host's one) - and only if that's the case, sets rc to 1. - - Should uid_map not exist or be unreadable for some reason, it'll be - assumed that the process is running on the host's namespace. - - The initial reason behind this change was failure to ssh into an - unprivileged container (using a 3.13 kernel and current LXC) when using - a standard pam profile for sshd (which requires success from - pam_loginuid). - - I believe this solution doesn't have any drawback and will allow people - to use unprivileged containers normally. An alternative would be to have - all distros set pam_loginuid as optional but that'd be bad for any of - the other potential failure case which people may care about. - - There has also been some discussions to get some of the audit features - tied with the user namespaces but currently none of that has been merged - upstream and the currently proposed implementation doesn't cover - loginuid (nor is it clear how this should even work when loginuid is set - as immutable after initial write). - - Signed-off-by: Steve Langasek - Signed-off-by: Dmitry V. Levin - - modules/pam_loginuid/pam_loginuid.c | 15 ++++++++++++++- - 1 files changed, 14 insertions(+), 1 deletions(-) ---- -diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c -index 96f8ffa..54ae6f0 100644 ---- a/modules/pam_loginuid/pam_loginuid.c -+++ b/modules/pam_loginuid/pam_loginuid.c -@@ -55,13 +55,26 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) - { - int fd, count, rc = PAM_SESSION_ERR; - char loginuid[24], buf[24]; -+ static const char host_uid_map[] = " 0 0 4294967295\n"; -+ char uid_map[sizeof(host_uid_map)]; - - count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); - fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); - if (fd < 0) { - if (errno == ENOENT) { - rc = PAM_IGNORE; -- } else { -+ } else if (errno == EACCES) { -+ fd = open("/proc/self/uid_map", O_RDONLY); -+ if (fd >= 0) { -+ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); -+ if (strncmp(uid_map, host_uid_map, count) != 0) -+ rc = PAM_IGNORE; -+ close(fd); -+ } -+ if (rc != PAM_IGNORE) -+ errno = EACCES; -+ } -+ if (rc != PAM_IGNORE) { - pam_syslog(pamh, LOG_ERR, - "Cannot open /proc/self/loginuid: %m"); - } -_______________________________________________ -linux-pam-commits mailing list -linux-pam-commits@lists.fedorahosted.org -https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits -- 2.51.1 From 52e0c1287c89d96e33f3511037c6b9b58d72cf58ff6038ecdca35d44c1037107 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 27 Jan 2014 16:10:16 +0000 Subject: [PATCH 079/226] - Add pam_loginuid-log_write_errors.diff: log significant loginuid write errors - pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to xauth process OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=135 --- pam.changes | 8 +++++ pam.spec | 4 +++ pam_loginuid-log_write_errors.diff | 47 ++++++++++++++++++++++++++++++ pam_xauth-sigpipe.diff | 36 +++++++++++++++++++++++ 4 files changed, 95 insertions(+) create mode 100644 pam_loginuid-log_write_errors.diff create mode 100644 pam_xauth-sigpipe.diff diff --git a/pam.changes b/pam.changes index 7c2e232..0d36825 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + ------------------------------------------------------------------- Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 8dfa6ad..b99e162 100644 --- a/pam.spec +++ b/pam.spec @@ -53,6 +53,8 @@ Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif Patch1: Linux-PAM-git-20140127.diff +Patch2: pam_loginuid-log_write_errors.diff +Patch3: pam_xauth-sigpipe.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -98,6 +100,8 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 %patch1 -p2 +%patch2 -p1 +%patch3 -p1 %build export CFLAGS="%optflags -DNDEBUG" diff --git a/pam_loginuid-log_write_errors.diff b/pam_loginuid-log_write_errors.diff new file mode 100644 index 0000000..73f0f92 --- /dev/null +++ b/pam_loginuid-log_write_errors.diff @@ -0,0 +1,47 @@ +commit 256b50e1fce2f785f1032a1949dd2d1dbc17e250 +Author: Dmitry V. Levin +Date: Sun Jan 19 14:12:59 2014 +0000 + + pam_loginuid: log significant loginuid write errors + + * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors + during /proc/self/loginuid update that are not ignored. + + modules/pam_loginuid/pam_loginuid.c | 12 +++++++++--- + 1 files changed, 9 insertions(+), 3 deletions(-) +--- +diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c +index c476f7b..73c42f9 100644 +--- a/modules/pam_loginuid/pam_loginuid.c ++++ b/modules/pam_loginuid/pam_loginuid.c +@@ -75,8 +75,8 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) + rc = PAM_IGNORE; + } + if (rc != PAM_IGNORE) { +- pam_syslog(pamh, LOG_ERR, +- "Cannot open /proc/self/loginuid: %m"); ++ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", ++ "/proc/self/loginuid"); + } + return rc; + } +@@ -88,8 +88,14 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) + goto done; /* already correct */ + } + if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && +- pam_modutil_write(fd, loginuid, count) == count) ++ pam_modutil_write(fd, loginuid, count) == count) { + rc = PAM_SUCCESS; ++ } else { ++ if (rc != PAM_IGNORE) { ++ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m", ++ "/proc/self/loginuid"); ++ } ++ } + done: + close(fd); + return rc; +_______________________________________________ +linux-pam-commits mailing list +linux-pam-commits@lists.fedorahosted.org +https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits diff --git a/pam_xauth-sigpipe.diff b/pam_xauth-sigpipe.diff new file mode 100644 index 0000000..b576da9 --- /dev/null +++ b/pam_xauth-sigpipe.diff @@ -0,0 +1,36 @@ +commit 47db675c910a065fa9602753a904b050b0322f29 +Author: Dmitry V. Levin +Date: Fri Jan 24 13:38:38 2014 +0000 + + pam_xauth: avoid potential SIGPIPE when writing to xauth process + + Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8. + + * modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process, + close the read end of input pipe after writing to its write end. + + modules/pam_xauth/pam_xauth.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) +--- +diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c +index 7075547..c7ce55a 100644 +--- a/modules/pam_xauth/pam_xauth.c ++++ b/modules/pam_xauth/pam_xauth.c +@@ -179,12 +179,12 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, + } + + /* We're the parent, so close the other ends of the pipes. */ +- close(ipipe[0]); + close(opipe[1]); + /* Send input to the process (if we have any), then send an EOF. */ + if (input) { + (void)pam_modutil_write(ipipe[1], input, strlen(input)); + } ++ close(ipipe[0]); /* close here to avoid possible SIGPIPE above */ + close(ipipe[1]); + + /* Read data output until we run out of stuff to read. */ +_______________________________________________ +linux-pam-commits mailing list +linux-pam-commits@lists.fedorahosted.org +https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits -- 2.51.1 From 00a548aec576d743fa678c06898c78e2cf58a02ecca5f736386d6420d5733e47 Mon Sep 17 00:00:00 2001 From: Christian Kornacker Date: Tue, 1 Apr 2014 15:39:24 +0000 Subject: [PATCH 080/226] - adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=137 --- pam.changes | 5 +++++ pam.spec | 2 ++ 2 files changed, 7 insertions(+) diff --git a/pam.changes b/pam.changes index 0d36825..15a8c82 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + ------------------------------------------------------------------- Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index b99e162..b4769c9 100644 --- a/pam.spec +++ b/pam.spec @@ -144,6 +144,8 @@ echo "hvc4" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc5" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc6" >> $RPM_BUILD_ROOT/etc/securetty echo "hvc7" >> $RPM_BUILD_ROOT/etc/securetty +echo "sclp_line0" >> $RPM_BUILD_ROOT/etc/securetty +echo "ttysclp0" >> $RPM_BUILD_ROOT/etc/securetty %endif # install other.pamd and common-*.pamd install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other -- 2.51.1 From 9b92f7495c62908f569e278da1b27fd0ed736af6f4da10aacdd92751891aae73 Mon Sep 17 00:00:00 2001 From: Christian Kornacker Date: Wed, 9 Apr 2014 16:56:48 +0000 Subject: [PATCH 081/226] - Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) bug-870433_pam_timestamp-fix-directory-traversal.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=139 --- ...am_timestamp-fix-directory-traversal.patch | 53 +++++++++++++++++++ pam.changes | 6 +++ pam.spec | 2 + 3 files changed, 61 insertions(+) create mode 100644 bug-870433_pam_timestamp-fix-directory-traversal.patch diff --git a/bug-870433_pam_timestamp-fix-directory-traversal.patch b/bug-870433_pam_timestamp-fix-directory-traversal.patch new file mode 100644 index 0000000..3d7c872 --- /dev/null +++ b/bug-870433_pam_timestamp-fix-directory-traversal.patch @@ -0,0 +1,53 @@ +From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Wed, 26 Mar 2014 22:17:23 +0000 +Subject: [PATCH] pam_timestamp: fix potential directory traversal issue + (ticket #27) + +pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of +the timestamp pathname it creates, so extra care should be taken to +avoid potential directory traversal issues. + +* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat +"." and ".." tty values as invalid. +(get_ruser): Treat "." and ".." ruser values, as well as any ruser +value containing '/', as invalid. + +Fixes CVE-2014-2583. + +Reported-by: Sebastian Krahmer +--- + modules/pam_timestamp/pam_timestamp.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c +index 5193733..b3f08b1 100644 +--- a/modules/pam_timestamp/pam_timestamp.c ++++ b/modules/pam_timestamp/pam_timestamp.c +@@ -158,7 +158,7 @@ check_tty(const char *tty) + tty = strrchr(tty, '/') + 1; + } + /* Make sure the tty wasn't actually a directory (no basename). */ +- if (strlen(tty) == 0) { ++ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { + return NULL; + } + return tty; +@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) + if (pwd != NULL) { + ruser = pwd->pw_name; + } ++ } else { ++ /* ++ * This ruser is used by format_timestamp_name as a component ++ * of constructed timestamp pathname, so ".", "..", and '/' ++ * are disallowed to avoid potential path traversal issues. ++ */ ++ if (!strcmp(ruser, ".") || ++ !strcmp(ruser, "..") || ++ strchr(ruser, '/')) { ++ ruser = NULL; ++ } + } + if (ruser == NULL || strlen(ruser) >= ruserbuflen) { + *ruserbuf = '\0'; diff --git a/pam.changes b/pam.changes index 15a8c82..573cc47 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + ------------------------------------------------------------------- Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com diff --git a/pam.spec b/pam.spec index b4769c9..3d85e4b 100644 --- a/pam.spec +++ b/pam.spec @@ -55,6 +55,7 @@ Patch0: fix-man-links.dif Patch1: Linux-PAM-git-20140127.diff Patch2: pam_loginuid-log_write_errors.diff Patch3: pam_xauth-sigpipe.diff +Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -102,6 +103,7 @@ building both PAM-aware applications and modules for use with PAM. %patch1 -p2 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build export CFLAGS="%optflags -DNDEBUG" -- 2.51.1 From bdcad7ea0ff71c9b8963a9707b4f33c8faee0b57628d5f6256fbeb6244b92011 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 25 Dec 2014 17:01:00 +0000 Subject: [PATCH 082/226] Accepting request 242966 from home:bmwiedemann:branches:Linux-PAM limit number of processes to 700 by default to harden against fork-bombs OBS-URL: https://build.opensuse.org/request/show/242966 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=141 --- pam-limit-nproc.patch | 15 +++++++++++++++ pam.changes | 6 ++++++ pam.spec | 2 ++ 3 files changed, 23 insertions(+) create mode 100644 pam-limit-nproc.patch diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..756946c --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,15 @@ +Index: Linux-PAM-1.1.8/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.1.8.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.1.8/modules/pam_limits/limits.conf +@@ -47,4 +47,10 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# harden against fork-bombs ++* hard nproc 800 ++* soft nproc 700 ++root hard nproc 900 ++root soft nproc 850 ++ + # End of file diff --git a/pam.changes b/pam.changes index 573cc47..3fe0bf9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + ------------------------------------------------------------------- Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com diff --git a/pam.spec b/pam.spec index 3d85e4b..da993fa 100644 --- a/pam.spec +++ b/pam.spec @@ -56,6 +56,7 @@ Patch1: Linux-PAM-git-20140127.diff Patch2: pam_loginuid-log_write_errors.diff Patch3: pam_xauth-sigpipe.diff Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch +Patch5: pam-limit-nproc.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -104,6 +105,7 @@ building both PAM-aware applications and modules for use with PAM. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build export CFLAGS="%optflags -DNDEBUG" -- 2.51.1 From dc953fdb0f013f3cff0fb8773016fad41b0a915ce468c96e4d3c21175fd5444c Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 9 Jan 2015 14:23:58 +0000 Subject: [PATCH 083/226] - Update to current git: - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff - obsoletes pam_loginuid-log_write_errors.diff - obsoletes pam_xauth-sigpipe.diff - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=143 --- Linux-PAM-git-20140127.diff | 1015 - Linux-PAM-git-20150109.diff | 38180 ++++++++++++++++ ...am_timestamp-fix-directory-traversal.patch | 53 - pam.changes | 9 + pam.spec | 17 +- pam_loginuid-log_write_errors.diff | 47 - pam_xauth-sigpipe.diff | 36 - 7 files changed, 38197 insertions(+), 1160 deletions(-) delete mode 100644 Linux-PAM-git-20140127.diff create mode 100644 Linux-PAM-git-20150109.diff delete mode 100644 bug-870433_pam_timestamp-fix-directory-traversal.patch delete mode 100644 pam_loginuid-log_write_errors.diff delete mode 100644 pam_xauth-sigpipe.diff diff --git a/Linux-PAM-git-20140127.diff b/Linux-PAM-git-20140127.diff deleted file mode 100644 index 7c23d18..0000000 --- a/Linux-PAM-git-20140127.diff +++ /dev/null @@ -1,1015 +0,0 @@ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/ChangeLog new/linux-pam-1.1.8/ChangeLog ---- old/Linux-PAM-1.1.8/ChangeLog 2013-09-19 11:33:00.000000000 +0200 -+++ new/linux-pam-1.1.8/ChangeLog 2014-01-27 15:04:04.000000000 +0100 -@@ -1,3 +1,272 @@ -+2014-01-27 Dmitry V. Levin -+ -+ Fix gratuitous use of strdup and x_strdup. -+ There is no need to copy strings passed as arguments to execve, -+ the only potentially noticeable effect of using strdup/x_strdup -+ would be a malformed argument list in case of memory allocation error. -+ -+ Also, x_strdup, being a thin wrapper around strdup, is of no benefit -+ when its argument is known to be non-NULL, and should not be used in -+ such cases. -+ -+ * modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup -+ instead of x_strdup, the latter is of no benefit in this case. -+ * modules/pam_ftp/pam_ftp.c (lookup): Likewise. -+ * modules/pam_userdb/pam_userdb.c (user_lookup): Likewise. -+ * modules/pam_userdb/pam_userdb.h (x_strdup): Remove. -+ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use -+ x_strdup for strings passed as arguments to execve. -+ * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. -+ * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. -+ * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. -+ (_unix_verify_password): Use strdup instead of x_strdup, the latter -+ is of no benefit in this case. -+ * modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for -+ strings passed as arguments to execv. -+ -+ pam_userdb: fix password hash comparison. -+ Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed -+ passwords support in pam_userdb, hashes are compared case-insensitively. -+ This bug leads to accepting hashes for completely different passwords in -+ addition to those that should be accepted. -+ -+ Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for -+ modern password hashes with different lengths and settings, did not -+ update the hash comparison accordingly, which leads to accepting -+ computed hashes longer than stored hashes when the latter is a prefix -+ of the former. -+ -+ * modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed -+ hash whose length differs from the stored hash length. -+ Compare computed and stored hashes case-sensitively. -+ Fixes CVE-2013-7041. -+ -+ Bug-Debian: http://bugs.debian.org/731368 -+ -+2014-01-24 Dmitry V. Levin -+ -+ pam_xauth: log fatal errors preventing xauth process execution. -+ * modules/pam_xauth/pam_xauth.c (run_coprocess): Log errors from pipe() -+ and fork() calls. -+ -+2014-01-22 Dmitry V. Levin -+ -+ pam_loginuid: cleanup loginuid buffer initialization. -+ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Move loginuid -+ buffer initialization closer to its first use. -+ -+ libpam_misc: fix an inconsistency in handling memory allocation errors. -+ When misc_conv fails to allocate memory for pam_response array, it -+ returns PAM_CONV_ERR. However, when read_string fails to allocate -+ memory for a response string, it loses the response string and silently -+ ignores the error, with net result as if EOF has been read. -+ -+ * libpam_misc/misc_conv.c (read_string): Use strdup instead of x_strdup, -+ the latter is of no benefit in this case. -+ Do not ignore potential memory allocation errors returned by strdup, -+ forward them to misc_conv. -+ -+2014-01-20 Dmitry V. Levin -+ -+ pam_limits: fix utmp->ut_user handling. -+ ut_user member of struct utmp is a string that is not necessarily -+ null-terminated, so extra care should be taken when using it. -+ -+ * modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to -+ a null-terminated string and consistently use it where a null-terminated -+ string is expected. -+ -+ pam_mkhomedir: check and create home directory for the same user (ticket #22) -+ Before pam_mkhomedir helper was introduced in commit -+ 7b14630ef39e71f603aeca0c47edf2f384717176, pam_mkhomedir was checking for -+ existance and creating the same directory - the home directory of the -+ user NAME returned by pam_get_item(PAM_USER). -+ -+ The change in behaviour accidentally introduced along with -+ mkhomedir_helper is not consistent: while the module still checks for -+ getpwnam(NAME)->pw_dir, the directory created by mkhomedir_helper is -+ getpwnam(getpwnam(NAME)->pw_name)->pw_dir, which is not necessarily -+ the same as the directory being checked. -+ -+ This change brings check and creation back in sync, both handling -+ getpwnam(NAME)->pw_dir. -+ -+ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Replace -+ "struct passwd *" argument with user's name and home directory. -+ Pass user's name to MKHOMEDIR_HELPER. -+ (pam_sm_open_session): Update create_homedir call. -+ -+2014-01-20 Tomas Mraz -+ -+ pam_limits: detect and ignore stale utmp entries. -+ Original idea by Christopher Hailey -+ -+ * modules/pam_limits/pam_limits.c (check_logins): Use kill() to -+ detect if pid of the utmp entry is still running and ignore the entry -+ if it is not. -+ -+2014-01-19 Stéphane Graber -+ -+ pam_loginuid: Always return PAM_IGNORE in userns. -+ The previous patch to support user namespaces works fine with containers -+ that are started from a desktop/terminal session but fails when dealing -+ with containers that were started from a remote session such as ssh. -+ -+ I haven't looked at the exact reason for that in the kernel but on the -+ userspace side of things, the difference is that containers started from -+ an ssh session will happily let pam open /proc/self/loginuid read-write, -+ will let it read its content but will then fail with EPERM when trying -+ to write to it. -+ -+ So to make the userns support bullet proof, this commit moves the userns -+ check earlier in the function (which means a small performance impact as -+ it'll now happen everytime on kernels that have userns support) and will -+ set rc = PAM_IGNORE instead of rc = PAM_ERROR. -+ -+ The rest of the code is still executed in the event that PAM is run on a -+ future kernel where we have some kind of audit namespace that includes a -+ working loginuid. -+ -+2014-01-15 Steve Langasek -+ -+ pam_namespace: don't use bashisms in default namespace.init script. -+ * modules/pam_namespace/pam_namespace.c: call setuid() before execing the -+ namespace init script, so that scripts run with maximum privilege regardless -+ of the shell implementation. -+ * modules/pam_namespace/namespace.init: drop the '-p' bashism from the -+ shebang line -+ -+ This is not a POSIX standard option, it's a bashism. The bash manpage says -+ that it's used to prevent the effective user id from being reset to the real -+ user id on startup, and to ignore certain unsafe variables from the -+ environment. -+ -+ In the case of pam_namespace, the -p is not necessary for environment -+ sanitizing because the PAM module (properly) sanitizes the environment -+ before execing the script. -+ -+ The stated reason given in CVS history for passing -p is to "preserve euid -+ when called from setuid apps (su, newrole)." This should be done more -+ portably, by calling setuid() before spawning the shell. -+ -+ Bug-Debian: http://bugs.debian.org/624842 -+ Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 -+ -+2014-01-10 Stéphane Graber -+ -+ pam_loginuid: Ignore failure in user namespaces. -+ When running pam_loginuid in a container using the user namespaces, even -+ uid 0 isn't allowed to set the loginuid property. -+ -+ This change catches the EACCES from opening loginuid, checks if the user -+ is in the host namespace (by comparing the uid_map with the host's one) -+ and only if that's the case, sets rc to 1. -+ -+ Should uid_map not exist or be unreadable for some reason, it'll be -+ assumed that the process is running on the host's namespace. -+ -+ The initial reason behind this change was failure to ssh into an -+ unprivileged container (using a 3.13 kernel and current LXC) when using -+ a standard pam profile for sshd (which requires success from -+ pam_loginuid). -+ -+ I believe this solution doesn't have any drawback and will allow people -+ to use unprivileged containers normally. An alternative would be to have -+ all distros set pam_loginuid as optional but that'd be bad for any of -+ the other potential failure case which people may care about. -+ -+ There has also been some discussions to get some of the audit features -+ tied with the user namespaces but currently none of that has been merged -+ upstream and the currently proposed implementation doesn't cover -+ loginuid (nor is it clear how this should even work when loginuid is set -+ as immutable after initial write). -+ -+2014-01-10 Dmitry V. Levin -+ -+ pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist. -+ When /proc/self/loginuid does not exist, return PAM_IGNORE instead of -+ PAM_SUCCESS, so that we can distinguish between "loginuid set -+ successfully" and "loginuid not set, but this is expected". -+ -+ Suggested by Steve Langasek. -+ -+ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return -+ code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid -+ does not exist, PAM_SESSION_ERR in case of any other error. -+ (_pam_loginuid): Forward the PAM error code returned by set_loginuid. -+ -+2013-11-20 Dmitry V. Levin -+ -+ pam_access: fix debug level logging (ticket #19) -+ * modules/pam_access/pam_access.c (group_match): Log the group token -+ passed to the function, not an uninitialized data on the stack. -+ -+ pam_warn: log flags passed to the module (ticket #25) -+ * modules/pam_warn/pam_warn.c (log_items): Take "flags" argument and -+ log it using pam_syslog. -+ (pam_sm_authenticate, pam_sm_setcred, pam_sm_chauthtok, -+ pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session): Pass -+ "flags" argument to log_items. -+ -+ Modernize AM_INIT_AUTOMAKE invocation. -+ Before this change, automake complained that two- and three-arguments -+ forms of AM_INIT_AUTOMAKE are deprecated. -+ -+ * configure.in: Pass PACKAGE and VERSION arguments to AC_INIT instead -+ of AM_INIT_AUTOMAKE. -+ -+ Fix autoconf warnings. -+ Before this change, autoconf complained that AC_COMPILE_IFELSE -+ and AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS. -+ -+ * configure.in: Call AC_USE_SYSTEM_EXTENSIONS before LT_INIT. -+ -+ pam_securetty: check return value of fgets. -+ Checking return value of fgets not only silences the warning from glibc -+ but also leads to a cleaner code. -+ -+ * modules/pam_securetty/pam_securetty.c (securetty_perform_check): -+ Check return value of fgets. -+ -+ pam_lastlog: fix format string. -+ gcc -Wformat justly complains: -+ format '%d' expects argument of type 'int', but argument 5 has type 'time_t' -+ -+ * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format -+ string. -+ -+2013-11-20 Darren Tucker -+ -+ If the correct loginuid is set already, skip writing it. -+ modules/pam_loginuid/pam_loginuid.c (set_loginuid): Read the current loginuid -+ and skip writing if already correctly set. -+ -+2013-11-11 Thorsten Kukuk -+ -+ Always ask for old password if changing NIS account. -+ * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask -+ for old password if NIS account. -+ -+2013-11-08 Thorsten Kukuk -+ -+ Allow DES as compatibility option for /etc/login.defs. -+ * modules/pam_unix/support.h: Add UNIX_DES -+ -+2013-10-14 Tomas Mraz -+ -+ Docfix: pam_prompt() and pam_vprompt() return int. -+ doc/man/pam_prompt.3.xml: pam_prompt() and pam_vprompt() return int. -+ -+ Make pam_tty_audit work with old kernels not supporting log_passwd. -+ modules/pam_tty_audit/pam_tty_audit.c(nl_recv): Pad result with zeros -+ if message is short from older kernel. -+ -+2013-09-25 Tomas Mraz -+ -+ Fix pam_tty_audit log_passwd support and regression. -+ modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include. -+ (pam_sm_open_session): Always copy the old status as initialization of new. -+ - 2013-09-19 Thorsten Kukuk - - Release version 1.1.8. -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml new/linux-pam-1.1.8/doc/man/pam_prompt.3.xml ---- old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/doc/man/pam_prompt.3.xml 2013-11-08 14:33:32.000000000 +0100 -@@ -22,7 +22,7 @@ - - #include <security/pam_ext.h> - -- void pam_prompt -+ int pam_prompt - pam_handle_t *pamh - int style - char **response -@@ -30,7 +30,7 @@ - ... - - -- void pam_vprompt -+ int pam_vprompt - pam_handle_t *pamh - int style - char **response -@@ -75,7 +75,7 @@ - PAM_SUCCESS - - -- Transaction was successful created. -+ Conversation succeded, response is set. - - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c new/linux-pam-1.1.8/libpam_misc/misc_conv.c ---- old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/libpam_misc/misc_conv.c 2014-01-25 07:35:59.000000000 +0100 -@@ -210,8 +210,12 @@ - } - line[nc] = '\0'; - } -- *retstr = x_strdup(line); -+ *retstr = strdup(line); - _pam_overwrite(line); -+ if (!*retstr) { -+ D(("no memory for response string")); -+ nc = -1; -+ } - - goto cleanexit; /* return malloc()ed string */ - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c new/linux-pam-1.1.8/modules/pam_access/pam_access.c ---- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_access/pam_access.c 2014-01-09 16:28:39.000000000 +0100 -@@ -573,7 +573,7 @@ - - if (debug) - pam_syslog (pamh, LOG_DEBUG, -- "group_match: grp=%s, user=%s", grptok, usr); -+ "group_match: grp=%s, user=%s", tok, usr); - - if (strlen(tok) < 3) - return NO; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c new/linux-pam-1.1.8/modules/pam_cracklib/pam_cracklib.c ---- old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_cracklib/pam_cracklib.c 2014-01-27 15:02:50.000000000 +0100 -@@ -619,16 +619,16 @@ - return msg; - } - -- newmono = str_lower(x_strdup(new)); -+ newmono = str_lower(strdup(new)); - if (!newmono) - msg = _("memory allocation error"); - -- usermono = str_lower(x_strdup(user)); -+ usermono = str_lower(strdup(user)); - if (!usermono) - msg = _("memory allocation error"); - - if (!msg && old) { -- oldmono = str_lower(x_strdup(old)); -+ oldmono = str_lower(strdup(old)); - if (oldmono) - wrapped = malloc(strlen(oldmono) * 2 + 1); - if (wrapped) { -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c new/linux-pam-1.1.8/modules/pam_ftp/pam_ftp.c ---- old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_ftp/pam_ftp.c 2014-01-27 15:02:50.000000000 +0100 -@@ -81,7 +81,7 @@ - char *list_copy, *x; - char *sptr = NULL; - -- list_copy = x_strdup(list); -+ list_copy = strdup(list); - x = list_copy; - while (list_copy && (l = strtok_r(x, ",", &sptr))) { - x = NULL; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c ---- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-11-28 11:37:54.000000000 +0100 -@@ -628,7 +628,8 @@ - lltime = (time(NULL) - lltime) / (24*60*60); - - if (lltime > inactive_days) { -- pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime); -+ pam_syslog(pamh, LOG_INFO, "user %s inactive for %ld days - denied", -+ user, (long) lltime); - return PAM_AUTH_ERR; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c new/linux-pam-1.1.8/modules/pam_limits/pam_limits.c ---- old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_limits/pam_limits.c 2014-01-25 07:35:59.000000000 +0100 -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -269,16 +270,27 @@ - continue; - } - if (!pl->flag_numsyslogins) { -+ char user[sizeof(ut->UT_USER) + 1]; -+ user[0] = '\0'; -+ strncat(user, ut->UT_USER, sizeof(ut->UT_USER)); -+ - if (((pl->login_limit_def == LIMITS_DEF_USER) - || (pl->login_limit_def == LIMITS_DEF_GROUP) - || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) -- && strncmp(name, ut->UT_USER, sizeof(ut->UT_USER)) != 0) { -+ && strcmp(name, user) != 0) { - continue; - } - if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) -- && !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { -+ && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { - continue; - } -+ if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { -+ /* process does not exist anymore */ -+ pam_syslog(pamh, LOG_WARNING, -+ "Stale utmp entry (pid %d) for '%s' ignored", -+ ut->ut_pid, user); -+ continue; -+ } - } - if (++count > limit) { - break; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c ---- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_loginuid/pam_loginuid.c 2014-01-25 07:35:59.000000000 +0100 -@@ -47,25 +47,50 @@ - - /* - * This function writes the loginuid to the /proc system. It returns -- * 0 on success and 1 on failure. -+ * PAM_SUCCESS on success, -+ * PAM_IGNORE when /proc/self/loginuid does not exist, -+ * PAM_SESSION_ERR in case of any other error. - */ - static int set_loginuid(pam_handle_t *pamh, uid_t uid) - { -- int fd, count, rc = 0; -- char loginuid[24]; -+ int fd, count, rc = PAM_SESSION_ERR; -+ char loginuid[24], buf[24]; -+ static const char host_uid_map[] = " 0 0 4294967295\n"; -+ char uid_map[sizeof(host_uid_map)]; -+ -+ /* loginuid in user namespaces currently isn't writable and in some -+ case, not even readable, so consider any failure as ignorable (but try -+ anyway, in case we hit a kernel which supports it). */ -+ fd = open("/proc/self/uid_map", O_RDONLY); -+ if (fd >= 0) { -+ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); -+ if (strncmp(uid_map, host_uid_map, count) != 0) -+ rc = PAM_IGNORE; -+ close(fd); -+ } - -- count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); -- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); -+ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); - if (fd < 0) { -- if (errno != ENOENT) { -- rc = 1; -+ if (errno == ENOENT) { -+ rc = PAM_IGNORE; -+ } -+ if (rc != PAM_IGNORE) { - pam_syslog(pamh, LOG_ERR, - "Cannot open /proc/self/loginuid: %m"); - } - return rc; - } -- if (pam_modutil_write(fd, loginuid, count) != count) -- rc = 1; -+ -+ count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); -+ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && -+ memcmp(buf, loginuid, count) == 0) { -+ rc = PAM_SUCCESS; -+ goto done; /* already correct */ -+ } -+ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && -+ pam_modutil_write(fd, loginuid, count) == count) -+ rc = PAM_SUCCESS; -+ done: - close(fd); - return rc; - } -@@ -165,6 +190,7 @@ - { - const char *user = NULL; - struct passwd *pwd; -+ int ret; - #ifdef HAVE_LIBAUDIT - int require_auditd = 0; - #endif -@@ -183,9 +209,14 @@ - return PAM_SESSION_ERR; - } - -- if (set_loginuid(pamh, pwd->pw_uid)) { -- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); -- return PAM_SESSION_ERR; -+ ret = set_loginuid(pamh, pwd->pw_uid); -+ switch (ret) { -+ case PAM_SUCCESS: -+ case PAM_IGNORE: -+ break; -+ default: -+ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); -+ return ret; - } - - #ifdef HAVE_LIBAUDIT -@@ -195,11 +226,12 @@ - argv++; - } - -- if (require_auditd) -- return check_auditd(); -- else -+ if (require_auditd) { -+ int rc = check_auditd(); -+ return rc != PAM_SUCCESS ? rc : ret; -+ } else - #endif -- return PAM_SUCCESS; -+ return ret; - } - - /* -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c new/linux-pam-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c ---- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2014-01-27 15:02:50.000000000 +0100 -@@ -103,14 +103,14 @@ - /* Do the actual work of creating a home dir */ - static int - create_homedir (pam_handle_t *pamh, options_t *opt, -- const struct passwd *pwd) -+ const char *user, const char *dir) - { - int retval, child; - struct sigaction newsa, oldsa; - - /* Mention what is happening, if the notification fails that is OK */ - if (!(opt->ctrl & MKHOMEDIR_QUIET)) -- pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); -+ pam_info(pamh, _("Creating directory '%s'."), dir); - - - D(("called.")); -@@ -134,7 +134,7 @@ - int i; - struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL, NULL }; -+ const char *args[] = { NULL, NULL, NULL, NULL, NULL }; - - if (getrlimit(RLIMIT_NOFILE, &rlim)==0) { - if (rlim.rlim_max >= MAX_FD_NO) -@@ -145,12 +145,12 @@ - } - - /* exec the mkhomedir helper */ -- args[0] = x_strdup(MKHOMEDIR_HELPER); -- args[1] = pwd->pw_name; -- args[2] = x_strdup(opt->umask); -- args[3] = x_strdup(opt->skeldir); -+ args[0] = MKHOMEDIR_HELPER; -+ args[1] = user; -+ args[2] = opt->umask; -+ args[3] = opt->skeldir; - -- execve(MKHOMEDIR_HELPER, args, envp); -+ execve(MKHOMEDIR_HELPER, (char *const *) args, envp); - - /* should not get here: exit with error */ - D(("helper binary is not available")); -@@ -181,7 +181,7 @@ - - if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { - pam_error(pamh, _("Unable to create and initialize directory '%s'."), -- pwd->pw_dir); -+ dir); - } - - D(("returning %d", retval)); -@@ -230,7 +230,7 @@ - return PAM_SUCCESS; - } - -- return create_homedir(pamh, &opt, pwd); -+ return create_homedir(pamh, &opt, user, pwd->pw_dir); - } - - /* Ignore */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init new/linux-pam-1.1.8/modules/pam_namespace/namespace.init ---- old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_namespace/namespace.init 2014-01-25 07:35:59.000000000 +0100 -@@ -1,4 +1,4 @@ --#!/bin/sh -p -+#!/bin/sh - # It receives polydir path as $1, the instance path as $2, - # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, - # and user name in $4. -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c new/linux-pam-1.1.8/modules/pam_namespace/pam_namespace.c ---- old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_namespace/pam_namespace.c 2014-01-25 07:35:59.000000000 +0100 -@@ -1205,6 +1205,11 @@ - _exit(1); - } - #endif -+ /* Pass maximum privs when we exec() */ -+ if (setuid(geteuid()) < 0) { -+ /* ignore failures, they don't matter */ -+ } -+ - if (execle(init_script, init_script, - polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) - _exit(1); -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c new/linux-pam-1.1.8/modules/pam_securetty/pam_securetty.c ---- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_securetty/pam_securetty.c 2013-11-28 11:37:54.000000000 +0100 -@@ -159,11 +159,10 @@ - if (cmdlinefile != NULL) { - char line[LINE_MAX], *p; - -- line[0] = 0; -- fgets(line, sizeof(line), cmdlinefile); -+ p = fgets(line, sizeof(line), cmdlinefile); - fclose(cmdlinefile); - -- for (p = line; p; p = strstr(p+1, "console=")) { -+ for (; p; p = strstr(p+1, "console=")) { - char *e; - - /* Test whether this is a beginning of a word? */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c new/linux-pam-1.1.8/modules/pam_tty_audit/pam_tty_audit.c ---- old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2013-08-28 10:53:40.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2013-11-08 14:33:32.000000000 +0100 -@@ -36,6 +36,7 @@ - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - DAMAGE. */ - -+#include "config.h" - #include - #include - #include -@@ -108,7 +109,7 @@ - struct msghdr msg; - struct nlmsghdr nlm; - struct iovec iov[2]; -- ssize_t res; -+ ssize_t res, resdiff; - - again: - iov[0].iov_base = &nlm; -@@ -160,12 +161,17 @@ - res = recvmsg (fd, &msg, 0); - if (res == -1) - return -1; -- if ((size_t)res != NLMSG_LENGTH (size) -+ resdiff = NLMSG_LENGTH(size) - (size_t)res; -+ if (resdiff < 0 - || nlm.nlmsg_type != type) - { - errno = EIO; - return -1; - } -+ else if (resdiff > 0) -+ { -+ memset((char *)buf + size - resdiff, 0, resdiff); -+ } - return 0; - } - -@@ -275,6 +281,8 @@ - return PAM_SESSION_ERR; - } - -+ memcpy(&new_status, old_status, sizeof(new_status)); -+ - new_status.enabled = (command == CMD_ENABLE ? 1 : 0); - #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD - new_status.log_passwd = log_passwd; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c new/linux-pam-1.1.8/modules/pam_unix/pam_unix_acct.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c 2013-09-16 11:11:51.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/pam_unix_acct.c 2014-01-27 15:02:50.000000000 +0100 -@@ -101,7 +101,7 @@ - int i=0; - struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL }; -+ const char *args[] = { NULL, NULL, NULL, NULL }; - - /* reopen stdout as pipe */ - dup2(fds[1], STDOUT_FILENO); -@@ -130,11 +130,11 @@ - } - - /* exec binary helper */ -- args[0] = x_strdup(CHKPWD_HELPER); -- args[1] = x_strdup(user); -- args[2] = x_strdup("chkexpiry"); -+ args[0] = CHKPWD_HELPER; -+ args[1] = user; -+ args[2] = "chkexpiry"; - -- execve(CHKPWD_HELPER, args, envp); -+ execve(CHKPWD_HELPER, (char *const *) args, envp); - - pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); - /* should not get here: exit with error */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c new/linux-pam-1.1.8/modules/pam_unix/pam_unix_passwd.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-09-16 11:09:47.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/pam_unix_passwd.c 2014-01-27 15:02:50.000000000 +0100 -@@ -204,7 +204,7 @@ - int i=0; - struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; -+ const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; - char buffer[16]; - - /* XXX - should really tidy up PAM here too */ -@@ -222,18 +222,18 @@ - } - - /* exec binary helper */ -- args[0] = x_strdup(UPDATE_HELPER); -- args[1] = x_strdup(user); -- args[2] = x_strdup("update"); -+ args[0] = UPDATE_HELPER; -+ args[1] = user; -+ args[2] = "update"; - if (on(UNIX_SHADOW, ctrl)) -- args[3] = x_strdup("1"); -+ args[3] = "1"; - else -- args[3] = x_strdup("0"); -+ args[3] = "0"; - - snprintf(buffer, sizeof(buffer), "%d", remember); -- args[4] = x_strdup(buffer); -+ args[4] = buffer; - -- execve(UPDATE_HELPER, args, envp); -+ execve(UPDATE_HELPER, (char *const *) args, envp); - - /* should not get here: exit with error */ - D(("helper binary is not available")); -@@ -614,7 +614,8 @@ - - if (_unix_blankpasswd(pamh, ctrl, user)) { - return PAM_SUCCESS; -- } else if (off(UNIX__IAMROOT, ctrl)) { -+ } else if (off(UNIX__IAMROOT, ctrl) || -+ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { - /* instruct user what is happening */ - if (asprintf(&Announce, _("Changing password for %s."), - user) < 0) { -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.c new/linux-pam-1.1.8/modules/pam_unix/support.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/support.c 2013-09-16 11:11:51.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/support.c 2014-01-27 15:02:50.000000000 +0100 -@@ -567,7 +567,7 @@ - int i=0; - struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL }; -+ const char *args[] = { NULL, NULL, NULL, NULL }; - - /* XXX - should really tidy up PAM here too */ - -@@ -593,15 +593,15 @@ - } - - /* exec binary helper */ -- args[0] = strdup(CHKPWD_HELPER); -- args[1] = x_strdup(user); -+ args[0] = CHKPWD_HELPER; -+ args[1] = user; - if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ -- args[2]=strdup("nullok"); -+ args[2]="nullok"; - } else { -- args[2]=strdup("nonull"); -+ args[2]="nonull"; - } - -- execve(CHKPWD_HELPER, args, envp); -+ execve(CHKPWD_HELPER, (char *const *) args, envp); - - /* should not get here: exit with error */ - D(("helper binary is not available")); -@@ -788,10 +788,10 @@ - login_name = ""; - } - -- new->user = x_strdup(name ? name : ""); -+ new->user = strdup(name ? name : ""); - new->uid = getuid(); - new->euid = geteuid(); -- new->name = x_strdup(login_name); -+ new->name = strdup(login_name); - - /* any previous failures for this user ? */ - if (pam_get_data(pamh, data_name, &void_old) -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.h new/linux-pam-1.1.8/modules/pam_unix/support.h ---- old/Linux-PAM-1.1.8/modules/pam_unix/support.h 2013-06-18 16:24:05.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_unix/support.h 2014-01-27 15:02:38.000000000 +0100 -@@ -97,8 +97,9 @@ - password hash algorithms */ - #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ - #define UNIX_MIN_PASS_LEN 27 /* min length for password */ -+#define UNIX_DES 28 /* DES, default */ - /* -------------- */ --#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ - - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) - -@@ -135,6 +136,7 @@ - /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, - /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, - /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.c ---- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.c 2014-01-27 15:02:50.000000000 +0100 -@@ -184,7 +184,7 @@ - else - key.dsize = strlen(key.dptr); - } else { -- key.dptr = x_strdup(user); -+ key.dptr = strdup(user); - key.dsize = strlen(user); - } - -@@ -222,12 +222,15 @@ - } else { - cryptpw = crypt (pass, data.dptr); - -- if (cryptpw) { -- compare = strncasecmp (data.dptr, cryptpw, data.dsize); -+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { -+ compare = memcmp(data.dptr, cryptpw, data.dsize); - } else { - compare = -2; - if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); -+ if (cryptpw) -+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); -+ else -+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); - } - }; - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.h ---- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_userdb/pam_userdb.h 2014-01-27 15:02:50.000000000 +0100 -@@ -15,9 +15,6 @@ - #define PAM_USE_FPASS_ARG 0x0040 - #define PAM_TRY_FPASS_ARG 0x0080 - --/* Useful macros */ --#define x_strdup(s) ( (s) ? strdup(s):NULL ) -- - /* The name of the module we are compiling */ - #ifndef MODULE_NAME - #define MODULE_NAME "pam_userdb" -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c new/linux-pam-1.1.8/modules/pam_warn/pam_warn.c ---- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_warn/pam_warn.c 2013-11-28 11:37:54.000000000 +0100 -@@ -33,7 +33,7 @@ - value = value ? value : default_value ; \ - } while (0) - --static void log_items(pam_handle_t *pamh, const char *function) -+static void log_items(pam_handle_t *pamh, const char *function, int flags) - { - const void *service=NULL, *user=NULL, *terminal=NULL, - *rhost=NULL, *ruser=NULL; -@@ -45,8 +45,8 @@ - OBTAIN(PAM_RHOST, rhost, ""); - - pam_syslog(pamh, LOG_NOTICE, -- "function=[%s] service=[%s] terminal=[%s] user=[%s]" -- " ruser=[%s] rhost=[%s]\n", function, -+ "function=[%s] flags=%#x service=[%s] terminal=[%s] user=[%s]" -+ " ruser=[%s] rhost=[%s]\n", function, flags, - (const char *) service, (const char *) terminal, - (const char *) user, (const char *) ruser, - (const char *) rhost); -@@ -55,52 +55,52 @@ - /* --- authentication management functions (only) --- */ - - PAM_EXTERN --int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN --int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - /* password updating functions */ - - PAM_EXTERN --int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c new/linux-pam-1.1.8/modules/pam_xauth/pam_xauth.c ---- old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/linux-pam-1.1.8/modules/pam_xauth/pam_xauth.c 2014-01-27 15:02:50.000000000 +0100 -@@ -103,9 +103,11 @@ - - /* Create stdio pipery. */ - if (pipe(ipipe) == -1) { -+ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); - return -1; - } - if (pipe(opipe) == -1) { -+ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); - close(ipipe[0]); - close(ipipe[1]); - return -1; -@@ -114,6 +116,7 @@ - /* Fork off a child. */ - child = fork(); - if (child == -1) { -+ pam_syslog(pamh, LOG_ERR, "Could not fork: %m"); - close(ipipe[0]); - close(ipipe[1]); - close(opipe[0]); -@@ -124,8 +127,7 @@ - if (child == 0) { - /* We're the child. */ - size_t j; -- char *args[10]; -- const char *tmp; -+ const char *args[10]; - int maxopened; - /* Drop privileges. */ - if (setgid(gid) == -1) -@@ -163,16 +165,15 @@ - } - /* Convert the varargs list into a regular array of strings. */ - va_start(ap, command); -- args[0] = strdup(command); -+ args[0] = command; - for (j = 1; j < ((sizeof(args) / sizeof(args[0])) - 1); j++) { -- tmp = va_arg(ap, const char*); -- if (tmp == NULL) { -+ args[j] = va_arg(ap, const char*); -+ if (args[j] == NULL) { - break; - } -- args[j] = strdup(tmp); - } - /* Run the command. */ -- execv(command, args); -+ execv(command, (char *const *) args); - /* Never reached. */ - _exit(1); - } diff --git a/Linux-PAM-git-20150109.diff b/Linux-PAM-git-20150109.diff new file mode 100644 index 0000000..b2cf2fa --- /dev/null +++ b/Linux-PAM-git-20150109.diff @@ -0,0 +1,38180 @@ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/ChangeLog new/Linux-PAM-1.1.8/ChangeLog +--- old/Linux-PAM-1.1.8/ChangeLog 2013-09-19 11:33:00.000000000 +0200 ++++ new/Linux-PAM-1.1.8/ChangeLog 2015-01-09 14:33:01.000000000 +0100 +@@ -1,3 +1,584 @@ ++2015-01-07 Dmitry V. Levin ++ ++ Remove unmodified GNU gettext files installed by autopoint. ++ These files are part of GNU gettext; we have not modified them, they are ++ installed by autopoint which is called by autoreconf, so they had to be ++ removed from this repository along with ABOUT-NLS, config.rpath, and ++ mkinstalldirs files that were removed by commit ++ Linux-PAM-1_1_5-7-g542ec8b. ++ ++ * po/Makefile.in.in: Remove. ++ * po/Rules-quot: Likewise. ++ * po/boldquot.sed: Likewise. ++ * po/en@boldquot.header: Likewise. ++ * po/en@quot.header: Likewise. ++ * po/insert-header.sin: Likewise. ++ * po/quot.sed: Likewise. ++ * po/remove-potcdate.sin: Likewise. ++ * po/.gitignore: Ignore these files. ++ ++2015-01-06 Ronny Chevalier ++ ++ Update .gitignore. ++ * .gitignore: Ignore *.log and *.trs files. ++ ++2015-01-02 Luke Shumaker ++ ++ libpam: Only print "Password change aborted" when it's true. ++ pam_get_authtok() may be used any time that a password needs to be entered, ++ unlike pam_get_authtok_{no,}verify(), which may only be used when ++ changing a password; yet when the user aborts, it prints "Password change ++ aborted." whether or not that was the operation being performed. ++ ++ This bug was non-obvious because none of the modules distributed with ++ Linux-PAM use it for anything but changing passwords; pam_unix has its ++ own utility function that it uses instead. As an example, the ++ nss-pam-ldapd package uses it in pam_sm_authenticate(). ++ ++ libpam/pam_get_authtok.c (pam_get_authtok_internal): check that the ++ password is trying to be changed before printing a message about the ++ password change being aborted. ++ ++2014-12-10 Dmitry V. Levin ++ ++ build: extend cross compiling check to cover CPPFLAGS (ticket #21) ++ Use BUILD_CPPFLAGS variable to override CPPFLAGS where necessary in ++ case of cross compiling, in addition to CC_FOR_BUILD, BUILD_CFLAGS, ++ and BUILD_LDFLAGS variables introduced earlier to override CC, ++ CFLAGS, and LDFLAGS, respectively. ++ ++ * configure.in (BUILD_CPPFLAGS): Define. ++ * doc/specs/Makefile.am (CPPFLAGS): Define to @BUILD_CPPFLAGS@. ++ ++2014-12-09 Dmitry V. Levin ++ ++ Do not use yywrap (ticket #42) ++ Our scanners do not really use yywrap. Explicitly disable yywrap ++ so that no references to yywrap will be generated and no LEXLIB ++ would be needed. ++ ++ * conf/pam_conv1/Makefile.am (pam_conv1_LDADD): Remove. ++ * conf/pam_conv1/pam_conv_l.l: Enable noyywrap option. ++ * doc/specs/Makefile.am (padout_LDADD): Remove. ++ * doc/specs/parse_l.l: Enable noyywrap option. ++ ++2014-12-09 Kyle Manna ++ ++ doc: fix a trivial typo in pam_authenticate return values (ticket #38) ++ * doc/man/pam_authenticate.3.xml: Fix a typo in PAM_AUTHINFO_UNAVAIL. ++ ++2014-12-09 Ronny Chevalier ++ ++ doc: fix typo in pam_authenticate.3.xml. ++ * doc/man/pam_authenticate.3.xml: Fix typo. ++ ++2014-10-17 Tomas Mraz ++ ++ pam_succeed_if: Fix copy&paste error in rhost and tty values. ++ modules/pam_succeed_if/pam_succeed_if.c (evaluate): Use PAM_RHOST ++ and PAM_TTY properly for the rhost and tty values. ++ ++ pam_succeed_if: Use long long type for numeric values. ++ The currently used long with additional conversion to int is ++ too small for uids and gids. ++ ++ modules/pam_succeed_if/pam_succeed_if.c (evaluate_num): Replace ++ strtol() with strtoll() and int with long long in the parameters ++ of comparison functions. ++ ++2014-09-05 Tomas Mraz ++ ++ Add grantor field to audit records of libpam. ++ The grantor field gives audit trail of PAM modules which granted access ++ for successful return from libpam calls. In case of failed return ++ the grantor field is set to '?'. ++ libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call. ++ libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise. ++ libpam/pam_password.c (pam_chauthtok): Likewise. ++ libpam/pam_session.c (pam_open_session, pam_close_session): Likewise. ++ libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter, ++ add grantor= field to the message if grantors is set. ++ (_pam_list_grantors): New function creating the string with grantors list. ++ (_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors() ++ to list the grantors from the handler list. ++ (_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call. ++ (pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog(). ++ libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate. ++ (_pam_clear_grantors): New function to clear grantor field of handler. ++ (_pam_dispatch): Call _pam_clear_grantors() before executing the stack. ++ Call _pam_auditlog() when appropriate. ++ libpam/pam_handlers.c (extract_modulename): Do not allow empty module name ++ or just "?" to avoid confusing audit trail. ++ (_pam_add_handler): Test for NULL return from extract_modulename(). ++ Clear grantor field of handler. ++ libpam/pam_private.h: Add grantor field to struct handler, add handler pointer ++ parameter to _pam_auditlog(). ++ ++2014-08-26 Tomas Mraz ++ ++ pam_mkhomedir: Drop superfluous stat() call. ++ modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Drop superfluous ++ stat() call. ++ ++ pam_exec: Do not depend on open() returning STDOUT_FILENO. ++ modules/pam_exec/pam_exec.c (call_exec): Move the descriptor to ++ STDOUT_FILENO if needed. ++ ++2014-08-25 Robin Hack ++ ++ pam_keyinit: Check return value of setregid. ++ modules/pam_keyinit/pam_keyinit.c (pam_sm_open_session): Log if setregid() fails. ++ ++ pam_filter: Avoid leaking descriptors when fork() fails. ++ modules/pam_filter/pam_filter.c (set_filter): Close descriptors when fork() fails. ++ ++2014-08-14 Robin Hack ++ ++ pam_echo: Avoid leaking file descriptor. ++ modules/pam_echo/pam_echo.c (pam_echo): Close fd in error cases. ++ ++2014-08-13 Robin Hack ++ ++ pam_tty_audit: Silence Coverity reporting uninitialized use. ++ modules/pam_tty_audit/pam_tty_audit.c (nl_recv): Initialize also ++ msg_flags. ++ ++2014-08-13 Tomas Mraz ++ ++ pam_tally2: Avoid uninitialized use of fileinfo. ++ Problem found by Robin Hack . ++ modules/pam_tally2/pam_tally2.c (get_tally): Do not depend on file size ++ just try to read it. ++ ++ pam_access: Avoid uninitialized access of line. ++ * modules/pam_access/pam_access.c (login_access): Reorder condition ++ so line is not accessed when uninitialized. ++ ++2014-08-05 Tomas Mraz ++ ++ pam_lastlog: Properly clean up last_login structure before use. ++ modules/pam_lastlog/pam_lastlog.c (last_login_write): Properly clean up last_login ++ structure before use. ++ ++2014-07-21 Tomas Mraz ++ ++ Make pam_pwhistory and pam_unix tolerant of corrupted opasswd file. ++ * modules/pam_pwhistory/opasswd.c (parse_entry): Test for missing fields ++ in opasswd entry and return error. ++ * modules/pam_unix/passverify.c (save_old_password): Test for missing fields ++ in opasswd entry and skip it. ++ ++2014-07-01 Dmitry V. Levin ++ ++ doc: add missing build dependencies for soelim stubs. ++ * doc/man/Makefile.am [ENABLE_REGENERATE_MAN]: Add dependencies for ++ pam_verror.3, pam_vinfo.3, pam_vprompt.3, and pam_vsyslog.3 soelim stubs. ++ ++2014-06-23 Dmitry V. Levin ++ ++ doc: fix install in case of out of tree build (ticket #31) ++ * doc/adg/Makefile.am (install-data-local, releasedocs): Fall back ++ to srcdir if documentation files haven't been found in builddir. ++ (releasedocs): Treat missing documentation files as an error. ++ * doc/mwg/Makefile.am: Likewise. ++ * doc/sag/Makefile.am: Likewise. ++ ++2014-06-19 Dmitry V. Levin ++ ++ doc: fix installation of adg-*.html and mwg-*.html files (ticket #31) ++ Fix a typo due to which sag-*.html files might be installed instead of ++ adg-*.html and mwg-*.html files. ++ ++ * doc/adg/Makefile.am (install-data-local): Install adg-*.html instead ++ of sag-*.html. ++ * doc/mwg/Makefile.am (install-data-local): Install mwg-*.html instead ++ of sag-*.html. ++ ++ Patch-by: Mike Frysinger ++ ++2014-06-19 Tomas Mraz ++ ++ pam_limits: nofile refers to file descriptors not files. ++ modules/pam_limits/limits.conf.5.xml: Correct documentation of nofile limit. ++ modules/pam_limits/limits.conf: Likewise. ++ ++ pam_limits: clarify documentation of maxlogins and maxsyslogins limits. ++ modules/pam_limits/limits.conf.5.xml: clarify documentation of ++ maxlogins and maxsyslogins limits. ++ ++ pam_unix: Check for NULL return from Goodcrypt_md5(). ++ modules/pam_unix/pam_unix_passwd.c (check_old_password): Check for ++ NULL return from Goodcrypt_md5(). ++ ++ pam_unix: check for NULL return from malloc() ++ * modules/pam_unix/md5_crypt.c (crypt_md5): Check for NULL return from malloc(). ++ ++2014-05-22 Tomas Mraz ++ ++ pam_loginuid: Document one more possible case of PAM_IGNORE return. ++ modules/pam_loginuid/pam_loginuid.8.xml: Document one more possible case ++ of PAM_IGNORE return value. ++ ++ pam_loginuid: Document other possible return values. ++ modules/pam_loginuid/pam_loginuid.8.xml: Document the possible return ++ values. ++ ++2014-03-26 Dmitry V. Levin ++ ++ pam_timestamp: fix potential directory traversal issue (ticket #27) ++ pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of ++ the timestamp pathname it creates, so extra care should be taken to ++ avoid potential directory traversal issues. ++ ++ * modules/pam_timestamp/pam_timestamp.c (check_tty): Treat ++ "." and ".." tty values as invalid. ++ (get_ruser): Treat "." and ".." ruser values, as well as any ruser ++ value containing '/', as invalid. ++ ++ Fixes CVE-2014-2583. ++ ++ Reported-by: Sebastian Krahmer ++ ++2014-03-20 Tomas Mraz ++ ++ pam_userdb: document that .db suffix should not be used. ++ modules/pam_userdb/pam_userdb.8.xml: Document that .db suffix ++ should not be used and correct the example. ++ ++2014-03-11 Tomas Mraz ++ ++ pam_selinux: canonicalize user name. ++ SELinux expects canonical user name for example without domain component. ++ ++ * modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam(). ++ ++2014-01-28 Dmitry V. Levin ++ ++ Change tarball name back to "Linux-PAM" ++ As a side effect of commit Linux-PAM-1_1_8-11-g3fa23ce, tarball name ++ changed accidentally from "Linux-PAM" to "linux-pam". ++ This change brings it back to "Linux-PAM". ++ ++ * configure.in (AC_INIT): Explicitly specify TARNAME argument. ++ ++2014-01-27 Dmitry V. Levin ++ ++ Introduce pam_modutil_sanitize_helper_fds. ++ This change introduces pam_modutil_sanitize_helper_fds - a new function ++ that redirects standard descriptors and closes all other descriptors. ++ ++ pam_modutil_sanitize_helper_fds supports three types of input and output ++ redirection: ++ - PAM_MODUTIL_IGNORE_FD: do not redirect at all. ++ - PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented ++ by creating a pipe, closing its write end, and redirecting stdin to ++ its read end. Likewise, for stdout/stderr it is implemented by ++ creating a pipe, closing its read end, and redirecting to its write ++ end. Unlike stdin redirection, stdout/stderr redirection to a pipe ++ has a side effect that a process writing to such descriptor should be ++ prepared to handle SIGPIPE appropriately. ++ - PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is ++ implemented via PAM_MODUTIL_PIPE_FD because there is no functional ++ difference. For stdout/stderr, it is classic redirection to ++ /dev/null. ++ ++ PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel ++ security restrictions, but when the helper process might be writing to ++ the corresponding descriptor and termination of the helper process by ++ SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD. ++ ++ * libpam/pam_modutil_sanitize.c: New file. ++ * libpam/Makefile.am (libpam_la_SOURCES): Add it. ++ * libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd, ++ pam_modutil_sanitize_helper_fds): New declarations. ++ * libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface. ++ * modules/pam_exec/pam_exec.c (call_exec): Use ++ pam_modutil_sanitize_helper_fds. ++ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. ++ * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. ++ * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): ++ Likewise. ++ * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. ++ * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. ++ * modules/pam_unix/support.h (MAX_FD_NO): Remove. ++ ++ pam_xauth: avoid potential SIGPIPE when writing to xauth process. ++ Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8. ++ ++ * modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process, ++ close the read end of input pipe after writing to its write end. ++ ++ pam_loginuid: log significant loginuid write errors. ++ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors ++ during /proc/self/loginuid update that are not ignored. ++ ++ Fix gratuitous use of strdup and x_strdup. ++ There is no need to copy strings passed as arguments to execve, ++ the only potentially noticeable effect of using strdup/x_strdup ++ would be a malformed argument list in case of memory allocation error. ++ ++ Also, x_strdup, being a thin wrapper around strdup, is of no benefit ++ when its argument is known to be non-NULL, and should not be used in ++ such cases. ++ ++ * modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup ++ instead of x_strdup, the latter is of no benefit in this case. ++ * modules/pam_ftp/pam_ftp.c (lookup): Likewise. ++ * modules/pam_userdb/pam_userdb.c (user_lookup): Likewise. ++ * modules/pam_userdb/pam_userdb.h (x_strdup): Remove. ++ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use ++ x_strdup for strings passed as arguments to execve. ++ * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. ++ * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. ++ * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. ++ (_unix_verify_password): Use strdup instead of x_strdup, the latter ++ is of no benefit in this case. ++ * modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for ++ strings passed as arguments to execv. ++ ++ pam_userdb: fix password hash comparison. ++ Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed ++ passwords support in pam_userdb, hashes are compared case-insensitively. ++ This bug leads to accepting hashes for completely different passwords in ++ addition to those that should be accepted. ++ ++ Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for ++ modern password hashes with different lengths and settings, did not ++ update the hash comparison accordingly, which leads to accepting ++ computed hashes longer than stored hashes when the latter is a prefix ++ of the former. ++ ++ * modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed ++ hash whose length differs from the stored hash length. ++ Compare computed and stored hashes case-sensitively. ++ Fixes CVE-2013-7041. ++ ++ Bug-Debian: http://bugs.debian.org/731368 ++ ++2014-01-24 Dmitry V. Levin ++ ++ pam_xauth: log fatal errors preventing xauth process execution. ++ * modules/pam_xauth/pam_xauth.c (run_coprocess): Log errors from pipe() ++ and fork() calls. ++ ++2014-01-22 Dmitry V. Levin ++ ++ pam_loginuid: cleanup loginuid buffer initialization. ++ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Move loginuid ++ buffer initialization closer to its first use. ++ ++ libpam_misc: fix an inconsistency in handling memory allocation errors. ++ When misc_conv fails to allocate memory for pam_response array, it ++ returns PAM_CONV_ERR. However, when read_string fails to allocate ++ memory for a response string, it loses the response string and silently ++ ignores the error, with net result as if EOF has been read. ++ ++ * libpam_misc/misc_conv.c (read_string): Use strdup instead of x_strdup, ++ the latter is of no benefit in this case. ++ Do not ignore potential memory allocation errors returned by strdup, ++ forward them to misc_conv. ++ ++2014-01-20 Dmitry V. Levin ++ ++ pam_limits: fix utmp->ut_user handling. ++ ut_user member of struct utmp is a string that is not necessarily ++ null-terminated, so extra care should be taken when using it. ++ ++ * modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to ++ a null-terminated string and consistently use it where a null-terminated ++ string is expected. ++ ++ pam_mkhomedir: check and create home directory for the same user (ticket #22) ++ Before pam_mkhomedir helper was introduced in commit ++ 7b14630ef39e71f603aeca0c47edf2f384717176, pam_mkhomedir was checking for ++ existance and creating the same directory - the home directory of the ++ user NAME returned by pam_get_item(PAM_USER). ++ ++ The change in behaviour accidentally introduced along with ++ mkhomedir_helper is not consistent: while the module still checks for ++ getpwnam(NAME)->pw_dir, the directory created by mkhomedir_helper is ++ getpwnam(getpwnam(NAME)->pw_name)->pw_dir, which is not necessarily ++ the same as the directory being checked. ++ ++ This change brings check and creation back in sync, both handling ++ getpwnam(NAME)->pw_dir. ++ ++ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Replace ++ "struct passwd *" argument with user's name and home directory. ++ Pass user's name to MKHOMEDIR_HELPER. ++ (pam_sm_open_session): Update create_homedir call. ++ ++2014-01-20 Tomas Mraz ++ ++ pam_limits: detect and ignore stale utmp entries. ++ Original idea by Christopher Hailey ++ ++ * modules/pam_limits/pam_limits.c (check_logins): Use kill() to ++ detect if pid of the utmp entry is still running and ignore the entry ++ if it is not. ++ ++2014-01-19 Stéphane Graber ++ ++ pam_loginuid: Always return PAM_IGNORE in userns. ++ The previous patch to support user namespaces works fine with containers ++ that are started from a desktop/terminal session but fails when dealing ++ with containers that were started from a remote session such as ssh. ++ ++ I haven't looked at the exact reason for that in the kernel but on the ++ userspace side of things, the difference is that containers started from ++ an ssh session will happily let pam open /proc/self/loginuid read-write, ++ will let it read its content but will then fail with EPERM when trying ++ to write to it. ++ ++ So to make the userns support bullet proof, this commit moves the userns ++ check earlier in the function (which means a small performance impact as ++ it'll now happen everytime on kernels that have userns support) and will ++ set rc = PAM_IGNORE instead of rc = PAM_ERROR. ++ ++ The rest of the code is still executed in the event that PAM is run on a ++ future kernel where we have some kind of audit namespace that includes a ++ working loginuid. ++ ++2014-01-15 Steve Langasek ++ ++ pam_namespace: don't use bashisms in default namespace.init script. ++ * modules/pam_namespace/pam_namespace.c: call setuid() before execing the ++ namespace init script, so that scripts run with maximum privilege regardless ++ of the shell implementation. ++ * modules/pam_namespace/namespace.init: drop the '-p' bashism from the ++ shebang line ++ ++ This is not a POSIX standard option, it's a bashism. The bash manpage says ++ that it's used to prevent the effective user id from being reset to the real ++ user id on startup, and to ignore certain unsafe variables from the ++ environment. ++ ++ In the case of pam_namespace, the -p is not necessary for environment ++ sanitizing because the PAM module (properly) sanitizes the environment ++ before execing the script. ++ ++ The stated reason given in CVS history for passing -p is to "preserve euid ++ when called from setuid apps (su, newrole)." This should be done more ++ portably, by calling setuid() before spawning the shell. ++ ++ Bug-Debian: http://bugs.debian.org/624842 ++ Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 ++ ++2014-01-10 Stéphane Graber ++ ++ pam_loginuid: Ignore failure in user namespaces. ++ When running pam_loginuid in a container using the user namespaces, even ++ uid 0 isn't allowed to set the loginuid property. ++ ++ This change catches the EACCES from opening loginuid, checks if the user ++ is in the host namespace (by comparing the uid_map with the host's one) ++ and only if that's the case, sets rc to 1. ++ ++ Should uid_map not exist or be unreadable for some reason, it'll be ++ assumed that the process is running on the host's namespace. ++ ++ The initial reason behind this change was failure to ssh into an ++ unprivileged container (using a 3.13 kernel and current LXC) when using ++ a standard pam profile for sshd (which requires success from ++ pam_loginuid). ++ ++ I believe this solution doesn't have any drawback and will allow people ++ to use unprivileged containers normally. An alternative would be to have ++ all distros set pam_loginuid as optional but that'd be bad for any of ++ the other potential failure case which people may care about. ++ ++ There has also been some discussions to get some of the audit features ++ tied with the user namespaces but currently none of that has been merged ++ upstream and the currently proposed implementation doesn't cover ++ loginuid (nor is it clear how this should even work when loginuid is set ++ as immutable after initial write). ++ ++2014-01-10 Dmitry V. Levin ++ ++ pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist. ++ When /proc/self/loginuid does not exist, return PAM_IGNORE instead of ++ PAM_SUCCESS, so that we can distinguish between "loginuid set ++ successfully" and "loginuid not set, but this is expected". ++ ++ Suggested by Steve Langasek. ++ ++ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return ++ code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid ++ does not exist, PAM_SESSION_ERR in case of any other error. ++ (_pam_loginuid): Forward the PAM error code returned by set_loginuid. ++ ++2013-11-20 Dmitry V. Levin ++ ++ pam_access: fix debug level logging (ticket #19) ++ * modules/pam_access/pam_access.c (group_match): Log the group token ++ passed to the function, not an uninitialized data on the stack. ++ ++ pam_warn: log flags passed to the module (ticket #25) ++ * modules/pam_warn/pam_warn.c (log_items): Take "flags" argument and ++ log it using pam_syslog. ++ (pam_sm_authenticate, pam_sm_setcred, pam_sm_chauthtok, ++ pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session): Pass ++ "flags" argument to log_items. ++ ++ Modernize AM_INIT_AUTOMAKE invocation. ++ Before this change, automake complained that two- and three-arguments ++ forms of AM_INIT_AUTOMAKE are deprecated. ++ ++ * configure.in: Pass PACKAGE and VERSION arguments to AC_INIT instead ++ of AM_INIT_AUTOMAKE. ++ ++ Fix autoconf warnings. ++ Before this change, autoconf complained that AC_COMPILE_IFELSE ++ and AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS. ++ ++ * configure.in: Call AC_USE_SYSTEM_EXTENSIONS before LT_INIT. ++ ++ pam_securetty: check return value of fgets. ++ Checking return value of fgets not only silences the warning from glibc ++ but also leads to a cleaner code. ++ ++ * modules/pam_securetty/pam_securetty.c (securetty_perform_check): ++ Check return value of fgets. ++ ++ pam_lastlog: fix format string. ++ gcc -Wformat justly complains: ++ format '%d' expects argument of type 'int', but argument 5 has type 'time_t' ++ ++ * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format ++ string. ++ ++2013-11-20 Darren Tucker ++ ++ If the correct loginuid is set already, skip writing it. ++ modules/pam_loginuid/pam_loginuid.c (set_loginuid): Read the current loginuid ++ and skip writing if already correctly set. ++ ++2013-11-11 Thorsten Kukuk ++ ++ Always ask for old password if changing NIS account. ++ * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask ++ for old password if NIS account. ++ ++2013-11-08 Thorsten Kukuk ++ ++ Allow DES as compatibility option for /etc/login.defs. ++ * modules/pam_unix/support.h: Add UNIX_DES ++ ++2013-10-14 Tomas Mraz ++ ++ Docfix: pam_prompt() and pam_vprompt() return int. ++ doc/man/pam_prompt.3.xml: pam_prompt() and pam_vprompt() return int. ++ ++ Make pam_tty_audit work with old kernels not supporting log_passwd. ++ modules/pam_tty_audit/pam_tty_audit.c(nl_recv): Pad result with zeros ++ if message is short from older kernel. ++ ++2013-09-25 Tomas Mraz ++ ++ Fix pam_tty_audit log_passwd support and regression. ++ modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include. ++ (pam_sm_open_session): Always copy the old status as initialization of new. ++ + 2013-09-19 Thorsten Kukuk + + Release version 1.1.8. +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am new/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am +--- old/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am 2015-01-09 14:28:29.000000000 +0100 +@@ -13,5 +13,3 @@ + noinst_PROGRAMS = pam_conv1 + + pam_conv1_SOURCES = pam_conv_l.l pam_conv_y.y +- +-pam_conv1_LDADD = @LEXLIB@ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c +--- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c 2013-09-19 10:02:25.000000000 +0200 ++++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c 2015-01-09 14:32:51.000000000 +0100 +@@ -8,7 +8,7 @@ + #define FLEX_SCANNER + #define YY_FLEX_MAJOR_VERSION 2 + #define YY_FLEX_MINOR_VERSION 5 +-#define YY_FLEX_SUBMINOR_VERSION 35 ++#define YY_FLEX_SUBMINOR_VERSION 37 + #if YY_FLEX_SUBMINOR_VERSION > 0 + #define FLEX_BETA + #endif +@@ -53,7 +53,6 @@ + typedef unsigned char flex_uint8_t; + typedef unsigned short int flex_uint16_t; + typedef unsigned int flex_uint32_t; +-#endif /* ! C99 */ + + /* Limits of integral types. */ + #ifndef INT8_MIN +@@ -84,6 +83,8 @@ + #define UINT32_MAX (4294967295U) + #endif + ++#endif /* ! C99 */ ++ + #endif /* ! FLEXINT_H */ + + #ifdef __cplusplus +@@ -152,7 +153,12 @@ + typedef struct yy_buffer_state *YY_BUFFER_STATE; + #endif + +-extern int yyleng; ++#ifndef YY_TYPEDEF_YY_SIZE_T ++#define YY_TYPEDEF_YY_SIZE_T ++typedef size_t yy_size_t; ++#endif ++ ++extern yy_size_t yyleng; + + extern FILE *yyin, *yyout; + +@@ -178,11 +184,6 @@ + + #define unput(c) yyunput( c, (yytext_ptr) ) + +-#ifndef YY_TYPEDEF_YY_SIZE_T +-#define YY_TYPEDEF_YY_SIZE_T +-typedef size_t yy_size_t; +-#endif +- + #ifndef YY_STRUCT_YY_BUFFER_STATE + #define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state +@@ -200,7 +201,7 @@ + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ +- int yy_n_chars; ++ yy_size_t yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to +@@ -270,8 +271,8 @@ + + /* yy_hold_char holds the character lost when yytext is formed. */ + static char yy_hold_char; +-static int yy_n_chars; /* number of characters read into yy_ch_buf */ +-int yyleng; ++static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ ++yy_size_t yyleng; + + /* Points to current character in buffer. */ + static char *yy_c_buf_p = (char *) 0; +@@ -299,7 +300,7 @@ + + YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); + YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); ++YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); + + void *yyalloc (yy_size_t ); + void *yyrealloc (void *,yy_size_t ); +@@ -331,6 +332,9 @@ + + /* Begin user sect3 */ + ++#define yywrap() 1 ++#define YY_SKIP_YYWRAP ++ + typedef unsigned char YY_CHAR; + + FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; +@@ -479,7 +483,7 @@ + #include "pam_conv_y.h" + + extern int current_line; +-#line 483 "pam_conv_l.c" ++#line 487 "pam_conv_l.c" + + #define INITIAL 0 + +@@ -518,7 +522,7 @@ + + void yyset_out (FILE * out_str ); + +-int yyget_leng (void ); ++yy_size_t yyget_leng (void ); + + char *yyget_text (void ); + +@@ -568,7 +572,7 @@ + /* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +-#define ECHO fwrite( yytext, yyleng, 1, yyout ) ++#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) + #endif + + /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, +@@ -579,7 +583,7 @@ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ +- int n; \ ++ size_t n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ +@@ -661,10 +665,10 @@ + register char *yy_cp, *yy_bp; + register int yy_act; + +-#line 27 "pam_conv_l.l" ++#line 28 "pam_conv_l.l" + + +-#line 668 "pam_conv_l.c" ++#line 672 "pam_conv_l.c" + + if ( !(yy_init) ) + { +@@ -749,31 +753,31 @@ + + case 1: + YY_RULE_SETUP +-#line 29 "pam_conv_l.l" ++#line 30 "pam_conv_l.l" + ; /* skip comments (sorry) */ + YY_BREAK + case 2: + /* rule 2 can match eol */ + YY_RULE_SETUP +-#line 31 "pam_conv_l.l" ++#line 32 "pam_conv_l.l" + { + ++current_line; + } + YY_BREAK + case 3: + YY_RULE_SETUP +-#line 35 "pam_conv_l.l" ++#line 36 "pam_conv_l.l" + { + return TOK; + } + YY_BREAK + case 4: + YY_RULE_SETUP +-#line 39 "pam_conv_l.l" ++#line 40 "pam_conv_l.l" + ; /* Ignore */ + YY_BREAK + case YY_STATE_EOF(INITIAL): +-#line 41 "pam_conv_l.l" ++#line 42 "pam_conv_l.l" + { + return EOFILE; + } +@@ -781,7 +785,7 @@ + case 5: + /* rule 5 can match eol */ + YY_RULE_SETUP +-#line 45 "pam_conv_l.l" ++#line 46 "pam_conv_l.l" + { + ++current_line; + return NL; +@@ -789,10 +793,10 @@ + YY_BREAK + case 6: + YY_RULE_SETUP +-#line 50 "pam_conv_l.l" ++#line 51 "pam_conv_l.l" + ECHO; + YY_BREAK +-#line 796 "pam_conv_l.c" ++#line 800 "pam_conv_l.c" + + case YY_END_OF_BUFFER: + { +@@ -976,21 +980,21 @@ + + else + { +- int num_to_read = ++ yy_size_t num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ +- YY_BUFFER_STATE b = YY_CURRENT_BUFFER; ++ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { +- int new_size = b->yy_buf_size * 2; ++ yy_size_t new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; +@@ -1021,7 +1025,7 @@ + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), +- (yy_n_chars), (size_t) num_to_read ); ++ (yy_n_chars), num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } +@@ -1116,7 +1120,7 @@ + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 20); + +- return yy_is_jam ? 0 : yy_current_state; ++ return yy_is_jam ? 0 : yy_current_state; + } + + static void yyunput (int c, register char * yy_bp ) +@@ -1131,7 +1135,7 @@ + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ +- register int number_to_move = (yy_n_chars) + 2; ++ register yy_size_t number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register char *source = +@@ -1180,7 +1184,7 @@ + + else + { /* need more input */ +- int offset = (yy_c_buf_p) - (yytext_ptr); ++ yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) +@@ -1340,10 +1344,6 @@ + yyfree((void *) b ); + } + +-#ifndef __cplusplus +-extern int isatty (int ); +-#endif /* __cplusplus */ +- + /* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. +@@ -1456,7 +1456,7 @@ + */ + static void yyensure_buffer_stack (void) + { +- int num_to_alloc; ++ yy_size_t num_to_alloc; + + if (!(yy_buffer_stack)) { + +@@ -1548,12 +1548,12 @@ + + /** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. +- * @param bytes the byte buffer to scan +- * @param len the number of bytes in the buffer pointed to by @a bytes. ++ * @param yybytes the byte buffer to scan ++ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +-YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) ++YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) + { + YY_BUFFER_STATE b; + char *buf; +@@ -1640,7 +1640,7 @@ + /** Get the length of the current token. + * + */ +-int yyget_leng (void) ++yy_size_t yyget_leng (void) + { + return yyleng; + } +@@ -1788,7 +1788,7 @@ + + #define YYTABLES_NAME "yytables" + +-#line 50 "pam_conv_l.l" ++#line 51 "pam_conv_l.l" + + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l +--- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l 2015-01-09 14:28:29.000000000 +0100 +@@ -24,6 +24,7 @@ + extern int current_line; + %} + ++%option noyywrap + %% + + "#"[^\n]* ; /* skip comments (sorry) */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c +--- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c 2013-09-19 10:02:25.000000000 +0200 ++++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c 2015-01-09 14:32:51.000000000 +0100 +@@ -1,24 +1,21 @@ +-/* A Bison parser, made by GNU Bison 2.3. */ ++/* A Bison parser, made by GNU Bison 2.7. */ + +-/* Skeleton implementation for Bison's Yacc-like parsers in C +- +- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +- Free Software Foundation, Inc. +- +- This program is free software; you can redistribute it and/or modify ++/* Bison implementation for Yacc-like parsers in C ++ ++ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. ++ ++ This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2, or (at your option) +- any later version. +- ++ the Free Software Foundation, either version 3 of the License, or ++ (at your option) any later version. ++ + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +- ++ + You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software +- Foundation, Inc., 51 Franklin Street, Fifth Floor, +- Boston, MA 02110-1301, USA. */ ++ along with this program. If not, see . */ + + /* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work +@@ -29,7 +26,7 @@ + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. +- ++ + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +@@ -47,7 +44,7 @@ + #define YYBISON 1 + + /* Bison version. */ +-#define YYBISON_VERSION "2.3" ++#define YYBISON_VERSION "2.7" + + /* Skeleton name. */ + #define YYSKELETON_NAME "yacc.c" +@@ -55,31 +52,17 @@ + /* Pure parsers. */ + #define YYPURE 0 + +-/* Using locations. */ +-#define YYLSP_NEEDED 0 +- ++/* Push parsers. */ ++#define YYPUSH 0 + +- +-/* Tokens. */ +-#ifndef YYTOKENTYPE +-# define YYTOKENTYPE +- /* Put the tokens into the symbol table, so that GDB and other debuggers +- know about them. */ +- enum yytokentype { +- NL = 258, +- EOFILE = 259, +- TOK = 260 +- }; +-#endif +-/* Tokens. */ +-#define NL 258 +-#define EOFILE 259 +-#define TOK 260 ++/* Pull parsers. */ ++#define YYPULL 1 + + + + + /* Copy the first part of user declarations. */ ++/* Line 371 of yacc.c */ + #line 1 "pam_conv_y.y" + + +@@ -126,11 +109,16 @@ + const char *old_to_new_ctrl_flag(const char *old); + void yyerror(const char *format, ...); + ++/* Line 371 of yacc.c */ ++#line 114 "pam_conv_y.c" + +-/* Enabling traces. */ +-#ifndef YYDEBUG +-# define YYDEBUG 0 +-#endif ++# ifndef YY_NULL ++# if defined __cplusplus && 201103L <= __cplusplus ++# define YY_NULL nullptr ++# else ++# define YY_NULL 0 ++# endif ++# endif + + /* Enabling verbose error messages. */ + #ifdef YYERROR_VERBOSE +@@ -140,33 +128,76 @@ + # define YYERROR_VERBOSE 0 + #endif + +-/* Enabling the token table. */ +-#ifndef YYTOKEN_TABLE +-# define YYTOKEN_TABLE 0 ++/* In a future release of Bison, this section will be replaced ++ by #include "y.tab.h". */ ++#ifndef YY_YY_PAM_CONV_Y_H_INCLUDED ++# define YY_YY_PAM_CONV_Y_H_INCLUDED ++/* Enabling traces. */ ++#ifndef YYDEBUG ++# define YYDEBUG 0 ++#endif ++#if YYDEBUG ++extern int yydebug; ++#endif ++ ++/* Tokens. */ ++#ifndef YYTOKENTYPE ++# define YYTOKENTYPE ++ /* Put the tokens into the symbol table, so that GDB and other debuggers ++ know about them. */ ++ enum yytokentype { ++ NL = 258, ++ EOFILE = 259, ++ TOK = 260 ++ }; + #endif ++/* Tokens. */ ++#define NL 258 ++#define EOFILE 259 ++#define TOK 260 ++ ++ + + #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED + typedef union YYSTYPE +-#line 47 "pam_conv_y.y" + { ++/* Line 387 of yacc.c */ ++#line 47 "pam_conv_y.y" ++ + int def; + char *string; +-} +-/* Line 187 of yacc.c. */ +-#line 157 "pam_conv_y.c" +- YYSTYPE; ++ ++ ++/* Line 387 of yacc.c */ ++#line 173 "pam_conv_y.c" ++} YYSTYPE; ++# define YYSTYPE_IS_TRIVIAL 1 + # define yystype YYSTYPE /* obsolescent; will be withdrawn */ + # define YYSTYPE_IS_DECLARED 1 +-# define YYSTYPE_IS_TRIVIAL 1 + #endif + ++extern YYSTYPE yylval; ++ ++#ifdef YYPARSE_PARAM ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void *YYPARSE_PARAM); ++#else ++int yyparse (); ++#endif ++#else /* ! YYPARSE_PARAM */ ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void); ++#else ++int yyparse (); ++#endif ++#endif /* ! YYPARSE_PARAM */ + ++#endif /* !YY_YY_PAM_CONV_Y_H_INCLUDED */ + + /* Copy the second part of user declarations. */ + +- +-/* Line 216 of yacc.c. */ +-#line 170 "pam_conv_y.c" ++/* Line 390 of yacc.c */ ++#line 201 "pam_conv_y.c" + + #ifdef short + # undef short +@@ -216,39 +247,39 @@ + #define YYSIZE_MAXIMUM ((YYSIZE_T) -1) + + #ifndef YY_ +-# if YYENABLE_NLS ++# if defined YYENABLE_NLS && YYENABLE_NLS + # if ENABLE_NLS + # include /* INFRINGES ON USER NAME SPACE */ +-# define YY_(msgid) dgettext ("bison-runtime", msgid) ++# define YY_(Msgid) dgettext ("bison-runtime", Msgid) + # endif + # endif + # ifndef YY_ +-# define YY_(msgid) msgid ++# define YY_(Msgid) Msgid + # endif + #endif + + /* Suppress unused-variable warnings by "using" E. */ + #if ! defined lint || defined __GNUC__ +-# define YYUSE(e) ((void) (e)) ++# define YYUSE(E) ((void) (E)) + #else +-# define YYUSE(e) /* empty */ ++# define YYUSE(E) /* empty */ + #endif + + /* Identity function, used to suppress warnings about constant conditions. */ + #ifndef lint +-# define YYID(n) (n) ++# define YYID(N) (N) + #else + #if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + static int +-YYID (int i) ++YYID (int yyi) + #else + static int +-YYID (i) +- int i; ++YYID (yyi) ++ int yyi; + #endif + { +- return i; ++ return yyi; + } + #endif + +@@ -269,11 +300,12 @@ + # define alloca _alloca + # else + # define YYSTACK_ALLOC alloca +-# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ ++# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + # include /* INFRINGES ON USER NAME SPACE */ +-# ifndef _STDLIB_H +-# define _STDLIB_H 1 ++ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ ++# ifndef EXIT_SUCCESS ++# define EXIT_SUCCESS 0 + # endif + # endif + # endif +@@ -296,24 +328,24 @@ + # ifndef YYSTACK_ALLOC_MAXIMUM + # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM + # endif +-# if (defined __cplusplus && ! defined _STDLIB_H \ ++# if (defined __cplusplus && ! defined EXIT_SUCCESS \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) + # include /* INFRINGES ON USER NAME SPACE */ +-# ifndef _STDLIB_H +-# define _STDLIB_H 1 ++# ifndef EXIT_SUCCESS ++# define EXIT_SUCCESS 0 + # endif + # endif + # ifndef YYMALLOC + # define YYMALLOC malloc +-# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ ++# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ + # endif + # endif + # ifndef YYFREE + # define YYFREE free +-# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ ++# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + void free (void *); /* INFRINGES ON USER NAME SPACE */ + # endif +@@ -329,9 +361,9 @@ + /* A type that is properly aligned for any stack member. */ + union yyalloc + { +- yytype_int16 yyss; +- YYSTYPE yyvs; +- }; ++ yytype_int16 yyss_alloc; ++ YYSTYPE yyvs_alloc; ++}; + + /* The size of the maximum gap between one aligned stack and the next. */ + # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) +@@ -342,35 +374,19 @@ + ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +-/* Copy COUNT objects from FROM to TO. The source and destination do +- not overlap. */ +-# ifndef YYCOPY +-# if defined __GNUC__ && 1 < __GNUC__ +-# define YYCOPY(To, From, Count) \ +- __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +-# else +-# define YYCOPY(To, From, Count) \ +- do \ +- { \ +- YYSIZE_T yyi; \ +- for (yyi = 0; yyi < (Count); yyi++) \ +- (To)[yyi] = (From)[yyi]; \ +- } \ +- while (YYID (0)) +-# endif +-# endif ++# define YYCOPY_NEEDED 1 + + /* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +-# define YYSTACK_RELOCATE(Stack) \ ++# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ +- YYCOPY (&yyptr->Stack, Stack, yysize); \ +- Stack = &yyptr->Stack; \ ++ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ ++ Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ +@@ -378,6 +394,26 @@ + + #endif + ++#if defined YYCOPY_NEEDED && YYCOPY_NEEDED ++/* Copy COUNT objects from SRC to DST. The source and destination do ++ not overlap. */ ++# ifndef YYCOPY ++# if defined __GNUC__ && 1 < __GNUC__ ++# define YYCOPY(Dst, Src, Count) \ ++ __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src))) ++# else ++# define YYCOPY(Dst, Src, Count) \ ++ do \ ++ { \ ++ YYSIZE_T yyi; \ ++ for (yyi = 0; yyi < (Count); yyi++) \ ++ (Dst)[yyi] = (Src)[yyi]; \ ++ } \ ++ while (YYID (0)) ++# endif ++# endif ++#endif /* !YYCOPY_NEEDED */ ++ + /* YYFINAL -- State number of the termination state. */ + #define YYFINAL 2 + /* YYLAST -- Last index in YYTABLE. */ +@@ -457,13 +493,13 @@ + }; + #endif + +-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE ++#if YYDEBUG || YYERROR_VERBOSE || 0 + /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ + static const char *const yytname[] = + { + "$end", "error", "$undefined", "NL", "EOFILE", "TOK", "$accept", +- "complete", "line", "tokenls", "path", "tok", 0 ++ "complete", "line", "tokenls", "path", "tok", YY_NULL + }; + #endif + +@@ -490,8 +526,8 @@ + 1, 1 + }; + +-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state +- STATE-NUM when YYTABLE doesn't specify something else to do. Zero ++/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM. ++ Performed when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ + static const yytype_uint8 yydefact[] = + { +@@ -522,8 +558,7 @@ + + /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which +- number is the opposite. If zero, do what YYDEFACT says. +- If YYTABLE_NINF, syntax error. */ ++ number is the opposite. If YYTABLE_NINF, syntax error. */ + #define YYTABLE_NINF -1 + static const yytype_uint8 yytable[] = + { +@@ -531,6 +566,12 @@ + 9, 6, 0, 12 + }; + ++#define yypact_value_is_default(Yystate) \ ++ (!!((Yystate) == (-9))) ++ ++#define yytable_value_is_error(Yytable_value) \ ++ YYID (0) ++ + static const yytype_int8 yycheck[] = + { + 8, 3, 10, 5, 0, 1, 14, 3, 4, 5, +@@ -557,78 +598,50 @@ + + /* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. +- Once GCC version 2 has supplanted version 1, this can go. */ ++ Once GCC version 2 has supplanted version 1, this can go. However, ++ YYFAIL appears to be in use. Nevertheless, it is formally deprecated ++ in Bison 2.4.2's NEWS entry, where a plan to phase it out is ++ discussed. */ + + #define YYFAIL goto yyerrlab ++#if defined YYFAIL ++ /* This is here to suppress warnings from the GCC cpp's ++ -Wunused-macros. Normally we don't worry about that warning, but ++ some users do, and we want to make it easy for users to remove ++ YYFAIL uses, which will produce warnings from Bison 2.5. */ ++#endif + + #define YYRECOVERING() (!!yyerrstatus) + +-#define YYBACKUP(Token, Value) \ +-do \ +- if (yychar == YYEMPTY && yylen == 1) \ +- { \ +- yychar = (Token); \ +- yylval = (Value); \ +- yytoken = YYTRANSLATE (yychar); \ +- YYPOPSTACK (1); \ +- goto yybackup; \ +- } \ +- else \ +- { \ ++#define YYBACKUP(Token, Value) \ ++do \ ++ if (yychar == YYEMPTY) \ ++ { \ ++ yychar = (Token); \ ++ yylval = (Value); \ ++ YYPOPSTACK (yylen); \ ++ yystate = *yyssp; \ ++ goto yybackup; \ ++ } \ ++ else \ ++ { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ + while (YYID (0)) + +- ++/* Error token number */ + #define YYTERROR 1 + #define YYERRCODE 256 + + +-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. +- If N is 0, then set CURRENT to the empty location which ends +- the previous symbol: RHS[0] (always defined). */ +- +-#define YYRHSLOC(Rhs, K) ((Rhs)[K]) +-#ifndef YYLLOC_DEFAULT +-# define YYLLOC_DEFAULT(Current, Rhs, N) \ +- do \ +- if (YYID (N)) \ +- { \ +- (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ +- (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ +- (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ +- (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ +- } \ +- else \ +- { \ +- (Current).first_line = (Current).last_line = \ +- YYRHSLOC (Rhs, 0).last_line; \ +- (Current).first_column = (Current).last_column = \ +- YYRHSLOC (Rhs, 0).last_column; \ +- } \ +- while (YYID (0)) +-#endif +- +- +-/* YY_LOCATION_PRINT -- Print the location on the stream. +- This macro was not mandated originally: define only if we know +- we won't break user code: when these are the locations we know. */ +- ++/* This macro is provided for backward compatibility. */ + #ifndef YY_LOCATION_PRINT +-# if YYLTYPE_IS_TRIVIAL +-# define YY_LOCATION_PRINT(File, Loc) \ +- fprintf (File, "%d.%d-%d.%d", \ +- (Loc).first_line, (Loc).first_column, \ +- (Loc).last_line, (Loc).last_column) +-# else +-# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +-# endif ++# define YY_LOCATION_PRINT(File, Loc) ((void) 0) + #endif + + + /* YYLEX -- calling `yylex' with the right arguments. */ +- + #ifdef YYLEX_PARAM + # define YYLEX yylex (YYLEX_PARAM) + #else +@@ -678,6 +691,8 @@ + YYSTYPE const * const yyvaluep; + #endif + { ++ FILE *yyo = yyoutput; ++ YYUSE (yyo); + if (!yyvaluep) + return; + # ifdef YYPRINT +@@ -689,7 +704,7 @@ + switch (yytype) + { + default: +- break; ++ break; + } + } + +@@ -727,17 +742,20 @@ + #if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + static void +-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) ++yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) + #else + static void +-yy_stack_print (bottom, top) +- yytype_int16 *bottom; +- yytype_int16 *top; ++yy_stack_print (yybottom, yytop) ++ yytype_int16 *yybottom; ++ yytype_int16 *yytop; + #endif + { + YYFPRINTF (stderr, "Stack now"); +- for (; bottom <= top; ++bottom) +- YYFPRINTF (stderr, " %d", *bottom); ++ for (; yybottom <= yytop; yybottom++) ++ { ++ int yybot = *yybottom; ++ YYFPRINTF (stderr, " %d", yybot); ++ } + YYFPRINTF (stderr, "\n"); + } + +@@ -771,11 +789,11 @@ + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { +- fprintf (stderr, " $%d = ", yyi + 1); ++ YYFPRINTF (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], + &(yyvsp[(yyi + 1) - (yynrhs)]) + ); +- fprintf (stderr, "\n"); ++ YYFPRINTF (stderr, "\n"); + } + } + +@@ -812,7 +830,6 @@ + # define YYMAXDEPTH 10000 + #endif + +- + + #if YYERROR_VERBOSE + +@@ -915,115 +932,145 @@ + } + # endif + +-/* Copy into YYRESULT an error message about the unexpected token +- YYCHAR while in state YYSTATE. Return the number of bytes copied, +- including the terminating null byte. If YYRESULT is null, do not +- copy anything; just return the number of bytes that would be +- copied. As a special case, return 0 if an ordinary "syntax error" +- message will do. Return YYSIZE_MAXIMUM if overflow occurs during +- size calculation. */ +-static YYSIZE_T +-yysyntax_error (char *yyresult, int yystate, int yychar) ++/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message ++ about the unexpected token YYTOKEN for the state stack whose top is ++ YYSSP. ++ ++ Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is ++ not large enough to hold the message. In that case, also set ++ *YYMSG_ALLOC to the required number of bytes. Return 2 if the ++ required number of bytes is too large to store. */ ++static int ++yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, ++ yytype_int16 *yyssp, int yytoken) + { +- int yyn = yypact[yystate]; +- +- if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) +- return 0; +- else +- { +- int yytype = YYTRANSLATE (yychar); +- YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); +- YYSIZE_T yysize = yysize0; +- YYSIZE_T yysize1; +- int yysize_overflow = 0; +- enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; +- char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; +- int yyx; +- +-# if 0 +- /* This is so xgettext sees the translatable formats that are +- constructed on the fly. */ +- YY_("syntax error, unexpected %s"); +- YY_("syntax error, unexpected %s, expecting %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s or %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +-# endif +- char *yyfmt; +- char const *yyf; +- static char const yyunexpected[] = "syntax error, unexpected %s"; +- static char const yyexpecting[] = ", expecting %s"; +- static char const yyor[] = " or %s"; +- char yyformat[sizeof yyunexpected +- + sizeof yyexpecting - 1 +- + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) +- * (sizeof yyor - 1))]; +- char const *yyprefix = yyexpecting; +- +- /* Start YYX at -YYN if negative to avoid negative indexes in +- YYCHECK. */ +- int yyxbegin = yyn < 0 ? -yyn : 0; +- +- /* Stay within bounds of both yycheck and yytname. */ +- int yychecklim = YYLAST - yyn + 1; +- int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; +- int yycount = 1; +- +- yyarg[0] = yytname[yytype]; +- yyfmt = yystpcpy (yyformat, yyunexpected); +- +- for (yyx = yyxbegin; yyx < yyxend; ++yyx) +- if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) +- { +- if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) +- { +- yycount = 1; +- yysize = yysize0; +- yyformat[sizeof yyunexpected - 1] = '\0'; +- break; +- } +- yyarg[yycount++] = yytname[yyx]; +- yysize1 = yysize + yytnamerr (0, yytname[yyx]); +- yysize_overflow |= (yysize1 < yysize); +- yysize = yysize1; +- yyfmt = yystpcpy (yyfmt, yyprefix); +- yyprefix = yyor; +- } +- +- yyf = YY_(yyformat); +- yysize1 = yysize + yystrlen (yyf); +- yysize_overflow |= (yysize1 < yysize); +- yysize = yysize1; +- +- if (yysize_overflow) +- return YYSIZE_MAXIMUM; +- +- if (yyresult) +- { +- /* Avoid sprintf, as that infringes on the user's name space. +- Don't have undefined behavior even if the translation +- produced a string with the wrong number of "%s"s. */ +- char *yyp = yyresult; +- int yyi = 0; +- while ((*yyp = *yyf) != '\0') +- { +- if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) +- { +- yyp += yytnamerr (yyp, yyarg[yyi++]); +- yyf += 2; +- } +- else +- { +- yyp++; +- yyf++; +- } +- } +- } +- return yysize; +- } ++ YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]); ++ YYSIZE_T yysize = yysize0; ++ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; ++ /* Internationalized format string. */ ++ const char *yyformat = YY_NULL; ++ /* Arguments of yyformat. */ ++ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; ++ /* Number of reported tokens (one for the "unexpected", one per ++ "expected"). */ ++ int yycount = 0; ++ ++ /* There are many possibilities here to consider: ++ - Assume YYFAIL is not used. It's too flawed to consider. See ++ ++ for details. YYERROR is fine as it does not invoke this ++ function. ++ - If this state is a consistent state with a default action, then ++ the only way this function was invoked is if the default action ++ is an error action. In that case, don't check for expected ++ tokens because there are none. ++ - The only way there can be no lookahead present (in yychar) is if ++ this state is a consistent state with a default action. Thus, ++ detecting the absence of a lookahead is sufficient to determine ++ that there is no unexpected or expected token to report. In that ++ case, just report a simple "syntax error". ++ - Don't assume there isn't a lookahead just because this state is a ++ consistent state with a default action. There might have been a ++ previous inconsistent state, consistent state with a non-default ++ action, or user semantic action that manipulated yychar. ++ - Of course, the expected token list depends on states to have ++ correct lookahead information, and it depends on the parser not ++ to perform extra reductions after fetching a lookahead from the ++ scanner and before detecting a syntax error. Thus, state merging ++ (from LALR or IELR) and default reductions corrupt the expected ++ token list. However, the list is correct for canonical LR with ++ one exception: it will still contain any token that will not be ++ accepted due to an error action in a later state. ++ */ ++ if (yytoken != YYEMPTY) ++ { ++ int yyn = yypact[*yyssp]; ++ yyarg[yycount++] = yytname[yytoken]; ++ if (!yypact_value_is_default (yyn)) ++ { ++ /* Start YYX at -YYN if negative to avoid negative indexes in ++ YYCHECK. In other words, skip the first -YYN actions for ++ this state because they are default actions. */ ++ int yyxbegin = yyn < 0 ? -yyn : 0; ++ /* Stay within bounds of both yycheck and yytname. */ ++ int yychecklim = YYLAST - yyn + 1; ++ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; ++ int yyx; ++ ++ for (yyx = yyxbegin; yyx < yyxend; ++yyx) ++ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR ++ && !yytable_value_is_error (yytable[yyx + yyn])) ++ { ++ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) ++ { ++ yycount = 1; ++ yysize = yysize0; ++ break; ++ } ++ yyarg[yycount++] = yytname[yyx]; ++ { ++ YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]); ++ if (! (yysize <= yysize1 ++ && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) ++ return 2; ++ yysize = yysize1; ++ } ++ } ++ } ++ } ++ ++ switch (yycount) ++ { ++# define YYCASE_(N, S) \ ++ case N: \ ++ yyformat = S; \ ++ break ++ YYCASE_(0, YY_("syntax error")); ++ YYCASE_(1, YY_("syntax error, unexpected %s")); ++ YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); ++ YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); ++ YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); ++ YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); ++# undef YYCASE_ ++ } ++ ++ { ++ YYSIZE_T yysize1 = yysize + yystrlen (yyformat); ++ if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) ++ return 2; ++ yysize = yysize1; ++ } ++ ++ if (*yymsg_alloc < yysize) ++ { ++ *yymsg_alloc = 2 * yysize; ++ if (! (yysize <= *yymsg_alloc ++ && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) ++ *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; ++ return 1; ++ } ++ ++ /* Avoid sprintf, as that infringes on the user's name space. ++ Don't have undefined behavior even if the translation ++ produced a string with the wrong number of "%s"s. */ ++ { ++ char *yyp = *yymsg; ++ int yyi = 0; ++ while ((*yyp = *yyformat) != '\0') ++ if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) ++ { ++ yyp += yytnamerr (yyp, yyarg[yyi++]); ++ yyformat += 2; ++ } ++ else ++ { ++ yyp++; ++ yyformat++; ++ } ++ } ++ return 0; + } + #endif /* YYERROR_VERBOSE */ +- + + /*-----------------------------------------------. + | Release the memory associated to this symbol. | +@@ -1052,40 +1099,32 @@ + { + + default: +- break; ++ break; + } + } +- + +-/* Prevent warnings from -Wmissing-prototypes. */ +- +-#ifdef YYPARSE_PARAM +-#if defined __STDC__ || defined __cplusplus +-int yyparse (void *YYPARSE_PARAM); +-#else +-int yyparse (); +-#endif +-#else /* ! YYPARSE_PARAM */ +-#if defined __STDC__ || defined __cplusplus +-int yyparse (void); +-#else +-int yyparse (); +-#endif +-#endif /* ! YYPARSE_PARAM */ + + + +-/* The look-ahead symbol. */ ++/* The lookahead symbol. */ + int yychar; + +-/* The semantic value of the look-ahead symbol. */ +-YYSTYPE yylval; ++ ++#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++# define YY_IGNORE_MAYBE_UNINITIALIZED_END ++#endif ++#ifndef YY_INITIAL_VALUE ++# define YY_INITIAL_VALUE(Value) /* Nothing. */ ++#endif ++ ++/* The semantic value of the lookahead symbol. */ ++YYSTYPE yylval YY_INITIAL_VALUE(yyval_default); + + /* Number of syntax errors so far. */ + int yynerrs; + + +- + /*----------. + | yyparse. | + `----------*/ +@@ -1112,14 +1151,37 @@ + #endif + #endif + { +- +- int yystate; ++ int yystate; ++ /* Number of tokens to shift before error messages enabled. */ ++ int yyerrstatus; ++ ++ /* The stacks and their tools: ++ `yyss': related to states. ++ `yyvs': related to semantic values. ++ ++ Refer to the stacks through separate pointers, to allow yyoverflow ++ to reallocate them elsewhere. */ ++ ++ /* The state stack. */ ++ yytype_int16 yyssa[YYINITDEPTH]; ++ yytype_int16 *yyss; ++ yytype_int16 *yyssp; ++ ++ /* The semantic value stack. */ ++ YYSTYPE yyvsa[YYINITDEPTH]; ++ YYSTYPE *yyvs; ++ YYSTYPE *yyvsp; ++ ++ YYSIZE_T yystacksize; ++ + int yyn; + int yyresult; +- /* Number of tokens to shift before error messages enabled. */ +- int yyerrstatus; +- /* Look-ahead token as an internal (translated) token number. */ ++ /* Lookahead token as an internal (translated) token number. */ + int yytoken = 0; ++ /* The variables used to return semantic value and location from the ++ action routines. */ ++ YYSTYPE yyval; ++ + #if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; +@@ -1127,54 +1189,22 @@ + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; + #endif + +- /* Three stacks and their tools: +- `yyss': related to states, +- `yyvs': related to semantic values, +- `yyls': related to locations. +- +- Refer to the stacks thru separate pointers, to allow yyoverflow +- to reallocate them elsewhere. */ +- +- /* The state stack. */ +- yytype_int16 yyssa[YYINITDEPTH]; +- yytype_int16 *yyss = yyssa; +- yytype_int16 *yyssp; +- +- /* The semantic value stack. */ +- YYSTYPE yyvsa[YYINITDEPTH]; +- YYSTYPE *yyvs = yyvsa; +- YYSTYPE *yyvsp; +- +- +- + #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) + +- YYSIZE_T yystacksize = YYINITDEPTH; +- +- /* The variables used to return semantic value and location from the +- action routines. */ +- YYSTYPE yyval; +- +- + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; + ++ yyssp = yyss = yyssa; ++ yyvsp = yyvs = yyvsa; ++ yystacksize = YYINITDEPTH; ++ + YYDPRINTF ((stderr, "Starting parse\n")); + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; +- yychar = YYEMPTY; /* Cause a token to be read. */ +- +- /* Initialize stack pointers. +- Waste one element of value and location stack +- so that they stay on the same level as the state stack. +- The wasted elements are never initialized. */ +- +- yyssp = yyss; +- yyvsp = yyvs; +- ++ yychar = YYEMPTY; /* Cause a token to be read. */ + goto yysetstate; + + /*------------------------------------------------------------. +@@ -1201,7 +1231,6 @@ + YYSTYPE *yyvs1 = yyvs; + yytype_int16 *yyss1 = yyss; + +- + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might +@@ -1209,7 +1238,6 @@ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), +- + &yystacksize); + + yyss = yyss1; +@@ -1232,9 +1260,8 @@ + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyexhaustedlab; +- YYSTACK_RELOCATE (yyss); +- YYSTACK_RELOCATE (yyvs); +- ++ YYSTACK_RELOCATE (yyss_alloc, yyss); ++ YYSTACK_RELOCATE (yyvs_alloc, yyvs); + # undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); +@@ -1245,7 +1272,6 @@ + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + +- + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + +@@ -1255,6 +1281,9 @@ + + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + ++ if (yystate == YYFINAL) ++ YYACCEPT; ++ + goto yybackup; + + /*-----------. +@@ -1263,16 +1292,16 @@ + yybackup: + + /* Do appropriate processing given the current state. Read a +- look-ahead token if we need one and don't already have one. */ ++ lookahead token if we need one and don't already have one. */ + +- /* First try to decide what to do without reference to look-ahead token. */ ++ /* First try to decide what to do without reference to lookahead token. */ + yyn = yypact[yystate]; +- if (yyn == YYPACT_NINF) ++ if (yypact_value_is_default (yyn)) + goto yydefault; + +- /* Not known => get a look-ahead token if don't already have one. */ ++ /* Not known => get a lookahead token if don't already have one. */ + +- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ ++ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); +@@ -1298,29 +1327,27 @@ + yyn = yytable[yyn]; + if (yyn <= 0) + { +- if (yyn == 0 || yyn == YYTABLE_NINF) +- goto yyerrlab; ++ if (yytable_value_is_error (yyn)) ++ goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + +- if (yyn == YYFINAL) +- YYACCEPT; +- + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + +- /* Shift the look-ahead token. */ ++ /* Shift the lookahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); + +- /* Discard the shifted token unless it is eof. */ +- if (yychar != YYEOF) +- yychar = YYEMPTY; ++ /* Discard the shifted token. */ ++ yychar = YYEMPTY; + + yystate = yyn; ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + + goto yynewstate; + +@@ -1357,6 +1384,7 @@ + switch (yyn) + { + case 5: ++/* Line 1792 of yacc.c */ + #line 64 "pam_conv_y.y" + { + return 0; +@@ -1364,6 +1392,7 @@ + break; + + case 6: ++/* Line 1792 of yacc.c */ + #line 70 "pam_conv_y.y" + { + char *filename; +@@ -1432,6 +1461,7 @@ + break; + + case 7: ++/* Line 1792 of yacc.c */ + #line 134 "pam_conv_y.y" + { + yyerror("malformed line"); +@@ -1439,6 +1469,7 @@ + break; + + case 8: ++/* Line 1792 of yacc.c */ + #line 140 "pam_conv_y.y" + { + (yyval.string)=NULL; +@@ -1446,6 +1477,7 @@ + break; + + case 9: ++/* Line 1792 of yacc.c */ + #line 143 "pam_conv_y.y" + { + int len; +@@ -1463,6 +1495,7 @@ + break; + + case 10: ++/* Line 1792 of yacc.c */ + #line 159 "pam_conv_y.y" + { + /* XXX - this could be used to check if file present */ +@@ -1471,6 +1504,7 @@ + break; + + case 11: ++/* Line 1792 of yacc.c */ + #line 165 "pam_conv_y.y" + { + (yyval.string) = strdup(yytext); +@@ -1478,10 +1512,21 @@ + break; + + +-/* Line 1267 of yacc.c. */ +-#line 1483 "pam_conv_y.c" ++/* Line 1792 of yacc.c */ ++#line 1517 "pam_conv_y.c" + default: break; + } ++ /* User semantic actions sometimes alter yychar, and that requires ++ that yytoken be updated with the new translation. We take the ++ approach of translating immediately before every use of yytoken. ++ One alternative is translating here after every semantic action, ++ but that translation would be missed if the semantic action invokes ++ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or ++ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an ++ incorrect destructor might then be invoked immediately. In the ++ case of YYERROR or YYBACKUP, subsequent parser actions might lead ++ to an incorrect destructor call or verbose syntax error message ++ before the lookahead is translated. */ + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + + YYPOPSTACK (yylen); +@@ -1490,7 +1535,6 @@ + + *++yyvsp = yyval; + +- + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ +@@ -1510,6 +1554,10 @@ + | yyerrlab -- here on detecting error | + `------------------------------------*/ + yyerrlab: ++ /* Make sure we have latest lookahead translation. See comments at ++ user semantic actions for why this is necessary. */ ++ yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); ++ + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { +@@ -1517,37 +1565,36 @@ + #if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); + #else ++# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ ++ yyssp, yytoken) + { +- YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); +- if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) +- { +- YYSIZE_T yyalloc = 2 * yysize; +- if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) +- yyalloc = YYSTACK_ALLOC_MAXIMUM; +- if (yymsg != yymsgbuf) +- YYSTACK_FREE (yymsg); +- yymsg = (char *) YYSTACK_ALLOC (yyalloc); +- if (yymsg) +- yymsg_alloc = yyalloc; +- else +- { +- yymsg = yymsgbuf; +- yymsg_alloc = sizeof yymsgbuf; +- } +- } +- +- if (0 < yysize && yysize <= yymsg_alloc) +- { +- (void) yysyntax_error (yymsg, yystate, yychar); +- yyerror (yymsg); +- } +- else +- { +- yyerror (YY_("syntax error")); +- if (yysize != 0) +- goto yyexhaustedlab; +- } ++ char const *yymsgp = YY_("syntax error"); ++ int yysyntax_error_status; ++ yysyntax_error_status = YYSYNTAX_ERROR; ++ if (yysyntax_error_status == 0) ++ yymsgp = yymsg; ++ else if (yysyntax_error_status == 1) ++ { ++ if (yymsg != yymsgbuf) ++ YYSTACK_FREE (yymsg); ++ yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); ++ if (!yymsg) ++ { ++ yymsg = yymsgbuf; ++ yymsg_alloc = sizeof yymsgbuf; ++ yysyntax_error_status = 2; ++ } ++ else ++ { ++ yysyntax_error_status = YYSYNTAX_ERROR; ++ yymsgp = yymsg; ++ } ++ } ++ yyerror (yymsgp); ++ if (yysyntax_error_status == 2) ++ goto yyexhaustedlab; + } ++# undef YYSYNTAX_ERROR + #endif + } + +@@ -1555,7 +1602,7 @@ + + if (yyerrstatus == 3) + { +- /* If just tried and failed to reuse look-ahead token after an ++ /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + if (yychar <= YYEOF) +@@ -1572,7 +1619,7 @@ + } + } + +- /* Else will try to reuse look-ahead token after shifting the error ++ /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + +@@ -1606,7 +1653,7 @@ + for (;;) + { + yyn = yypact[yystate]; +- if (yyn != YYPACT_NINF) ++ if (!yypact_value_is_default (yyn)) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) +@@ -1629,10 +1676,9 @@ + YY_STACK_PRINT (yyss, yyssp); + } + +- if (yyn == YYFINAL) +- YYACCEPT; +- ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + + + /* Shift the error token. */ +@@ -1656,7 +1702,7 @@ + yyresult = 1; + goto yyreturn; + +-#ifndef yyoverflow ++#if !defined yyoverflow || YYERROR_VERBOSE + /*-------------------------------------------------. + | yyexhaustedlab -- memory exhaustion comes here. | + `-------------------------------------------------*/ +@@ -1667,9 +1713,14 @@ + #endif + + yyreturn: +- if (yychar != YYEOF && yychar != YYEMPTY) +- yydestruct ("Cleanup: discarding lookahead", +- yytoken, &yylval); ++ if (yychar != YYEMPTY) ++ { ++ /* Make sure we have latest lookahead translation. See comments at ++ user semantic actions for why this is necessary. */ ++ yytoken = YYTRANSLATE (yychar); ++ yydestruct ("Cleanup: discarding lookahead", ++ yytoken, &yylval); ++ } + /* Do not reclaim the symbols of the rule which action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); +@@ -1693,6 +1744,7 @@ + } + + ++/* Line 2055 of yacc.c */ + #line 169 "pam_conv_y.y" + + +@@ -1736,4 +1788,3 @@ + yyparse(); + exit(0); + } +- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h +--- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h 2013-09-19 10:02:25.000000000 +0200 ++++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h 2015-01-09 14:32:51.000000000 +0100 +@@ -1,24 +1,21 @@ +-/* A Bison parser, made by GNU Bison 2.3. */ ++/* A Bison parser, made by GNU Bison 2.7. */ + +-/* Skeleton interface for Bison's Yacc-like parsers in C +- +- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +- Free Software Foundation, Inc. +- +- This program is free software; you can redistribute it and/or modify ++/* Bison interface for Yacc-like parsers in C ++ ++ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. ++ ++ This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2, or (at your option) +- any later version. +- ++ the Free Software Foundation, either version 3 of the License, or ++ (at your option) any later version. ++ + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +- ++ + You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software +- Foundation, Inc., 51 Franklin Street, Fifth Floor, +- Boston, MA 02110-1301, USA. */ ++ along with this program. If not, see . */ + + /* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work +@@ -29,10 +26,20 @@ + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. +- ++ + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + ++#ifndef YY_YY_PAM_CONV_Y_H_INCLUDED ++# define YY_YY_PAM_CONV_Y_H_INCLUDED ++/* Enabling traces. */ ++#ifndef YYDEBUG ++# define YYDEBUG 0 ++#endif ++#if YYDEBUG ++extern int yydebug; ++#endif ++ + /* Tokens. */ + #ifndef YYTOKENTYPE + # define YYTOKENTYPE +@@ -51,21 +58,38 @@ + + + +- + #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED + typedef union YYSTYPE +-#line 47 "pam_conv_y.y" + { ++/* Line 2058 of yacc.c */ ++#line 47 "pam_conv_y.y" ++ + int def; + char *string; +-} +-/* Line 1489 of yacc.c. */ +-#line 64 "pam_conv_y.h" +- YYSTYPE; ++ ++ ++/* Line 2058 of yacc.c */ ++#line 73 "pam_conv_y.h" ++} YYSTYPE; ++# define YYSTYPE_IS_TRIVIAL 1 + # define yystype YYSTYPE /* obsolescent; will be withdrawn */ + # define YYSTYPE_IS_DECLARED 1 +-# define YYSTYPE_IS_TRIVIAL 1 + #endif + + extern YYSTYPE yylval; + ++#ifdef YYPARSE_PARAM ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void *YYPARSE_PARAM); ++#else ++int yyparse (); ++#endif ++#else /* ! YYPARSE_PARAM */ ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void); ++#else ++int yyparse (); ++#endif ++#endif /* ! YYPARSE_PARAM */ ++ ++#endif /* !YY_YY_PAM_CONV_Y_H_INCLUDED */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/configure.in new/Linux-PAM-1.1.8/configure.in +--- old/Linux-PAM-1.1.8/configure.in 2013-09-18 14:30:13.000000000 +0200 ++++ new/Linux-PAM-1.1.8/configure.in 2015-01-09 14:28:29.000000000 +0100 +@@ -1,9 +1,8 @@ + dnl Process this file with autoconf to produce a configure script. +-AC_INIT ++AC_INIT([Linux-PAM], [1.1.8], , [Linux-PAM]) + AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y]) + AC_CONFIG_AUX_DIR([build-aux]) +-AM_INIT_AUTOMAKE("Linux-PAM", 1.1.8) +-LT_INIT([disable-static]) ++AM_INIT_AUTOMAKE + AC_PREREQ([2.61]) + AC_CONFIG_HEADERS([config.h]) + AC_CONFIG_MACRO_DIR([m4]) +@@ -58,6 +57,11 @@ + + fi + ++dnl This should be called before any macros that run the C compiler. ++AC_USE_SYSTEM_EXTENSIONS ++ ++LT_INIT([disable-static]) ++ + dnl + dnl check if we should link everything static into libpam + dnl +@@ -76,7 +80,6 @@ + AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) + + dnl Checks for programs. +-AC_USE_SYSTEM_EXTENSIONS + AC_PROG_CC + AC_PROG_YACC + AM_PROG_LEX +@@ -141,6 +144,15 @@ + AC_MSG_RESULT([$CC_FOR_BUILD]) + AC_SUBST(CC_FOR_BUILD) + ++if test "x${BUILD_CPPFLAGS+set}" != "xset" ; then ++ if test "x$cross_compiling" = "xyes" ; then ++ BUILD_CPPFLAGS= ++ else ++ BUILD_CPPFLAGS=${CPPFLAGS} ++ fi ++fi ++AC_SUBST(BUILD_CPPFLAGS) ++ + if test "x${BUILD_CFLAGS+set}" != "xset" ; then + if test "x$cross_compiling" = "xyes" ; then + BUILD_CFLAGS= +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/adg/Makefile.am new/Linux-PAM-1.1.8/doc/adg/Makefile.am +--- old/Linux-PAM-1.1.8/doc/adg/Makefile.am 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/adg/Makefile.am 2015-01-09 14:28:29.000000000 +0100 +@@ -57,20 +57,26 @@ + $(mkinstalldirs) $(DESTDIR)$(docdir) + $(mkinstalldirs) $(DESTDIR)$(pdfdir) + $(mkinstalldirs) $(DESTDIR)$(htmldir) +- test -f html/Linux-PAM_ADG.html || exit 0; \ ++ if test -f html/Linux-PAM_ADG.html; then \ + $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \ +- $(DESTDIR)$(htmldir)/ || \ ++ $(DESTDIR)$(htmldir)/; \ ++ elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \ + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \ +- $(srcdir)/html/sag-*.html \ +- $(DESTDIR)$(htmldir)/ +- test -f Linux-PAM_ADG.txt || exit 0; \ +- $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \ ++ $(srcdir)/html/adg-*.html \ ++ $(DESTDIR)$(htmldir)/; \ ++ fi ++ if test -f Linux-PAM_ADG.txt; then \ ++ $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/; \ ++ elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \ +- $(DESTDIR)$(docdir)/ +- test -f Linux-PAM_ADG.pdf || exit 0; \ +- $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \ ++ $(DESTDIR)$(docdir)/; \ ++ fi ++ if test -f Linux-PAM_ADG.pdf; then \ ++ $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/; \ ++ elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \ +- $(DESTDIR)$(pdfdir)/ ++ $(DESTDIR)$(pdfdir)/; \ ++ fi + + uninstall-local: + -rm $(DESTDIR)$(htmldir)/Linux-PAM_ADG.html +@@ -80,19 +86,28 @@ + + releasedocs: all + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html +- test -f html/Linux-PAM_ADG.html || exit 0; \ ++ if test -f html/Linux-PAM_ADG.html; then \ + cp -ap html/Linux-PAM_ADG.html html/adg-*.html \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \ ++ elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \ + cp -ap $(srcdir)/html/Linux-PAM_ADG.html \ + $(srcdir)/html/adg-*.html \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ +- test -f Linux-PAM_ADG.txt || exit 0; \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \ ++ else exit 1; \ ++ fi ++ if test -f Linux-PAM_ADG.txt; then \ + cp -p Linux-PAM_ADG.txt \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ ++ elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \ + cp -p $(srcdir)/Linux-PAM_ADG.txt \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ +- test -f Linux-PAM_ADG.pdf || exit 0; \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ ++ else exit 1; \ ++ fi ++ if test -f Linux-PAM_ADG.pdf; then \ + cp -p Linux-PAM_ADG.pdf \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ ++ elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \ + cp -p $(srcdir)/Linux-PAM_ADG.pdf \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ ++ else exit 1; \ ++ fi +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/Makefile.am new/Linux-PAM-1.1.8/doc/man/Makefile.am +--- old/Linux-PAM-1.1.8/doc/man/Makefile.am 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/Makefile.am 2015-01-09 14:28:29.000000000 +0100 +@@ -49,6 +49,10 @@ + PAM.8: pam.8 + pam_get_authtok_noverify.3: pam_get_authtok.3 + pam_get_authtok_verify.3: pam_get_authtok.3 ++pam_verror.3: pam_error.3 ++pam_vinfo.3: pam_info.3 ++pam_vprompt.3: pam_prompt.3 ++pam_vsyslog.3: pam_syslog.3 + pam.d.5: pam.conf.5 + test -f $(srcdir)/pam\\.d.5 && mv $(srcdir)/pam\\.d.5 $(srcdir)/pam.d.5 ||: + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/misc_conv.3 new/Linux-PAM-1.1.8/doc/man/misc_conv.3 +--- old/Linux-PAM-1.1.8/doc/man/misc_conv.3 2013-09-19 10:02:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/misc_conv.3 2015-01-09 14:33:00.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: misc_conv + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "MISC_CONV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "MISC_CONV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam.3 new/Linux-PAM-1.1.8/doc/man/pam.3 +--- old/Linux-PAM-1.1.8/doc/man/pam.3 2013-09-19 10:02:25.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam.3 2015-01-09 14:32:51.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/PAM.8 new/Linux-PAM-1.1.8/doc/man/PAM.8 +--- old/Linux-PAM-1.1.8/doc/man/PAM.8 2013-09-19 10:02:25.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/PAM.8 2015-01-09 14:32:52.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 new/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 2013-09-19 10:02:26.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 2015-01-09 14:32:53.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_acct_mgmt + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ACCT_MGMT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ACCT_MGMT" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 2013-09-19 10:02:26.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 2015-01-09 14:32:53.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_authenticate + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_AUTHENTICATE" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_AUTHENTICATE" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -44,7 +44,7 @@ + \fBpam_authenticate\fR + function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&. + .PP +-The PAM service module may request that the user enter their username vio the the conversation mechanism (see ++The PAM service module may request that the user enter their username via the conversation mechanism (see + \fBpam_start\fR(3) + and + \fBpam_conv\fR(3))\&. The name of the authenticated user will be present in the PAM item PAM_USER\&. This item may be recovered with a call to +@@ -82,7 +82,7 @@ + For some reason the application does not have sufficient credentials to authenticate the user\&. + .RE + .PP +-PAM_AUTHINFO_UNVAIL ++PAM_AUTHINFO_UNAVAIL + .RS 4 + The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&. + .RE +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml +--- old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml 2015-01-09 14:28:29.000000000 +0100 +@@ -37,7 +37,7 @@ + + + The PAM service module may request that the user enter their +- username vio the the conversation mechanism (see ++ username via the conversation mechanism (see + + pam_start3 + and +@@ -109,7 +109,7 @@ + + + +- PAM_AUTHINFO_UNVAIL ++ PAM_AUTHINFO_UNAVAIL + + + The modules were not able to access the authentication +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 new/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 2013-09-19 10:02:27.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 2015-01-09 14:32:53.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_chauthtok + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_CHAUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_CHAUTHTOK" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_close_session.3 new/Linux-PAM-1.1.8/doc/man/pam_close_session.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_close_session.3 2013-09-19 10:02:27.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_close_session.3 2015-01-09 14:32:53.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_close_session + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_CLOSE_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_CLOSE_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam.conf.5 new/Linux-PAM-1.1.8/doc/man/pam.conf.5 +--- old/Linux-PAM-1.1.8/doc/man/pam.conf.5 2013-09-19 10:02:26.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam.conf.5 2015-01-09 14:32:52.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam.conf + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_conv.3 new/Linux-PAM-1.1.8/doc/man/pam_conv.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_conv.3 2013-09-19 10:02:27.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_conv.3 2015-01-09 14:32:53.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_conv + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_CONV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_CONV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_end.3 new/Linux-PAM-1.1.8/doc/man/pam_end.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_end.3 2013-09-19 10:02:27.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_end.3 2015-01-09 14:32:54.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_end + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_END" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_END" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_error.3 new/Linux-PAM-1.1.8/doc/man/pam_error.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_error.3 2013-09-19 10:02:28.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_error.3 2015-01-09 14:32:54.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_error + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ERROR" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ERROR" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 new/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 2013-09-19 10:02:28.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 2015-01-09 14:32:54.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_fail_delay + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_FAIL_DELAY" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_FAIL_DELAY" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 new/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 2013-09-19 10:02:28.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 2015-01-09 14:32:54.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_get_authtok + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_GET_AUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GET_AUTHTOK" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_data.3 new/Linux-PAM-1.1.8/doc/man/pam_get_data.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_get_data.3 2013-09-19 10:02:29.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_get_data.3 2015-01-09 14:32:55.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_get_data + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_GET_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GET_DATA" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_getenv.3 new/Linux-PAM-1.1.8/doc/man/pam_getenv.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_getenv.3 2013-09-19 10:02:29.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_getenv.3 2015-01-09 14:32:55.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_getenv + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_GETENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GETENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 new/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 2013-09-19 10:02:29.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 2015-01-09 14:32:56.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_getenvlist + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_GETENVLIST" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GETENVLIST" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_item.3 new/Linux-PAM-1.1.8/doc/man/pam_get_item.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_get_item.3 2013-09-19 10:02:29.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_get_item.3 2015-01-09 14:32:55.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_get_item + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_GET_ITEM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GET_ITEM" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_user.3 new/Linux-PAM-1.1.8/doc/man/pam_get_user.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_get_user.3 2013-09-19 10:02:29.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_get_user.3 2015-01-09 14:32:55.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_get_user + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_GET_USER" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_GET_USER" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_info.3 new/Linux-PAM-1.1.8/doc/man/pam_info.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_info.3 2013-09-19 10:02:30.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_info.3 2015-01-09 14:32:56.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_info + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_INFO" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_INFO" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 new/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 2013-09-19 10:02:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 2015-01-09 14:33:01.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_misc_drop_env + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_MISC_DROP_ENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_MISC_DROP_ENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 new/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 2013-09-19 10:02:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 2015-01-09 14:33:00.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_misc_paste_env + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_MISC_PASTE_ENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_MISC_PASTE_ENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 new/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 2013-09-19 10:02:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 2015-01-09 14:33:01.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_misc_setenv + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_MISC_SETENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_MISC_SETENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_open_session.3 new/Linux-PAM-1.1.8/doc/man/pam_open_session.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_open_session.3 2013-09-19 10:02:30.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_open_session.3 2015-01-09 14:32:56.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_open_session + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_OPEN_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_OPEN_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_prompt.3 new/Linux-PAM-1.1.8/doc/man/pam_prompt.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_prompt.3 2013-09-19 10:02:30.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_prompt.3 2015-01-09 14:32:56.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_prompt + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_PROMPT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_PROMPT" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -36,10 +36,10 @@ + #include + .fi + .ft +-.HP \w'void\ pam_prompt('u +-.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" +-.HP \w'void\ pam_vprompt('u +-.BI "void pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" ++.HP \w'int\ pam_prompt('u ++.BI "int pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" ++.HP \w'int\ pam_vprompt('u ++.BI "int pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" + .SH "DESCRIPTION" + .PP + The +@@ -61,7 +61,7 @@ + .PP + PAM_SUCCESS + .RS 4 +-Transaction was successful created\&. ++Conversation succeded, response is set\&. + .RE + .PP + PAM_SYSTEM_ERR +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml new/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml +--- old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml 2015-01-09 14:28:29.000000000 +0100 +@@ -22,7 +22,7 @@ + + #include <security/pam_ext.h> + +- void pam_prompt ++ int pam_prompt + pam_handle_t *pamh + int style + char **response +@@ -30,7 +30,7 @@ + ... + + +- void pam_vprompt ++ int pam_vprompt + pam_handle_t *pamh + int style + char **response +@@ -75,7 +75,7 @@ + PAM_SUCCESS + + +- Transaction was successful created. ++ Conversation succeded, response is set. + + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_putenv.3 new/Linux-PAM-1.1.8/doc/man/pam_putenv.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_putenv.3 2013-09-19 10:02:31.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_putenv.3 2015-01-09 14:32:57.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_putenv + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_PUTENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_PUTENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_setcred.3 new/Linux-PAM-1.1.8/doc/man/pam_setcred.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_setcred.3 2013-09-19 10:02:31.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_setcred.3 2015-01-09 14:32:58.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_setcred + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SETCRED" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SETCRED" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_set_data.3 new/Linux-PAM-1.1.8/doc/man/pam_set_data.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_set_data.3 2013-09-19 10:02:31.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_set_data.3 2015-01-09 14:32:57.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_set_data + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SET_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SET_DATA" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_set_item.3 new/Linux-PAM-1.1.8/doc/man/pam_set_item.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_set_item.3 2013-09-19 10:02:31.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_set_item.3 2015-01-09 14:32:57.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_set_item + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SET_ITEM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SET_ITEM" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 2013-09-19 10:02:32.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 2015-01-09 14:32:58.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_sm_acct_mgmt + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SM_ACCT_MGMT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SM_ACCT_MGMT" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 2013-09-19 10:02:32.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 2015-01-09 14:32:58.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_sm_authenticate + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SM_AUTHENTICATE" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SM_AUTHENTICATE" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 2013-09-19 10:02:33.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 2015-01-09 14:32:59.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_sm_chauthtok + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SM_CHAUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SM_CHAUTHTOK" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 2013-09-19 10:02:32.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 2015-01-09 14:32:59.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_sm_close_session + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SM_CLOSE_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SM_CLOSE_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 2013-09-19 10:02:32.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 2015-01-09 14:32:59.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_sm_open_session + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SM_OPEN_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SM_OPEN_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 2013-09-19 10:02:33.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 2015-01-09 14:32:59.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_sm_setcred + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SM_SETCRED" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SM_SETCRED" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_start.3 new/Linux-PAM-1.1.8/doc/man/pam_start.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_start.3 2013-09-19 10:02:33.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_start.3 2015-01-09 14:33:00.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_start + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_START" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_START" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_strerror.3 new/Linux-PAM-1.1.8/doc/man/pam_strerror.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_strerror.3 2013-09-19 10:02:33.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_strerror.3 2015-01-09 14:33:00.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_strerror + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_STRERROR" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_STRERROR" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_syslog.3 new/Linux-PAM-1.1.8/doc/man/pam_syslog.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_syslog.3 2013-09-19 10:02:31.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_syslog.3 2015-01-09 14:32:57.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_syslog + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SYSLOG" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_SYSLOG" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 new/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 +--- old/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 2013-09-19 10:02:28.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 2015-01-09 14:32:54.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_xauth_data + .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_XAUTH_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_XAUTH_DATA" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/mwg/Makefile.am new/Linux-PAM-1.1.8/doc/mwg/Makefile.am +--- old/Linux-PAM-1.1.8/doc/mwg/Makefile.am 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/mwg/Makefile.am 2015-01-09 14:28:29.000000000 +0100 +@@ -57,20 +57,26 @@ + $(mkinstalldirs) $(DESTDIR)$(docdir) + $(mkinstalldirs) $(DESTDIR)$(pdfdir) + $(mkinstalldirs) $(DESTDIR)$(htmldir) +- test -f html/Linux-PAM_MWG.html || exit 0; \ ++ if test -f html/Linux-PAM_MWG.html; then \ + $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \ +- $(DESTDIR)$(htmldir)/ || \ ++ $(DESTDIR)$(htmldir)/; \ ++ elif test -f $(srcdir)/html/Linux-PAM_MWG.html; then \ + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \ +- $(srcdir)/html/sag-*.html \ +- $(DESTDIR)$(htmldir)/ +- test -f Linux-PAM_MWG.txt || exit 0; \ +- $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \ ++ $(srcdir)/html/mwg-*.html \ ++ $(DESTDIR)$(htmldir)/; \ ++ fi ++ if test -f Linux-PAM_MWG.txt; then \ ++ $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/; \ ++ elif test -f $(srcdir)/Linux-PAM_MWG.txt; then \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \ +- $(DESTDIR)$(docdir)/ +- test -f Linux-PAM_MWG.pdf || exit 0; \ +- $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \ ++ $(DESTDIR)$(docdir)/; \ ++ fi ++ if test -f Linux-PAM_MWG.pdf; then \ ++ $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/; \ ++ elif test -f $(srcdir)/Linux-PAM_MWG.pdf; then \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \ +- $(DESTDIR)$(pdfdir)/ ++ $(DESTDIR)$(pdfdir)/; \ ++ fi + + uninstall-local: + -rm $(DESTDIR)$(htmldir)/Linux-PAM_MWG.html +@@ -80,19 +86,28 @@ + + releasedocs: all + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html +- test -f html/Linux-PAM_MWG.html || exit 0; \ ++ if test -f html/Linux-PAM_MWG.html; then \ + cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/; \ ++ elif test -f $(srcdir)/html/Linux-PAM_MWG.html; then \ + cp -ap $(srcdir)/html/Linux-PAM_MWG.html \ + $(srcdir)/html/mwg-*.html \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ +- test -f Linux-PAM_MWG.txt || exit 0; \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/; \ ++ else exit 1; \ ++ fi ++ if test -f Linux-PAM_MWG.txt; then \ + cp -p Linux-PAM_MWG.txt \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ ++ elif test -f $(srcdir)/Linux-PAM_MWG.txt; then \ + cp -p $(srcdir)/Linux-PAM_MWG.txt \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ +- test -f Linux-PAM_MWG.pdf || exit 0; \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ ++ else exit 1; \ ++ fi ++ if test -f Linux-PAM_MWG.pdf; then \ + cp -p Linux-PAM_MWG.pdf \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ ++ elif test -f $(srcdir)/Linux-PAM_MWG.pdf; then \ + cp -p $(srcdir)/Linux-PAM_MWG.pdf \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ ++ else exit 1; \ ++ fi +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/sag/Makefile.am new/Linux-PAM-1.1.8/doc/sag/Makefile.am +--- old/Linux-PAM-1.1.8/doc/sag/Makefile.am 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/sag/Makefile.am 2015-01-09 14:28:29.000000000 +0100 +@@ -57,20 +57,26 @@ + $(mkinstalldirs) $(DESTDIR)$(docdir) + $(mkinstalldirs) $(DESTDIR)$(pdfdir) + $(mkinstalldirs) $(DESTDIR)$(htmldir) +- test -f html/Linux-PAM_SAG.html || exit 0; \ ++ if test -f html/Linux-PAM_SAG.html; then \ + $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \ +- $(DESTDIR)$(htmldir)/ || \ ++ $(DESTDIR)$(htmldir)/; \ ++ elif test -f $(srcdir)/html/Linux-PAM_SAG.html; then \ + $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \ + $(srcdir)/html/sag-*.html \ +- $(DESTDIR)$(htmldir)/ +- test -f Linux-PAM_SAG.txt || exit 0; \ +- $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \ ++ $(DESTDIR)$(htmldir)/; \ ++ fi ++ if test -f Linux-PAM_SAG.txt; then \ ++ $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/; \ ++ elif test -f $(srcdir)/Linux-PAM_SAG.txt; then \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \ +- $(DESTDIR)$(docdir)/ +- test -f Linux-PAM_SAG.pdf || exit 0; \ +- $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \ ++ $(DESTDIR)$(docdir)/; \ ++ fi ++ if test -f Linux-PAM_SAG.pdf; then \ ++ $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/; \ ++ elif test -f $(srcdir)/Linux-PAM_SAG.pdf; then \ + $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \ +- $(DESTDIR)$(pdfdir)/ ++ $(DESTDIR)$(pdfdir)/; \ ++ fi + + uninstall-local: + -rm $(DESTDIR)$(htmldir)/Linux-PAM_SAG.html +@@ -80,19 +86,28 @@ + + releasedocs: all + $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html +- test -f html/Linux-PAM_SAG.html || exit 0; \ ++ if test -f html/Linux-PAM_SAG.html; then \ + cp -ap html/Linux-PAM_SAG.html html/sag-*.html \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/; \ ++ elif test -f $(srcdir)/html/Linux-PAM_SAG.html; then \ + cp -ap $(srcdir)/html/Linux-PAM_SAG.html \ + $(srcdir)/html/sag-*.html \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ +- test -f Linux-PAM_SAG.txt || exit 0; \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/; \ ++ else exit 1; \ ++ fi ++ if test -f Linux-PAM_SAG.txt; then \ + cp -p Linux-PAM_SAG.txt \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ ++ elif test -f $(srcdir)/Linux-PAM_SAG.txt; then \ + cp -p $(srcdir)/Linux-PAM_SAG.txt \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ +- test -f Linux-PAM_SAG.pdf || exit 0; \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ ++ else exit 1; \ ++ fi ++ if test -f Linux-PAM_SAG.pdf; then \ + cp -p Linux-PAM_SAG.pdf \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ ++ elif test -f $(srcdir)/Linux-PAM_SAG.pdf; then \ + cp -p $(srcdir)/Linux-PAM_SAG.pdf \ +- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ ++ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ ++ else exit 1; \ ++ fi +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/Makefile.am new/Linux-PAM-1.1.8/doc/specs/Makefile.am +--- old/Linux-PAM-1.1.8/doc/specs/Makefile.am 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/specs/Makefile.am 2015-01-09 14:28:29.000000000 +0100 +@@ -12,6 +12,7 @@ + AM_YFLAGS = -d + + CC = @CC_FOR_BUILD@ ++CPPFLAGS = @BUILD_CPPFLAGS@ + CFLAGS = @BUILD_CFLAGS@ + LDFLAGS = @BUILD_LDFLAGS@ + +@@ -21,6 +22,4 @@ + + padout_SOURCES = parse_l.l parse_y.y + +-padout_LDADD = @LEXLIB@ +- + doc_DATA = draft-morgan-pam-current.txt rfc86.0.txt +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_l.c new/Linux-PAM-1.1.8/doc/specs/parse_l.c +--- old/Linux-PAM-1.1.8/doc/specs/parse_l.c 2013-09-19 10:02:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/specs/parse_l.c 2015-01-09 14:33:01.000000000 +0100 +@@ -8,7 +8,7 @@ + #define FLEX_SCANNER + #define YY_FLEX_MAJOR_VERSION 2 + #define YY_FLEX_MINOR_VERSION 5 +-#define YY_FLEX_SUBMINOR_VERSION 35 ++#define YY_FLEX_SUBMINOR_VERSION 37 + #if YY_FLEX_SUBMINOR_VERSION > 0 + #define FLEX_BETA + #endif +@@ -53,7 +53,6 @@ + typedef unsigned char flex_uint8_t; + typedef unsigned short int flex_uint16_t; + typedef unsigned int flex_uint32_t; +-#endif /* ! C99 */ + + /* Limits of integral types. */ + #ifndef INT8_MIN +@@ -84,6 +83,8 @@ + #define UINT32_MAX (4294967295U) + #endif + ++#endif /* ! C99 */ ++ + #endif /* ! FLEXINT_H */ + + #ifdef __cplusplus +@@ -152,7 +153,12 @@ + typedef struct yy_buffer_state *YY_BUFFER_STATE; + #endif + +-extern int yyleng; ++#ifndef YY_TYPEDEF_YY_SIZE_T ++#define YY_TYPEDEF_YY_SIZE_T ++typedef size_t yy_size_t; ++#endif ++ ++extern yy_size_t yyleng; + + extern FILE *yyin, *yyout; + +@@ -178,11 +184,6 @@ + + #define unput(c) yyunput( c, (yytext_ptr) ) + +-#ifndef YY_TYPEDEF_YY_SIZE_T +-#define YY_TYPEDEF_YY_SIZE_T +-typedef size_t yy_size_t; +-#endif +- + #ifndef YY_STRUCT_YY_BUFFER_STATE + #define YY_STRUCT_YY_BUFFER_STATE + struct yy_buffer_state +@@ -200,7 +201,7 @@ + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ +- int yy_n_chars; ++ yy_size_t yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to +@@ -270,8 +271,8 @@ + + /* yy_hold_char holds the character lost when yytext is formed. */ + static char yy_hold_char; +-static int yy_n_chars; /* number of characters read into yy_ch_buf */ +-int yyleng; ++static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ ++yy_size_t yyleng; + + /* Points to current character in buffer. */ + static char *yy_c_buf_p = (char *) 0; +@@ -299,7 +300,7 @@ + + YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); + YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); +-YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); ++YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); + + void *yyalloc (yy_size_t ); + void *yyrealloc (void *,yy_size_t ); +@@ -331,6 +332,9 @@ + + /* Begin user sect3 */ + ++#define yywrap() 1 ++#define YY_SKIP_YYWRAP ++ + typedef unsigned char YY_CHAR; + + FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; +@@ -465,7 +469,7 @@ + #include + + #include "parse_y.h" +-#line 469 "parse_l.c" ++#line 473 "parse_l.c" + + #define INITIAL 0 + +@@ -504,7 +508,7 @@ + + void yyset_out (FILE * out_str ); + +-int yyget_leng (void ); ++yy_size_t yyget_leng (void ); + + char *yyget_text (void ); + +@@ -554,7 +558,7 @@ + /* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +-#define ECHO fwrite( yytext, yyleng, 1, yyout ) ++#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) + #endif + + /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, +@@ -565,7 +569,7 @@ + if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ + { \ + int c = '*'; \ +- int n; \ ++ size_t n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ +@@ -647,10 +651,10 @@ + register char *yy_cp, *yy_bp; + register int yy_act; + +-#line 11 "parse_l.l" ++#line 12 "parse_l.l" + + +-#line 654 "parse_l.c" ++#line 658 "parse_l.c" + + if ( !(yy_init) ) + { +@@ -735,46 +739,46 @@ + + case 1: + YY_RULE_SETUP +-#line 13 "parse_l.l" ++#line 14 "parse_l.l" + return NEW_COUNTER; + YY_BREAK + case 2: + YY_RULE_SETUP +-#line 14 "parse_l.l" ++#line 15 "parse_l.l" + return LABEL; + YY_BREAK + case 3: + YY_RULE_SETUP +-#line 15 "parse_l.l" ++#line 16 "parse_l.l" + return NO_INDENT; + YY_BREAK + case 4: + YY_RULE_SETUP +-#line 16 "parse_l.l" ++#line 17 "parse_l.l" + return RIGHT; + YY_BREAK + case 5: + YY_RULE_SETUP +-#line 17 "parse_l.l" ++#line 18 "parse_l.l" + return HASH; + YY_BREAK + case 6: + YY_RULE_SETUP +-#line 18 "parse_l.l" ++#line 19 "parse_l.l" + return CHAR; + YY_BREAK + case 7: + /* rule 7 can match eol */ + YY_RULE_SETUP +-#line 19 "parse_l.l" ++#line 20 "parse_l.l" + return NEWLINE; + YY_BREAK + case 8: + YY_RULE_SETUP +-#line 21 "parse_l.l" ++#line 22 "parse_l.l" + ECHO; + YY_BREAK +-#line 778 "parse_l.c" ++#line 782 "parse_l.c" + case YY_STATE_EOF(INITIAL): + yyterminate(); + +@@ -960,21 +964,21 @@ + + else + { +- int num_to_read = ++ yy_size_t num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ + + /* just a shorter name for the current buffer */ +- YY_BUFFER_STATE b = YY_CURRENT_BUFFER; ++ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; + + int yy_c_buf_p_offset = + (int) ((yy_c_buf_p) - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { +- int new_size = b->yy_buf_size * 2; ++ yy_size_t new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; +@@ -1005,7 +1009,7 @@ + + /* Read in more data. */ + YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), +- (yy_n_chars), (size_t) num_to_read ); ++ (yy_n_chars), num_to_read ); + + YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); + } +@@ -1100,7 +1104,7 @@ + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 18); + +- return yy_is_jam ? 0 : yy_current_state; ++ return yy_is_jam ? 0 : yy_current_state; + } + + static void yyunput (int c, register char * yy_bp ) +@@ -1115,7 +1119,7 @@ + if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ +- register int number_to_move = (yy_n_chars) + 2; ++ register yy_size_t number_to_move = (yy_n_chars) + 2; + register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; + register char *source = +@@ -1164,7 +1168,7 @@ + + else + { /* need more input */ +- int offset = (yy_c_buf_p) - (yytext_ptr); ++ yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); + ++(yy_c_buf_p); + + switch ( yy_get_next_buffer( ) ) +@@ -1324,10 +1328,6 @@ + yyfree((void *) b ); + } + +-#ifndef __cplusplus +-extern int isatty (int ); +-#endif /* __cplusplus */ +- + /* Initializes or reinitializes a buffer. + * This function is sometimes called more than once on the same buffer, + * such as during a yyrestart() or at EOF. +@@ -1440,7 +1440,7 @@ + */ + static void yyensure_buffer_stack (void) + { +- int num_to_alloc; ++ yy_size_t num_to_alloc; + + if (!(yy_buffer_stack)) { + +@@ -1532,12 +1532,12 @@ + + /** Setup the input buffer state to scan the given bytes. The next call to yylex() will + * scan from a @e copy of @a bytes. +- * @param bytes the byte buffer to scan +- * @param len the number of bytes in the buffer pointed to by @a bytes. ++ * @param yybytes the byte buffer to scan ++ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. + * + * @return the newly allocated buffer state object. + */ +-YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) ++YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) + { + YY_BUFFER_STATE b; + char *buf; +@@ -1624,7 +1624,7 @@ + /** Get the length of the current token. + * + */ +-int yyget_leng (void) ++yy_size_t yyget_leng (void) + { + return yyleng; + } +@@ -1772,7 +1772,7 @@ + + #define YYTABLES_NAME "yytables" + +-#line 21 "parse_l.l" ++#line 22 "parse_l.l" + + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_l.l new/Linux-PAM-1.1.8/doc/specs/parse_l.l +--- old/Linux-PAM-1.1.8/doc/specs/parse_l.l 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/specs/parse_l.l 2015-01-09 14:28:29.000000000 +0100 +@@ -8,6 +8,7 @@ + #include "parse_y.h" + %} + ++%option noyywrap + %% + + \#[\$]+[a-zA-Z]*(\=[0-9]+)? return NEW_COUNTER; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_y.c new/Linux-PAM-1.1.8/doc/specs/parse_y.c +--- old/Linux-PAM-1.1.8/doc/specs/parse_y.c 2013-09-19 10:02:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/specs/parse_y.c 2015-01-09 14:33:01.000000000 +0100 +@@ -1,24 +1,21 @@ +-/* A Bison parser, made by GNU Bison 2.3. */ ++/* A Bison parser, made by GNU Bison 2.7. */ + +-/* Skeleton implementation for Bison's Yacc-like parsers in C +- +- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +- Free Software Foundation, Inc. +- +- This program is free software; you can redistribute it and/or modify ++/* Bison implementation for Yacc-like parsers in C ++ ++ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. ++ ++ This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2, or (at your option) +- any later version. +- ++ the Free Software Foundation, either version 3 of the License, or ++ (at your option) any later version. ++ + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +- ++ + You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software +- Foundation, Inc., 51 Franklin Street, Fifth Floor, +- Boston, MA 02110-1301, USA. */ ++ along with this program. If not, see . */ + + /* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work +@@ -29,7 +26,7 @@ + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. +- ++ + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +@@ -47,7 +44,7 @@ + #define YYBISON 1 + + /* Bison version. */ +-#define YYBISON_VERSION "2.3" ++#define YYBISON_VERSION "2.7" + + /* Skeleton name. */ + #define YYSKELETON_NAME "yacc.c" +@@ -55,39 +52,17 @@ + /* Pure parsers. */ + #define YYPURE 0 + +-/* Using locations. */ +-#define YYLSP_NEEDED 0 +- +- ++/* Push parsers. */ ++#define YYPUSH 0 + +-/* Tokens. */ +-#ifndef YYTOKENTYPE +-# define YYTOKENTYPE +- /* Put the tokens into the symbol table, so that GDB and other debuggers +- know about them. */ +- enum yytokentype { +- NEW_COUNTER = 258, +- LABEL = 259, +- HASH = 260, +- CHAR = 261, +- NEWLINE = 262, +- NO_INDENT = 263, +- RIGHT = 264 +- }; +-#endif +-/* Tokens. */ +-#define NEW_COUNTER 258 +-#define LABEL 259 +-#define HASH 260 +-#define CHAR 261 +-#define NEWLINE 262 +-#define NO_INDENT 263 +-#define RIGHT 264 ++/* Pull parsers. */ ++#define YYPULL 1 + + + + + /* Copy the first part of user declarations. */ ++/* Line 371 of yacc.c */ + #line 2 "parse_y.y" + + #ifdef HAVE_CONFIG_H +@@ -113,11 +88,16 @@ + extern void set_label(const char *label, const char *target); + char *new_counter(const char *key); + ++/* Line 371 of yacc.c */ ++#line 93 "parse_y.c" + +-/* Enabling traces. */ +-#ifndef YYDEBUG +-# define YYDEBUG 0 +-#endif ++# ifndef YY_NULL ++# if defined __cplusplus && 201103L <= __cplusplus ++# define YY_NULL nullptr ++# else ++# define YY_NULL 0 ++# endif ++# endif + + /* Enabling verbose error messages. */ + #ifdef YYERROR_VERBOSE +@@ -127,33 +107,84 @@ + # define YYERROR_VERBOSE 0 + #endif + +-/* Enabling the token table. */ +-#ifndef YYTOKEN_TABLE +-# define YYTOKEN_TABLE 0 ++/* In a future release of Bison, this section will be replaced ++ by #include "y.tab.h". */ ++#ifndef YY_YY_PARSE_Y_H_INCLUDED ++# define YY_YY_PARSE_Y_H_INCLUDED ++/* Enabling traces. */ ++#ifndef YYDEBUG ++# define YYDEBUG 0 ++#endif ++#if YYDEBUG ++extern int yydebug; + #endif + ++/* Tokens. */ ++#ifndef YYTOKENTYPE ++# define YYTOKENTYPE ++ /* Put the tokens into the symbol table, so that GDB and other debuggers ++ know about them. */ ++ enum yytokentype { ++ NEW_COUNTER = 258, ++ LABEL = 259, ++ HASH = 260, ++ CHAR = 261, ++ NEWLINE = 262, ++ NO_INDENT = 263, ++ RIGHT = 264 ++ }; ++#endif ++/* Tokens. */ ++#define NEW_COUNTER 258 ++#define LABEL 259 ++#define HASH 260 ++#define CHAR 261 ++#define NEWLINE 262 ++#define NO_INDENT 263 ++#define RIGHT 264 ++ ++ ++ + #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED + typedef union YYSTYPE +-#line 27 "parse_y.y" + { ++/* Line 387 of yacc.c */ ++#line 27 "parse_y.y" ++ + int def; + char *string; +-} +-/* Line 187 of yacc.c. */ +-#line 144 "parse_y.c" +- YYSTYPE; ++ ++ ++/* Line 387 of yacc.c */ ++#line 160 "parse_y.c" ++} YYSTYPE; ++# define YYSTYPE_IS_TRIVIAL 1 + # define yystype YYSTYPE /* obsolescent; will be withdrawn */ + # define YYSTYPE_IS_DECLARED 1 +-# define YYSTYPE_IS_TRIVIAL 1 + #endif + ++extern YYSTYPE yylval; + ++#ifdef YYPARSE_PARAM ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void *YYPARSE_PARAM); ++#else ++int yyparse (); ++#endif ++#else /* ! YYPARSE_PARAM */ ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void); ++#else ++int yyparse (); ++#endif ++#endif /* ! YYPARSE_PARAM */ + +-/* Copy the second part of user declarations. */ ++#endif /* !YY_YY_PARSE_Y_H_INCLUDED */ + ++/* Copy the second part of user declarations. */ + +-/* Line 216 of yacc.c. */ +-#line 157 "parse_y.c" ++/* Line 390 of yacc.c */ ++#line 188 "parse_y.c" + + #ifdef short + # undef short +@@ -203,39 +234,39 @@ + #define YYSIZE_MAXIMUM ((YYSIZE_T) -1) + + #ifndef YY_ +-# if YYENABLE_NLS ++# if defined YYENABLE_NLS && YYENABLE_NLS + # if ENABLE_NLS + # include /* INFRINGES ON USER NAME SPACE */ +-# define YY_(msgid) dgettext ("bison-runtime", msgid) ++# define YY_(Msgid) dgettext ("bison-runtime", Msgid) + # endif + # endif + # ifndef YY_ +-# define YY_(msgid) msgid ++# define YY_(Msgid) Msgid + # endif + #endif + + /* Suppress unused-variable warnings by "using" E. */ + #if ! defined lint || defined __GNUC__ +-# define YYUSE(e) ((void) (e)) ++# define YYUSE(E) ((void) (E)) + #else +-# define YYUSE(e) /* empty */ ++# define YYUSE(E) /* empty */ + #endif + + /* Identity function, used to suppress warnings about constant conditions. */ + #ifndef lint +-# define YYID(n) (n) ++# define YYID(N) (N) + #else + #if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + static int +-YYID (int i) ++YYID (int yyi) + #else + static int +-YYID (i) +- int i; ++YYID (yyi) ++ int yyi; + #endif + { +- return i; ++ return yyi; + } + #endif + +@@ -256,11 +287,12 @@ + # define alloca _alloca + # else + # define YYSTACK_ALLOC alloca +-# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ ++# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + # include /* INFRINGES ON USER NAME SPACE */ +-# ifndef _STDLIB_H +-# define _STDLIB_H 1 ++ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ ++# ifndef EXIT_SUCCESS ++# define EXIT_SUCCESS 0 + # endif + # endif + # endif +@@ -283,24 +315,24 @@ + # ifndef YYSTACK_ALLOC_MAXIMUM + # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM + # endif +-# if (defined __cplusplus && ! defined _STDLIB_H \ ++# if (defined __cplusplus && ! defined EXIT_SUCCESS \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) + # include /* INFRINGES ON USER NAME SPACE */ +-# ifndef _STDLIB_H +-# define _STDLIB_H 1 ++# ifndef EXIT_SUCCESS ++# define EXIT_SUCCESS 0 + # endif + # endif + # ifndef YYMALLOC + # define YYMALLOC malloc +-# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ ++# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ + # endif + # endif + # ifndef YYFREE + # define YYFREE free +-# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ ++# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + void free (void *); /* INFRINGES ON USER NAME SPACE */ + # endif +@@ -316,9 +348,9 @@ + /* A type that is properly aligned for any stack member. */ + union yyalloc + { +- yytype_int16 yyss; +- YYSTYPE yyvs; +- }; ++ yytype_int16 yyss_alloc; ++ YYSTYPE yyvs_alloc; ++}; + + /* The size of the maximum gap between one aligned stack and the next. */ + # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) +@@ -329,35 +361,19 @@ + ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +-/* Copy COUNT objects from FROM to TO. The source and destination do +- not overlap. */ +-# ifndef YYCOPY +-# if defined __GNUC__ && 1 < __GNUC__ +-# define YYCOPY(To, From, Count) \ +- __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +-# else +-# define YYCOPY(To, From, Count) \ +- do \ +- { \ +- YYSIZE_T yyi; \ +- for (yyi = 0; yyi < (Count); yyi++) \ +- (To)[yyi] = (From)[yyi]; \ +- } \ +- while (YYID (0)) +-# endif +-# endif ++# define YYCOPY_NEEDED 1 + + /* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +-# define YYSTACK_RELOCATE(Stack) \ ++# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ +- YYCOPY (&yyptr->Stack, Stack, yysize); \ +- Stack = &yyptr->Stack; \ ++ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ ++ Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ +@@ -365,6 +381,26 @@ + + #endif + ++#if defined YYCOPY_NEEDED && YYCOPY_NEEDED ++/* Copy COUNT objects from SRC to DST. The source and destination do ++ not overlap. */ ++# ifndef YYCOPY ++# if defined __GNUC__ && 1 < __GNUC__ ++# define YYCOPY(Dst, Src, Count) \ ++ __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src))) ++# else ++# define YYCOPY(Dst, Src, Count) \ ++ do \ ++ { \ ++ YYSIZE_T yyi; \ ++ for (yyi = 0; yyi < (Count); yyi++) \ ++ (Dst)[yyi] = (Src)[yyi]; \ ++ } \ ++ while (YYID (0)) ++# endif ++# endif ++#endif /* !YYCOPY_NEEDED */ ++ + /* YYFINAL -- State number of the termination state. */ + #define YYFINAL 2 + /* YYLAST -- Last index in YYTABLE. */ +@@ -445,13 +481,13 @@ + }; + #endif + +-#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE ++#if YYDEBUG || YYERROR_VERBOSE || 0 + /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ + static const char *const yytname[] = + { + "$end", "error", "$undefined", "NEW_COUNTER", "LABEL", "HASH", "CHAR", +- "NEWLINE", "NO_INDENT", "RIGHT", "$accept", "doc", "stuff", "text", 0 ++ "NEWLINE", "NO_INDENT", "RIGHT", "$accept", "doc", "stuff", "text", YY_NULL + }; + #endif + +@@ -478,8 +514,8 @@ + 1, 2, 1, 1, 1, 1 + }; + +-/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state +- STATE-NUM when YYTABLE doesn't specify something else to do. Zero ++/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM. ++ Performed when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ + static const yytype_uint8 yydefact[] = + { +@@ -510,8 +546,7 @@ + + /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which +- number is the opposite. If zero, do what YYDEFACT says. +- If YYTABLE_NINF, syntax error. */ ++ number is the opposite. If YYTABLE_NINF, syntax error. */ + #define YYTABLE_NINF -1 + static const yytype_uint8 yytable[] = + { +@@ -520,6 +555,12 @@ + 10, 16, 13, 14, 0, 0, 0, 17 + }; + ++#define yypact_value_is_default(Yystate) \ ++ (!!((Yystate) == (-3))) ++ ++#define yytable_value_is_error(Yytable_value) \ ++ YYID (0) ++ + static const yytype_int8 yycheck[] = + { + 0, 3, 4, 5, 6, 7, 8, 7, 3, 4, +@@ -547,78 +588,50 @@ + + /* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. +- Once GCC version 2 has supplanted version 1, this can go. */ ++ Once GCC version 2 has supplanted version 1, this can go. However, ++ YYFAIL appears to be in use. Nevertheless, it is formally deprecated ++ in Bison 2.4.2's NEWS entry, where a plan to phase it out is ++ discussed. */ + + #define YYFAIL goto yyerrlab ++#if defined YYFAIL ++ /* This is here to suppress warnings from the GCC cpp's ++ -Wunused-macros. Normally we don't worry about that warning, but ++ some users do, and we want to make it easy for users to remove ++ YYFAIL uses, which will produce warnings from Bison 2.5. */ ++#endif + + #define YYRECOVERING() (!!yyerrstatus) + +-#define YYBACKUP(Token, Value) \ +-do \ +- if (yychar == YYEMPTY && yylen == 1) \ +- { \ +- yychar = (Token); \ +- yylval = (Value); \ +- yytoken = YYTRANSLATE (yychar); \ +- YYPOPSTACK (1); \ +- goto yybackup; \ +- } \ +- else \ +- { \ ++#define YYBACKUP(Token, Value) \ ++do \ ++ if (yychar == YYEMPTY) \ ++ { \ ++ yychar = (Token); \ ++ yylval = (Value); \ ++ YYPOPSTACK (yylen); \ ++ yystate = *yyssp; \ ++ goto yybackup; \ ++ } \ ++ else \ ++ { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ + while (YYID (0)) + +- ++/* Error token number */ + #define YYTERROR 1 + #define YYERRCODE 256 + + +-/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. +- If N is 0, then set CURRENT to the empty location which ends +- the previous symbol: RHS[0] (always defined). */ +- +-#define YYRHSLOC(Rhs, K) ((Rhs)[K]) +-#ifndef YYLLOC_DEFAULT +-# define YYLLOC_DEFAULT(Current, Rhs, N) \ +- do \ +- if (YYID (N)) \ +- { \ +- (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ +- (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ +- (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ +- (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ +- } \ +- else \ +- { \ +- (Current).first_line = (Current).last_line = \ +- YYRHSLOC (Rhs, 0).last_line; \ +- (Current).first_column = (Current).last_column = \ +- YYRHSLOC (Rhs, 0).last_column; \ +- } \ +- while (YYID (0)) +-#endif +- +- +-/* YY_LOCATION_PRINT -- Print the location on the stream. +- This macro was not mandated originally: define only if we know +- we won't break user code: when these are the locations we know. */ +- ++/* This macro is provided for backward compatibility. */ + #ifndef YY_LOCATION_PRINT +-# if YYLTYPE_IS_TRIVIAL +-# define YY_LOCATION_PRINT(File, Loc) \ +- fprintf (File, "%d.%d-%d.%d", \ +- (Loc).first_line, (Loc).first_column, \ +- (Loc).last_line, (Loc).last_column) +-# else +-# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +-# endif ++# define YY_LOCATION_PRINT(File, Loc) ((void) 0) + #endif + + + /* YYLEX -- calling `yylex' with the right arguments. */ +- + #ifdef YYLEX_PARAM + # define YYLEX yylex (YYLEX_PARAM) + #else +@@ -668,6 +681,8 @@ + YYSTYPE const * const yyvaluep; + #endif + { ++ FILE *yyo = yyoutput; ++ YYUSE (yyo); + if (!yyvaluep) + return; + # ifdef YYPRINT +@@ -679,7 +694,7 @@ + switch (yytype) + { + default: +- break; ++ break; + } + } + +@@ -717,17 +732,20 @@ + #if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) + static void +-yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) ++yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) + #else + static void +-yy_stack_print (bottom, top) +- yytype_int16 *bottom; +- yytype_int16 *top; ++yy_stack_print (yybottom, yytop) ++ yytype_int16 *yybottom; ++ yytype_int16 *yytop; + #endif + { + YYFPRINTF (stderr, "Stack now"); +- for (; bottom <= top; ++bottom) +- YYFPRINTF (stderr, " %d", *bottom); ++ for (; yybottom <= yytop; yybottom++) ++ { ++ int yybot = *yybottom; ++ YYFPRINTF (stderr, " %d", yybot); ++ } + YYFPRINTF (stderr, "\n"); + } + +@@ -761,11 +779,11 @@ + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { +- fprintf (stderr, " $%d = ", yyi + 1); ++ YYFPRINTF (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], + &(yyvsp[(yyi + 1) - (yynrhs)]) + ); +- fprintf (stderr, "\n"); ++ YYFPRINTF (stderr, "\n"); + } + } + +@@ -802,7 +820,6 @@ + # define YYMAXDEPTH 10000 + #endif + +- + + #if YYERROR_VERBOSE + +@@ -905,115 +922,145 @@ + } + # endif + +-/* Copy into YYRESULT an error message about the unexpected token +- YYCHAR while in state YYSTATE. Return the number of bytes copied, +- including the terminating null byte. If YYRESULT is null, do not +- copy anything; just return the number of bytes that would be +- copied. As a special case, return 0 if an ordinary "syntax error" +- message will do. Return YYSIZE_MAXIMUM if overflow occurs during +- size calculation. */ +-static YYSIZE_T +-yysyntax_error (char *yyresult, int yystate, int yychar) ++/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message ++ about the unexpected token YYTOKEN for the state stack whose top is ++ YYSSP. ++ ++ Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is ++ not large enough to hold the message. In that case, also set ++ *YYMSG_ALLOC to the required number of bytes. Return 2 if the ++ required number of bytes is too large to store. */ ++static int ++yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, ++ yytype_int16 *yyssp, int yytoken) + { +- int yyn = yypact[yystate]; +- +- if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) +- return 0; +- else +- { +- int yytype = YYTRANSLATE (yychar); +- YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); +- YYSIZE_T yysize = yysize0; +- YYSIZE_T yysize1; +- int yysize_overflow = 0; +- enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; +- char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; +- int yyx; +- +-# if 0 +- /* This is so xgettext sees the translatable formats that are +- constructed on the fly. */ +- YY_("syntax error, unexpected %s"); +- YY_("syntax error, unexpected %s, expecting %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s or %s"); +- YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +-# endif +- char *yyfmt; +- char const *yyf; +- static char const yyunexpected[] = "syntax error, unexpected %s"; +- static char const yyexpecting[] = ", expecting %s"; +- static char const yyor[] = " or %s"; +- char yyformat[sizeof yyunexpected +- + sizeof yyexpecting - 1 +- + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) +- * (sizeof yyor - 1))]; +- char const *yyprefix = yyexpecting; +- +- /* Start YYX at -YYN if negative to avoid negative indexes in +- YYCHECK. */ +- int yyxbegin = yyn < 0 ? -yyn : 0; +- +- /* Stay within bounds of both yycheck and yytname. */ +- int yychecklim = YYLAST - yyn + 1; +- int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; +- int yycount = 1; +- +- yyarg[0] = yytname[yytype]; +- yyfmt = yystpcpy (yyformat, yyunexpected); +- +- for (yyx = yyxbegin; yyx < yyxend; ++yyx) +- if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) +- { +- if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) +- { +- yycount = 1; +- yysize = yysize0; +- yyformat[sizeof yyunexpected - 1] = '\0'; +- break; +- } +- yyarg[yycount++] = yytname[yyx]; +- yysize1 = yysize + yytnamerr (0, yytname[yyx]); +- yysize_overflow |= (yysize1 < yysize); +- yysize = yysize1; +- yyfmt = yystpcpy (yyfmt, yyprefix); +- yyprefix = yyor; +- } +- +- yyf = YY_(yyformat); +- yysize1 = yysize + yystrlen (yyf); +- yysize_overflow |= (yysize1 < yysize); +- yysize = yysize1; +- +- if (yysize_overflow) +- return YYSIZE_MAXIMUM; +- +- if (yyresult) +- { +- /* Avoid sprintf, as that infringes on the user's name space. +- Don't have undefined behavior even if the translation +- produced a string with the wrong number of "%s"s. */ +- char *yyp = yyresult; +- int yyi = 0; +- while ((*yyp = *yyf) != '\0') +- { +- if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) +- { +- yyp += yytnamerr (yyp, yyarg[yyi++]); +- yyf += 2; +- } +- else +- { +- yyp++; +- yyf++; +- } +- } +- } +- return yysize; +- } ++ YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]); ++ YYSIZE_T yysize = yysize0; ++ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; ++ /* Internationalized format string. */ ++ const char *yyformat = YY_NULL; ++ /* Arguments of yyformat. */ ++ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; ++ /* Number of reported tokens (one for the "unexpected", one per ++ "expected"). */ ++ int yycount = 0; ++ ++ /* There are many possibilities here to consider: ++ - Assume YYFAIL is not used. It's too flawed to consider. See ++ ++ for details. YYERROR is fine as it does not invoke this ++ function. ++ - If this state is a consistent state with a default action, then ++ the only way this function was invoked is if the default action ++ is an error action. In that case, don't check for expected ++ tokens because there are none. ++ - The only way there can be no lookahead present (in yychar) is if ++ this state is a consistent state with a default action. Thus, ++ detecting the absence of a lookahead is sufficient to determine ++ that there is no unexpected or expected token to report. In that ++ case, just report a simple "syntax error". ++ - Don't assume there isn't a lookahead just because this state is a ++ consistent state with a default action. There might have been a ++ previous inconsistent state, consistent state with a non-default ++ action, or user semantic action that manipulated yychar. ++ - Of course, the expected token list depends on states to have ++ correct lookahead information, and it depends on the parser not ++ to perform extra reductions after fetching a lookahead from the ++ scanner and before detecting a syntax error. Thus, state merging ++ (from LALR or IELR) and default reductions corrupt the expected ++ token list. However, the list is correct for canonical LR with ++ one exception: it will still contain any token that will not be ++ accepted due to an error action in a later state. ++ */ ++ if (yytoken != YYEMPTY) ++ { ++ int yyn = yypact[*yyssp]; ++ yyarg[yycount++] = yytname[yytoken]; ++ if (!yypact_value_is_default (yyn)) ++ { ++ /* Start YYX at -YYN if negative to avoid negative indexes in ++ YYCHECK. In other words, skip the first -YYN actions for ++ this state because they are default actions. */ ++ int yyxbegin = yyn < 0 ? -yyn : 0; ++ /* Stay within bounds of both yycheck and yytname. */ ++ int yychecklim = YYLAST - yyn + 1; ++ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; ++ int yyx; ++ ++ for (yyx = yyxbegin; yyx < yyxend; ++yyx) ++ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR ++ && !yytable_value_is_error (yytable[yyx + yyn])) ++ { ++ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) ++ { ++ yycount = 1; ++ yysize = yysize0; ++ break; ++ } ++ yyarg[yycount++] = yytname[yyx]; ++ { ++ YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]); ++ if (! (yysize <= yysize1 ++ && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) ++ return 2; ++ yysize = yysize1; ++ } ++ } ++ } ++ } ++ ++ switch (yycount) ++ { ++# define YYCASE_(N, S) \ ++ case N: \ ++ yyformat = S; \ ++ break ++ YYCASE_(0, YY_("syntax error")); ++ YYCASE_(1, YY_("syntax error, unexpected %s")); ++ YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); ++ YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); ++ YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); ++ YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); ++# undef YYCASE_ ++ } ++ ++ { ++ YYSIZE_T yysize1 = yysize + yystrlen (yyformat); ++ if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) ++ return 2; ++ yysize = yysize1; ++ } ++ ++ if (*yymsg_alloc < yysize) ++ { ++ *yymsg_alloc = 2 * yysize; ++ if (! (yysize <= *yymsg_alloc ++ && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) ++ *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; ++ return 1; ++ } ++ ++ /* Avoid sprintf, as that infringes on the user's name space. ++ Don't have undefined behavior even if the translation ++ produced a string with the wrong number of "%s"s. */ ++ { ++ char *yyp = *yymsg; ++ int yyi = 0; ++ while ((*yyp = *yyformat) != '\0') ++ if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) ++ { ++ yyp += yytnamerr (yyp, yyarg[yyi++]); ++ yyformat += 2; ++ } ++ else ++ { ++ yyp++; ++ yyformat++; ++ } ++ } ++ return 0; + } + #endif /* YYERROR_VERBOSE */ +- + + /*-----------------------------------------------. + | Release the memory associated to this symbol. | +@@ -1042,40 +1089,32 @@ + { + + default: +- break; ++ break; + } + } +- + +-/* Prevent warnings from -Wmissing-prototypes. */ +- +-#ifdef YYPARSE_PARAM +-#if defined __STDC__ || defined __cplusplus +-int yyparse (void *YYPARSE_PARAM); +-#else +-int yyparse (); +-#endif +-#else /* ! YYPARSE_PARAM */ +-#if defined __STDC__ || defined __cplusplus +-int yyparse (void); +-#else +-int yyparse (); +-#endif +-#endif /* ! YYPARSE_PARAM */ + + + +-/* The look-ahead symbol. */ ++/* The lookahead symbol. */ + int yychar; + +-/* The semantic value of the look-ahead symbol. */ +-YYSTYPE yylval; ++ ++#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN ++# define YY_IGNORE_MAYBE_UNINITIALIZED_END ++#endif ++#ifndef YY_INITIAL_VALUE ++# define YY_INITIAL_VALUE(Value) /* Nothing. */ ++#endif ++ ++/* The semantic value of the lookahead symbol. */ ++YYSTYPE yylval YY_INITIAL_VALUE(yyval_default); + + /* Number of syntax errors so far. */ + int yynerrs; + + +- + /*----------. + | yyparse. | + `----------*/ +@@ -1102,14 +1141,37 @@ + #endif + #endif + { +- +- int yystate; ++ int yystate; ++ /* Number of tokens to shift before error messages enabled. */ ++ int yyerrstatus; ++ ++ /* The stacks and their tools: ++ `yyss': related to states. ++ `yyvs': related to semantic values. ++ ++ Refer to the stacks through separate pointers, to allow yyoverflow ++ to reallocate them elsewhere. */ ++ ++ /* The state stack. */ ++ yytype_int16 yyssa[YYINITDEPTH]; ++ yytype_int16 *yyss; ++ yytype_int16 *yyssp; ++ ++ /* The semantic value stack. */ ++ YYSTYPE yyvsa[YYINITDEPTH]; ++ YYSTYPE *yyvs; ++ YYSTYPE *yyvsp; ++ ++ YYSIZE_T yystacksize; ++ + int yyn; + int yyresult; +- /* Number of tokens to shift before error messages enabled. */ +- int yyerrstatus; +- /* Look-ahead token as an internal (translated) token number. */ ++ /* Lookahead token as an internal (translated) token number. */ + int yytoken = 0; ++ /* The variables used to return semantic value and location from the ++ action routines. */ ++ YYSTYPE yyval; ++ + #if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; +@@ -1117,54 +1179,22 @@ + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; + #endif + +- /* Three stacks and their tools: +- `yyss': related to states, +- `yyvs': related to semantic values, +- `yyls': related to locations. +- +- Refer to the stacks thru separate pointers, to allow yyoverflow +- to reallocate them elsewhere. */ +- +- /* The state stack. */ +- yytype_int16 yyssa[YYINITDEPTH]; +- yytype_int16 *yyss = yyssa; +- yytype_int16 *yyssp; +- +- /* The semantic value stack. */ +- YYSTYPE yyvsa[YYINITDEPTH]; +- YYSTYPE *yyvs = yyvsa; +- YYSTYPE *yyvsp; +- +- +- + #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) + +- YYSIZE_T yystacksize = YYINITDEPTH; +- +- /* The variables used to return semantic value and location from the +- action routines. */ +- YYSTYPE yyval; +- +- + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; + ++ yyssp = yyss = yyssa; ++ yyvsp = yyvs = yyvsa; ++ yystacksize = YYINITDEPTH; ++ + YYDPRINTF ((stderr, "Starting parse\n")); + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; +- yychar = YYEMPTY; /* Cause a token to be read. */ +- +- /* Initialize stack pointers. +- Waste one element of value and location stack +- so that they stay on the same level as the state stack. +- The wasted elements are never initialized. */ +- +- yyssp = yyss; +- yyvsp = yyvs; +- ++ yychar = YYEMPTY; /* Cause a token to be read. */ + goto yysetstate; + + /*------------------------------------------------------------. +@@ -1191,7 +1221,6 @@ + YYSTYPE *yyvs1 = yyvs; + yytype_int16 *yyss1 = yyss; + +- + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might +@@ -1199,7 +1228,6 @@ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), +- + &yystacksize); + + yyss = yyss1; +@@ -1222,9 +1250,8 @@ + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyexhaustedlab; +- YYSTACK_RELOCATE (yyss); +- YYSTACK_RELOCATE (yyvs); +- ++ YYSTACK_RELOCATE (yyss_alloc, yyss); ++ YYSTACK_RELOCATE (yyvs_alloc, yyvs); + # undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); +@@ -1235,7 +1262,6 @@ + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + +- + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + +@@ -1245,6 +1271,9 @@ + + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + ++ if (yystate == YYFINAL) ++ YYACCEPT; ++ + goto yybackup; + + /*-----------. +@@ -1253,16 +1282,16 @@ + yybackup: + + /* Do appropriate processing given the current state. Read a +- look-ahead token if we need one and don't already have one. */ ++ lookahead token if we need one and don't already have one. */ + +- /* First try to decide what to do without reference to look-ahead token. */ ++ /* First try to decide what to do without reference to lookahead token. */ + yyn = yypact[yystate]; +- if (yyn == YYPACT_NINF) ++ if (yypact_value_is_default (yyn)) + goto yydefault; + +- /* Not known => get a look-ahead token if don't already have one. */ ++ /* Not known => get a lookahead token if don't already have one. */ + +- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ ++ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); +@@ -1288,29 +1317,27 @@ + yyn = yytable[yyn]; + if (yyn <= 0) + { +- if (yyn == 0 || yyn == YYTABLE_NINF) +- goto yyerrlab; ++ if (yytable_value_is_error (yyn)) ++ goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + +- if (yyn == YYFINAL) +- YYACCEPT; +- + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + +- /* Shift the look-ahead token. */ ++ /* Shift the lookahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); + +- /* Discard the shifted token unless it is eof. */ +- if (yychar != YYEOF) +- yychar = YYEMPTY; ++ /* Discard the shifted token. */ ++ yychar = YYEMPTY; + + yystate = yyn; ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + + goto yynewstate; + +@@ -1347,6 +1374,7 @@ + switch (yyn) + { + case 3: ++/* Line 1792 of yacc.c */ + #line 40 "parse_y.y" + { + printf("\n"); +@@ -1355,6 +1383,7 @@ + break; + + case 4: ++/* Line 1792 of yacc.c */ + #line 44 "parse_y.y" + { + if (strlen((yyvsp[(2) - (3)].string)) > (PAPER_WIDTH-(indent ? strlen(INDENT_STRING):0))) { +@@ -1368,6 +1397,7 @@ + break; + + case 5: ++/* Line 1792 of yacc.c */ + #line 53 "parse_y.y" + { + char fixed[PAPER_WIDTH+1]; +@@ -1391,6 +1421,7 @@ + break; + + case 6: ++/* Line 1792 of yacc.c */ + #line 72 "parse_y.y" + { + char fixed[PAPER_WIDTH+1]; +@@ -1422,6 +1453,7 @@ + break; + + case 7: ++/* Line 1792 of yacc.c */ + #line 99 "parse_y.y" + { + char fixed[PAPER_WIDTH+1]; +@@ -1453,6 +1485,7 @@ + break; + + case 8: ++/* Line 1792 of yacc.c */ + #line 128 "parse_y.y" + { + (yyval.string) = strdup(""); +@@ -1460,6 +1493,7 @@ + break; + + case 9: ++/* Line 1792 of yacc.c */ + #line 131 "parse_y.y" + { + (yyval.string) = malloc(strlen((yyvsp[(1) - (2)].string))+strlen((yyvsp[(2) - (2)].string))+1); +@@ -1470,6 +1504,7 @@ + break; + + case 10: ++/* Line 1792 of yacc.c */ + #line 139 "parse_y.y" + { + (yyval.string) = strdup(yytext); +@@ -1477,6 +1512,7 @@ + break; + + case 11: ++/* Line 1792 of yacc.c */ + #line 142 "parse_y.y" + { + (yyval.string) = malloc(strlen((yyvsp[(1) - (2)].string))+2); +@@ -1486,6 +1522,7 @@ + break; + + case 12: ++/* Line 1792 of yacc.c */ + #line 147 "parse_y.y" + { + (yyval.string) = strdup(""); +@@ -1494,6 +1531,7 @@ + break; + + case 13: ++/* Line 1792 of yacc.c */ + #line 151 "parse_y.y" + { + (yyval.string) = strdup("#"); +@@ -1501,6 +1539,7 @@ + break; + + case 14: ++/* Line 1792 of yacc.c */ + #line 154 "parse_y.y" + { + if (((yyval.string) = get_label(yytext)) == NULL) { +@@ -1511,6 +1550,7 @@ + break; + + case 15: ++/* Line 1792 of yacc.c */ + #line 160 "parse_y.y" + { + (yyval.string) = new_counter(yytext); +@@ -1518,10 +1558,21 @@ + break; + + +-/* Line 1267 of yacc.c. */ +-#line 1523 "parse_y.c" ++/* Line 1792 of yacc.c */ ++#line 1563 "parse_y.c" + default: break; + } ++ /* User semantic actions sometimes alter yychar, and that requires ++ that yytoken be updated with the new translation. We take the ++ approach of translating immediately before every use of yytoken. ++ One alternative is translating here after every semantic action, ++ but that translation would be missed if the semantic action invokes ++ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or ++ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an ++ incorrect destructor might then be invoked immediately. In the ++ case of YYERROR or YYBACKUP, subsequent parser actions might lead ++ to an incorrect destructor call or verbose syntax error message ++ before the lookahead is translated. */ + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + + YYPOPSTACK (yylen); +@@ -1530,7 +1581,6 @@ + + *++yyvsp = yyval; + +- + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ +@@ -1550,6 +1600,10 @@ + | yyerrlab -- here on detecting error | + `------------------------------------*/ + yyerrlab: ++ /* Make sure we have latest lookahead translation. See comments at ++ user semantic actions for why this is necessary. */ ++ yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); ++ + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { +@@ -1557,37 +1611,36 @@ + #if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); + #else ++# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ ++ yyssp, yytoken) + { +- YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); +- if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) +- { +- YYSIZE_T yyalloc = 2 * yysize; +- if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) +- yyalloc = YYSTACK_ALLOC_MAXIMUM; +- if (yymsg != yymsgbuf) +- YYSTACK_FREE (yymsg); +- yymsg = (char *) YYSTACK_ALLOC (yyalloc); +- if (yymsg) +- yymsg_alloc = yyalloc; +- else +- { +- yymsg = yymsgbuf; +- yymsg_alloc = sizeof yymsgbuf; +- } +- } +- +- if (0 < yysize && yysize <= yymsg_alloc) +- { +- (void) yysyntax_error (yymsg, yystate, yychar); +- yyerror (yymsg); +- } +- else +- { +- yyerror (YY_("syntax error")); +- if (yysize != 0) +- goto yyexhaustedlab; +- } ++ char const *yymsgp = YY_("syntax error"); ++ int yysyntax_error_status; ++ yysyntax_error_status = YYSYNTAX_ERROR; ++ if (yysyntax_error_status == 0) ++ yymsgp = yymsg; ++ else if (yysyntax_error_status == 1) ++ { ++ if (yymsg != yymsgbuf) ++ YYSTACK_FREE (yymsg); ++ yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); ++ if (!yymsg) ++ { ++ yymsg = yymsgbuf; ++ yymsg_alloc = sizeof yymsgbuf; ++ yysyntax_error_status = 2; ++ } ++ else ++ { ++ yysyntax_error_status = YYSYNTAX_ERROR; ++ yymsgp = yymsg; ++ } ++ } ++ yyerror (yymsgp); ++ if (yysyntax_error_status == 2) ++ goto yyexhaustedlab; + } ++# undef YYSYNTAX_ERROR + #endif + } + +@@ -1595,7 +1648,7 @@ + + if (yyerrstatus == 3) + { +- /* If just tried and failed to reuse look-ahead token after an ++ /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + if (yychar <= YYEOF) +@@ -1612,7 +1665,7 @@ + } + } + +- /* Else will try to reuse look-ahead token after shifting the error ++ /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + +@@ -1646,7 +1699,7 @@ + for (;;) + { + yyn = yypact[yystate]; +- if (yyn != YYPACT_NINF) ++ if (!yypact_value_is_default (yyn)) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) +@@ -1669,10 +1722,9 @@ + YY_STACK_PRINT (yyss, yyssp); + } + +- if (yyn == YYFINAL) +- YYACCEPT; +- ++ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + *++yyvsp = yylval; ++ YY_IGNORE_MAYBE_UNINITIALIZED_END + + + /* Shift the error token. */ +@@ -1696,7 +1748,7 @@ + yyresult = 1; + goto yyreturn; + +-#ifndef yyoverflow ++#if !defined yyoverflow || YYERROR_VERBOSE + /*-------------------------------------------------. + | yyexhaustedlab -- memory exhaustion comes here. | + `-------------------------------------------------*/ +@@ -1707,9 +1759,14 @@ + #endif + + yyreturn: +- if (yychar != YYEOF && yychar != YYEMPTY) +- yydestruct ("Cleanup: discarding lookahead", +- yytoken, &yylval); ++ if (yychar != YYEMPTY) ++ { ++ /* Make sure we have latest lookahead translation. See comments at ++ user semantic actions for why this is necessary. */ ++ yytoken = YYTRANSLATE (yychar); ++ yydestruct ("Cleanup: discarding lookahead", ++ yytoken, &yylval); ++ } + /* Do not reclaim the symbols of the rule which action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); +@@ -1733,6 +1790,7 @@ + } + + ++/* Line 2055 of yacc.c */ + #line 165 "parse_y.y" + + +@@ -1867,4 +1925,3 @@ + { + return yyparse(); + } +- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_y.h new/Linux-PAM-1.1.8/doc/specs/parse_y.h +--- old/Linux-PAM-1.1.8/doc/specs/parse_y.h 2013-09-19 10:02:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/doc/specs/parse_y.h 2015-01-09 14:33:01.000000000 +0100 +@@ -1,24 +1,21 @@ +-/* A Bison parser, made by GNU Bison 2.3. */ ++/* A Bison parser, made by GNU Bison 2.7. */ + +-/* Skeleton interface for Bison's Yacc-like parsers in C +- +- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 +- Free Software Foundation, Inc. +- +- This program is free software; you can redistribute it and/or modify ++/* Bison interface for Yacc-like parsers in C ++ ++ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. ++ ++ This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2, or (at your option) +- any later version. +- ++ the Free Software Foundation, either version 3 of the License, or ++ (at your option) any later version. ++ + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. +- ++ + You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software +- Foundation, Inc., 51 Franklin Street, Fifth Floor, +- Boston, MA 02110-1301, USA. */ ++ along with this program. If not, see . */ + + /* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work +@@ -29,10 +26,20 @@ + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. +- ++ + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + ++#ifndef YY_YY_PARSE_Y_H_INCLUDED ++# define YY_YY_PARSE_Y_H_INCLUDED ++/* Enabling traces. */ ++#ifndef YYDEBUG ++# define YYDEBUG 0 ++#endif ++#if YYDEBUG ++extern int yydebug; ++#endif ++ + /* Tokens. */ + #ifndef YYTOKENTYPE + # define YYTOKENTYPE +@@ -59,21 +66,38 @@ + + + +- + #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED + typedef union YYSTYPE +-#line 27 "parse_y.y" + { ++/* Line 2058 of yacc.c */ ++#line 27 "parse_y.y" ++ + int def; + char *string; +-} +-/* Line 1489 of yacc.c. */ +-#line 72 "parse_y.h" +- YYSTYPE; ++ ++ ++/* Line 2058 of yacc.c */ ++#line 81 "parse_y.h" ++} YYSTYPE; ++# define YYSTYPE_IS_TRIVIAL 1 + # define yystype YYSTYPE /* obsolescent; will be withdrawn */ + # define YYSTYPE_IS_DECLARED 1 +-# define YYSTYPE_IS_TRIVIAL 1 + #endif + + extern YYSTYPE yylval; + ++#ifdef YYPARSE_PARAM ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void *YYPARSE_PARAM); ++#else ++int yyparse (); ++#endif ++#else /* ! YYPARSE_PARAM */ ++#if defined __STDC__ || defined __cplusplus ++int yyparse (void); ++#else ++int yyparse (); ++#endif ++#endif /* ! YYPARSE_PARAM */ ++ ++#endif /* !YY_YY_PARSE_Y_H_INCLUDED */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h new/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h +--- old/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h 2015-01-09 14:28:29.000000000 +0100 +@@ -129,6 +129,19 @@ + pam_modutil_regain_priv(pam_handle_t *pamh, + struct pam_modutil_privs *p); + ++enum pam_modutil_redirect_fd { ++ PAM_MODUTIL_IGNORE_FD, /* do not redirect */ ++ PAM_MODUTIL_PIPE_FD, /* redirect to a pipe */ ++ PAM_MODUTIL_NULL_FD, /* redirect to /dev/null */ ++}; ++ ++/* redirect standard descriptors, close all other descriptors. */ ++extern int PAM_NONNULL((1)) ++pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, ++ enum pam_modutil_redirect_fd redirect_stdin, ++ enum pam_modutil_redirect_fd redirect_stdout, ++ enum pam_modutil_redirect_fd redirect_stderr); ++ + #ifdef __cplusplus + } + #endif +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/libpam.map new/Linux-PAM-1.1.8/libpam/libpam.map +--- old/Linux-PAM-1.1.8/libpam/libpam.map 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/libpam.map 2015-01-09 14:28:29.000000000 +0100 +@@ -67,3 +67,8 @@ + pam_modutil_drop_priv; + pam_modutil_regain_priv; + } LIBPAM_MODUTIL_1.1; ++ ++LIBPAM_MODUTIL_1.1.9 { ++ global: ++ pam_modutil_sanitize_helper_fds; ++} LIBPAM_MODUTIL_1.1.3; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/Makefile.am new/Linux-PAM-1.1.8/libpam/Makefile.am +--- old/Linux-PAM-1.1.8/libpam/Makefile.am 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/Makefile.am 2015-01-09 14:28:29.000000000 +0100 +@@ -43,4 +43,4 @@ + pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ + pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ + pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ +- pam_modutil_priv.c ++ pam_modutil_priv.c pam_modutil_sanitize.c +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_account.c new/Linux-PAM-1.1.8/libpam/pam_account.c +--- old/Linux-PAM-1.1.8/libpam/pam_account.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_account.c 2015-01-09 14:28:29.000000000 +0100 +@@ -19,9 +19,5 @@ + + retval = _pam_dispatch(pamh, flags, PAM_ACCOUNT); + +-#ifdef HAVE_LIBAUDIT +- retval = _pam_auditlog(pamh, PAM_ACCOUNT, retval, flags); +-#endif +- + return retval; + } +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_audit.c new/Linux-PAM-1.1.8/libpam/pam_audit.c +--- old/Linux-PAM-1.1.8/libpam/pam_audit.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_audit.c 2015-01-09 14:28:29.000000000 +0100 +@@ -6,12 +6,12 @@ + Authors: + Steve Grubb */ + +-#include +-#include + #include "pam_private.h" + #include "pam_modutil_private.h" + + #ifdef HAVE_LIBAUDIT ++#include ++#include + #include + #include + #include +@@ -25,17 +25,24 @@ + + static int + _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type, +- const char *message, int retval) ++ const char *message, const char *grantors, int retval) + { + static int old_errno = -1; +- int rc; +- char buf[32]; +- +- snprintf(buf, sizeof(buf), "PAM:%s", message); ++ int rc = -ENOMEM; ++ char *buf; ++ const char *grantors_field = " grantors="; ++ ++ if (grantors == NULL) { ++ grantors = ""; ++ grantors_field = ""; ++ } + +- rc = audit_log_acct_message (audit_fd, type, NULL, buf, +- (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", +- -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS ); ++ if (asprintf(&buf, "PAM:%s%s%s", message, grantors_field, grantors) >= 0) { ++ rc = audit_log_acct_message(audit_fd, type, NULL, buf, ++ (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", ++ -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS); ++ free(buf); ++ } + + /* libaudit sets errno to his own negative error code. This can be + an official errno number, but must not. It can also be a audit +@@ -78,12 +85,54 @@ + return audit_fd; + } + ++static int ++_pam_list_grantors(struct handler *hlist, int retval, char **list) ++{ ++ *list = NULL; ++ ++ if (retval == PAM_SUCCESS) { ++ struct handler *h; ++ char *p = NULL; ++ size_t len = 0; ++ ++ for (h = hlist; h != NULL; h = h->next) { ++ if (h->grantor) { ++ len += strlen(h->mod_name) + 1; ++ } ++ } ++ ++ if (len == 0) { ++ return 0; ++ } ++ ++ *list = malloc(len); ++ if (*list == NULL) { ++ return -1; ++ } ++ ++ for (h = hlist; h != NULL; h = h->next) { ++ if (h->grantor) { ++ if (p == NULL) { ++ p = *list; ++ } else { ++ p = stpcpy(p, ","); ++ } ++ ++ p = stpcpy(p, h->mod_name); ++ } ++ } ++ } ++ ++ return 0; ++} ++ + int +-_pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags) ++_pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags, struct handler *h) + { + const char *message; + int type; + int audit_fd; ++ char *grantors; + + if ((audit_fd=_pam_audit_open(pamh)) == -1) { + return PAM_SYSTEM_ERR; +@@ -134,9 +183,18 @@ + retval = PAM_SYSTEM_ERR; + } + +- if (_pam_audit_writelog(pamh, audit_fd, type, message, retval) < 0) ++ if (_pam_list_grantors(h, retval, &grantors) < 0) { ++ /* allocation failure */ ++ pam_syslog(pamh, LOG_CRIT, "_pam_list_grantors() failed: %m"); ++ retval = PAM_SYSTEM_ERR; ++ } ++ ++ if (_pam_audit_writelog(pamh, audit_fd, type, message, ++ grantors ? grantors : "?", retval) < 0) + retval = PAM_SYSTEM_ERR; + ++ free(grantors); ++ + audit_close(audit_fd); + return retval; + } +@@ -149,7 +207,7 @@ + * stacks having been run. Assume that this is sshd faking + * things for an unknown user. + */ +- _pam_auditlog(pamh, _PAM_ACTION_DONE, PAM_USER_UNKNOWN, 0); ++ _pam_auditlog(pamh, _PAM_ACTION_DONE, PAM_USER_UNKNOWN, 0, NULL); + } + + return 0; +@@ -168,7 +226,7 @@ + return retval; + } + +- rc = _pam_audit_writelog(pamh, audit_fd, type, message, retval); ++ rc = _pam_audit_writelog(pamh, audit_fd, type, message, NULL, retval); + + audit_close(audit_fd); + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_auth.c new/Linux-PAM-1.1.8/libpam/pam_auth.c +--- old/Linux-PAM-1.1.8/libpam/pam_auth.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_auth.c 2015-01-09 14:28:29.000000000 +0100 +@@ -45,10 +45,6 @@ + prelude_send_alert(pamh, retval); + #endif + +-#ifdef HAVE_LIBAUDIT +- retval = _pam_auditlog(pamh, PAM_AUTHENTICATE, retval, flags); +-#endif +- + return retval; + } + +@@ -71,10 +67,6 @@ + + retval = _pam_dispatch(pamh, flags, PAM_SETCRED); + +-#ifdef HAVE_LIBAUDIT +- retval = _pam_auditlog(pamh, PAM_SETCRED, retval, flags); +-#endif +- + D(("pam_setcred exit")); + + return retval; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_dispatch.c new/Linux-PAM-1.1.8/libpam/pam_dispatch.c +--- old/Linux-PAM-1.1.8/libpam/pam_dispatch.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_dispatch.c 2015-01-09 14:28:29.000000000 +0100 +@@ -217,8 +217,14 @@ + status = retval; + } + } +- if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { +- goto decision_made; ++ if ( impression == _PAM_POSITIVE ) { ++ if ( retval == PAM_SUCCESS ) { ++ h->grantor = 1; ++ } ++ ++ if ( action == _PAM_ACTION_DONE ) { ++ goto decision_made; ++ } + } + break; + +@@ -262,6 +268,9 @@ + || (impression == _PAM_POSITIVE + && status == PAM_SUCCESS) ) { + if ( retval != PAM_IGNORE || cached_retval == retval ) { ++ if ( impression == _PAM_UNDEF && retval == PAM_SUCCESS ) { ++ h->grantor = 1; ++ } + impression = _PAM_POSITIVE; + status = retval; + } +@@ -308,6 +317,13 @@ + return status; + } + ++static void _pam_clear_grantors(struct handler *h) ++{ ++ for (; h != NULL; h = h->next) { ++ h->grantor = 0; ++ } ++} ++ + /* + * This function translates the module dispatch request into a pointer + * to the stack of modules that will actually be run. the +@@ -318,21 +334,21 @@ + int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) + { + struct handler *h = NULL; +- int retval, use_cached_chain; ++ int retval = PAM_SYSTEM_ERR, use_cached_chain; + _pam_boolean resumed; + + IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR); + + if (__PAM_FROM_MODULE(pamh)) { + D(("called from a module!?")); +- return PAM_SYSTEM_ERR; ++ goto end; + } + + /* Load all modules, resolve all symbols */ + + if ((retval = _pam_init_handlers(pamh)) != PAM_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "unable to dispatch function"); +- return retval; ++ goto end; + } + + use_cached_chain = _PAM_PLEASE_FREEZE; +@@ -360,7 +376,8 @@ + break; + default: + pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); +- return PAM_ABORT; ++ retval = PAM_ABORT; ++ goto end; + } + + if (h == NULL) { /* there was no handlers.conf... entry; will use +@@ -393,11 +410,13 @@ + pam_syslog(pamh, LOG_ERR, + "application failed to re-exec stack [%d:%d]", + pamh->former.choice, choice); +- return PAM_ABORT; ++ retval = PAM_ABORT; ++ goto end; + } + resumed = PAM_TRUE; + } else { + resumed = PAM_FALSE; ++ _pam_clear_grantors(h); + } + + __PAM_TO_MODULE(pamh); +@@ -417,5 +436,13 @@ + pamh->former.choice = PAM_NOT_STACKED; + } + ++end: ++ ++#ifdef HAVE_LIBAUDIT ++ if (choice != PAM_CHAUTHTOK || flags & PAM_UPDATE_AUTHTOK || retval != PAM_SUCCESS) { ++ retval = _pam_auditlog(pamh, choice, retval, flags, h); ++ } ++#endif ++ + return retval; + } +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_get_authtok.c new/Linux-PAM-1.1.8/libpam/pam_get_authtok.c +--- old/Linux-PAM-1.1.8/libpam/pam_get_authtok.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_get_authtok.c 2015-01-09 14:28:29.000000000 +0100 +@@ -151,8 +151,9 @@ + if (retval != PAM_SUCCESS || resp[0] == NULL || + (chpass > 1 && resp[1] == NULL)) + { +- /* We want to abort the password change */ +- pam_error (pamh, _("Password change aborted.")); ++ /* We want to abort */ ++ if (chpass) ++ pam_error (pamh, _("Password change aborted.")); + return PAM_AUTHTOK_ERR; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_handlers.c new/Linux-PAM-1.1.8/libpam/pam_handlers.c +--- old/Linux-PAM-1.1.8/libpam/pam_handlers.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_handlers.c 2015-01-09 14:28:29.000000000 +0100 +@@ -611,6 +611,12 @@ + if (dot) + *dot = '\0'; + ++ if (*retval == '\0' || strcmp(retval, "?") == 0) { ++ /* do not allow empty module name or "?" to avoid confusing audit trail */ ++ _pam_drop(retval); ++ return NULL; ++ } ++ + return retval; + } + +@@ -888,7 +894,9 @@ + (*handler_p)->cached_retval_p = &((*handler_p)->cached_retval); + (*handler_p)->argc = argc; + (*handler_p)->argv = argv; /* not a copy */ +- (*handler_p)->mod_name = extract_modulename(mod_path); ++ if (((*handler_p)->mod_name = extract_modulename(mod_path)) == NULL) ++ return PAM_ABORT; ++ (*handler_p)->grantor = 0; + (*handler_p)->next = NULL; + + /* some of the modules have a second calling function */ +@@ -920,7 +928,9 @@ + } else { + (*handler_p2)->argv = NULL; /* no arguments */ + } +- (*handler_p2)->mod_name = extract_modulename(mod_path); ++ if (((*handler_p2)->mod_name = extract_modulename(mod_path)) == NULL) ++ return PAM_ABORT; ++ (*handler_p2)->grantor = 0; + (*handler_p2)->next = NULL; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c new/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c +--- old/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c 1970-01-01 01:00:00.000000000 +0100 ++++ new/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c 2015-01-09 14:28:29.000000000 +0100 +@@ -0,0 +1,175 @@ ++/* ++ * This file implements the following functions: ++ * pam_modutil_sanitize_helper_fds: ++ * redirects standard descriptors, closes all other descriptors. ++ */ ++ ++#include "pam_modutil_private.h" ++#include ++#include ++#include ++#include ++#include ++ ++/* ++ * Creates a pipe, closes its write end, redirects fd to its read end. ++ * Returns fd on success, -1 otherwise. ++ */ ++static int ++redirect_in_pipe(pam_handle_t *pamh, int fd, const char *name) ++{ ++ int in[2]; ++ ++ if (pipe(in) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); ++ return -1; ++ } ++ ++ close(in[1]); ++ ++ if (in[0] == fd) ++ return fd; ++ ++ if (dup2(in[0], fd) != fd) { ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); ++ fd = -1; ++ } ++ ++ close(in[0]); ++ return fd; ++} ++ ++/* ++ * Creates a pipe, closes its read end, redirects fd to its write end. ++ * Returns fd on success, -1 otherwise. ++ */ ++static int ++redirect_out_pipe(pam_handle_t *pamh, int fd, const char *name) ++{ ++ int out[2]; ++ ++ if (pipe(out) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); ++ return -1; ++ } ++ ++ close(out[0]); ++ ++ if (out[1] == fd) ++ return fd; ++ ++ if (dup2(out[1], fd) != fd) { ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); ++ fd = -1; ++ } ++ ++ close(out[1]); ++ return fd; ++} ++ ++/* ++ * Opens /dev/null for writing, redirects fd there. ++ * Returns fd on success, -1 otherwise. ++ */ ++static int ++redirect_out_null(pam_handle_t *pamh, int fd, const char *name) ++{ ++ int null = open("/dev/null", O_WRONLY); ++ ++ if (null < 0) { ++ pam_syslog(pamh, LOG_ERR, "open of %s failed: %m", "/dev/null"); ++ return -1; ++ } ++ ++ if (null == fd) ++ return fd; ++ ++ if (dup2(null, fd) != fd) { ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); ++ fd = -1; ++ } ++ ++ close(null); ++ return fd; ++} ++ ++static int ++redirect_out(pam_handle_t *pamh, enum pam_modutil_redirect_fd mode, ++ int fd, const char *name) ++{ ++ switch (mode) { ++ case PAM_MODUTIL_PIPE_FD: ++ if (redirect_out_pipe(pamh, fd, name) < 0) ++ return -1; ++ break; ++ case PAM_MODUTIL_NULL_FD: ++ if (redirect_out_null(pamh, fd, name) < 0) ++ return -1; ++ break; ++ case PAM_MODUTIL_IGNORE_FD: ++ break; ++ } ++ return fd; ++} ++ ++/* Closes all descriptors after stderr. */ ++static void ++close_fds(void) ++{ ++ /* ++ * An arbitrary upper limit for the maximum file descriptor number ++ * returned by RLIMIT_NOFILE. ++ */ ++ const int MAX_FD_NO = 65535; ++ ++ /* The lower limit is the same as for _POSIX_OPEN_MAX. */ ++ const int MIN_FD_NO = 20; ++ ++ int fd; ++ struct rlimit rlim; ++ ++ if (getrlimit(RLIMIT_NOFILE, &rlim) || rlim.rlim_max > MAX_FD_NO) ++ fd = MAX_FD_NO; ++ else if (rlim.rlim_max < MIN_FD_NO) ++ fd = MIN_FD_NO; ++ else ++ fd = rlim.rlim_max - 1; ++ ++ for (; fd > STDERR_FILENO; --fd) ++ close(fd); ++} ++ ++int ++pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, ++ enum pam_modutil_redirect_fd stdin_mode, ++ enum pam_modutil_redirect_fd stdout_mode, ++ enum pam_modutil_redirect_fd stderr_mode) ++{ ++ if (stdin_mode != PAM_MODUTIL_IGNORE_FD && ++ redirect_in_pipe(pamh, STDIN_FILENO, "stdin") < 0) { ++ return -1; ++ } ++ ++ if (redirect_out(pamh, stdout_mode, STDOUT_FILENO, "stdout") < 0) ++ return -1; ++ ++ /* ++ * If stderr should not be ignored and ++ * redirect mode for stdout and stderr are the same, ++ * optimize by redirecting stderr to stdout. ++ */ ++ if (stderr_mode != PAM_MODUTIL_IGNORE_FD && ++ stdout_mode == stderr_mode) { ++ if (dup2(STDOUT_FILENO, STDERR_FILENO) != STDERR_FILENO) { ++ pam_syslog(pamh, LOG_ERR, ++ "dup2 of %s failed: %m", "stderr"); ++ return -1; ++ } ++ } else { ++ if (redirect_out(pamh, stderr_mode, STDERR_FILENO, "stderr") < 0) ++ return -1; ++ } ++ ++ close_fds(); ++ return 0; ++} +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_password.c new/Linux-PAM-1.1.8/libpam/pam_password.c +--- old/Linux-PAM-1.1.8/libpam/pam_password.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_password.c 2015-01-09 14:28:29.000000000 +0100 +@@ -57,9 +57,5 @@ + D(("will resume when ready", retval)); + } + +-#ifdef HAVE_LIBAUDIT +- retval = _pam_auditlog(pamh, PAM_CHAUTHTOK, retval, flags); +-#endif +- + return retval; + } +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_private.h new/Linux-PAM-1.1.8/libpam/pam_private.h +--- old/Linux-PAM-1.1.8/libpam/pam_private.h 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_private.h 2015-01-09 14:28:29.000000000 +0100 +@@ -55,6 +55,7 @@ + struct handler *next; + char *mod_name; + int stack_level; ++ int grantor; + }; + + #define PAM_HT_MODULE 0 +@@ -316,7 +317,7 @@ + do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0) + + #ifdef HAVE_LIBAUDIT +-extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags); ++extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags, struct handler *h); + extern int _pam_audit_end(pam_handle_t *pamh, int pam_status); + #endif + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_session.c new/Linux-PAM-1.1.8/libpam/pam_session.c +--- old/Linux-PAM-1.1.8/libpam/pam_session.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam/pam_session.c 2015-01-09 14:28:29.000000000 +0100 +@@ -22,9 +22,6 @@ + } + retval = _pam_dispatch(pamh, flags, PAM_OPEN_SESSION); + +-#ifdef HAVE_LIBAUDIT +- retval = _pam_auditlog(pamh, PAM_OPEN_SESSION, retval, flags); +-#endif + return retval; + } + +@@ -43,10 +40,6 @@ + + retval = _pam_dispatch(pamh, flags, PAM_CLOSE_SESSION); + +-#ifdef HAVE_LIBAUDIT +- retval = _pam_auditlog(pamh, PAM_CLOSE_SESSION, retval, flags); +-#endif +- + return retval; + + } +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c new/Linux-PAM-1.1.8/libpam_misc/misc_conv.c +--- old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/libpam_misc/misc_conv.c 2015-01-09 14:28:29.000000000 +0100 +@@ -210,8 +210,12 @@ + } + line[nc] = '\0'; + } +- *retstr = x_strdup(line); ++ *retstr = strdup(line); + _pam_overwrite(line); ++ if (!*retstr) { ++ D(("no memory for response string")); ++ nc = -1; ++ } + + goto cleanexit; /* return malloc()ed string */ + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 new/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 +--- old/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 2013-09-19 10:02:01.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 2015-01-09 14:32:26.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: access.conf + .\" Author: [see the "AUTHORS" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "ACCESS\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "ACCESS\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 new/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 +--- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 2013-09-19 10:02:01.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 2015-01-09 14:32:27.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_access + .\" Author: [see the "AUTHORS" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ACCESS" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ACCESS" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c new/Linux-PAM-1.1.8/modules/pam_access/pam_access.c +--- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2015-01-09 14:28:29.000000000 +0100 +@@ -412,8 +412,8 @@ + return NO; + } + #ifdef HAVE_LIBAUDIT +- if (!item->noaudit && line[0] == '-' && (match == YES || (match == ALL && +- nonall_match == YES))) { ++ if (!item->noaudit && (match == YES || (match == ALL && ++ nonall_match == YES)) && line[0] == '-') { + pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION, + "pam_access", 0); + } +@@ -573,7 +573,7 @@ + + if (debug) + pam_syslog (pamh, LOG_DEBUG, +- "group_match: grp=%s, user=%s", grptok, usr); ++ "group_match: grp=%s, user=%s", tok, usr); + + if (strlen(tok) < 3) + return NO; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/README new/Linux-PAM-1.1.8/modules/pam_access/README +--- old/Linux-PAM-1.1.8/modules/pam_access/README 2013-09-19 10:02:01.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_access/README 2015-01-09 14:32:26.000000000 +0100 +@@ -83,7 +83,7 @@ + + + : root : 192.168.201. + +-User root should be able to have access from hosts foo1.bar.org and ++User root should be able to have access from hosts foo1.bar.org and + foo2.bar.org (uses string matching also). + + + : root : foo1.bar.org foo2.bar.org +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 +--- old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 2013-06-18 16:25:44.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 2015-01-09 14:32:27.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_cracklib + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 06/18/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_CRACKLIB" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_CRACKLIB" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c +--- old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c 2015-01-09 14:28:29.000000000 +0100 +@@ -619,16 +619,16 @@ + return msg; + } + +- newmono = str_lower(x_strdup(new)); ++ newmono = str_lower(strdup(new)); + if (!newmono) + msg = _("memory allocation error"); + +- usermono = str_lower(x_strdup(user)); ++ usermono = str_lower(strdup(user)); + if (!usermono) + msg = _("memory allocation error"); + + if (!msg && old) { +- oldmono = str_lower(x_strdup(old)); ++ oldmono = str_lower(strdup(old)); + if (oldmono) + wrapped = malloc(strlen(oldmono) * 2 + 1); + if (wrapped) { +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 new/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 +--- old/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 2013-09-19 10:02:02.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 2015-01-09 14:32:28.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_debug + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_DEBUG" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DEBUG" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 new/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 +--- old/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 2013-09-19 10:02:02.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 2015-01-09 14:32:28.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_deny + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_DENY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_DENY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 +--- old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 2013-09-19 10:02:03.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 2015-01-09 14:32:28.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_echo + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ECHO" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ECHO" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c +--- old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c 2015-01-09 14:28:29.000000000 +0100 +@@ -180,16 +180,23 @@ + + /* load file into message buffer. */ + if ((fstat (fd, &st) < 0) || !st.st_size) +- return PAM_IGNORE; ++ { ++ close (fd); ++ return PAM_IGNORE; ++ } + + mtmp = malloc (st.st_size + 1); + if (!mtmp) +- return PAM_BUF_ERR; ++ { ++ close (fd); ++ return PAM_BUF_ERR; ++ } + + if (pam_modutil_read (fd, mtmp, st.st_size) == -1) + { + pam_syslog (pamh, LOG_ERR, "Error while reading %s: %m", file); + free (mtmp); ++ close (fd); + return PAM_IGNORE; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 new/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 +--- old/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 2013-09-19 10:02:04.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 2015-01-09 14:32:29.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_env + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_ENV" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 new/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 +--- old/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 2013-09-19 10:02:03.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 2015-01-09 14:32:29.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_env.conf + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ENV\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ENV\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_env/README new/Linux-PAM-1.1.8/modules/pam_env/README +--- old/Linux-PAM-1.1.8/modules/pam_env/README 2013-09-19 10:02:03.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_env/README 2015-01-09 14:32:29.000000000 +0100 +@@ -5,7 +5,7 @@ + DESCRIPTION + + The pam_env PAM module allows the (un)setting of environment variables. +-Supported is the use of previously set environment variables as well as ++Supported is the use of previously set environment variables as well as + PAM_ITEMs such as PAM_RHOST. + + By default rules for (un)setting of variables is taken from the config file / +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 +--- old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 2013-09-19 10:02:04.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 2015-01-09 14:32:30.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_exec + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_EXEC" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_EXEC" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c +--- old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c 2013-09-04 14:58:29.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c 2015-01-09 14:28:29.000000000 +0100 +@@ -302,6 +302,10 @@ + char **envlist, **tmp; + int envlen, nitems; + char *envstr; ++ enum pam_modutil_redirect_fd redirect_stdin = ++ expose_authtok ? PAM_MODUTIL_IGNORE_FD : PAM_MODUTIL_PIPE_FD; ++ enum pam_modutil_redirect_fd redirect_stdout = ++ (use_stdout || logfile) ? PAM_MODUTIL_IGNORE_FD : PAM_MODUTIL_NULL_FD; + + /* First, move all the pipes off of stdin, stdout, and stderr, to ensure + * that calls to dup2 won't close them. */ +@@ -330,18 +334,6 @@ + _exit (err); + } + } +- else +- { +- close (STDIN_FILENO); +- +- /* New stdin. */ +- if ((i = open ("/dev/null", O_RDWR)) < 0) +- { +- int err = errno; +- pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); +- _exit (err); +- } +- } + + /* Set up stdout. */ + +@@ -368,32 +360,34 @@ + logfile); + _exit (err); + } +- if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0) ++ if (i != STDOUT_FILENO) + { +- pam_modutil_write (i, buffer, strlen (buffer)); +- free (buffer); ++ if (dup2 (i, STDOUT_FILENO) == -1) ++ { ++ int err = errno; ++ pam_syslog (pamh, LOG_ERR, "dup2 failed: %m"); ++ _exit (err); ++ } ++ close (i); + } +- } +- else +- { +- close (STDOUT_FILENO); +- if ((i = open ("/dev/null", O_RDWR)) < 0) ++ if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0) + { +- int err = errno; +- pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); +- _exit (err); ++ pam_modutil_write (STDOUT_FILENO, buffer, strlen (buffer)); ++ free (buffer); + } + } + +- if (dup2 (STDOUT_FILENO, STDERR_FILENO) == -1) ++ if ((use_stdout || logfile) && ++ dup2 (STDOUT_FILENO, STDERR_FILENO) == -1) + { + int err = errno; + pam_syslog (pamh, LOG_ERR, "dup2 failed: %m"); + _exit (err); + } + +- for (i = 3; i < sysconf (_SC_OPEN_MAX); i++) +- close (i); ++ if (pam_modutil_sanitize_helper_fds(pamh, redirect_stdin, ++ redirect_stdout, redirect_stdout) < 0) ++ _exit(1); + + if (call_setuid) + if (setuid (geteuid ()) == -1) +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 new/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 +--- old/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 2013-09-19 10:02:05.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 2015-01-09 14:32:30.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_faildelay + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_FAILDELAY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FAILDELAY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 +--- old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 2013-09-19 10:02:05.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 2015-01-09 14:32:31.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_filter + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_FILTER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FILTER" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c +--- old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c 2015-01-09 14:28:29.000000000 +0100 +@@ -341,6 +341,11 @@ + pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); + if (aterminal) { + (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); ++ close(fd[0]); ++ } else { ++ /* Socket pair */ ++ close(fd[0]); ++ close(fd[1]); + } + + return PAM_AUTH_ERR; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_filter/README new/Linux-PAM-1.1.8/modules/pam_filter/README +--- old/Linux-PAM-1.1.8/modules/pam_filter/README 2013-09-19 10:02:05.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_filter/README 2015-01-09 14:32:30.000000000 +0100 +@@ -45,17 +45,17 @@ + have read the pam(3) manual page. Basically, for each management group + there are up to two ways of calling the module's functions. In the case of + the authentication and session components there are actually two separate +- functions. For the case of authentication, these functions are ++ functions. For the case of authentication, these functions are + pam_authenticate(3) and pam_setcred(3), here run1 means run the filter from + the pam_authenticate function and run2 means run the filter from + pam_setcred. In the case of the session modules, run1 implies that the +- filter is invoked at the pam_open_session(3) stage, and run2 for ++ filter is invoked at the pam_open_session(3) stage, and run2 for + pam_close_session(3). + + For the case of the account component. Either run1 or run2 may be used. + + For the case of the password component, run1 is used to indicate that the +- filter is run on the first occasion of pam_chauthtok(3) (the ++ filter is run on the first occasion of pam_chauthtok(3) (the + PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run + on the second occasion (the PAM_UPDATE_AUTHTOK phase). + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 +--- old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 2013-09-19 10:02:06.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 2015-01-09 14:32:31.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_ftp + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_FTP" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_FTP" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c +--- old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c 2015-01-09 14:28:29.000000000 +0100 +@@ -81,7 +81,7 @@ + char *list_copy, *x; + char *sptr = NULL; + +- list_copy = x_strdup(list); ++ list_copy = strdup(list); + x = list_copy; + while (list_copy && (l = strtok_r(x, ",", &sptr))) { + x = NULL; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/README new/Linux-PAM-1.1.8/modules/pam_ftp/README +--- old/Linux-PAM-1.1.8/modules/pam_ftp/README 2013-09-19 10:02:05.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_ftp/README 2015-01-09 14:32:31.000000000 +0100 +@@ -7,7 +7,7 @@ + pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of + access. + +-This module intercepts the user's name and password. If the name is ftp or ++This module intercepts the user's name and password. If the name is ftp or + anonymous, the user's password is broken up at the @ delimiter into a PAM_RUSER + and a PAM_RHOST part; these pam-items being set accordingly. The username ( + PAM_USER) is set to ftp. In this case the module succeeds. Alternatively, the +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c new/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c +--- old/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c 2015-01-09 14:28:29.000000000 +0100 +@@ -218,7 +218,8 @@ + + if (uid != old_uid && setreuid(uid, -1) < 0) { + error(pamh, "Unable to change UID to %d temporarily\n", uid); +- setregid(old_gid, -1); ++ if (setregid(old_gid, -1) < 0) ++ error(pamh, "Unable to change GID back to %d\n", old_gid); + return PAM_SESSION_ERR; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in new/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_lastlog +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_lastlog_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_lastlog_la_SOURCES = pam_lastlog.c + pam_lastlog_la_OBJECTS = pam_lastlog.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_lastlog.c + DIST_SOURCES = pam_lastlog.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_lastlog.la: $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_lastlog.la: $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_DEPENDENCIES) $(EXTRA_pam_lastlog_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_lastlog.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_lastlog.log: tst-pam_lastlog ++ @p='tst-pam_lastlog'; \ ++ b='tst-pam_lastlog'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_lastlog.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 +--- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 2013-09-19 10:02:08.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 2015-01-09 14:32:33.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_lastlog + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_LASTLOG" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LASTLOG" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c +--- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2015-01-09 14:28:29.000000000 +0100 +@@ -350,6 +350,8 @@ + return PAM_SERVICE_ERR; + } + ++ memset(&last_login, 0, sizeof(last_login)); ++ + /* set this login date */ + D(("set the most recent login time")); + (void) time(&ll_time); /* set the time */ +@@ -364,14 +366,12 @@ + } + + /* copy to last_login */ +- last_login.ll_host[0] = '\0'; + strncat(last_login.ll_host, remote_host, sizeof(last_login.ll_host)-1); + + /* set the terminal line */ + terminal_line = get_tty(pamh); + + /* copy to last_login */ +- last_login.ll_line[0] = '\0'; + strncat(last_login.ll_line, terminal_line, sizeof(last_login.ll_line)-1); + terminal_line = NULL; + +@@ -628,7 +628,8 @@ + lltime = (time(NULL) - lltime) / (24*60*60); + + if (lltime > inactive_days) { +- pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime); ++ pam_syslog(pamh, LOG_INFO, "user %s inactive for %ld days - denied", ++ user, (long) lltime); + return PAM_AUTH_ERR; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf +--- old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf 2015-01-09 14:28:29.000000000 +0100 +@@ -21,7 +21,7 @@ + # - data - max data size (KB) + # - fsize - maximum filesize (KB) + # - memlock - max locked-in-memory address space (KB) +-# - nofile - max number of open files ++# - nofile - max number of open file descriptors + # - rss - max resident set size (KB) + # - stack - max stack size (KB) + # - cpu - max CPU time (MIN) +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 +--- old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 2013-09-19 10:02:08.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 2015-01-09 14:32:34.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: limits.conf + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "LIMITS\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "LIMITS\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -202,7 +202,7 @@ + .PP + \fBnofile\fR + .RS 4 +-maximum number of open files ++maximum number of open file descriptors + .RE + .PP + \fBrss\fR +@@ -232,13 +232,14 @@ + .PP + \fBmaxlogins\fR + .RS 4 +-maximum number of logins for this user except for this with +-\fIuid=0\fR ++maximum number of logins for this user (this limit does not apply to user with ++\fIuid=0\fR) + .RE + .PP + \fBmaxsyslogins\fR + .RS 4 +-maximum number of all logins on system ++maximum number of all logins on system; user is not allowed to log\-in if total number of all users\*(Aq logins is greater than specified number (this limit does not apply to user with ++\fIuid=0\fR) + .RE + .PP + \fBpriority\fR +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml +--- old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml 2015-01-09 14:28:29.000000000 +0100 +@@ -178,7 +178,7 @@ + + + +- maximum number of open files ++ maximum number of open file descriptors + + + +@@ -214,14 +214,17 @@ + + + +- maximum number of logins for this user except +- for this with uid=0 ++ maximum number of logins for this user (this limit does ++ not apply to user with uid=0) + + + + + +- maximum number of all logins on system ++ maximum number of all logins on system; user is not ++ allowed to log-in if total number of all users' logins is ++ greater than specified number (this limit does not apply to ++ user with uid=0) + + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in new/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_limits +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,39 +128,268 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_limits_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_limits_la_SOURCES = pam_limits.c + pam_limits_la_OBJECTS = pam_limits.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_limits.c + DIST_SOURCES = pam_limits.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man5dir = $(mandir)/man5 + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) $(secureconf_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -122,6 +397,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -132,6 +408,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -181,6 +458,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -204,6 +482,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -226,6 +506,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -261,7 +542,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -302,7 +582,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -333,9 +613,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -343,6 +623,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -358,14 +640,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_limits.la: $(pam_limits_la_OBJECTS) $(pam_limits_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_limits_la_OBJECTS) $(pam_limits_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_limits.la: $(pam_limits_la_OBJECTS) $(pam_limits_la_DEPENDENCIES) $(EXTRA_pam_limits_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_limits_la_OBJECTS) $(pam_limits_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -376,25 +661,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_limits.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -403,11 +688,18 @@ + -rm -rf .libs _libs + install-man5: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" +- @list=''; test -n "$(man5dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.5[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man5dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.5[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -436,16 +728,21 @@ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -474,13 +771,14 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + install-secureconfDATA: $(secureconf_DATA) + @$(NORMAL_INSTALL) +- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ ++ fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ +@@ -494,30 +792,17 @@ + @$(NORMAL_UNINSTALL) + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ +- test -n "$$files" || exit 0; \ +- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -529,15 +814,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -546,116 +827,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_limits.log: tst-pam_limits ++ @p='tst-pam_limits'; \ ++ b='tst-pam_limits'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -703,11 +1057,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -797,22 +1159,22 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-data-local install-dvi install-dvi-am \ +- install-exec install-exec-am install-html install-html-am \ +- install-info install-info-am install-man install-man5 \ +- install-man8 install-pdf install-pdf-am install-ps \ +- install-ps-am install-secureconfDATA \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-data-local install-dvi \ ++ install-dvi-am install-exec install-exec-am install-html \ ++ install-html-am install-info install-info-am install-man \ ++ install-man5 install-man8 install-pdf install-pdf-am \ ++ install-ps install-ps-am install-secureconfDATA \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man5 \ +- uninstall-man8 uninstall-secureconfDATA \ ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ + uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_limits.8.xml limits.conf.5.xml +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 +--- old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 2013-09-19 10:02:08.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 2015-01-09 14:32:34.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_limits + .\" Author: [see the "AUTHORS" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_LIMITS" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_LIMITS" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c +--- old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c 2015-01-09 14:28:29.000000000 +0100 +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -269,16 +270,27 @@ + continue; + } + if (!pl->flag_numsyslogins) { ++ char user[sizeof(ut->UT_USER) + 1]; ++ user[0] = '\0'; ++ strncat(user, ut->UT_USER, sizeof(ut->UT_USER)); ++ + if (((pl->login_limit_def == LIMITS_DEF_USER) + || (pl->login_limit_def == LIMITS_DEF_GROUP) + || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) +- && strncmp(name, ut->UT_USER, sizeof(ut->UT_USER)) != 0) { ++ && strcmp(name, user) != 0) { + continue; + } + if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) +- && !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { ++ && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { + continue; + } ++ if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { ++ /* process does not exist anymore */ ++ pam_syslog(pamh, LOG_WARNING, ++ "Stale utmp entry (pid %d) for '%s' ignored", ++ ut->ut_pid, user); ++ continue; ++ } + } + if (++count > limit) { + break; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in new/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_listfile +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_listfile_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_listfile_la_SOURCES = pam_listfile.c + pam_listfile_la_OBJECTS = pam_listfile.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_listfile.c + DIST_SOURCES = pam_listfile.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_listfile.la: $(pam_listfile_la_OBJECTS) $(pam_listfile_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_listfile_la_OBJECTS) $(pam_listfile_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_listfile.la: $(pam_listfile_la_OBJECTS) $(pam_listfile_la_DEPENDENCIES) $(EXTRA_pam_listfile_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_listfile_la_OBJECTS) $(pam_listfile_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_listfile.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_listfile.log: tst-pam_listfile ++ @p='tst-pam_listfile'; \ ++ b='tst-pam_listfile'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_listfile.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 new/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 +--- old/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 2013-09-19 10:02:09.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 2015-01-09 14:32:34.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_listfile + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_LISTFILE" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LISTFILE" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_listfile/README new/Linux-PAM-1.1.8/modules/pam_listfile/README +--- old/Linux-PAM-1.1.8/modules/pam_listfile/README 2013-09-19 10:02:09.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_listfile/README 2015-01-09 14:32:34.000000000 +0100 +@@ -7,7 +7,7 @@ + pam_listfile is a PAM module which provides a way to deny or allow services + based on an arbitrary file. + +-The module gets the item of the type specified -- user specifies the username, ++The module gets the item of the type specified -- user specifies the username, + PAM_USER; tty specifies the name of the terminal over which the request has + been made, PAM_TTY; rhost specifies the name of the remote host (if any) from + which the request was made, PAM_RHOST; and ruser specifies the name of the +@@ -24,7 +24,7 @@ + + An additional argument, apply=, can be used to restrict the application of the + above to a specific user (apply=username) or a given group (apply=@groupname). +-This added restriction is only meaningful when used with the tty, rhost and ++This added restriction is only meaningful when used with the tty, rhost and + shell items. + + Besides this last one, all arguments should be specified; do not count on any +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in new/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_localuser +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_localuser_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_localuser_la_SOURCES = pam_localuser.c + pam_localuser_la_OBJECTS = pam_localuser.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_localuser.c + DIST_SOURCES = pam_localuser.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_localuser.la: $(pam_localuser_la_OBJECTS) $(pam_localuser_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_localuser_la_OBJECTS) $(pam_localuser_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_localuser.la: $(pam_localuser_la_OBJECTS) $(pam_localuser_la_DEPENDENCIES) $(EXTRA_pam_localuser_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_localuser_la_OBJECTS) $(pam_localuser_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_localuser.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_localuser.log: tst-pam_localuser ++ @p='tst-pam_localuser'; \ ++ b='tst-pam_localuser'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_localuser.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 new/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 +--- old/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 2013-09-19 10:02:09.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 2015-01-09 14:32:35.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_localuser + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_LOCALUSER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOCALUSER" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in new/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_loginuid +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_loginuid_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_loginuid_la_SOURCES = pam_loginuid.c + pam_loginuid_la_OBJECTS = pam_loginuid.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_loginuid.c + DIST_SOURCES = pam_loginuid.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_loginuid.la: $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_loginuid.la: $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_DEPENDENCIES) $(EXTRA_pam_loginuid_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_loginuid.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_loginuid.log: tst-pam_loginuid ++ @p='tst-pam_loginuid'; \ ++ b='tst-pam_loginuid'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_loginuid.8.xml +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 +--- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 2013-09-19 10:02:10.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 2015-01-09 14:32:35.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_loginuid + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_LOGINUID" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_LOGINUID" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -49,9 +49,19 @@ + .SH "RETURN VALUES" + .PP + .PP ++PAM_SUCCESS ++.RS 4 ++The loginuid value is set and auditd is running if check requested\&. ++.RE ++.PP ++PAM_IGNORE ++.RS 4 ++The /proc/self/loginuid file is not present on the system or the login process runs inside uid namespace and kernel does not support overwriting loginuid\&. ++.RE ++.PP + PAM_SESSION_ERR + .RS 4 +-An error occurred during session management\&. ++Any other error prevented setting loginuid or auditd is not running\&. + .RE + .SH "EXAMPLES" + .sp +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml +--- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml 2015-01-09 14:28:29.000000000 +0100 +@@ -69,14 +69,31 @@ + + + ++ PAM_SUCCESS ++ ++ ++ The loginuid value is set and auditd is running if check requested. ++ ++ ++ ++ ++ PAM_IGNORE ++ ++ ++ The /proc/self/loginuid file is not present on the system or the ++ login process runs inside uid namespace and kernel does not support ++ overwriting loginuid. ++ ++ ++ ++ + PAM_SESSION_ERR + + +- An error occurred during session management. ++ Any other error prevented setting loginuid or auditd is not running. + + + +- + + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c +--- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2015-01-09 14:28:29.000000000 +0100 +@@ -47,25 +47,56 @@ + + /* + * This function writes the loginuid to the /proc system. It returns +- * 0 on success and 1 on failure. ++ * PAM_SUCCESS on success, ++ * PAM_IGNORE when /proc/self/loginuid does not exist, ++ * PAM_SESSION_ERR in case of any other error. + */ + static int set_loginuid(pam_handle_t *pamh, uid_t uid) + { +- int fd, count, rc = 0; +- char loginuid[24]; ++ int fd, count, rc = PAM_SESSION_ERR; ++ char loginuid[24], buf[24]; ++ static const char host_uid_map[] = " 0 0 4294967295\n"; ++ char uid_map[sizeof(host_uid_map)]; ++ ++ /* loginuid in user namespaces currently isn't writable and in some ++ case, not even readable, so consider any failure as ignorable (but try ++ anyway, in case we hit a kernel which supports it). */ ++ fd = open("/proc/self/uid_map", O_RDONLY); ++ if (fd >= 0) { ++ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); ++ if (strncmp(uid_map, host_uid_map, count) != 0) ++ rc = PAM_IGNORE; ++ close(fd); ++ } + +- count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); +- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); ++ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); + if (fd < 0) { +- if (errno != ENOENT) { +- rc = 1; +- pam_syslog(pamh, LOG_ERR, +- "Cannot open /proc/self/loginuid: %m"); ++ if (errno == ENOENT) { ++ rc = PAM_IGNORE; ++ } ++ if (rc != PAM_IGNORE) { ++ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", ++ "/proc/self/loginuid"); + } + return rc; + } +- if (pam_modutil_write(fd, loginuid, count) != count) +- rc = 1; ++ ++ count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); ++ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && ++ memcmp(buf, loginuid, count) == 0) { ++ rc = PAM_SUCCESS; ++ goto done; /* already correct */ ++ } ++ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && ++ pam_modutil_write(fd, loginuid, count) == count) { ++ rc = PAM_SUCCESS; ++ } else { ++ if (rc != PAM_IGNORE) { ++ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m", ++ "/proc/self/loginuid"); ++ } ++ } ++ done: + close(fd); + return rc; + } +@@ -165,6 +196,7 @@ + { + const char *user = NULL; + struct passwd *pwd; ++ int ret; + #ifdef HAVE_LIBAUDIT + int require_auditd = 0; + #endif +@@ -183,9 +215,14 @@ + return PAM_SESSION_ERR; + } + +- if (set_loginuid(pamh, pwd->pw_uid)) { +- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); +- return PAM_SESSION_ERR; ++ ret = set_loginuid(pamh, pwd->pw_uid); ++ switch (ret) { ++ case PAM_SUCCESS: ++ case PAM_IGNORE: ++ break; ++ default: ++ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); ++ return ret; + } + + #ifdef HAVE_LIBAUDIT +@@ -195,11 +232,12 @@ + argv++; + } + +- if (require_auditd) +- return check_auditd(); +- else ++ if (require_auditd) { ++ int rc = check_auditd(); ++ return rc != PAM_SUCCESS ? rc : ret; ++ } else + #endif +- return PAM_SUCCESS; ++ return ret; + } + + /* +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in new/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_mail +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_mail_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_mail_la_SOURCES = pam_mail.c + pam_mail_la_OBJECTS = pam_mail.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_mail.c + DIST_SOURCES = pam_mail.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_mail.la: $(pam_mail_la_OBJECTS) $(pam_mail_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_mail_la_OBJECTS) $(pam_mail_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_mail.la: $(pam_mail_la_OBJECTS) $(pam_mail_la_DEPENDENCIES) $(EXTRA_pam_mail_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_mail_la_OBJECTS) $(pam_mail_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mail.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_mail.log: tst-pam_mail ++ @p='tst-pam_mail'; \ ++ b='tst-pam_mail'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_mail.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 new/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 +--- old/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 2013-09-19 10:02:10.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 2015-01-09 14:32:36.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_mail + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_MAIL" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MAIL" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mail/README new/Linux-PAM-1.1.8/modules/pam_mail/README +--- old/Linux-PAM-1.1.8/modules/pam_mail/README 2013-09-19 10:02:10.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mail/README 2015-01-09 14:32:36.000000000 +0100 +@@ -45,7 +45,7 @@ + + nopen + +- Don't print any mail information on login. This flag is useful to get the ++ Don't print any mail information on login. This flag is useful to get the + MAIL environment variable set, but to not display any information about it. + + quiet +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in new/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -23,6 +22,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -44,7 +88,9 @@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + sbin_PROGRAMS = mkhomedir_helper$(EXEEXT) + subdir = modules/pam_mkhomedir +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -85,45 +131,275 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ + "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_mkhomedir_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + am_pam_mkhomedir_la_OBJECTS = pam_mkhomedir.lo + pam_mkhomedir_la_OBJECTS = $(am_pam_mkhomedir_la_OBJECTS) +-pam_mkhomedir_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ +- $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++pam_mkhomedir_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ ++ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ ++ $(AM_CFLAGS) $(CFLAGS) $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) \ ++ -o $@ + PROGRAMS = $(sbin_PROGRAMS) + am_mkhomedir_helper_OBJECTS = mkhomedir_helper.$(OBJEXT) + mkhomedir_helper_OBJECTS = $(am_mkhomedir_helper_OBJECTS) + mkhomedir_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) + DIST_SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -131,6 +407,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -141,6 +418,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -190,6 +468,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -213,6 +492,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -235,6 +516,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -270,7 +552,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -312,7 +593,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -343,9 +624,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -353,6 +634,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -368,24 +651,32 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) +- $(pam_mkhomedir_la_LINK) -rpath $(securelibdir) $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $(EXTRA_pam_mkhomedir_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(pam_mkhomedir_la_LINK) -rpath $(securelibdir) $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_LIBADD) $(LIBS) + install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) +- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ ++ fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ +- while read p p1; do if test -f $$p || test -f $$p1; \ +- then echo "$$p"; echo "$$p"; else :; fi; \ ++ while read p p1; do if test -f $$p \ ++ || test -f $$p1 \ ++ ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ +- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ ++ sed -e 'p;s,.*/,,;n;h' \ ++ -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ +@@ -406,7 +697,8 @@ + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ +- -e 's/$$/$(EXEEXT)/' `; \ ++ -e 's/$$/$(EXEEXT)/' \ ++ `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files +@@ -419,9 +711,10 @@ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +-mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) ++ ++mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) $(EXTRA_mkhomedir_helper_DEPENDENCIES) + @rm -f mkhomedir_helper$(EXEEXT) +- $(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS) ++ $(AM_V_CCLD)$(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -433,25 +726,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -460,11 +753,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -493,30 +793,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -528,15 +815,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -545,116 +828,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_mkhomedir.log: tst-pam_mkhomedir ++ @p='tst-pam_mkhomedir'; \ ++ b='tst-pam_mkhomedir'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -702,11 +1058,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -795,20 +1159,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-generic clean-libtool clean-sbinPROGRAMS \ +- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ +- distclean-generic distclean-libtool distclean-tags distdir dvi \ +- dvi-am html html-am info info-am install install-am \ +- install-data install-data-am install-dvi install-dvi-am \ +- install-exec install-exec-am install-html install-html-am \ +- install-info install-info-am install-man install-man8 \ +- install-pdf install-pdf-am install-ps install-ps-am \ +- install-sbinPROGRAMS install-securelibLTLIBRARIES \ +- install-strip installcheck installcheck-am installdirs \ +- maintainer-clean maintainer-clean-generic mostlyclean \ +- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ +- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ ++ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ ++ distclean distclean-compile distclean-generic \ ++ distclean-libtool distclean-tags distdir dvi dvi-am html \ ++ html-am info info-am install install-am install-data \ ++ install-data-am install-dvi install-dvi-am install-exec \ ++ install-exec-am install-html install-html-am install-info \ ++ install-info-am install-man install-man8 install-pdf \ ++ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ ++ install-securelibLTLIBRARIES install-strip installcheck \ ++ installcheck-am installdirs maintainer-clean \ ++ maintainer-clean-generic mostlyclean mostlyclean-compile \ ++ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ + uninstall-man8 uninstall-sbinPROGRAMS \ + uninstall-securelibLTLIBRARIES + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 +--- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 2013-09-19 10:02:11.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 2015-01-09 14:32:37.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: mkhomedir_helper + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "MKHOMEDIR_HELPER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "MKHOMEDIR_HELPER" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c +--- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c 2015-01-09 14:28:29.000000000 +0100 +@@ -231,7 +231,7 @@ + if ((srcfd = open(newsource, O_RDONLY)) < 0 || fstat(srcfd, &st) != 0) + { + pam_syslog(NULL, LOG_DEBUG, +- "unable to open src file %s: %m", newsource); ++ "unable to open or stat src file %s: %m", newsource); + closedir(d); + + #ifndef PATH_MAX +@@ -241,20 +241,6 @@ + + return PAM_PERM_DENIED; + } +- if (stat(newsource, &st) != 0) +- { +- pam_syslog(NULL, LOG_DEBUG, "unable to stat src file %s: %m", +- newsource); +- close(srcfd); +- closedir(d); +- +-#ifndef PATH_MAX +- free(newsource); newsource = NULL; +- free(newdest); newdest = NULL; +-#endif +- +- return PAM_PERM_DENIED; +- } + + /* Open the dest file */ + if ((destfd = open(newdest, O_WRONLY | O_TRUNC | O_CREAT, 0600)) < 0) +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 +--- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 2013-09-19 10:02:11.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 2015-01-09 14:32:36.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_mkhomedir + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_MKHOMEDIR" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_MKHOMEDIR" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c +--- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2015-01-09 14:28:29.000000000 +0100 +@@ -58,8 +58,6 @@ + #include + #include + +-#define MAX_FD_NO 10000 +- + /* argument parsing */ + #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ + #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ +@@ -103,14 +101,14 @@ + /* Do the actual work of creating a home dir */ + static int + create_homedir (pam_handle_t *pamh, options_t *opt, +- const struct passwd *pwd) ++ const char *user, const char *dir) + { + int retval, child; + struct sigaction newsa, oldsa; + + /* Mention what is happening, if the notification fails that is OK */ + if (!(opt->ctrl & MKHOMEDIR_QUIET)) +- pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); ++ pam_info(pamh, _("Creating directory '%s'."), dir); + + + D(("called.")); +@@ -131,26 +129,21 @@ + /* fork */ + child = fork(); + if (child == 0) { +- int i; +- struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL, NULL }; + +- if (getrlimit(RLIMIT_NOFILE, &rlim)==0) { +- if (rlim.rlim_max >= MAX_FD_NO) +- rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { +- close(i); +- } +- } ++ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, ++ PAM_MODUTIL_PIPE_FD, ++ PAM_MODUTIL_PIPE_FD) < 0) ++ _exit(PAM_SYSTEM_ERR); + + /* exec the mkhomedir helper */ +- args[0] = x_strdup(MKHOMEDIR_HELPER); +- args[1] = pwd->pw_name; +- args[2] = x_strdup(opt->umask); +- args[3] = x_strdup(opt->skeldir); ++ args[0] = MKHOMEDIR_HELPER; ++ args[1] = user; ++ args[2] = opt->umask; ++ args[3] = opt->skeldir; + +- execve(MKHOMEDIR_HELPER, args, envp); ++ execve(MKHOMEDIR_HELPER, (char *const *) args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); +@@ -181,7 +174,7 @@ + + if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { + pam_error(pamh, _("Unable to create and initialize directory '%s'."), +- pwd->pw_dir); ++ dir); + } + + D(("returning %d", retval)); +@@ -230,7 +223,7 @@ + return PAM_SUCCESS; + } + +- return create_homedir(pamh, &opt, pwd); ++ return create_homedir(pamh, &opt, user, pwd->pw_dir); + } + + /* Ignore */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in new/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in 2013-09-19 10:01:34.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_motd +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_motd_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_motd_la_SOURCES = pam_motd.c + pam_motd_la_OBJECTS = pam_motd.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_motd.c + DIST_SOURCES = pam_motd.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_motd.la: $(pam_motd_la_OBJECTS) $(pam_motd_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_motd_la_OBJECTS) $(pam_motd_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_motd.la: $(pam_motd_la_OBJECTS) $(pam_motd_la_DEPENDENCIES) $(EXTRA_pam_motd_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_motd_la_OBJECTS) $(pam_motd_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_motd.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_motd.log: tst-pam_motd ++ @p='tst-pam_motd'; \ ++ b='tst-pam_motd'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_motd.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 new/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 +--- old/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 2013-09-19 10:02:12.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 2015-01-09 14:32:37.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_motd + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_MOTD" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_MOTD" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in new/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -24,6 +23,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -44,8 +88,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_namespace +-DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ +- $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -86,6 +131,12 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" \ + "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" +@@ -96,36 +147,259 @@ + @HAVE_UNSHARE_TRUE@am_pam_namespace_la_OBJECTS = pam_namespace.lo \ + @HAVE_UNSHARE_TRUE@ md5.lo argv_parse.lo + pam_namespace_la_OBJECTS = $(am_pam_namespace_la_OBJECTS) ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = + @HAVE_UNSHARE_TRUE@am_pam_namespace_la_rpath = -rpath $(securelibdir) + SCRIPTS = $(secureconf_SCRIPTS) ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = $(pam_namespace_la_SOURCES) + DIST_SOURCES = $(am__pam_namespace_la_SOURCES_DIST) ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man5dir = $(mandir)/man5 + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) $(secureconf_DATA) + HEADERS = $(noinst_HEADERS) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -133,6 +407,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -143,6 +418,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -192,6 +468,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -215,6 +492,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -237,6 +516,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -272,7 +552,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -317,7 +596,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -348,9 +627,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -358,6 +637,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -373,18 +654,24 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_namespace.la: $(pam_namespace_la_OBJECTS) $(pam_namespace_la_DEPENDENCIES) +- $(LINK) $(am_pam_namespace_la_rpath) $(pam_namespace_la_OBJECTS) $(pam_namespace_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_namespace.la: $(pam_namespace_la_OBJECTS) $(pam_namespace_la_DEPENDENCIES) $(EXTRA_pam_namespace_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) $(am_pam_namespace_la_rpath) $(pam_namespace_la_OBJECTS) $(pam_namespace_la_LIBADD) $(LIBS) + install-secureconfSCRIPTS: $(secureconf_SCRIPTS) + @$(NORMAL_INSTALL) +- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" + @list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ ++ fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ +@@ -412,9 +699,7 @@ + @list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ +- test -n "$$list" || exit 0; \ +- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files ++ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -427,25 +712,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_namespace.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -454,11 +739,18 @@ + -rm -rf .libs _libs + install-man5: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" +- @list=''; test -n "$(man5dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.5[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man5dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.5[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -487,16 +779,21 @@ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -525,13 +822,14 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + install-secureconfDATA: $(secureconf_DATA) + @$(NORMAL_INSTALL) +- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ ++ fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ +@@ -545,30 +843,17 @@ + @$(NORMAL_UNINSTALL) + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ +- test -n "$$files" || exit 0; \ +- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -580,15 +865,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -597,116 +878,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_namespace.log: tst-pam_namespace ++ @p='tst-pam_namespace'; \ ++ b='tst-pam_namespace'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -754,11 +1108,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -849,23 +1211,24 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-data-local install-dvi install-dvi-am \ +- install-exec install-exec-am install-html install-html-am \ +- install-info install-info-am install-man install-man5 \ +- install-man8 install-pdf install-pdf-am install-ps \ +- install-ps-am install-secureconfDATA install-secureconfSCRIPTS \ +- install-securelibLTLIBRARIES install-strip installcheck \ +- installcheck-am installdirs maintainer-clean \ +- maintainer-clean-generic mostlyclean mostlyclean-compile \ +- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man5 \ +- uninstall-man8 uninstall-secureconfDATA \ +- uninstall-secureconfSCRIPTS uninstall-securelibLTLIBRARIES ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-data-local install-dvi \ ++ install-dvi-am install-exec install-exec-am install-html \ ++ install-html-am install-info install-info-am install-man \ ++ install-man5 install-man8 install-pdf install-pdf-am \ ++ install-ps install-ps-am install-secureconfDATA \ ++ install-secureconfSCRIPTS install-securelibLTLIBRARIES \ ++ install-strip installcheck installcheck-am installdirs \ ++ maintainer-clean maintainer-clean-generic mostlyclean \ ++ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ ++ pdf pdf-am ps ps-am recheck tags tags-am uninstall \ ++ uninstall-am uninstall-man uninstall-man5 uninstall-man8 \ ++ uninstall-secureconfDATA uninstall-secureconfSCRIPTS \ ++ uninstall-securelibLTLIBRARIES + + + @HAVE_UNSHARE_TRUE@install-data-local: +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 +--- old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 2013-09-19 10:02:12.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 2015-01-09 14:32:38.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: namespace.conf + .\" Author: [see the "AUTHORS" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "NAMESPACE\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "NAMESPACE\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init +--- old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init 2015-01-09 14:28:29.000000000 +0100 +@@ -1,4 +1,4 @@ +-#!/bin/sh -p ++#!/bin/sh + # It receives polydir path as $1, the instance path as $2, + # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, + # and user name in $4. +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 +--- old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 2013-09-19 10:02:12.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 2015-01-09 14:32:38.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_namespace + .\" Author: [see the "AUTHORS" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_NAMESPACE" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_NAMESPACE" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c +--- old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c 2015-01-09 14:28:29.000000000 +0100 +@@ -1205,6 +1205,11 @@ + _exit(1); + } + #endif ++ /* Pass maximum privs when we exec() */ ++ if (setuid(geteuid()) < 0) { ++ /* ignore failures, they don't matter */ ++ } ++ + if (execle(init_script, init_script, + polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) + _exit(1); +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/README new/Linux-PAM-1.1.8/modules/pam_namespace/README +--- old/Linux-PAM-1.1.8/modules/pam_namespace/README 2013-09-19 10:02:12.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_namespace/README 2015-01-09 14:32:37.000000000 +0100 +@@ -173,7 +173,7 @@ + + The directory where polyinstantiated instances are to be created, must exist + and must have, by default, the mode of 0000. The requirement that the instance +-parent be of mode 0000 can be overridden with the command line option ++parent be of mode 0000 can be overridden with the command line option + ignore_instance_parent_mode + + In case of context or level polyinstantiation the SELinux context which is used +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in new/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_nologin +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_nologin_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_nologin_la_SOURCES = pam_nologin.c + pam_nologin_la_OBJECTS = pam_nologin.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_nologin.c + DIST_SOURCES = pam_nologin.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_nologin.la: $(pam_nologin_la_OBJECTS) $(pam_nologin_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_nologin_la_OBJECTS) $(pam_nologin_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_nologin.la: $(pam_nologin_la_OBJECTS) $(pam_nologin_la_DEPENDENCIES) $(EXTRA_pam_nologin_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_nologin_la_OBJECTS) $(pam_nologin_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_nologin.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_nologin.log: tst-pam_nologin ++ @p='tst-pam_nologin'; \ ++ b='tst-pam_nologin'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_nologin.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 new/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 +--- old/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 2013-09-19 10:02:13.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 2015-01-09 14:32:38.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_nologin + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_NOLOGIN" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_NOLOGIN" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in new/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_permit +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_permit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_permit_la_SOURCES = pam_permit.c + pam_permit_la_OBJECTS = pam_permit.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_permit.c + DIST_SOURCES = pam_permit.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_permit.la: $(pam_permit_la_OBJECTS) $(pam_permit_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_permit_la_OBJECTS) $(pam_permit_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_permit.la: $(pam_permit_la_OBJECTS) $(pam_permit_la_DEPENDENCIES) $(EXTRA_pam_permit_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_permit_la_OBJECTS) $(pam_permit_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_permit.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_permit.log: tst-pam_permit ++ @p='tst-pam_permit'; \ ++ b='tst-pam_permit'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_permit.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 new/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 +--- old/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 2013-09-19 10:02:13.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 2015-01-09 14:32:39.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_permit + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_PERMIT" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_PERMIT" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in new/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -22,6 +21,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -42,8 +86,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_pwhistory +-DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ +- $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -84,38 +129,267 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_pwhistory_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + am_pam_pwhistory_la_OBJECTS = pam_pwhistory.lo opasswd.lo + pam_pwhistory_la_OBJECTS = $(am_pam_pwhistory_la_OBJECTS) ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = $(pam_pwhistory_la_SOURCES) + DIST_SOURCES = $(pam_pwhistory_la_SOURCES) ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) + HEADERS = $(noinst_HEADERS) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -123,6 +397,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -133,6 +408,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -182,6 +458,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -205,6 +482,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -227,6 +506,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -262,7 +542,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -300,7 +579,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -331,9 +610,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -341,6 +620,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -356,14 +637,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_pwhistory.la: $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_pwhistory.la: $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_DEPENDENCIES) $(EXTRA_pam_pwhistory_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -375,25 +659,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -402,11 +686,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -435,30 +726,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -470,15 +748,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -487,116 +761,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_pwhistory.log: tst-pam_pwhistory ++ @p='tst-pam_pwhistory'; \ ++ b='tst-pam_pwhistory'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -644,11 +991,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -736,21 +1091,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_pwhistory.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c new/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c +--- old/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c 2015-01-09 14:28:29.000000000 +0100 +@@ -82,10 +82,15 @@ + { + const char delimiters[] = ":"; + char *endptr; ++ char *count; + + data->user = strsep (&line, delimiters); + data->uid = strsep (&line, delimiters); +- data->count = strtol (strsep (&line, delimiters), &endptr, 10); ++ count = strsep (&line, delimiters); ++ if (count == NULL) ++ return 1; ++ ++ data->count = strtol (count, &endptr, 10); + if (endptr != NULL && *endptr != '\0') + return 1; + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 new/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 +--- old/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 2013-09-19 10:02:14.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 2015-01-09 14:32:39.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_pwhistory + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_PWHISTORY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_PWHISTORY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in new/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_rhosts +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_rhosts_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_rhosts_la_SOURCES = pam_rhosts.c + pam_rhosts_la_OBJECTS = pam_rhosts.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_rhosts.c + DIST_SOURCES = pam_rhosts.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_rhosts.la: $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_rhosts.la: $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_DEPENDENCIES) $(EXTRA_pam_rhosts_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rhosts.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_rhosts.log: tst-pam_rhosts ++ @p='tst-pam_rhosts'; \ ++ b='tst-pam_rhosts'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_rhosts.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 new/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 +--- old/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 2013-09-19 10:02:14.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 2015-01-09 14:32:40.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_rhosts + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_RHOSTS" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_RHOSTS" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rhosts/README new/Linux-PAM-1.1.8/modules/pam_rhosts/README +--- old/Linux-PAM-1.1.8/modules/pam_rhosts/README 2013-09-19 10:02:14.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_rhosts/README 2015-01-09 14:32:39.000000000 +0100 +@@ -17,7 +17,7 @@ + personal configuration file. + + The module authenticates a remote user (internally specified by the item +-PAM_RUSER connecting from the remote host (internally specified by the item ++PAM_RUSER connecting from the remote host (internally specified by the item + PAM_RHOST). Accordingly, for applications to be compatible this authentication + module they must set these items prior to calling pam_authenticate(). The + module is not capable of independently probing the network connection for such +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in new/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -42,7 +86,9 @@ + @HAVE_LIBSELINUX_TRUE@am__append_1 = -DWITH_SELINUX + @HAVE_VERSIONING_TRUE@am__append_2 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_rootok +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -83,37 +129,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_rootok_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_rootok_la_SOURCES = pam_rootok.c + pam_rootok_la_OBJECTS = pam_rootok.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_rootok.c + DIST_SOURCES = pam_rootok.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -121,6 +396,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -131,6 +407,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -180,6 +457,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -203,6 +481,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -225,6 +505,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -260,7 +541,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -297,7 +577,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -328,9 +608,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -338,6 +618,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -353,14 +635,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_rootok.la: $(pam_rootok_la_OBJECTS) $(pam_rootok_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_rootok_la_OBJECTS) $(pam_rootok_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_rootok.la: $(pam_rootok_la_OBJECTS) $(pam_rootok_la_DEPENDENCIES) $(EXTRA_pam_rootok_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_rootok_la_OBJECTS) $(pam_rootok_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -371,25 +656,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rootok.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -398,11 +683,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -431,30 +723,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -466,15 +745,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -483,116 +758,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_rootok.log: tst-pam_rootok ++ @p='tst-pam_rootok'; \ ++ b='tst-pam_rootok'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -640,11 +988,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -732,21 +1088,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_rootok.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 new/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 +--- old/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 2013-09-19 10:02:15.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 2015-01-09 14:32:40.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_rootok + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_ROOTOK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_ROOTOK" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in new/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_securetty +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_securetty_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_securetty_la_SOURCES = pam_securetty.c + pam_securetty_la_OBJECTS = pam_securetty.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_securetty.c + DIST_SOURCES = pam_securetty.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_securetty.la: $(pam_securetty_la_OBJECTS) $(pam_securetty_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_securetty_la_OBJECTS) $(pam_securetty_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_securetty.la: $(pam_securetty_la_OBJECTS) $(pam_securetty_la_DEPENDENCIES) $(EXTRA_pam_securetty_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_securetty_la_OBJECTS) $(pam_securetty_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_securetty.log: tst-pam_securetty ++ @p='tst-pam_securetty'; \ ++ b='tst-pam_securetty'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_securetty.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 +--- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 2013-09-19 10:02:15.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 2015-01-09 14:32:41.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_securetty + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SECURETTY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SECURETTY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c +--- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2015-01-09 14:28:29.000000000 +0100 +@@ -159,11 +159,10 @@ + if (cmdlinefile != NULL) { + char line[LINE_MAX], *p; + +- line[0] = 0; +- fgets(line, sizeof(line), cmdlinefile); ++ p = fgets(line, sizeof(line), cmdlinefile); + fclose(cmdlinefile); + +- for (p = line; p; p = strstr(p+1, "console=")) { ++ for (; p; p = strstr(p+1, "console=")) { + char *e; + + /* Test whether this is a beginning of a word? */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in new/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -22,6 +21,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -43,7 +87,9 @@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + @HAVE_LIBSELINUX_TRUE@noinst_PROGRAMS = pam_selinux_check$(EXEEXT) + subdir = modules/pam_selinux +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -84,14 +130,25 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_selinux_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_selinux_la_SOURCES = pam_selinux.c + pam_selinux_la_OBJECTS = pam_selinux.lo +-pam_selinux_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ +- $(pam_selinux_la_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++pam_selinux_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ ++ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ ++ $(AM_CFLAGS) $(CFLAGS) $(pam_selinux_la_LDFLAGS) $(LDFLAGS) -o \ ++ $@ + @HAVE_LIBSELINUX_TRUE@am_pam_selinux_la_rpath = -rpath $(securelibdir) + PROGRAMS = $(noinst_PROGRAMS) + pam_selinux_check_SOURCES = pam_selinux_check.c +@@ -99,32 +156,251 @@ + @HAVE_LIBSELINUX_TRUE@pam_selinux_check_DEPENDENCIES = \ + @HAVE_LIBSELINUX_TRUE@ $(top_builddir)/libpam/libpam.la \ + @HAVE_LIBSELINUX_TRUE@ $(top_builddir)/libpam_misc/libpam_misc.la ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_selinux.c pam_selinux_check.c + DIST_SOURCES = pam_selinux.c pam_selinux_check.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -132,6 +408,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -142,6 +419,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -191,6 +469,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -214,6 +493,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -236,6 +517,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -271,7 +553,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -315,7 +596,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -346,9 +627,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -356,6 +637,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -371,14 +654,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_selinux.la: $(pam_selinux_la_OBJECTS) $(pam_selinux_la_DEPENDENCIES) +- $(pam_selinux_la_LINK) $(am_pam_selinux_la_rpath) $(pam_selinux_la_OBJECTS) $(pam_selinux_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_selinux.la: $(pam_selinux_la_OBJECTS) $(pam_selinux_la_DEPENDENCIES) $(EXTRA_pam_selinux_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(pam_selinux_la_LINK) $(am_pam_selinux_la_rpath) $(pam_selinux_la_OBJECTS) $(pam_selinux_la_LIBADD) $(LIBS) + + clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ +@@ -388,9 +674,10 @@ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +-pam_selinux_check$(EXEEXT): $(pam_selinux_check_OBJECTS) $(pam_selinux_check_DEPENDENCIES) ++ ++pam_selinux_check$(EXEEXT): $(pam_selinux_check_OBJECTS) $(pam_selinux_check_DEPENDENCIES) $(EXTRA_pam_selinux_check_DEPENDENCIES) + @rm -f pam_selinux_check$(EXEEXT) +- $(LINK) $(pam_selinux_check_OBJECTS) $(pam_selinux_check_LDADD) $(LIBS) ++ $(AM_V_CCLD)$(LINK) $(pam_selinux_check_OBJECTS) $(pam_selinux_check_LDADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -402,25 +689,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux_check.Po@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -429,11 +716,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -462,30 +756,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -497,15 +778,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -514,116 +791,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_selinux.log: tst-pam_selinux ++ @p='tst-pam_selinux'; \ ++ b='tst-pam_selinux'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -671,11 +1021,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -763,21 +1121,22 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-generic clean-libtool clean-noinstPROGRAMS \ +- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ +- distclean-generic distclean-libtool distclean-tags distdir dvi \ +- dvi-am html html-am info info-am install install-am \ +- install-data install-data-am install-dvi install-dvi-am \ +- install-exec install-exec-am install-html install-html-am \ +- install-info install-info-am install-man install-man8 \ +- install-pdf install-pdf-am install-ps install-ps-am \ ++ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ ++ distclean distclean-compile distclean-generic \ ++ distclean-libtool distclean-tags distdir dvi dvi-am html \ ++ html-am info info-am install install-am install-data \ ++ install-data-am install-dvi install-dvi-am install-exec \ ++ install-exec-am install-html install-html-am install-info \ ++ install-info-am install-man install-man8 install-pdf \ ++ install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_selinux.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 +--- old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 2013-06-18 16:26:03.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 2015-01-09 14:32:41.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_selinux + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 06/18/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SELINUX" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c +--- old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c 2015-01-09 14:28:29.000000000 +0100 +@@ -491,12 +491,17 @@ + char *level = NULL; + security_context_t *contextlist = NULL; + int num_contexts = 0; ++ const struct passwd *pwd; + + if (!(username = get_item(pamh, PAM_USER))) { + pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name"); + return PAM_USER_UNKNOWN; + } + ++ if ((pwd = pam_modutil_getpwnam(pamh, username)) != NULL) { ++ username = pwd->pw_name; ++ } /* ignore error and keep using original username */ ++ + /* compute execute context */ + #ifdef HAVE_GETSEUSER + if (!(service = get_item(pamh, PAM_SERVICE))) { +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in new/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -22,6 +21,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -42,7 +86,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_sepermit +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -83,44 +129,274 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_sepermit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_sepermit_la_SOURCES = pam_sepermit.c + pam_sepermit_la_OBJECTS = pam_sepermit.lo +-pam_sepermit_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ +- $(pam_sepermit_la_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++pam_sepermit_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ ++ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ ++ $(AM_CFLAGS) $(CFLAGS) $(pam_sepermit_la_LDFLAGS) $(LDFLAGS) \ ++ -o $@ + @HAVE_LIBSELINUX_TRUE@am_pam_sepermit_la_rpath = -rpath \ + @HAVE_LIBSELINUX_TRUE@ $(securelibdir) ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_sepermit.c + DIST_SOURCES = pam_sepermit.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man5dir = $(mandir)/man5 + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) $(secureconf_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -128,6 +404,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -138,6 +415,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -187,6 +465,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -210,6 +489,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -232,6 +513,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -267,7 +549,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -310,7 +591,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -341,9 +622,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -351,6 +632,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -366,14 +649,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_sepermit.la: $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_DEPENDENCIES) +- $(pam_sepermit_la_LINK) $(am_pam_sepermit_la_rpath) $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_sepermit.la: $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_DEPENDENCIES) $(EXTRA_pam_sepermit_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(pam_sepermit_la_LINK) $(am_pam_sepermit_la_rpath) $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -384,25 +670,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_sepermit.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -411,11 +697,18 @@ + -rm -rf .libs _libs + install-man5: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" +- @list=''; test -n "$(man5dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.5[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man5dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.5[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -444,16 +737,21 @@ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -482,13 +780,14 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + install-secureconfDATA: $(secureconf_DATA) + @$(NORMAL_INSTALL) +- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ ++ fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ +@@ -502,30 +801,17 @@ + @$(NORMAL_UNINSTALL) + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ +- test -n "$$files" || exit 0; \ +- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) ++ ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -537,15 +823,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -554,116 +836,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_sepermit.log: tst-pam_sepermit ++ @p='tst-pam_sepermit'; \ ++ b='tst-pam_sepermit'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -711,11 +1066,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -806,22 +1169,22 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-data-local install-dvi install-dvi-am \ +- install-exec install-exec-am install-html install-html-am \ +- install-info install-info-am install-man install-man5 \ +- install-man8 install-pdf install-pdf-am install-ps \ +- install-ps-am install-secureconfDATA \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-data-local install-dvi \ ++ install-dvi-am install-exec install-exec-am install-html \ ++ install-html-am install-info install-info-am install-man \ ++ install-man5 install-man8 install-pdf install-pdf-am \ ++ install-ps install-ps-am install-secureconfDATA \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man5 \ +- uninstall-man8 uninstall-secureconfDATA \ ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ + uninstall-securelibLTLIBRARIES + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 new/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 +--- old/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 2013-06-18 16:26:03.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 2015-01-09 14:32:41.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_sepermit + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 06/18/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SEPERMIT" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SEPERMIT" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 new/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 +--- old/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 2013-06-18 16:26:04.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 2015-01-09 14:32:42.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: sepermit.conf + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 06/18/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "SEPERMIT\&.CONF" "5" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "SEPERMIT\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in new/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_shells +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_shells_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_shells_la_SOURCES = pam_shells.c + pam_shells_la_OBJECTS = pam_shells.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_shells.c + DIST_SOURCES = pam_shells.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_shells.la: $(pam_shells_la_OBJECTS) $(pam_shells_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_shells_la_OBJECTS) $(pam_shells_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_shells.la: $(pam_shells_la_OBJECTS) $(pam_shells_la_DEPENDENCIES) $(EXTRA_pam_shells_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_shells_la_OBJECTS) $(pam_shells_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_shells.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_shells.log: tst-pam_shells ++ @p='tst-pam_shells'; \ ++ b='tst-pam_shells'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_shells.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 new/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 +--- old/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 2013-09-19 10:02:16.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 2015-01-09 14:32:42.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_shells + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_SHELLS" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_SHELLS" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in new/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -20,6 +19,51 @@ + # + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -40,7 +84,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_stress +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -81,33 +127,262 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_stress_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_stress_la_SOURCES = pam_stress.c + pam_stress_la_OBJECTS = pam_stress.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_stress.c + DIST_SOURCES = pam_stress.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -115,6 +390,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -125,6 +401,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -174,6 +451,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -197,6 +475,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -219,6 +499,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -254,7 +535,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -286,7 +566,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -317,9 +597,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -327,6 +607,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -342,14 +624,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_stress.la: $(pam_stress_la_OBJECTS) $(pam_stress_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_stress_la_OBJECTS) $(pam_stress_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_stress.la: $(pam_stress_la_OBJECTS) $(pam_stress_la_DEPENDENCIES) $(EXTRA_pam_stress_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_stress_la_OBJECTS) $(pam_stress_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -360,25 +645,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_stress.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -386,26 +671,15 @@ + clean-libtool: + -rm -rf .libs _libs + +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -417,15 +691,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -434,101 +704,187 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_stress.log: tst-pam_stress ++ @p='tst-pam_stress'; \ ++ b='tst-pam_stress'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ +@@ -578,11 +934,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -667,19 +1031,20 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-pdf install-pdf-am \ +- install-ps install-ps-am install-securelibLTLIBRARIES \ +- install-strip installcheck installcheck-am installdirs \ +- maintainer-clean maintainer-clean-generic mostlyclean \ +- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ +- pdf pdf-am ps ps-am tags uninstall uninstall-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-pdf \ ++ install-pdf-am install-ps install-ps-am \ ++ install-securelibLTLIBRARIES install-strip installcheck \ ++ installcheck-am installdirs maintainer-clean \ ++ maintainer-clean-generic mostlyclean mostlyclean-compile \ ++ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ ++ recheck tags tags-am uninstall uninstall-am \ + uninstall-securelibLTLIBRARIES + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in new/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in 2015-01-09 14:29:52.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_succeed_if +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_succeed_if_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_succeed_if_la_SOURCES = pam_succeed_if.c + pam_succeed_if_la_OBJECTS = pam_succeed_if.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_succeed_if.c + DIST_SOURCES = pam_succeed_if.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_succeed_if.la: $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_succeed_if.la: $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_DEPENDENCIES) $(EXTRA_pam_succeed_if_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_succeed_if.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_succeed_if.log: tst-pam_succeed_if ++ @p='tst-pam_succeed_if'; \ ++ b='tst-pam_succeed_if'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_succeed_if.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 +--- old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 2013-09-19 10:02:17.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 2015-01-09 14:32:43.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_succeed_if + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM + .\" Source: Linux-PAM + .\" Language: English + .\" +-.TH "PAM_SUCCEED_IF" "8" "09/19/2013" "Linux-PAM" "Linux\-PAM" ++.TH "PAM_SUCCEED_IF" "8" "01/09/2015" "Linux-PAM" "Linux\-PAM" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c +--- old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c 2015-01-09 14:28:29.000000000 +0100 +@@ -68,20 +68,20 @@ + * PAM_SERVICE_ERR if the arguments can't be parsed as numbers. */ + static int + evaluate_num(const pam_handle_t *pamh, const char *left, +- const char *right, int (*cmp)(int, int)) ++ const char *right, int (*cmp)(long long, long long)) + { +- long l, r; ++ long long l, r; + char *p; + int ret = PAM_SUCCESS; + + errno = 0; +- l = strtol(left, &p, 0); ++ l = strtoll(left, &p, 0); + if ((p == NULL) || (*p != '\0') || errno) { + pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", left); + ret = PAM_SERVICE_ERR; + } + +- r = strtol(right, &p, 0); ++ r = strtoll(right, &p, 0); + if ((p == NULL) || (*p != '\0') || errno) { + pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", right); + ret = PAM_SERVICE_ERR; +@@ -96,32 +96,32 @@ + + /* Simple numeric comparison callbacks. */ + static int +-eq(int i, int j) ++eq(long long i, long long j) + { + return i == j; + } + static int +-ne(int i, int j) ++ne(long long i, long long j) + { + return i != j; + } + static int +-lt(int i, int j) ++lt(long long i, long long j) + { + return i < j; + } + static int +-le(int i, int j) ++le(long long i, long long j) + { + return lt(i, j) || eq(i, j); + } + static int +-gt(int i, int j) ++gt(long long i, long long j) + { + return i > j; + } + static int +-ge(int i, int j) ++ge(long long i, long long j) + { + return gt(i, j) || eq(i, j); + } +@@ -298,7 +298,7 @@ + } + if (strcasecmp(left, "rhost") == 0) { + const void *rhost; +- if (pam_get_item(pamh, PAM_SERVICE, &rhost) != PAM_SUCCESS || ++ if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS || + rhost == NULL) + rhost = ""; + snprintf(buf, sizeof(buf), "%s", (const char *)rhost); +@@ -306,7 +306,7 @@ + } + if (strcasecmp(left, "tty") == 0) { + const void *tty; +- if (pam_get_item(pamh, PAM_SERVICE, &tty) != PAM_SUCCESS || ++ if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS || + tty == NULL) + tty = ""; + snprintf(buf, sizeof(buf), "%s", (const char *)tty); +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in new/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -23,6 +22,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -44,8 +88,9 @@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + sbin_PROGRAMS = pam_tally$(EXEEXT) + subdir = modules/pam_tally +-DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ +- $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -86,46 +131,275 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ + "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_tally_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_tally_la_SOURCES = pam_tally.c + pam_tally_la_OBJECTS = pam_tally.lo +-pam_tally_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++pam_tally_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(pam_tally_la_LDFLAGS) $(LDFLAGS) -o $@ + PROGRAMS = $(sbin_PROGRAMS) + am_pam_tally_OBJECTS = pam_tally_app.$(OBJEXT) + pam_tally_OBJECTS = $(am_pam_tally_OBJECTS) + pam_tally_LDADD = $(LDADD) ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_tally.c $(pam_tally_SOURCES) + DIST_SOURCES = pam_tally.c $(pam_tally_SOURCES) ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) + HEADERS = $(noinst_HEADERS) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -133,6 +407,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -143,6 +418,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -192,6 +468,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -215,6 +492,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -237,6 +516,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -272,7 +552,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -311,7 +590,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -342,9 +621,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -352,6 +631,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -367,24 +648,32 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_tally.la: $(pam_tally_la_OBJECTS) $(pam_tally_la_DEPENDENCIES) +- $(pam_tally_la_LINK) -rpath $(securelibdir) $(pam_tally_la_OBJECTS) $(pam_tally_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_tally.la: $(pam_tally_la_OBJECTS) $(pam_tally_la_DEPENDENCIES) $(EXTRA_pam_tally_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(pam_tally_la_LINK) -rpath $(securelibdir) $(pam_tally_la_OBJECTS) $(pam_tally_la_LIBADD) $(LIBS) + install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) +- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ ++ fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ +- while read p p1; do if test -f $$p || test -f $$p1; \ +- then echo "$$p"; echo "$$p"; else :; fi; \ ++ while read p p1; do if test -f $$p \ ++ || test -f $$p1 \ ++ ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ +- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ ++ sed -e 'p;s,.*/,,;n;h' \ ++ -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ +@@ -405,7 +694,8 @@ + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ +- -e 's/$$/$(EXEEXT)/' `; \ ++ -e 's/$$/$(EXEEXT)/' \ ++ `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files +@@ -418,9 +708,10 @@ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +-pam_tally$(EXEEXT): $(pam_tally_OBJECTS) $(pam_tally_DEPENDENCIES) ++ ++pam_tally$(EXEEXT): $(pam_tally_OBJECTS) $(pam_tally_DEPENDENCIES) $(EXTRA_pam_tally_DEPENDENCIES) + @rm -f pam_tally$(EXEEXT) +- $(LINK) $(pam_tally_OBJECTS) $(pam_tally_LDADD) $(LIBS) ++ $(AM_V_CCLD)$(LINK) $(pam_tally_OBJECTS) $(pam_tally_LDADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -432,25 +723,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally_app.Po@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -459,11 +750,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -492,30 +790,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -527,15 +812,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -544,116 +825,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_tally.log: tst-pam_tally ++ @p='tst-pam_tally'; \ ++ b='tst-pam_tally'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -701,11 +1055,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -794,20 +1156,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-generic clean-libtool clean-sbinPROGRAMS \ +- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ +- distclean-generic distclean-libtool distclean-tags distdir dvi \ +- dvi-am html html-am info info-am install install-am \ +- install-data install-data-am install-dvi install-dvi-am \ +- install-exec install-exec-am install-html install-html-am \ +- install-info install-info-am install-man install-man8 \ +- install-pdf install-pdf-am install-ps install-ps-am \ +- install-sbinPROGRAMS install-securelibLTLIBRARIES \ +- install-strip installcheck installcheck-am installdirs \ +- maintainer-clean maintainer-clean-generic mostlyclean \ +- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ +- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ ++ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ ++ distclean distclean-compile distclean-generic \ ++ distclean-libtool distclean-tags distdir dvi dvi-am html \ ++ html-am info info-am install install-am install-data \ ++ install-data-am install-dvi install-dvi-am install-exec \ ++ install-exec-am install-html install-html-am install-info \ ++ install-info-am install-man install-man8 install-pdf \ ++ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ ++ install-securelibLTLIBRARIES install-strip installcheck \ ++ installcheck-am installdirs maintainer-clean \ ++ maintainer-clean-generic mostlyclean mostlyclean-compile \ ++ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ + uninstall-man8 uninstall-sbinPROGRAMS \ + uninstall-securelibLTLIBRARIES + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 new/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 +--- old/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 2013-09-19 10:02:17.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 2015-01-09 14:32:43.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_tally + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_TALLY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TALLY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally/README new/Linux-PAM-1.1.8/modules/pam_tally/README +--- old/Linux-PAM-1.1.8/modules/pam_tally/README 2013-09-19 10:02:17.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tally/README 2015-01-09 14:32:43.000000000 +0100 +@@ -32,7 +32,7 @@ + + onerr=[fail|succeed] + +- If something weird happens (like unable to open the file), return with ++ If something weird happens (like unable to open the file), return with + PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM + error code. + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in new/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -24,6 +23,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -45,8 +89,9 @@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + sbin_PROGRAMS = pam_tally2$(EXEEXT) + subdir = modules/pam_tally2 +-DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ +- $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -87,6 +132,12 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ + "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) +@@ -95,7 +146,11 @@ + $(am__DEPENDENCIES_1) + am_pam_tally2_la_OBJECTS = pam_tally2.lo + pam_tally2_la_OBJECTS = $(am_pam_tally2_la_OBJECTS) +-pam_tally2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++pam_tally2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(pam_tally2_la_LDFLAGS) $(LDFLAGS) -o $@ + PROGRAMS = $(sbin_PROGRAMS) +@@ -103,33 +158,252 @@ + pam_tally2_OBJECTS = $(am_pam_tally2_OBJECTS) + pam_tally2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ + $(am__DEPENDENCIES_1) ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES) + DIST_SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES) ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) + HEADERS = $(noinst_HEADERS) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -137,6 +411,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -147,6 +422,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -196,6 +472,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -219,6 +496,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -241,6 +520,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -276,7 +556,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -317,7 +596,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -348,9 +627,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -358,6 +637,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -373,24 +654,32 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) +- $(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) $(EXTRA_pam_tally2_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS) + install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) +- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ ++ fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ +- while read p p1; do if test -f $$p || test -f $$p1; \ +- then echo "$$p"; echo "$$p"; else :; fi; \ ++ while read p p1; do if test -f $$p \ ++ || test -f $$p1 \ ++ ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ +- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ ++ sed -e 'p;s,.*/,,;n;h' \ ++ -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ +@@ -411,7 +700,8 @@ + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ +- -e 's/$$/$(EXEEXT)/' `; \ ++ -e 's/$$/$(EXEEXT)/' \ ++ `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files +@@ -424,9 +714,10 @@ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +-pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) ++ ++pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) $(EXTRA_pam_tally2_DEPENDENCIES) + @rm -f pam_tally2$(EXEEXT) +- $(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS) ++ $(AM_V_CCLD)$(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -438,25 +729,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2_app.Po@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -465,11 +756,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -498,30 +796,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -533,15 +818,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -550,116 +831,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_tally2.log: tst-pam_tally2 ++ @p='tst-pam_tally2'; \ ++ b='tst-pam_tally2'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -707,11 +1061,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -800,20 +1162,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-generic clean-libtool clean-sbinPROGRAMS \ +- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ +- distclean-generic distclean-libtool distclean-tags distdir dvi \ +- dvi-am html html-am info info-am install install-am \ +- install-data install-data-am install-dvi install-dvi-am \ +- install-exec install-exec-am install-html install-html-am \ +- install-info install-info-am install-man install-man8 \ +- install-pdf install-pdf-am install-ps install-ps-am \ +- install-sbinPROGRAMS install-securelibLTLIBRARIES \ +- install-strip installcheck installcheck-am installdirs \ +- maintainer-clean maintainer-clean-generic mostlyclean \ +- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ +- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ ++ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ ++ distclean distclean-compile distclean-generic \ ++ distclean-libtool distclean-tags distdir dvi dvi-am html \ ++ html-am info info-am install install-am install-data \ ++ install-data-am install-dvi install-dvi-am install-exec \ ++ install-exec-am install-html install-html-am install-info \ ++ install-info-am install-man install-man8 install-pdf \ ++ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ ++ install-securelibLTLIBRARIES install-strip installcheck \ ++ installcheck-am installdirs maintainer-clean \ ++ maintainer-clean-generic mostlyclean mostlyclean-compile \ ++ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ + uninstall-man8 uninstall-sbinPROGRAMS \ + uninstall-securelibLTLIBRARIES + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 +--- old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 2013-09-19 10:02:18.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 2015-01-09 14:32:43.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_tally2 + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_TALLY2" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TALLY2" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c +--- old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2015-01-09 14:28:29.000000000 +0100 +@@ -451,11 +451,8 @@ + alarm(oldalarm); + } + +- if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) { ++ if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { + memset(tally, 0, sizeof(*tally)); +- } else if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { +- memset(tally, 0, sizeof(*tally)); +- /* Shouldn't happen */ + } + + tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/README new/Linux-PAM-1.1.8/modules/pam_tally2/README +--- old/Linux-PAM-1.1.8/modules/pam_tally2/README 2013-09-19 10:02:18.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tally2/README 2015-01-09 14:32:43.000000000 +0100 +@@ -28,7 +28,7 @@ + + onerr=[fail|succeed] + +- If something weird happens (like unable to open the file), return with ++ If something weird happens (like unable to open the file), return with + PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM + error code. + +@@ -108,7 +108,7 @@ + magic_root + + If the module is invoked by a user with uid=0 the counter is not +- changed. The sysadmin should use this for user launched services, like ++ changed. The sysadmin should use this for user launched services, like + su, otherwise this argument should be omitted. + + NOTES +@@ -117,7 +117,7 @@ + is caused by requirement of compatibility of the tallylog file format between + 32bit and 64bit architectures on multiarch systems. + +-There is no setuid wrapper for access to the data file such as when the ++There is no setuid wrapper for access to the data file such as when the + pam_tally2.so module is called from xscreensaver. As this would make it + impossible to share PAM configuration with such services the following + workaround is used: If the data file cannot be opened because of insufficient +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_time/Makefile.in new/Linux-PAM-1.1.8/modules/pam_time/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_time/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_time/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_time +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,39 +128,268 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_time_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_time_la_SOURCES = pam_time.c + pam_time_la_OBJECTS = pam_time.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_time.c + DIST_SOURCES = pam_time.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man5dir = $(mandir)/man5 + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) $(secureconf_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -122,6 +397,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -132,6 +408,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -181,6 +458,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -204,6 +482,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -226,6 +506,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -261,7 +542,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -300,7 +580,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -331,9 +611,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -341,6 +621,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -356,14 +638,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_time.la: $(pam_time_la_OBJECTS) $(pam_time_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_time_la_OBJECTS) $(pam_time_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_time.la: $(pam_time_la_OBJECTS) $(pam_time_la_DEPENDENCIES) $(EXTRA_pam_time_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_time_la_OBJECTS) $(pam_time_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -374,25 +659,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_time.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -401,11 +686,18 @@ + -rm -rf .libs _libs + install-man5: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" +- @list=''; test -n "$(man5dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.5[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man5dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.5[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -434,16 +726,21 @@ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -472,13 +769,14 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + install-secureconfDATA: $(secureconf_DATA) + @$(NORMAL_INSTALL) +- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ ++ fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ +@@ -492,30 +790,17 @@ + @$(NORMAL_UNINSTALL) + @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ +- test -n "$$files" || exit 0; \ +- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -527,15 +812,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -544,116 +825,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_time.log: tst-pam_time ++ @p='tst-pam_time'; \ ++ b='tst-pam_time'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -701,11 +1055,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -795,20 +1157,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man5 install-man8 \ +- install-pdf install-pdf-am install-ps install-ps-am \ +- install-secureconfDATA install-securelibLTLIBRARIES \ +- install-strip installcheck installcheck-am installdirs \ +- maintainer-clean maintainer-clean-generic mostlyclean \ +- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ +- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man5 \ ++ install-man8 install-pdf install-pdf-am install-ps \ ++ install-ps-am install-secureconfDATA \ ++ install-securelibLTLIBRARIES install-strip installcheck \ ++ installcheck-am installdirs maintainer-clean \ ++ maintainer-clean-generic mostlyclean mostlyclean-compile \ ++ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ + uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ + uninstall-securelibLTLIBRARIES + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 new/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 +--- old/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 2013-09-19 10:02:19.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 2015-01-09 14:32:44.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_time + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_TIME" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" ++.TH "PAM_TIME" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 new/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 +--- old/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 2013-09-19 10:02:18.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 2015-01-09 14:32:44.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: time.conf + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "TIME\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "TIME\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in new/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in 2013-09-19 10:01:35.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -24,6 +23,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -47,8 +91,9 @@ + sbin_PROGRAMS = pam_timestamp_check$(EXEEXT) + noinst_PROGRAMS = hmacfile$(EXEEXT) + subdir = modules/pam_timestamp +-DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ +- $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -89,6 +134,12 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ + "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) +@@ -96,9 +147,14 @@ + am_pam_timestamp_la_OBJECTS = pam_timestamp_la-pam_timestamp.lo \ + pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo + pam_timestamp_la_OBJECTS = $(am_pam_timestamp_la_OBJECTS) +-pam_timestamp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pam_timestamp_la_CFLAGS) \ +- $(CFLAGS) $(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++pam_timestamp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ ++ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ ++ $(pam_timestamp_la_CFLAGS) $(CFLAGS) \ ++ $(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@ + PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS) + am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) hmacsha1.$(OBJEXT) \ + sha1.$(OBJEXT) +@@ -108,40 +164,259 @@ + pam_timestamp_check-pam_timestamp_check.$(OBJEXT) + pam_timestamp_check_OBJECTS = $(am_pam_timestamp_check_OBJECTS) + pam_timestamp_check_DEPENDENCIES = $(top_builddir)/libpam/libpam.la +-pam_timestamp_check_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ +- $(LIBTOOLFLAGS) --mode=link $(CCLD) \ ++pam_timestamp_check_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ ++ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(pam_timestamp_check_CFLAGS) $(CFLAGS) \ + $(pam_timestamp_check_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \ + $(pam_timestamp_check_SOURCES) + DIST_SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \ + $(pam_timestamp_check_SOURCES) ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) + HEADERS = $(noinst_HEADERS) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck + am__EXEEXT_1 = hmacfile$(EXEEXT) ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -149,6 +424,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -159,6 +435,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -208,6 +485,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -231,6 +509,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -253,6 +533,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -288,7 +569,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -335,7 +615,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -366,9 +646,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -376,6 +656,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -391,14 +673,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_timestamp.la: $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_DEPENDENCIES) +- $(pam_timestamp_la_LINK) -rpath $(securelibdir) $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_timestamp.la: $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_DEPENDENCIES) $(EXTRA_pam_timestamp_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(pam_timestamp_la_LINK) -rpath $(securelibdir) $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_LIBADD) $(LIBS) + + clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ +@@ -410,14 +695,19 @@ + rm -f $$list + install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) +- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ ++ fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ +- while read p p1; do if test -f $$p || test -f $$p1; \ +- then echo "$$p"; echo "$$p"; else :; fi; \ ++ while read p p1; do if test -f $$p \ ++ || test -f $$p1 \ ++ ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ +- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ ++ sed -e 'p;s,.*/,,;n;h' \ ++ -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ +@@ -438,7 +728,8 @@ + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ +- -e 's/$$/$(EXEEXT)/' `; \ ++ -e 's/$$/$(EXEEXT)/' \ ++ `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files +@@ -451,12 +742,14 @@ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +-hmacfile$(EXEEXT): $(hmacfile_OBJECTS) $(hmacfile_DEPENDENCIES) ++ ++hmacfile$(EXEEXT): $(hmacfile_OBJECTS) $(hmacfile_DEPENDENCIES) $(EXTRA_hmacfile_DEPENDENCIES) + @rm -f hmacfile$(EXEEXT) +- $(LINK) $(hmacfile_OBJECTS) $(hmacfile_LDADD) $(LIBS) +-pam_timestamp_check$(EXEEXT): $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) $(hmacfile_OBJECTS) $(hmacfile_LDADD) $(LIBS) ++ ++pam_timestamp_check$(EXEEXT): $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_DEPENDENCIES) $(EXTRA_pam_timestamp_check_DEPENDENCIES) + @rm -f pam_timestamp_check$(EXEEXT) +- $(pam_timestamp_check_LINK) $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_LDADD) $(LIBS) ++ $(AM_V_CCLD)$(pam_timestamp_check_LINK) $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_LDADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -473,60 +766,60 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Po@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + pam_timestamp_la-pam_timestamp.lo: pam_timestamp.c +-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-pam_timestamp.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo $(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_timestamp.c' object='pam_timestamp_la-pam_timestamp.lo' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-pam_timestamp.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo $(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pam_timestamp.c' object='pam_timestamp_la-pam_timestamp.lo' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c + + pam_timestamp_la-hmacsha1.lo: hmacsha1.c +-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmacsha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo $(DEPDIR)/pam_timestamp_la-hmacsha1.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmacsha1.c' object='pam_timestamp_la-hmacsha1.lo' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmacsha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo $(DEPDIR)/pam_timestamp_la-hmacsha1.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmacsha1.c' object='pam_timestamp_la-hmacsha1.lo' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c + + pam_timestamp_la-sha1.lo: sha1.c +-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-sha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-sha1.Tpo -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_la-sha1.Tpo $(DEPDIR)/pam_timestamp_la-sha1.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sha1.c' object='pam_timestamp_la-sha1.lo' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-sha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-sha1.Tpo -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-sha1.Tpo $(DEPDIR)/pam_timestamp_la-sha1.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sha1.c' object='pam_timestamp_la-sha1.lo' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c + + pam_timestamp_check-pam_timestamp_check.o: pam_timestamp_check.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.o -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.o -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c + + pam_timestamp_check-pam_timestamp_check.obj: pam_timestamp_check.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.obj -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.obj -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` + + mostlyclean-libtool: + -rm -f *.lo +@@ -535,11 +828,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -568,30 +868,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) ++ ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -603,15 +890,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -620,116 +903,196 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_timestamp.log: tst-pam_timestamp ++ @p='tst-pam_timestamp'; \ ++ b='tst-pam_timestamp'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++hmacfile.log: hmacfile$(EXEEXT) ++ @p='hmacfile$(EXEEXT)'; \ ++ b='hmacfile'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -777,11 +1140,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -870,22 +1241,23 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-generic clean-libtool clean-noinstPROGRAMS \ +- clean-sbinPROGRAMS clean-securelibLTLIBRARIES ctags distclean \ +- distclean-compile distclean-generic distclean-libtool \ +- distclean-tags distdir dvi dvi-am html html-am info info-am \ +- install install-am install-data install-data-am install-dvi \ +- install-dvi-am install-exec install-exec-am install-html \ +- install-html-am install-info install-info-am install-man \ +- install-man8 install-pdf install-pdf-am install-ps \ +- install-ps-am install-sbinPROGRAMS \ ++ clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \ ++ ctags ctags-am distclean distclean-compile distclean-generic \ ++ distclean-libtool distclean-tags distdir dvi dvi-am html \ ++ html-am info info-am install install-am install-data \ ++ install-data-am install-dvi install-dvi-am install-exec \ ++ install-exec-am install-html install-html-am install-info \ ++ install-info-am install-man install-man8 install-pdf \ ++ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-sbinPROGRAMS \ ++ uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_timestamp.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 +--- old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 2013-09-19 10:02:19.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 2015-01-09 14:32:45.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_timestamp + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_TIMESTAMP" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TIMESTAMP" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c +--- old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c 2015-01-09 14:28:29.000000000 +0100 +@@ -158,7 +158,7 @@ + tty = strrchr(tty, '/') + 1; + } + /* Make sure the tty wasn't actually a directory (no basename). */ +- if (strlen(tty) == 0) { ++ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { + return NULL; + } + return tty; +@@ -243,6 +243,17 @@ + if (pwd != NULL) { + ruser = pwd->pw_name; + } ++ } else { ++ /* ++ * This ruser is used by format_timestamp_name as a component ++ * of constructed timestamp pathname, so ".", "..", and '/' ++ * are disallowed to avoid potential path traversal issues. ++ */ ++ if (!strcmp(ruser, ".") || ++ !strcmp(ruser, "..") || ++ strchr(ruser, '/')) { ++ ruser = NULL; ++ } + } + if (ruser == NULL || strlen(ruser) >= ruserbuflen) { + *ruserbuf = '\0'; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 +--- old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 2013-09-19 10:02:19.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 2015-01-09 14:32:45.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_timestamp_check + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_TIMESTAMP_CHECK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TIMESTAMP_CHECK" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in new/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in 2013-09-19 10:01:36.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_tty_audit +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,40 +128,269 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + @HAVE_AUDIT_TTY_STATUS_TRUE@pam_tty_audit_la_DEPENDENCIES = \ + @HAVE_AUDIT_TTY_STATUS_TRUE@ $(top_builddir)/libpam/libpam.la + pam_tty_audit_la_SOURCES = pam_tty_audit.c + pam_tty_audit_la_OBJECTS = pam_tty_audit.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = + @HAVE_AUDIT_TTY_STATUS_TRUE@am_pam_tty_audit_la_rpath = -rpath \ + @HAVE_AUDIT_TTY_STATUS_TRUE@ $(securelibdir) ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_tty_audit.c + DIST_SOURCES = pam_tty_audit.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -123,6 +398,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -133,6 +409,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -182,6 +459,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -205,6 +483,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -227,6 +507,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -262,7 +543,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -297,7 +577,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -328,9 +608,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -338,6 +618,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -353,14 +635,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_tty_audit.la: $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_DEPENDENCIES) +- $(LINK) $(am_pam_tty_audit_la_rpath) $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_tty_audit.la: $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_DEPENDENCIES) $(EXTRA_pam_tty_audit_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) $(am_pam_tty_audit_la_rpath) $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -371,25 +656,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tty_audit.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -398,11 +683,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -431,30 +723,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -466,15 +745,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -483,116 +758,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_tty_audit.log: tst-pam_tty_audit ++ @p='tst-pam_tty_audit'; \ ++ b='tst-pam_tty_audit'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -640,11 +988,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -732,21 +1088,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_tty_audit.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 +--- old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 2013-09-04 15:47:58.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 2015-01-09 14:32:45.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_tty_audit + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/04/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_TTY_AUDIT" "8" "09/04/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_TTY_AUDIT" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c +--- old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2013-08-28 10:53:40.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2015-01-09 14:28:29.000000000 +0100 +@@ -36,6 +36,7 @@ + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + DAMAGE. */ + ++#include "config.h" + #include + #include + #include +@@ -108,7 +109,7 @@ + struct msghdr msg; + struct nlmsghdr nlm; + struct iovec iov[2]; +- ssize_t res; ++ ssize_t res, resdiff; + + again: + iov[0].iov_base = &nlm; +@@ -119,6 +120,7 @@ + msg.msg_iovlen = 1; + msg.msg_control = NULL; + msg.msg_controllen = 0; ++ msg.msg_flags = 0; + if (type != NLMSG_ERROR) + { + res = recvmsg (fd, &msg, MSG_PEEK); +@@ -160,12 +162,17 @@ + res = recvmsg (fd, &msg, 0); + if (res == -1) + return -1; +- if ((size_t)res != NLMSG_LENGTH (size) ++ resdiff = NLMSG_LENGTH(size) - (size_t)res; ++ if (resdiff < 0 + || nlm.nlmsg_type != type) + { + errno = EIO; + return -1; + } ++ else if (resdiff > 0) ++ { ++ memset((char *)buf + size - resdiff, 0, resdiff); ++ } + return 0; + } + +@@ -275,6 +282,8 @@ + return PAM_SESSION_ERR; + } + ++ memcpy(&new_status, old_status, sizeof(new_status)); ++ + new_status.enabled = (command == CMD_ENABLE ? 1 : 0); + #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD + new_status.log_passwd = log_passwd; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/README new/Linux-PAM-1.1.8/modules/pam_tty_audit/README +--- old/Linux-PAM-1.1.8/modules/pam_tty_audit/README 2013-09-19 10:02:20.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/README 2015-01-09 14:32:45.000000000 +0100 +@@ -42,7 +42,7 @@ + users is explicitly disabled. Therefore, it is recommended to use disable=* as + the first option for most daemons using PAM. + +-To view the data that was logged by the kernel to audit use the command ++To view the data that was logged by the kernel to audit use the command + aureport --tty. + + EXAMPLES +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in new/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in 2013-09-19 10:01:36.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_umask +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_umask_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_umask_la_SOURCES = pam_umask.c + pam_umask_la_OBJECTS = pam_umask.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_umask.c + DIST_SOURCES = pam_umask.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_umask.la: $(pam_umask_la_OBJECTS) $(pam_umask_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_umask_la_OBJECTS) $(pam_umask_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_umask.la: $(pam_umask_la_OBJECTS) $(pam_umask_la_DEPENDENCIES) $(EXTRA_pam_umask_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_umask_la_OBJECTS) $(pam_umask_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_umask.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_umask.log: tst-pam_umask ++ @p='tst-pam_umask'; \ ++ b='tst-pam_umask'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_umask.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 new/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 +--- old/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 2013-09-19 10:02:20.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 2015-01-09 14:32:46.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_umask + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_UMASK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UMASK" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in new/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in 2013-09-19 10:01:36.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -23,6 +22,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -47,8 +91,9 @@ + noinst_PROGRAMS = bigcrypt$(EXEEXT) + @STATIC_MODULES_TRUE@am__append_3 = pam_unix_static.c + subdir = modules/pam_unix +-DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ +- $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -89,6 +134,12 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ + "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) +@@ -104,7 +155,11 @@ + pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ + yppasswd_xdr.lo md5_good.lo md5_broken.lo $(am__objects_1) + pam_unix_la_OBJECTS = $(am_pam_unix_la_OBJECTS) +-pam_unix_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++pam_unix_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(pam_unix_la_LDFLAGS) $(LDFLAGS) -o $@ + PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS) +@@ -112,9 +167,9 @@ + bigcrypt-bigcrypt_main.$(OBJEXT) + bigcrypt_OBJECTS = $(am_bigcrypt_OBJECTS) + bigcrypt_DEPENDENCIES = +-bigcrypt_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(bigcrypt_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++bigcrypt_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(bigcrypt_CFLAGS) \ ++ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ + am_unix_chkpwd_OBJECTS = unix_chkpwd-unix_chkpwd.$(OBJEXT) \ + unix_chkpwd-md5_good.$(OBJEXT) \ + unix_chkpwd-md5_broken.$(OBJEXT) \ +@@ -122,7 +177,7 @@ + unix_chkpwd-passverify.$(OBJEXT) + unix_chkpwd_OBJECTS = $(am_unix_chkpwd_OBJECTS) + unix_chkpwd_DEPENDENCIES = +-unix_chkpwd_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ ++unix_chkpwd_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(unix_chkpwd_CFLAGS) \ + $(CFLAGS) $(unix_chkpwd_LDFLAGS) $(LDFLAGS) -o $@ + am_unix_update_OBJECTS = unix_update-unix_update.$(OBJEXT) \ +@@ -132,38 +187,257 @@ + unix_update-passverify.$(OBJEXT) + unix_update_OBJECTS = $(am_unix_update_OBJECTS) + unix_update_DEPENDENCIES = +-unix_update_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ ++unix_update_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(unix_update_CFLAGS) \ + $(CFLAGS) $(unix_update_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = $(pam_unix_la_SOURCES) $(bigcrypt_SOURCES) \ + $(unix_chkpwd_SOURCES) $(unix_update_SOURCES) + DIST_SOURCES = $(am__pam_unix_la_SOURCES_DIST) $(bigcrypt_SOURCES) \ + $(unix_chkpwd_SOURCES) $(unix_update_SOURCES) ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) + HEADERS = $(noinst_HEADERS) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -171,6 +445,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -181,6 +456,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -230,6 +506,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -253,6 +530,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -275,6 +554,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -310,7 +590,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -376,7 +655,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -407,9 +686,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -417,6 +696,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -432,14 +713,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_unix.la: $(pam_unix_la_OBJECTS) $(pam_unix_la_DEPENDENCIES) +- $(pam_unix_la_LINK) -rpath $(securelibdir) $(pam_unix_la_OBJECTS) $(pam_unix_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_unix.la: $(pam_unix_la_OBJECTS) $(pam_unix_la_DEPENDENCIES) $(EXTRA_pam_unix_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(pam_unix_la_LINK) -rpath $(securelibdir) $(pam_unix_la_OBJECTS) $(pam_unix_la_LIBADD) $(LIBS) + + clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ +@@ -451,14 +735,19 @@ + rm -f $$list + install-sbinPROGRAMS: $(sbin_PROGRAMS) + @$(NORMAL_INSTALL) +- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ ++ if test -n "$$list"; then \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ ++ fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ +- while read p p1; do if test -f $$p || test -f $$p1; \ +- then echo "$$p"; echo "$$p"; else :; fi; \ ++ while read p p1; do if test -f $$p \ ++ || test -f $$p1 \ ++ ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ +- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ ++ sed -e 'p;s,.*/,,;n;h' \ ++ -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ +@@ -479,7 +768,8 @@ + @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ +- -e 's/$$/$(EXEEXT)/' `; \ ++ -e 's/$$/$(EXEEXT)/' \ ++ `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(sbindir)" && rm -f $$files +@@ -492,15 +782,18 @@ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +-bigcrypt$(EXEEXT): $(bigcrypt_OBJECTS) $(bigcrypt_DEPENDENCIES) ++ ++bigcrypt$(EXEEXT): $(bigcrypt_OBJECTS) $(bigcrypt_DEPENDENCIES) $(EXTRA_bigcrypt_DEPENDENCIES) + @rm -f bigcrypt$(EXEEXT) +- $(bigcrypt_LINK) $(bigcrypt_OBJECTS) $(bigcrypt_LDADD) $(LIBS) +-unix_chkpwd$(EXEEXT): $(unix_chkpwd_OBJECTS) $(unix_chkpwd_DEPENDENCIES) ++ $(AM_V_CCLD)$(bigcrypt_LINK) $(bigcrypt_OBJECTS) $(bigcrypt_LDADD) $(LIBS) ++ ++unix_chkpwd$(EXEEXT): $(unix_chkpwd_OBJECTS) $(unix_chkpwd_DEPENDENCIES) $(EXTRA_unix_chkpwd_DEPENDENCIES) + @rm -f unix_chkpwd$(EXEEXT) +- $(unix_chkpwd_LINK) $(unix_chkpwd_OBJECTS) $(unix_chkpwd_LDADD) $(LIBS) +-unix_update$(EXEEXT): $(unix_update_OBJECTS) $(unix_update_DEPENDENCIES) ++ $(AM_V_CCLD)$(unix_chkpwd_LINK) $(unix_chkpwd_OBJECTS) $(unix_chkpwd_LDADD) $(LIBS) ++ ++unix_update$(EXEEXT): $(unix_update_OBJECTS) $(unix_update_DEPENDENCIES) $(EXTRA_unix_update_DEPENDENCIES) + @rm -f unix_update$(EXEEXT) +- $(unix_update_LINK) $(unix_update_OBJECTS) $(unix_update_LDADD) $(LIBS) ++ $(AM_V_CCLD)$(unix_update_LINK) $(unix_update_OBJECTS) $(unix_update_LDADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -533,193 +826,193 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yppasswd_xdr.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + bigcrypt-bigcrypt.o: bigcrypt.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='bigcrypt-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='bigcrypt-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c + + bigcrypt-bigcrypt.obj: bigcrypt.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='bigcrypt-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='bigcrypt-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` + + bigcrypt-bigcrypt_main.o: bigcrypt_main.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c + + bigcrypt-bigcrypt_main.obj: bigcrypt_main.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` + + unix_chkpwd-unix_chkpwd.o: unix_chkpwd.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c + + unix_chkpwd-unix_chkpwd.obj: unix_chkpwd.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` + + unix_chkpwd-md5_good.o: md5_good.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_chkpwd-md5_good.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_chkpwd-md5_good.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c + + unix_chkpwd-md5_good.obj: md5_good.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_chkpwd-md5_good.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_chkpwd-md5_good.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` + + unix_chkpwd-md5_broken.o: md5_broken.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_chkpwd-md5_broken.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_chkpwd-md5_broken.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c + + unix_chkpwd-md5_broken.obj: md5_broken.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_chkpwd-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_chkpwd-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` + + unix_chkpwd-bigcrypt.o: bigcrypt.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_chkpwd-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_chkpwd-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c + + unix_chkpwd-bigcrypt.obj: bigcrypt.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_chkpwd-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_chkpwd-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` + + unix_chkpwd-passverify.o: passverify.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_chkpwd-passverify.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_chkpwd-passverify.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c + + unix_chkpwd-passverify.obj: passverify.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_chkpwd-passverify.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_chkpwd-passverify.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` + + unix_update-unix_update.o: unix_update.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.o -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_update.c' object='unix_update-unix_update.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.o -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_update.c' object='unix_update-unix_update.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c + + unix_update-unix_update.obj: unix_update.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.obj -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_update.c' object='unix_update-unix_update.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.obj -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_update.c' object='unix_update-unix_update.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` + + unix_update-md5_good.o: md5_good.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.o -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_update-md5_good.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.o -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_update-md5_good.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c + + unix_update-md5_good.obj: md5_good.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_update-md5_good.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_update-md5_good.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` + + unix_update-md5_broken.o: md5_broken.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_update-md5_broken.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_update-md5_broken.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c + + unix_update-md5_broken.obj: md5_broken.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_update-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_update-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` + + unix_update-bigcrypt.o: bigcrypt.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_update-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_update-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c + + unix_update-bigcrypt.obj: bigcrypt.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_update-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_update-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` + + unix_update-passverify.o: passverify.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.o -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_update-passverify.o' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.o -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_update-passverify.o' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c + + unix_update-passverify.obj: passverify.c +-@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.obj -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_update-passverify.obj' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.obj -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_update-passverify.obj' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` + + mostlyclean-libtool: + -rm -f *.lo +@@ -728,11 +1021,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -761,30 +1061,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -796,15 +1083,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -813,116 +1096,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ +- else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ +- fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- skipped="($$skip tests were not run)"; \ ++ color_start= color_end=; \ + fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_unix.log: tst-pam_unix ++ @p='tst-pam_unix'; \ ++ b='tst-pam_unix'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -970,11 +1326,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -1063,22 +1427,23 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ + clean-generic clean-libtool clean-noinstPROGRAMS \ +- clean-sbinPROGRAMS clean-securelibLTLIBRARIES ctags distclean \ +- distclean-compile distclean-generic distclean-libtool \ +- distclean-tags distdir dvi dvi-am html html-am info info-am \ +- install install-am install-data install-data-am install-dvi \ +- install-dvi-am install-exec install-exec-am install-html \ +- install-html-am install-info install-info-am install-man \ +- install-man8 install-pdf install-pdf-am install-ps \ +- install-ps-am install-sbinPROGRAMS \ ++ clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \ ++ ctags ctags-am distclean distclean-compile distclean-generic \ ++ distclean-libtool distclean-tags distdir dvi dvi-am html \ ++ html-am info info-am install install-am install-data \ ++ install-data-am install-dvi install-dvi-am install-exec \ ++ install-exec-am install-html install-html-am install-info \ ++ install-info-am install-man install-man8 install-pdf \ ++ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-sbinPROGRAMS \ ++ uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_unix.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c new/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c 2015-01-09 14:28:29.000000000 +0100 +@@ -51,6 +51,8 @@ + /* TODO: now that we're using malloc'ed memory, get rid of the + strange constant buffer size. */ + passwd = malloc(120); ++ if (passwd == NULL) ++ return NULL; + + /* If it starts with the magic string, then skip that */ + if (!strncmp(sp, magic, strlen(magic))) +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 +--- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 2013-09-19 10:02:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 2015-01-09 14:32:46.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_unix + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_UNIX" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_UNIX" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c 2013-09-16 11:11:51.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c 2015-01-09 14:28:29.000000000 +0100 +@@ -98,24 +98,21 @@ + /* fork */ + child = fork(); + if (child == 0) { +- int i=0; +- struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL }; +- +- /* reopen stdout as pipe */ +- dup2(fds[1], STDOUT_FILENO); ++ const char *args[] = { NULL, NULL, NULL, NULL }; + + /* XXX - should really tidy up PAM here too */ + +- if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { +- if (rlim.rlim_max >= MAX_FD_NO) +- rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { +- if (i != STDOUT_FILENO) { +- close(i); +- } +- } ++ /* reopen stdout as pipe */ ++ if (dup2(fds[1], STDOUT_FILENO) != STDOUT_FILENO) { ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdout"); ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } ++ ++ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, ++ PAM_MODUTIL_IGNORE_FD, ++ PAM_MODUTIL_PIPE_FD) < 0) { ++ _exit(PAM_AUTHINFO_UNAVAIL); + } + + if (geteuid() == 0) { +@@ -130,11 +127,11 @@ + } + + /* exec binary helper */ +- args[0] = x_strdup(CHKPWD_HELPER); +- args[1] = x_strdup(user); +- args[2] = x_strdup("chkexpiry"); ++ args[0] = CHKPWD_HELPER; ++ args[1] = user; ++ args[2] = "chkexpiry"; + +- execve(CHKPWD_HELPER, args, envp); ++ execve(CHKPWD_HELPER, (char *const *) args, envp); + + pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); + /* should not get here: exit with error */ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-09-16 11:09:47.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2015-01-09 14:28:29.000000000 +0100 +@@ -201,39 +201,37 @@ + /* fork */ + child = fork(); + if (child == 0) { +- int i=0; +- struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; + char buffer[16]; + + /* XXX - should really tidy up PAM here too */ + + /* reopen stdin as pipe */ +- dup2(fds[0], STDIN_FILENO); ++ if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) { ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } + +- if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { +- if (rlim.rlim_max >= MAX_FD_NO) +- rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { +- if (i != STDIN_FILENO) +- close(i); +- } ++ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, ++ PAM_MODUTIL_PIPE_FD, ++ PAM_MODUTIL_PIPE_FD) < 0) { ++ _exit(PAM_AUTHINFO_UNAVAIL); + } + + /* exec binary helper */ +- args[0] = x_strdup(UPDATE_HELPER); +- args[1] = x_strdup(user); +- args[2] = x_strdup("update"); ++ args[0] = UPDATE_HELPER; ++ args[1] = user; ++ args[2] = "update"; + if (on(UNIX_SHADOW, ctrl)) +- args[3] = x_strdup("1"); ++ args[3] = "1"; + else +- args[3] = x_strdup("0"); ++ args[3] = "0"; + + snprintf(buffer, sizeof(buffer), "%d", remember); +- args[4] = x_strdup(buffer); ++ args[4] = buffer; + +- execve(UPDATE_HELPER, args, envp); ++ execve(UPDATE_HELPER, (char *const *) args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); +@@ -303,7 +301,7 @@ + s_pas = strtok_r(NULL, ":,", &sptr); + while (s_pas != NULL) { + char *md5pass = Goodcrypt_md5(newpass, s_pas); +- if (!strcmp(md5pass, s_pas)) { ++ if (md5pass == NULL || !strcmp(md5pass, s_pas)) { + _pam_delete(md5pass); + retval = PAM_AUTHTOK_ERR; + break; +@@ -614,7 +612,8 @@ + + if (_unix_blankpasswd(pamh, ctrl, user)) { + return PAM_SUCCESS; +- } else if (off(UNIX__IAMROOT, ctrl)) { ++ } else if (off(UNIX__IAMROOT, ctrl) || ++ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { + /* instruct user what is happening */ + if (asprintf(&Announce, _("Changing password for %s."), + user) < 0) { +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/passverify.c new/Linux-PAM-1.1.8/modules/pam_unix/passverify.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/passverify.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/passverify.c 2015-01-09 14:28:29.000000000 +0100 +@@ -639,11 +639,23 @@ + continue; + buf[strlen(buf) - 1] = '\0'; + s_luser = strtok_r(buf, ":", &sptr); ++ if (s_luser == NULL) { ++ found = 0; ++ continue; ++ } + s_uid = strtok_r(NULL, ":", &sptr); ++ if (s_uid == NULL) { ++ found = 0; ++ continue; ++ } + s_npas = strtok_r(NULL, ":", &sptr); ++ if (s_npas == NULL) { ++ found = 0; ++ continue; ++ } + s_pas = strtok_r(NULL, ":", &sptr); + npas = strtol(s_npas, NULL, 10) + 1; +- while (npas > howmany) { ++ while (npas > howmany && s_pas != NULL) { + s_pas = strpbrk(s_pas, ","); + if (s_pas != NULL) + s_pas++; +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/README new/Linux-PAM-1.1.8/modules/pam_unix/README +--- old/Linux-PAM-1.1.8/modules/pam_unix/README 2013-09-19 10:02:20.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/README 2015-01-09 14:32:46.000000000 +0100 +@@ -12,9 +12,9 @@ + The account component performs the task of establishing the status of the + user's account and password based on the following shadow elements: expire, + last_change, max_change, min_change, warn_change. In the case of the latter, it +-may offer advice to the user on changing their password or, through the ++may offer advice to the user on changing their password or, through the + PAM_AUTHTOKEN_REQD return, delay giving service to the user until they have +-established a new password. The entries listed above are documented in the ++established a new password. The entries listed above are documented in the + shadow(5) manual page. Should the user's record not contain one or more of + these entries, the corresponding shadow check is not performed. + +@@ -100,7 +100,7 @@ + + The last n passwords for each user are saved in /etc/security/opasswd in + order to force password change history and keep the user from alternating +- between the same password too frequently. Instead of this option the ++ between the same password too frequently. Instead of this option the + pam_pwhistory module should be used. + + shadow +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.c new/Linux-PAM-1.1.8/modules/pam_unix/support.c +--- old/Linux-PAM-1.1.8/modules/pam_unix/support.c 2013-09-16 11:11:51.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/support.c 2015-01-09 14:28:29.000000000 +0100 +@@ -564,23 +564,21 @@ + /* fork */ + child = fork(); + if (child == 0) { +- int i=0; +- struct rlimit rlim; + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL }; + + /* XXX - should really tidy up PAM here too */ + + /* reopen stdin as pipe */ +- dup2(fds[0], STDIN_FILENO); ++ if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) { ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } + +- if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { +- if (rlim.rlim_max >= MAX_FD_NO) +- rlim.rlim_max = MAX_FD_NO; +- for (i=0; i < (int)rlim.rlim_max; i++) { +- if (i != STDIN_FILENO) +- close(i); +- } ++ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, ++ PAM_MODUTIL_PIPE_FD, ++ PAM_MODUTIL_PIPE_FD) < 0) { ++ _exit(PAM_AUTHINFO_UNAVAIL); + } + + if (geteuid() == 0) { +@@ -593,15 +591,15 @@ + } + + /* exec binary helper */ +- args[0] = strdup(CHKPWD_HELPER); +- args[1] = x_strdup(user); ++ args[0] = CHKPWD_HELPER; ++ args[1] = user; + if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ +- args[2]=strdup("nullok"); ++ args[2]="nullok"; + } else { +- args[2]=strdup("nonull"); ++ args[2]="nonull"; + } + +- execve(CHKPWD_HELPER, args, envp); ++ execve(CHKPWD_HELPER, (char *const *) args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); +@@ -788,10 +786,10 @@ + login_name = ""; + } + +- new->user = x_strdup(name ? name : ""); ++ new->user = strdup(name ? name : ""); + new->uid = getuid(); + new->euid = geteuid(); +- new->name = x_strdup(login_name); ++ new->name = strdup(login_name); + + /* any previous failures for this user ? */ + if (pam_get_data(pamh, data_name, &void_old) +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.h new/Linux-PAM-1.1.8/modules/pam_unix/support.h +--- old/Linux-PAM-1.1.8/modules/pam_unix/support.h 2013-06-18 16:24:05.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/support.h 2015-01-09 14:28:29.000000000 +0100 +@@ -97,8 +97,9 @@ + password hash algorithms */ + #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ + #define UNIX_MIN_PASS_LEN 27 /* min length for password */ ++#define UNIX_DES 28 /* DES, default */ + /* -------------- */ +-#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ ++#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ + + #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + +@@ -135,12 +136,11 @@ + /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, + /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, + /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, ++/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, + }; + + #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) + +-#define MAX_FD_NO 2000000 +- + /* use this to free strings. ESPECIALLY password strings */ + + #define _pam_delete(xx) \ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 new/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 +--- old/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 2013-09-19 10:02:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 2015-01-09 14:32:47.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: unix_chkpwd + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "UNIX_CHKPWD" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "UNIX_CHKPWD" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 new/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 +--- old/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 2013-09-19 10:02:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 2015-01-09 14:32:47.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: unix_update + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "UNIX_UPDATE" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "UNIX_UPDATE" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in new/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in 2013-09-19 10:01:36.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -22,6 +21,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -42,8 +86,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_userdb +-DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ +- $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -84,40 +129,269 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + @HAVE_LIBDB_TRUE@pam_userdb_la_DEPENDENCIES = \ + @HAVE_LIBDB_TRUE@ $(top_builddir)/libpam/libpam.la + pam_userdb_la_SOURCES = pam_userdb.c + pam_userdb_la_OBJECTS = pam_userdb.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = + @HAVE_LIBDB_TRUE@am_pam_userdb_la_rpath = -rpath $(securelibdir) ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_userdb.c + DIST_SOURCES = pam_userdb.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) + HEADERS = $(noinst_HEADERS) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -125,6 +399,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -135,6 +410,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -184,6 +460,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -207,6 +484,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -229,6 +508,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -264,7 +544,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -302,7 +581,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -333,9 +612,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -343,6 +622,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -358,14 +639,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_userdb.la: $(pam_userdb_la_OBJECTS) $(pam_userdb_la_DEPENDENCIES) +- $(LINK) $(am_pam_userdb_la_rpath) $(pam_userdb_la_OBJECTS) $(pam_userdb_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_userdb.la: $(pam_userdb_la_OBJECTS) $(pam_userdb_la_DEPENDENCIES) $(EXTRA_pam_userdb_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) $(am_pam_userdb_la_rpath) $(pam_userdb_la_OBJECTS) $(pam_userdb_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -376,25 +660,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_userdb.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -403,11 +687,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -436,30 +727,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -471,15 +749,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -488,116 +762,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_userdb.log: tst-pam_userdb ++ @p='tst-pam_userdb'; \ ++ b='tst-pam_userdb'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -645,11 +992,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -737,21 +1092,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_userdb.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 +--- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 2013-06-18 16:26:14.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 2015-01-09 14:32:47.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_userdb + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 06/18/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_USERDB" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_USERDB" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +@@ -53,7 +53,9 @@ + /path/database + database for performing lookup\&. There is no default; the module will return + \fBPAM_IGNORE\fR +-if no database is provided\&. ++if no database is provided\&. Note that the path to the database file should be specified without the ++\&.db ++suffix\&. + .RE + .PP + \fBdebug\fR +@@ -139,7 +141,7 @@ + .RS 4 + .\} + .nf +-auth sufficient pam_userdb\&.so icase db=/etc/dbtest\&.db ++auth sufficient pam_userdb\&.so icase db=/etc/dbtest + + .fi + .if n \{\ +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml +--- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml 2015-01-09 14:28:29.000000000 +0100 +@@ -89,7 +89,8 @@ + Use the /path/database database for + performing lookup. There is no default; the module will + return PAM_IGNORE if no +- database is provided. ++ database is provided. Note that the path to the database file ++ should be specified without the .db suffix. + + + +@@ -260,7 +261,7 @@ + + EXAMPLES + +-auth sufficient pam_userdb.so icase db=/etc/dbtest.db ++auth sufficient pam_userdb.so icase db=/etc/dbtest + + + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c +--- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c 2015-01-09 14:28:29.000000000 +0100 +@@ -184,7 +184,7 @@ + else + key.dsize = strlen(key.dptr); + } else { +- key.dptr = x_strdup(user); ++ key.dptr = strdup(user); + key.dsize = strlen(user); + } + +@@ -222,12 +222,15 @@ + } else { + cryptpw = crypt (pass, data.dptr); + +- if (cryptpw) { +- compare = strncasecmp (data.dptr, cryptpw, data.dsize); ++ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { ++ compare = memcmp(data.dptr, cryptpw, data.dsize); + } else { + compare = -2; + if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); ++ if (cryptpw) ++ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); ++ else ++ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); + } + }; + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h +--- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h 2015-01-09 14:28:29.000000000 +0100 +@@ -15,9 +15,6 @@ + #define PAM_USE_FPASS_ARG 0x0040 + #define PAM_TRY_FPASS_ARG 0x0080 + +-/* Useful macros */ +-#define x_strdup(s) ( (s) ? strdup(s):NULL ) +- + /* The name of the module we are compiling */ + #ifndef MODULE_NAME + #define MODULE_NAME "pam_userdb" +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/README new/Linux-PAM-1.1.8/modules/pam_userdb/README +--- old/Linux-PAM-1.1.8/modules/pam_userdb/README 2013-09-19 10:02:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_userdb/README 2015-01-09 14:32:47.000000000 +0100 +@@ -13,14 +13,15 @@ + crypt=[crypt|none] + + Indicates whether encrypted or plaintext passwords are stored in the +- database. If it is crypt, passwords should be stored in the database in ++ database. If it is crypt, passwords should be stored in the database in + crypt(3) form. If none is selected, passwords should be stored in the + database as plaintext. + + db=/path/database + + Use the /path/database database for performing lookup. There is no default; +- the module will return PAM_IGNORE if no database is provided. ++ the module will return PAM_IGNORE if no database is provided. Note that the ++ path to the database file should be specified without the .db suffix. + + debug + +@@ -65,7 +66,7 @@ + + EXAMPLES + +-auth sufficient pam_userdb.so icase db=/etc/dbtest.db ++auth sufficient pam_userdb.so icase db=/etc/dbtest + + + AUTHOR +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in new/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in 2013-09-19 10:01:36.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_warn +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_warn_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_warn_la_SOURCES = pam_warn.c + pam_warn_la_OBJECTS = pam_warn.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_warn.c + DIST_SOURCES = pam_warn.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_warn.la: $(pam_warn_la_OBJECTS) $(pam_warn_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_warn_la_OBJECTS) $(pam_warn_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_warn.la: $(pam_warn_la_OBJECTS) $(pam_warn_la_DEPENDENCIES) $(EXTRA_pam_warn_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_warn_la_OBJECTS) $(pam_warn_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_warn.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_warn.log: tst-pam_warn ++ @p='tst-pam_warn'; \ ++ b='tst-pam_warn'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_warn.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 +--- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 2013-09-19 10:02:22.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 2015-01-09 14:32:48.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_warn + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_WARN" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WARN" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c +--- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2015-01-09 14:28:29.000000000 +0100 +@@ -33,7 +33,7 @@ + value = value ? value : default_value ; \ + } while (0) + +-static void log_items(pam_handle_t *pamh, const char *function) ++static void log_items(pam_handle_t *pamh, const char *function, int flags) + { + const void *service=NULL, *user=NULL, *terminal=NULL, + *rhost=NULL, *ruser=NULL; +@@ -45,8 +45,8 @@ + OBTAIN(PAM_RHOST, rhost, ""); + + pam_syslog(pamh, LOG_NOTICE, +- "function=[%s] service=[%s] terminal=[%s] user=[%s]" +- " ruser=[%s] rhost=[%s]\n", function, ++ "function=[%s] flags=%#x service=[%s] terminal=[%s] user=[%s]" ++ " ruser=[%s] rhost=[%s]\n", function, flags, + (const char *) service, (const char *) terminal, + (const char *) user, (const char *) ruser, + (const char *) rhost); +@@ -55,52 +55,52 @@ + /* --- authentication management functions (only) --- */ + + PAM_EXTERN +-int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN +-int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + /* password updating functions */ + + PAM_EXTERN +-int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + + PAM_EXTERN int +-pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, ++pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +- log_items(pamh, __FUNCTION__); ++ log_items(pamh, __FUNCTION__, flags); + return PAM_IGNORE; + } + +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in new/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in 2013-09-19 10:01:36.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_wheel +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_wheel_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_wheel_la_SOURCES = pam_wheel.c + pam_wheel_la_OBJECTS = pam_wheel.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_wheel.c + DIST_SOURCES = pam_wheel.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_wheel.la: $(pam_wheel_la_OBJECTS) $(pam_wheel_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_wheel_la_OBJECTS) $(pam_wheel_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_wheel.la: $(pam_wheel_la_OBJECTS) $(pam_wheel_la_DEPENDENCIES) $(EXTRA_pam_wheel_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_wheel_la_OBJECTS) $(pam_wheel_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_wheel.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_wheel.log: tst-pam_wheel ++ @p='tst-pam_wheel'; \ ++ b='tst-pam_wheel'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_wheel.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 new/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 +--- old/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 2013-09-19 10:02:22.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 2015-01-09 14:32:48.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_wheel + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_WHEEL" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_WHEEL" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in new/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in +--- old/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in 2013-09-19 10:01:36.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in 2015-01-09 14:29:53.000000000 +0100 +@@ -1,9 +1,8 @@ +-# Makefile.in generated by automake 1.11.1 from Makefile.am. ++# Makefile.in generated by automake 1.13.4 from Makefile.am. + # @configure_input@ + +-# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +-# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +-# Inc. ++# Copyright (C) 1994-2013 Free Software Foundation, Inc. ++ + # This Makefile.in is free software; the Free Software Foundation + # gives unlimited permission to copy and/or distribute it, + # with or without modifications, as long as this notice is preserved. +@@ -21,6 +20,51 @@ + + + VPATH = @srcdir@ ++am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' ++am__make_running_with_option = \ ++ case $${target_option-} in \ ++ ?) ;; \ ++ *) echo "am__make_running_with_option: internal error: invalid" \ ++ "target option '$${target_option-}' specified" >&2; \ ++ exit 1;; \ ++ esac; \ ++ has_opt=no; \ ++ sane_makeflags=$$MAKEFLAGS; \ ++ if $(am__is_gnu_make); then \ ++ sane_makeflags=$$MFLAGS; \ ++ else \ ++ case $$MAKEFLAGS in \ ++ *\\[\ \ ]*) \ ++ bs=\\; \ ++ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ ++ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ ++ esac; \ ++ fi; \ ++ skip_next=no; \ ++ strip_trailopt () \ ++ { \ ++ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ ++ }; \ ++ for flg in $$sane_makeflags; do \ ++ test $$skip_next = yes && { skip_next=no; continue; }; \ ++ case $$flg in \ ++ *=*|--*) continue;; \ ++ -*I) strip_trailopt 'I'; skip_next=yes;; \ ++ -*I?*) strip_trailopt 'I';; \ ++ -*O) strip_trailopt 'O'; skip_next=yes;; \ ++ -*O?*) strip_trailopt 'O';; \ ++ -*l) strip_trailopt 'l'; skip_next=yes;; \ ++ -*l?*) strip_trailopt 'l';; \ ++ -[dEDm]) skip_next=yes;; \ ++ -[JT]) skip_next=yes;; \ ++ esac; \ ++ case $$flg in \ ++ *$$target_option*) has_opt=yes; break;; \ ++ esac; \ ++ done; \ ++ test $$has_opt = yes ++am__make_dryrun = (target_option=n; $(am__make_running_with_option)) ++am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + pkgdatadir = $(datadir)/@PACKAGE@ + pkgincludedir = $(includedir)/@PACKAGE@ + pkglibdir = $(libdir)/@PACKAGE@ +@@ -41,7 +85,9 @@ + host_triplet = @host@ + @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map + subdir = modules/pam_xauth +-DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ++DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ ++ $(top_srcdir)/build-aux/depcomp \ ++ $(top_srcdir)/build-aux/test-driver README + ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 + am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 \ +@@ -82,37 +128,266 @@ + am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' ++am__uninstall_files_from_dir = { \ ++ test -z "$$files" \ ++ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ ++ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ ++ $(am__cd) "$$dir" && rm -f $$files; }; \ ++ } + am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" + LTLIBRARIES = $(securelib_LTLIBRARIES) + pam_xauth_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la + pam_xauth_la_SOURCES = pam_xauth.c + pam_xauth_la_OBJECTS = pam_xauth.lo ++AM_V_lt = $(am__v_lt_@AM_V@) ++am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) ++am__v_lt_0 = --silent ++am__v_lt_1 = ++AM_V_P = $(am__v_P_@AM_V@) ++am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) ++am__v_P_0 = false ++am__v_P_1 = : ++AM_V_GEN = $(am__v_GEN_@AM_V@) ++am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) ++am__v_GEN_0 = @echo " GEN " $@; ++am__v_GEN_1 = ++AM_V_at = $(am__v_at_@AM_V@) ++am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) ++am__v_at_0 = @ ++am__v_at_1 = + DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) + depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp + am__depfiles_maybe = depfiles + am__mv = mv -f + COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +-LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ +- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) ++LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ ++ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ ++ $(AM_CFLAGS) $(CFLAGS) ++AM_V_CC = $(am__v_CC_@AM_V@) ++am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) ++am__v_CC_0 = @echo " CC " $@; ++am__v_CC_1 = + CCLD = $(CC) +-LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ +- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ +- $(LDFLAGS) -o $@ ++LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ ++ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ ++ $(AM_LDFLAGS) $(LDFLAGS) -o $@ ++AM_V_CCLD = $(am__v_CCLD_@AM_V@) ++am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) ++am__v_CCLD_0 = @echo " CCLD " $@; ++am__v_CCLD_1 = + SOURCES = pam_xauth.c + DIST_SOURCES = pam_xauth.c ++am__can_run_installinfo = \ ++ case $$AM_UPDATE_INFO_DIR in \ ++ n|no|NO) false;; \ ++ *) (install-info --version) >/dev/null 2>&1;; \ ++ esac + man8dir = $(mandir)/man8 + NROFF = nroff + MANS = $(man_MANS) + DATA = $(noinst_DATA) ++am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) ++# Read a list of newline-separated strings from the standard input, ++# and print each of them once, without duplicates. Input order is ++# *not* preserved. ++am__uniquify_input = $(AWK) '\ ++ BEGIN { nonempty = 0; } \ ++ { items[$$0] = 1; nonempty = 1; } \ ++ END { if (nonempty) { for (i in items) print i; }; } \ ++' ++# Make sure the list of sources is unique. This is necessary because, ++# e.g., the same source file might be shared among _SOURCES variables ++# for different programs/libraries. ++am__define_uniq_tagged_files = \ ++ list='$(am__tagged_files)'; \ ++ unique=`for i in $$list; do \ ++ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ ++ done | $(am__uniquify_input)` + ETAGS = etags + CTAGS = ctags +-am__tty_colors = \ +-red=; grn=; lgn=; blu=; std= ++am__tty_colors_dummy = \ ++ mgn= red= grn= lgn= blu= brg= std=; \ ++ am__color_tests=no ++am__tty_colors = { \ ++ $(am__tty_colors_dummy); \ ++ if test "X$(AM_COLOR_TESTS)" = Xno; then \ ++ am__color_tests=no; \ ++ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ ++ am__color_tests=yes; \ ++ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ ++ am__color_tests=yes; \ ++ fi; \ ++ if test $$am__color_tests = yes; then \ ++ red=''; \ ++ grn=''; \ ++ lgn=''; \ ++ blu=''; \ ++ mgn=''; \ ++ brg=''; \ ++ std=''; \ ++ fi; \ ++} ++am__recheck_rx = ^[ ]*:recheck:[ ]* ++am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* ++am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* ++# A command that, given a newline-separated list of test names on the ++# standard input, print the name of the tests that are to be re-run ++# upon "make recheck". ++am__list_recheck_tests = $(AWK) '{ \ ++ recheck = 1; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ { \ ++ if ((getline line2 < ($$0 ".log")) < 0) \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ ++ { \ ++ recheck = 0; \ ++ break; \ ++ } \ ++ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ ++ { \ ++ break; \ ++ } \ ++ }; \ ++ if (recheck) \ ++ print $$0; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# A command that, given a newline-separated list of test names on the ++# standard input, create the global log from their .trs and .log files. ++am__create_global_log = $(AWK) ' \ ++function fatal(msg) \ ++{ \ ++ print "fatal: making $@: " msg | "cat >&2"; \ ++ exit 1; \ ++} \ ++function rst_section(header) \ ++{ \ ++ print header; \ ++ len = length(header); \ ++ for (i = 1; i <= len; i = i + 1) \ ++ printf "="; \ ++ printf "\n\n"; \ ++} \ ++{ \ ++ copy_in_global_log = 1; \ ++ global_test_result = "RUN"; \ ++ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".trs"); \ ++ if (line ~ /$(am__global_test_result_rx)/) \ ++ { \ ++ sub("$(am__global_test_result_rx)", "", line); \ ++ sub("[ ]*$$", "", line); \ ++ global_test_result = line; \ ++ } \ ++ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ ++ copy_in_global_log = 0; \ ++ }; \ ++ if (copy_in_global_log) \ ++ { \ ++ rst_section(global_test_result ": " $$0); \ ++ while ((rc = (getline line < ($$0 ".log"))) != 0) \ ++ { \ ++ if (rc < 0) \ ++ fatal("failed to read from " $$0 ".log"); \ ++ print line; \ ++ }; \ ++ printf "\n"; \ ++ }; \ ++ close ($$0 ".trs"); \ ++ close ($$0 ".log"); \ ++}' ++# Restructured Text title. ++am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } ++# Solaris 10 'make', and several other traditional 'make' implementations, ++# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it ++# by disabling -e (using the XSI extension "set +e") if it's set. ++am__sh_e_setup = case $$- in *e*) set +e;; esac ++# Default flags passed to test drivers. ++am__common_driver_flags = \ ++ --color-tests "$$am__color_tests" \ ++ --enable-hard-errors "$$am__enable_hard_errors" \ ++ --expect-failure "$$am__expect_failure" ++# To be inserted before the command running the test. Creates the ++# directory for the log if needed. Stores in $dir the directory ++# containing $f, in $tst the test, in $log the log. Executes the ++# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and ++# passes TESTS_ENVIRONMENT. Set up options for the wrapper that ++# will run the test scripts (or their associated LOG_COMPILER, if ++# thy have one). ++am__check_pre = \ ++$(am__sh_e_setup); \ ++$(am__vpath_adj_setup) $(am__vpath_adj) \ ++$(am__tty_colors); \ ++srcdir=$(srcdir); export srcdir; \ ++case "$@" in \ ++ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ ++ *) am__odir=.;; \ ++esac; \ ++test "x$$am__odir" = x"." || test -d "$$am__odir" \ ++ || $(MKDIR_P) "$$am__odir" || exit $$?; \ ++if test -f "./$$f"; then dir=./; \ ++elif test -f "$$f"; then dir=; \ ++else dir="$(srcdir)/"; fi; \ ++tst=$$dir$$f; log='$@'; \ ++if test -n '$(DISABLE_HARD_ERRORS)'; then \ ++ am__enable_hard_errors=no; \ ++else \ ++ am__enable_hard_errors=yes; \ ++fi; \ ++case " $(XFAIL_TESTS) " in \ ++ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ ++ am__expect_failure=yes;; \ ++ *) \ ++ am__expect_failure=no;; \ ++esac; \ ++$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) ++# A shell command to get the names of the tests scripts with any registered ++# extension removed (i.e., equivalently, the names of the test logs, with ++# the '.log' extension removed). The result is saved in the shell variable ++# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, ++# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", ++# since that might cause problem with VPATH rewrites for suffix-less tests. ++# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. ++am__set_TESTS_bases = \ ++ bases='$(TEST_LOGS)'; \ ++ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ ++ bases=`echo $$bases` ++RECHECK_LOGS = $(TEST_LOGS) ++AM_RECURSIVE_TARGETS = check recheck ++TEST_SUITE_LOG = test-suite.log ++TEST_EXTENSIONS = @EXEEXT@ .test ++LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) ++am__set_b = \ ++ case '$@' in \ ++ */*) \ ++ case '$*' in \ ++ */*) b='$*';; \ ++ *) b=`echo '$@' | sed 's/\.log$$//'`; \ ++ esac;; \ ++ *) \ ++ b='$*';; \ ++ esac ++am__test_logs1 = $(TESTS:=.log) ++am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) ++TEST_LOGS = $(am__test_logs2:.test.log=.log) ++TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver ++TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ ++ $(TEST_LOG_FLAGS) + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + ACLOCAL = @ACLOCAL@ + AMTAR = @AMTAR@ ++AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ + AR = @AR@ + AUTOCONF = @AUTOCONF@ + AUTOHEADER = @AUTOHEADER@ +@@ -120,6 +395,7 @@ + AWK = @AWK@ + BROWSER = @BROWSER@ + BUILD_CFLAGS = @BUILD_CFLAGS@ ++BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ +@@ -130,6 +406,7 @@ + CYGPATH_W = @CYGPATH_W@ + DEFS = @DEFS@ + DEPDIR = @DEPDIR@ ++DLLTOOL = @DLLTOOL@ + DSYMUTIL = @DSYMUTIL@ + DUMPBIN = @DUMPBIN@ + ECHO_C = @ECHO_C@ +@@ -179,6 +456,7 @@ + LTLIBINTL = @LTLIBINTL@ + LTLIBOBJS = @LTLIBOBJS@ + MAKEINFO = @MAKEINFO@ ++MANIFEST_TOOL = @MANIFEST_TOOL@ + MKDIR_P = @MKDIR_P@ + MSGFMT = @MSGFMT@ + MSGFMT_015 = @MSGFMT_015@ +@@ -202,6 +480,8 @@ + PIE_CFLAGS = @PIE_CFLAGS@ + PIE_LDFLAGS = @PIE_LDFLAGS@ + PKG_CONFIG = @PKG_CONFIG@ ++PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ ++PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ + POSUB = @POSUB@ + RANLIB = @RANLIB@ + SCONFIGDIR = @SCONFIGDIR@ +@@ -224,6 +504,7 @@ + abs_srcdir = @abs_srcdir@ + abs_top_builddir = @abs_top_builddir@ + abs_top_srcdir = @abs_top_srcdir@ ++ac_ct_AR = @ac_ct_AR@ + ac_ct_CC = @ac_ct_CC@ + ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ + am__include = @am__include@ +@@ -259,7 +540,6 @@ + libtirpc_LIBS = @libtirpc_LIBS@ + localedir = @localedir@ + localstatedir = @localstatedir@ +-lt_ECHO = @lt_ECHO@ + mandir = @mandir@ + mkdir_p = @mkdir_p@ + oldincludedir = @oldincludedir@ +@@ -295,7 +575,7 @@ + all: all-am + + .SUFFIXES: +-.SUFFIXES: .c .lo .o .obj ++.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs + $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ +@@ -326,9 +606,9 @@ + $(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + $(am__aclocal_m4_deps): ++ + install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) + @$(NORMAL_INSTALL) +- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" + @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ +@@ -336,6 +616,8 @@ + else :; fi; \ + done; \ + test -z "$$list2" || { \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ + } +@@ -351,14 +633,17 @@ + + clean-securelibLTLIBRARIES: + -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) +- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ +- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ +- test "$$dir" != "$$p" || dir=.; \ +- echo "rm -f \"$${dir}/so_locations\""; \ +- rm -f "$${dir}/so_locations"; \ +- done +-pam_xauth.la: $(pam_xauth_la_OBJECTS) $(pam_xauth_la_DEPENDENCIES) +- $(LINK) -rpath $(securelibdir) $(pam_xauth_la_OBJECTS) $(pam_xauth_la_LIBADD) $(LIBS) ++ @list='$(securelib_LTLIBRARIES)'; \ ++ locs=`for p in $$list; do echo $$p; done | \ ++ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ ++ sort -u`; \ ++ test -z "$$locs" || { \ ++ echo rm -f $${locs}; \ ++ rm -f $${locs}; \ ++ } ++ ++pam_xauth.la: $(pam_xauth_la_OBJECTS) $(pam_xauth_la_DEPENDENCIES) $(EXTRA_pam_xauth_la_DEPENDENCIES) ++ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_xauth_la_OBJECTS) $(pam_xauth_la_LIBADD) $(LIBS) + + mostlyclean-compile: + -rm -f *.$(OBJEXT) +@@ -369,25 +654,25 @@ + @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_xauth.Plo@am__quote@ + + .c.o: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< + + .c.obj: +-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` + + .c.lo: +-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ ++@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< ++@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo ++@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ + @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +-@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< ++@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + + mostlyclean-libtool: + -rm -f *.lo +@@ -396,11 +681,18 @@ + -rm -rf .libs _libs + install-man8: $(man_MANS) + @$(NORMAL_INSTALL) +- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" +- @list=''; test -n "$(man8dir)" || exit 0; \ +- { for i in $$list; do echo "$$i"; done; \ +- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ +- sed -n '/\.8[a-z]*$$/p'; \ ++ @list1=''; \ ++ list2='$(man_MANS)'; \ ++ test -n "$(man8dir)" \ ++ && test -n "`echo $$list1$$list2`" \ ++ || exit 0; \ ++ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ ++ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ ++ { for i in $$list1; do echo "$$i"; done; \ ++ if test -n "$$list2"; then \ ++ for i in $$list2; do echo "$$i"; done \ ++ | sed -n '/\.8[a-z]*$$/p'; \ ++ fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ +@@ -429,30 +721,17 @@ + sed -n '/\.8[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ +- test -z "$$files" || { \ +- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ +- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } +- +-ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ +- mkid -fID $$unique +-tags: TAGS ++ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) + +-TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) ++ID: $(am__tagged_files) ++ $(am__define_uniq_tagged_files); mkid -fID $$unique ++tags: tags-am ++TAGS: tags ++ ++tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ +@@ -464,15 +743,11 @@ + $$unique; \ + fi; \ + fi +-ctags: CTAGS +-CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ +- $(TAGS_FILES) $(LISP) +- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ +- unique=`for i in $$list; do \ +- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ +- done | \ +- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ +- END { if (nonempty) { for (i in files) print i; }; }'`; \ ++ctags: ctags-am ++ ++CTAGS: ctags ++ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) ++ $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique +@@ -481,116 +756,189 @@ + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" ++cscopelist: cscopelist-am ++ ++cscopelist-am: $(am__tagged_files) ++ list='$(am__tagged_files)'; \ ++ case "$(srcdir)" in \ ++ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ ++ *) sdir=$(subdir)/$(srcdir) ;; \ ++ esac; \ ++ for i in $$list; do \ ++ if test -f "$$i"; then \ ++ echo "$(subdir)/$$i"; \ ++ else \ ++ echo "$$sdir/$$i"; \ ++ fi; \ ++ done >> $(top_builddir)/cscope.files + + distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +-check-TESTS: $(TESTS) +- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ +- srcdir=$(srcdir); export srcdir; \ +- list=' $(TESTS) '; \ +- $(am__tty_colors); \ +- if test -n "$$list"; then \ +- for tst in $$list; do \ +- if test -f ./$$tst; then dir=./; \ +- elif test -f $$tst; then dir=; \ +- else dir="$(srcdir)/"; fi; \ +- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xpass=`expr $$xpass + 1`; \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=XPASS; \ +- ;; \ +- *) \ +- col=$$grn; res=PASS; \ +- ;; \ +- esac; \ +- elif test $$? -ne 77; then \ +- all=`expr $$all + 1`; \ +- case " $(XFAIL_TESTS) " in \ +- *[\ \ ]$$tst[\ \ ]*) \ +- xfail=`expr $$xfail + 1`; \ +- col=$$lgn; res=XFAIL; \ +- ;; \ +- *) \ +- failed=`expr $$failed + 1`; \ +- col=$$red; res=FAIL; \ +- ;; \ +- esac; \ +- else \ +- skip=`expr $$skip + 1`; \ +- col=$$blu; res=SKIP; \ +- fi; \ +- echo "$${col}$$res$${std}: $$tst"; \ +- done; \ +- if test "$$all" -eq 1; then \ +- tests="test"; \ +- All=""; \ +- else \ +- tests="tests"; \ +- All="All "; \ ++# Recover from deleted '.trs' file; this should ensure that ++# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create ++# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells ++# to avoid problems with "make -n". ++.log.trs: ++ rm -f $< $@ ++ $(MAKE) $(AM_MAKEFLAGS) $< ++ ++# Leading 'am--fnord' is there to ensure the list of targets does not ++# expand to empty, as could happen e.g. with make check TESTS=''. ++am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) ++am--force-recheck: ++ @: ++ ++$(TEST_SUITE_LOG): $(TEST_LOGS) ++ @$(am__set_TESTS_bases); \ ++ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ ++ redo_bases=`for i in $$bases; do \ ++ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ ++ done`; \ ++ if test -n "$$redo_bases"; then \ ++ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ ++ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ ++ if $(am__make_dryrun); then :; else \ ++ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ +- if test "$$failed" -eq 0; then \ +- if test "$$xfail" -eq 0; then \ +- banner="$$All$$all $$tests passed"; \ ++ fi; \ ++ if test -n "$$am__remaking_logs"; then \ ++ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ ++ "recursion detected" >&2; \ ++ else \ ++ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ ++ fi; \ ++ if $(am__make_dryrun); then :; else \ ++ st=0; \ ++ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ ++ for i in $$redo_bases; do \ ++ test -f $$i.trs && test -r $$i.trs \ ++ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ ++ test -f $$i.log && test -r $$i.log \ ++ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ ++ done; \ ++ test $$st -eq 0 || exit 1; \ ++ fi ++ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ ++ ws='[ ]'; \ ++ results=`for b in $$bases; do echo $$b.trs; done`; \ ++ test -n "$$results" || results=/dev/null; \ ++ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ ++ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ ++ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ ++ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ ++ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ ++ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ ++ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ ++ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ ++ success=true; \ ++ else \ ++ success=false; \ ++ fi; \ ++ br='==================='; br=$$br$$br$$br$$br; \ ++ result_count () \ ++ { \ ++ if test x"$$1" = x"--maybe-color"; then \ ++ maybe_colorize=yes; \ ++ elif test x"$$1" = x"--no-color"; then \ ++ maybe_colorize=no; \ + else \ +- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ +- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ ++ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ +- else \ +- if test "$$xpass" -eq 0; then \ +- banner="$$failed of $$all $$tests failed"; \ ++ shift; \ ++ desc=$$1 count=$$2; \ ++ if test $$maybe_colorize = yes && test $$count -gt 0; then \ ++ color_start=$$3 color_end=$$std; \ + else \ +- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ +- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ ++ color_start= color_end=; \ + fi; \ +- fi; \ +- dashes="$$banner"; \ +- skipped=""; \ +- if test "$$skip" -ne 0; then \ +- if test "$$skip" -eq 1; then \ +- skipped="($$skip test was not run)"; \ +- else \ +- skipped="($$skip tests were not run)"; \ +- fi; \ +- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$skipped"; \ +- fi; \ +- report=""; \ +- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ +- report="Please report to $(PACKAGE_BUGREPORT)"; \ +- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ +- dashes="$$report"; \ +- fi; \ +- dashes=`echo "$$dashes" | sed s/./=/g`; \ +- if test "$$failed" -eq 0; then \ +- echo "$$grn$$dashes"; \ +- else \ +- echo "$$red$$dashes"; \ +- fi; \ +- echo "$$banner"; \ +- test -z "$$skipped" || echo "$$skipped"; \ +- test -z "$$report" || echo "$$report"; \ +- echo "$$dashes$$std"; \ +- test "$$failed" -eq 0; \ +- else :; fi ++ echo "$${color_start}# $$desc $$count$${color_end}"; \ ++ }; \ ++ create_testsuite_report () \ ++ { \ ++ result_count $$1 "TOTAL:" $$all "$$brg"; \ ++ result_count $$1 "PASS: " $$pass "$$grn"; \ ++ result_count $$1 "SKIP: " $$skip "$$blu"; \ ++ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ ++ result_count $$1 "FAIL: " $$fail "$$red"; \ ++ result_count $$1 "XPASS:" $$xpass "$$red"; \ ++ result_count $$1 "ERROR:" $$error "$$mgn"; \ ++ }; \ ++ { \ ++ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ ++ $(am__rst_title); \ ++ create_testsuite_report --no-color; \ ++ echo; \ ++ echo ".. contents:: :depth: 2"; \ ++ echo; \ ++ for b in $$bases; do echo $$b; done \ ++ | $(am__create_global_log); \ ++ } >$(TEST_SUITE_LOG).tmp || exit 1; \ ++ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ ++ if $$success; then \ ++ col="$$grn"; \ ++ else \ ++ col="$$red"; \ ++ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ ++ fi; \ ++ echo "$${col}$$br$${std}"; \ ++ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ ++ echo "$${col}$$br$${std}"; \ ++ create_testsuite_report --maybe-color; \ ++ echo "$$col$$br$$std"; \ ++ if $$success; then :; else \ ++ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ ++ if test -n "$(PACKAGE_BUGREPORT)"; then \ ++ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ ++ fi; \ ++ echo "$$col$$br$$std"; \ ++ fi; \ ++ $$success || exit 1 ++ ++check-TESTS: ++ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list ++ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ ++ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ ++ exit $$?; ++recheck: all ++ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) ++ @set +e; $(am__set_TESTS_bases); \ ++ bases=`for i in $$bases; do echo $$i; done \ ++ | $(am__list_recheck_tests)` || exit 1; \ ++ log_list=`for i in $$bases; do echo $$i.log; done`; \ ++ log_list=`echo $$log_list`; \ ++ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ ++ am__force_recheck=am--force-recheck \ ++ TEST_LOGS="$$log_list"; \ ++ exit $$? ++tst-pam_xauth.log: tst-pam_xauth ++ @p='tst-pam_xauth'; \ ++ b='tst-pam_xauth'; \ ++ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++.test.log: ++ @p='$<'; \ ++ $(am__set_b); \ ++ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++ --log-file $$b.log --trs-file $$b.trs \ ++ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++ "$$tst" $(AM_TESTS_FD_REDIRECT) ++@am__EXEEXT_TRUE@.test$(EXEEXT).log: ++@am__EXEEXT_TRUE@ @p='$<'; \ ++@am__EXEEXT_TRUE@ $(am__set_b); \ ++@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ ++@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ ++@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ ++@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + + distdir: $(DISTFILES) +- @list='$(MANS)'; if test -n "$$list"; then \ +- list=`for p in $$list; do \ +- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ +- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ +- if test -n "$$list" && \ +- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ +- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ +- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ +- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ +- echo " typically \`make maintainer-clean' will remove them" >&2; \ +- exit 1; \ +- else :; fi; \ +- else :; fi + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ +@@ -638,11 +986,19 @@ + + installcheck: installcheck-am + install-strip: +- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ +- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ +- `test -z '$(STRIP)' || \ +- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install ++ if test -z '$(STRIP)'; then \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ install; \ ++ else \ ++ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ ++ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ ++ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ ++ fi + mostlyclean-generic: ++ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) ++ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) ++ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + + clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) +@@ -730,21 +1086,21 @@ + + .MAKE: check-am install-am install-strip + +-.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ +- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ +- distclean distclean-compile distclean-generic \ +- distclean-libtool distclean-tags distdir dvi dvi-am html \ +- html-am info info-am install install-am install-data \ +- install-data-am install-dvi install-dvi-am install-exec \ +- install-exec-am install-html install-html-am install-info \ +- install-info-am install-man install-man8 install-pdf \ +- install-pdf-am install-ps install-ps-am \ ++.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ ++ clean-generic clean-libtool clean-securelibLTLIBRARIES \ ++ cscopelist-am ctags ctags-am distclean distclean-compile \ ++ distclean-generic distclean-libtool distclean-tags distdir dvi \ ++ dvi-am html html-am info info-am install install-am \ ++ install-data install-data-am install-dvi install-dvi-am \ ++ install-exec install-exec-am install-html install-html-am \ ++ install-info install-info-am install-man install-man8 \ ++ install-pdf install-pdf-am install-ps install-ps-am \ + install-securelibLTLIBRARIES install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ +- tags uninstall uninstall-am uninstall-man uninstall-man8 \ +- uninstall-securelibLTLIBRARIES ++ recheck tags tags-am uninstall uninstall-am uninstall-man \ ++ uninstall-man8 uninstall-securelibLTLIBRARIES + + @ENABLE_REGENERATE_MAN_TRUE@README: pam_xauth.8.xml + @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 +--- old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 2013-09-19 10:02:23.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 2015-01-09 14:32:49.000000000 +0100 +@@ -2,12 +2,12 @@ + .\" Title: pam_xauth + .\" Author: [see the "AUTHOR" section] + .\" Generator: DocBook XSL Stylesheets v1.78.1 +-.\" Date: 09/19/2013 ++.\" Date: 01/09/2015 + .\" Manual: Linux-PAM Manual + .\" Source: Linux-PAM Manual + .\" Language: English + .\" +-.TH "PAM_XAUTH" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" ++.TH "PAM_XAUTH" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" + .\" ----------------------------------------------------------------- + .\" * Define some portability stuff + .\" ----------------------------------------------------------------- +diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c +--- old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c 2013-06-18 16:11:21.000000000 +0200 ++++ new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c 2015-01-09 14:28:29.000000000 +0100 +@@ -103,9 +103,11 @@ + + /* Create stdio pipery. */ + if (pipe(ipipe) == -1) { ++ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); + return -1; + } + if (pipe(opipe) == -1) { ++ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); + close(ipipe[0]); + close(ipipe[1]); + return -1; +@@ -114,6 +116,7 @@ + /* Fork off a child. */ + child = fork(); + if (child == -1) { ++ pam_syslog(pamh, LOG_ERR, "Could not fork: %m"); + close(ipipe[0]); + close(ipipe[1]); + close(opipe[0]); +@@ -124,9 +127,7 @@ + if (child == 0) { + /* We're the child. */ + size_t j; +- char *args[10]; +- const char *tmp; +- int maxopened; ++ const char *args[10]; + /* Drop privileges. */ + if (setgid(gid) == -1) + { +@@ -148,42 +149,48 @@ + (unsigned long) geteuid ()); + _exit (err); + } +- /* Initialize the argument list. */ +- memset(args, 0, sizeof(args)); + /* Set the pipe descriptors up as stdin and stdout, and close + * everything else, including the original values for the + * descriptors. */ +- dup2(ipipe[0], STDIN_FILENO); +- dup2(opipe[1], STDOUT_FILENO); +- maxopened = (int)sysconf(_SC_OPEN_MAX); +- for (i = 0; i < maxopened; i++) { +- if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { +- close(i); +- } ++ if (dup2(ipipe[0], STDIN_FILENO) != STDIN_FILENO) { ++ int err = errno; ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); ++ _exit(err); + } ++ if (dup2(opipe[1], STDOUT_FILENO) != STDOUT_FILENO) { ++ int err = errno; ++ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdout"); ++ _exit(err); ++ } ++ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, ++ PAM_MODUTIL_IGNORE_FD, ++ PAM_MODUTIL_NULL_FD) < 0) { ++ _exit(1); ++ } ++ /* Initialize the argument list. */ ++ memset(args, 0, sizeof(args)); + /* Convert the varargs list into a regular array of strings. */ + va_start(ap, command); +- args[0] = strdup(command); ++ args[0] = command; + for (j = 1; j < ((sizeof(args) / sizeof(args[0])) - 1); j++) { +- tmp = va_arg(ap, const char*); +- if (tmp == NULL) { ++ args[j] = va_arg(ap, const char*); ++ if (args[j] == NULL) { + break; + } +- args[j] = strdup(tmp); + } + /* Run the command. */ +- execv(command, args); ++ execv(command, (char *const *) args); + /* Never reached. */ + _exit(1); + } + + /* We're the parent, so close the other ends of the pipes. */ +- close(ipipe[0]); + close(opipe[1]); + /* Send input to the process (if we have any), then send an EOF. */ + if (input) { + (void)pam_modutil_write(ipipe[1], input, strlen(input)); + } ++ close(ipipe[0]); /* close here to avoid possible SIGPIPE above */ + close(ipipe[1]); + + /* Read data output until we run out of stuff to read. */ diff --git a/bug-870433_pam_timestamp-fix-directory-traversal.patch b/bug-870433_pam_timestamp-fix-directory-traversal.patch deleted file mode 100644 index 3d7c872..0000000 --- a/bug-870433_pam_timestamp-fix-directory-traversal.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Wed, 26 Mar 2014 22:17:23 +0000 -Subject: [PATCH] pam_timestamp: fix potential directory traversal issue - (ticket #27) - -pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of -the timestamp pathname it creates, so extra care should be taken to -avoid potential directory traversal issues. - -* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat -"." and ".." tty values as invalid. -(get_ruser): Treat "." and ".." ruser values, as well as any ruser -value containing '/', as invalid. - -Fixes CVE-2014-2583. - -Reported-by: Sebastian Krahmer ---- - modules/pam_timestamp/pam_timestamp.c | 13 ++++++++++++- - 1 file changed, 12 insertions(+), 1 deletion(-) - -diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c -index 5193733..b3f08b1 100644 ---- a/modules/pam_timestamp/pam_timestamp.c -+++ b/modules/pam_timestamp/pam_timestamp.c -@@ -158,7 +158,7 @@ check_tty(const char *tty) - tty = strrchr(tty, '/') + 1; - } - /* Make sure the tty wasn't actually a directory (no basename). */ -- if (strlen(tty) == 0) { -+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { - return NULL; - } - return tty; -@@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) - if (pwd != NULL) { - ruser = pwd->pw_name; - } -+ } else { -+ /* -+ * This ruser is used by format_timestamp_name as a component -+ * of constructed timestamp pathname, so ".", "..", and '/' -+ * are disallowed to avoid potential path traversal issues. -+ */ -+ if (!strcmp(ruser, ".") || -+ !strcmp(ruser, "..") || -+ strchr(ruser, '/')) { -+ ruser = NULL; -+ } - } - if (ruser == NULL || strlen(ruser) >= ruserbuflen) { - *ruserbuf = '\0'; diff --git a/pam.changes b/pam.changes index 3fe0bf9..ae1b8d6 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + ------------------------------------------------------------------- Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com diff --git a/pam.spec b/pam.spec index da993fa..bc38089 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -52,12 +52,13 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif -Patch1: Linux-PAM-git-20140127.diff -Patch2: pam_loginuid-log_write_errors.diff -Patch3: pam_xauth-sigpipe.diff -Patch4: bug-870433_pam_timestamp-fix-directory-traversal.patch -Patch5: pam-limit-nproc.patch +Patch1: Linux-PAM-git-20150109.diff +Patch2: pam-limit-nproc.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +# Remove with next version update: +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -103,11 +104,9 @@ building both PAM-aware applications and modules for use with PAM. %patch0 -p1 %patch1 -p2 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build +autoreconf -fiv export CFLAGS="%optflags -DNDEBUG" %configure \ --sbindir=/sbin \ diff --git a/pam_loginuid-log_write_errors.diff b/pam_loginuid-log_write_errors.diff deleted file mode 100644 index 73f0f92..0000000 --- a/pam_loginuid-log_write_errors.diff +++ /dev/null @@ -1,47 +0,0 @@ -commit 256b50e1fce2f785f1032a1949dd2d1dbc17e250 -Author: Dmitry V. Levin -Date: Sun Jan 19 14:12:59 2014 +0000 - - pam_loginuid: log significant loginuid write errors - - * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors - during /proc/self/loginuid update that are not ignored. - - modules/pam_loginuid/pam_loginuid.c | 12 +++++++++--- - 1 files changed, 9 insertions(+), 3 deletions(-) ---- -diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c -index c476f7b..73c42f9 100644 ---- a/modules/pam_loginuid/pam_loginuid.c -+++ b/modules/pam_loginuid/pam_loginuid.c -@@ -75,8 +75,8 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) - rc = PAM_IGNORE; - } - if (rc != PAM_IGNORE) { -- pam_syslog(pamh, LOG_ERR, -- "Cannot open /proc/self/loginuid: %m"); -+ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", -+ "/proc/self/loginuid"); - } - return rc; - } -@@ -88,8 +88,14 @@ static int set_loginuid(pam_handle_t *pamh, uid_t uid) - goto done; /* already correct */ - } - if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && -- pam_modutil_write(fd, loginuid, count) == count) -+ pam_modutil_write(fd, loginuid, count) == count) { - rc = PAM_SUCCESS; -+ } else { -+ if (rc != PAM_IGNORE) { -+ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m", -+ "/proc/self/loginuid"); -+ } -+ } - done: - close(fd); - return rc; -_______________________________________________ -linux-pam-commits mailing list -linux-pam-commits@lists.fedorahosted.org -https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits diff --git a/pam_xauth-sigpipe.diff b/pam_xauth-sigpipe.diff deleted file mode 100644 index b576da9..0000000 --- a/pam_xauth-sigpipe.diff +++ /dev/null @@ -1,36 +0,0 @@ -commit 47db675c910a065fa9602753a904b050b0322f29 -Author: Dmitry V. Levin -Date: Fri Jan 24 13:38:38 2014 +0000 - - pam_xauth: avoid potential SIGPIPE when writing to xauth process - - Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8. - - * modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process, - close the read end of input pipe after writing to its write end. - - modules/pam_xauth/pam_xauth.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) ---- -diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c -index 7075547..c7ce55a 100644 ---- a/modules/pam_xauth/pam_xauth.c -+++ b/modules/pam_xauth/pam_xauth.c -@@ -179,12 +179,12 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, - } - - /* We're the parent, so close the other ends of the pipes. */ -- close(ipipe[0]); - close(opipe[1]); - /* Send input to the process (if we have any), then send an EOF. */ - if (input) { - (void)pam_modutil_write(ipipe[1], input, strlen(input)); - } -+ close(ipipe[0]); /* close here to avoid possible SIGPIPE above */ - close(ipipe[1]); - - /* Read data output until we run out of stuff to read. */ -_______________________________________________ -linux-pam-commits mailing list -linux-pam-commits@lists.fedorahosted.org -https://lists.fedorahosted.org/mailman/listinfo/linux-pam-commits -- 2.51.1 From aaa66694cfc8fe6d29d41b7997e9cefe1123f032f457137e5320ad747539da0f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 9 Jan 2015 14:38:05 +0000 Subject: [PATCH 084/226] - Re-add lost patch encryption_method_nis.diff [bnc#906660] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=144 --- encryption_method_nis.diff | 77 ++++++++++++++++++++++++++++++++++++++ pam.changes | 5 +++ pam.spec | 2 + 3 files changed, 84 insertions(+) create mode 100644 encryption_method_nis.diff diff --git a/encryption_method_nis.diff b/encryption_method_nis.diff new file mode 100644 index 0000000..55980bf --- /dev/null +++ b/encryption_method_nis.diff @@ -0,0 +1,77 @@ +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index 0cfc0f4..2239206 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + * rebuild the password database file. + */ + ++ ++ /* if it is a NIS account, check for special hash algo */ ++ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { ++ /* preset encryption method with value from /etc/login.defs */ ++ int j; ++ char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); ++ if (val) { ++ for (j = 0; j < UNIX_CTRLS_; ++j) { ++ if (unix_args[j].token && unix_args[j].is_hash_algo ++ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { ++ break; ++ } ++ } ++ if (j >= UNIX_CTRLS_) { ++ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); ++ } else { ++ ctrl &= unix_args[j].mask; /* for turning things off */ ++ ctrl |= unix_args[j].flag; /* for turning things on */ ++ } ++ free (val); ++ } ++ } ++ + /* + * First we encrypt the new password. + */ +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index 19d72e6..dafa9f0 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -37,8 +37,8 @@ + #define SELINUX_ENABLED 0 + #endif + +-static char * +-search_key (const char *key, const char *filename) ++char * ++_unix_search_key (const char *key, const char *filename) + { + FILE *fp; + char *buf = NULL; +@@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + } + + /* preset encryption method with value from /etc/login.defs */ +- val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); ++ val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo +@@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + + /* read number of rounds for crypt algo */ + if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { +- val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); ++ val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + + if (val) { + *rounds = strtol(val, NULL, 10); +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index 6f5b2eb..a35a8a8 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh + + extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned int ctrl, const char *user, int *daysleft); ++extern char *_unix_search_key(const char *key, const char *filename); + #endif /* _PAM_UNIX_SUPPORT_H */ diff --git a/pam.changes b/pam.changes index ae1b8d6..99a08cc 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + ------------------------------------------------------------------- Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index bc38089..864933e 100644 --- a/pam.spec +++ b/pam.spec @@ -54,6 +54,7 @@ Source9: baselibs.conf Patch0: fix-man-links.dif Patch1: Linux-PAM-git-20150109.diff Patch2: pam-limit-nproc.patch +Patch3: encryption_method_nis.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -104,6 +105,7 @@ building both PAM-aware applications and modules for use with PAM. %patch0 -p1 %patch1 -p2 %patch2 -p1 +%patch3 -p1 %build autoreconf -fiv -- 2.51.1 From 650e0bc92d231f8cb7c6fb6aecc33758dd3a02e907c29a113413c74a4940855e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 28 Jan 2015 10:08:14 +0000 Subject: [PATCH 085/226] Accepting request 280985 from home:bmwiedemann:branches:Linux-PAM - increase process limit to 1200 to help chromium users with many tabs OBS-URL: https://build.opensuse.org/request/show/280985 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=145 --- pam-limit-nproc.patch | 8 ++++---- pam.changes | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch index 756946c..20448f5 100644 --- a/pam-limit-nproc.patch +++ b/pam-limit-nproc.patch @@ -7,9 +7,9 @@ Index: Linux-PAM-1.1.8/modules/pam_limits/limits.conf #@student - maxlogins 4 +# harden against fork-bombs -+* hard nproc 800 -+* soft nproc 700 -+root hard nproc 900 -+root soft nproc 850 ++* hard nproc 1700 ++* soft nproc 1200 ++root hard nproc 3000 ++root soft nproc 1850 + # End of file diff --git a/pam.changes b/pam.changes index 99a08cc..ddfb741 100644 --- a/pam.changes +++ b/pam.changes @@ -12,6 +12,11 @@ Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de - obsoletes pam_xauth-sigpipe.diff - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + ------------------------------------------------------------------- Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com -- 2.51.1 From b4f483f8bcf4b7c186c7aa1c858267b6bea51094968d504a92279b1eab23ed13 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 27 Apr 2015 15:17:47 +0000 Subject: [PATCH 086/226] - Update to version 1.2.0 - obsoletes Linux-PAM-git-20150109.diff OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=147 --- Linux-PAM-1.1.8-docs.tar.bz2 | 3 - Linux-PAM-1.1.8.tar.bz2 | 3 - Linux-PAM-1.2.0-docs.tar.bz2 | 3 + Linux-PAM-1.2.0.tar.bz2 | 3 + Linux-PAM-git-20150109.diff | 38180 --------------------------------- pam.changes | 6 + pam.spec | 10 +- 7 files changed, 16 insertions(+), 38192 deletions(-) delete mode 100644 Linux-PAM-1.1.8-docs.tar.bz2 delete mode 100644 Linux-PAM-1.1.8.tar.bz2 create mode 100644 Linux-PAM-1.2.0-docs.tar.bz2 create mode 100644 Linux-PAM-1.2.0.tar.bz2 delete mode 100644 Linux-PAM-git-20150109.diff diff --git a/Linux-PAM-1.1.8-docs.tar.bz2 b/Linux-PAM-1.1.8-docs.tar.bz2 deleted file mode 100644 index 476906e..0000000 --- a/Linux-PAM-1.1.8-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c4bb6a0e8307d2ab5611457fecf20fcbd6cdfff51dea524f0f06c74e4f3b4ff8 -size 147887 diff --git a/Linux-PAM-1.1.8.tar.bz2 b/Linux-PAM-1.1.8.tar.bz2 deleted file mode 100644 index 2b0db42..0000000 --- a/Linux-PAM-1.1.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c4b1f23a236d169e2496fea20721578d864ba00f7242d2b41d81050ac87a1e55 -size 1148944 diff --git a/Linux-PAM-1.2.0-docs.tar.bz2 b/Linux-PAM-1.2.0-docs.tar.bz2 new file mode 100644 index 0000000..0c027aa --- /dev/null +++ b/Linux-PAM-1.2.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 +size 490586 diff --git a/Linux-PAM-1.2.0.tar.bz2 b/Linux-PAM-1.2.0.tar.bz2 new file mode 100644 index 0000000..5dd0fa1 --- /dev/null +++ b/Linux-PAM-1.2.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd8beac5961e942e9c73b32a3cd1a3457755f8fb35d07c9ec64511e19e135ea4 +size 1278831 diff --git a/Linux-PAM-git-20150109.diff b/Linux-PAM-git-20150109.diff deleted file mode 100644 index b2cf2fa..0000000 --- a/Linux-PAM-git-20150109.diff +++ /dev/null @@ -1,38180 +0,0 @@ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/ChangeLog new/Linux-PAM-1.1.8/ChangeLog ---- old/Linux-PAM-1.1.8/ChangeLog 2013-09-19 11:33:00.000000000 +0200 -+++ new/Linux-PAM-1.1.8/ChangeLog 2015-01-09 14:33:01.000000000 +0100 -@@ -1,3 +1,584 @@ -+2015-01-07 Dmitry V. Levin -+ -+ Remove unmodified GNU gettext files installed by autopoint. -+ These files are part of GNU gettext; we have not modified them, they are -+ installed by autopoint which is called by autoreconf, so they had to be -+ removed from this repository along with ABOUT-NLS, config.rpath, and -+ mkinstalldirs files that were removed by commit -+ Linux-PAM-1_1_5-7-g542ec8b. -+ -+ * po/Makefile.in.in: Remove. -+ * po/Rules-quot: Likewise. -+ * po/boldquot.sed: Likewise. -+ * po/en@boldquot.header: Likewise. -+ * po/en@quot.header: Likewise. -+ * po/insert-header.sin: Likewise. -+ * po/quot.sed: Likewise. -+ * po/remove-potcdate.sin: Likewise. -+ * po/.gitignore: Ignore these files. -+ -+2015-01-06 Ronny Chevalier -+ -+ Update .gitignore. -+ * .gitignore: Ignore *.log and *.trs files. -+ -+2015-01-02 Luke Shumaker -+ -+ libpam: Only print "Password change aborted" when it's true. -+ pam_get_authtok() may be used any time that a password needs to be entered, -+ unlike pam_get_authtok_{no,}verify(), which may only be used when -+ changing a password; yet when the user aborts, it prints "Password change -+ aborted." whether or not that was the operation being performed. -+ -+ This bug was non-obvious because none of the modules distributed with -+ Linux-PAM use it for anything but changing passwords; pam_unix has its -+ own utility function that it uses instead. As an example, the -+ nss-pam-ldapd package uses it in pam_sm_authenticate(). -+ -+ libpam/pam_get_authtok.c (pam_get_authtok_internal): check that the -+ password is trying to be changed before printing a message about the -+ password change being aborted. -+ -+2014-12-10 Dmitry V. Levin -+ -+ build: extend cross compiling check to cover CPPFLAGS (ticket #21) -+ Use BUILD_CPPFLAGS variable to override CPPFLAGS where necessary in -+ case of cross compiling, in addition to CC_FOR_BUILD, BUILD_CFLAGS, -+ and BUILD_LDFLAGS variables introduced earlier to override CC, -+ CFLAGS, and LDFLAGS, respectively. -+ -+ * configure.in (BUILD_CPPFLAGS): Define. -+ * doc/specs/Makefile.am (CPPFLAGS): Define to @BUILD_CPPFLAGS@. -+ -+2014-12-09 Dmitry V. Levin -+ -+ Do not use yywrap (ticket #42) -+ Our scanners do not really use yywrap. Explicitly disable yywrap -+ so that no references to yywrap will be generated and no LEXLIB -+ would be needed. -+ -+ * conf/pam_conv1/Makefile.am (pam_conv1_LDADD): Remove. -+ * conf/pam_conv1/pam_conv_l.l: Enable noyywrap option. -+ * doc/specs/Makefile.am (padout_LDADD): Remove. -+ * doc/specs/parse_l.l: Enable noyywrap option. -+ -+2014-12-09 Kyle Manna -+ -+ doc: fix a trivial typo in pam_authenticate return values (ticket #38) -+ * doc/man/pam_authenticate.3.xml: Fix a typo in PAM_AUTHINFO_UNAVAIL. -+ -+2014-12-09 Ronny Chevalier -+ -+ doc: fix typo in pam_authenticate.3.xml. -+ * doc/man/pam_authenticate.3.xml: Fix typo. -+ -+2014-10-17 Tomas Mraz -+ -+ pam_succeed_if: Fix copy&paste error in rhost and tty values. -+ modules/pam_succeed_if/pam_succeed_if.c (evaluate): Use PAM_RHOST -+ and PAM_TTY properly for the rhost and tty values. -+ -+ pam_succeed_if: Use long long type for numeric values. -+ The currently used long with additional conversion to int is -+ too small for uids and gids. -+ -+ modules/pam_succeed_if/pam_succeed_if.c (evaluate_num): Replace -+ strtol() with strtoll() and int with long long in the parameters -+ of comparison functions. -+ -+2014-09-05 Tomas Mraz -+ -+ Add grantor field to audit records of libpam. -+ The grantor field gives audit trail of PAM modules which granted access -+ for successful return from libpam calls. In case of failed return -+ the grantor field is set to '?'. -+ libpam/pam_account.c (pam_acct_mgmt): Remove _pam_auditlog() call. -+ libpam/pam_auth.c (pam_authenticate, pam_setcred): Likewise. -+ libpam/pam_password.c (pam_chauthtok): Likewise. -+ libpam/pam_session.c (pam_open_session, pam_close_session): Likewise. -+ libpam/pam_audit.c (_pam_audit_writelog): Add grantors parameter, -+ add grantor= field to the message if grantors is set. -+ (_pam_list_grantors): New function creating the string with grantors list. -+ (_pam_auditlog): Add struct handler pointer parameter, call _pam_list_grantors() -+ to list the grantors from the handler list. -+ (_pam_audit_end): Add NULL handler parameter to _pam_auditlog() call. -+ (pam_modutil_audit_write): Add NULL grantors parameter to _pam_audit_writelog(). -+ libpam/pam_dispatch.c (_pam_dispatch_aux): Set h->grantor where appropriate. -+ (_pam_clear_grantors): New function to clear grantor field of handler. -+ (_pam_dispatch): Call _pam_clear_grantors() before executing the stack. -+ Call _pam_auditlog() when appropriate. -+ libpam/pam_handlers.c (extract_modulename): Do not allow empty module name -+ or just "?" to avoid confusing audit trail. -+ (_pam_add_handler): Test for NULL return from extract_modulename(). -+ Clear grantor field of handler. -+ libpam/pam_private.h: Add grantor field to struct handler, add handler pointer -+ parameter to _pam_auditlog(). -+ -+2014-08-26 Tomas Mraz -+ -+ pam_mkhomedir: Drop superfluous stat() call. -+ modules/pam_mkhomedir/mkhomedir_helper.c (create_homedir): Drop superfluous -+ stat() call. -+ -+ pam_exec: Do not depend on open() returning STDOUT_FILENO. -+ modules/pam_exec/pam_exec.c (call_exec): Move the descriptor to -+ STDOUT_FILENO if needed. -+ -+2014-08-25 Robin Hack -+ -+ pam_keyinit: Check return value of setregid. -+ modules/pam_keyinit/pam_keyinit.c (pam_sm_open_session): Log if setregid() fails. -+ -+ pam_filter: Avoid leaking descriptors when fork() fails. -+ modules/pam_filter/pam_filter.c (set_filter): Close descriptors when fork() fails. -+ -+2014-08-14 Robin Hack -+ -+ pam_echo: Avoid leaking file descriptor. -+ modules/pam_echo/pam_echo.c (pam_echo): Close fd in error cases. -+ -+2014-08-13 Robin Hack -+ -+ pam_tty_audit: Silence Coverity reporting uninitialized use. -+ modules/pam_tty_audit/pam_tty_audit.c (nl_recv): Initialize also -+ msg_flags. -+ -+2014-08-13 Tomas Mraz -+ -+ pam_tally2: Avoid uninitialized use of fileinfo. -+ Problem found by Robin Hack . -+ modules/pam_tally2/pam_tally2.c (get_tally): Do not depend on file size -+ just try to read it. -+ -+ pam_access: Avoid uninitialized access of line. -+ * modules/pam_access/pam_access.c (login_access): Reorder condition -+ so line is not accessed when uninitialized. -+ -+2014-08-05 Tomas Mraz -+ -+ pam_lastlog: Properly clean up last_login structure before use. -+ modules/pam_lastlog/pam_lastlog.c (last_login_write): Properly clean up last_login -+ structure before use. -+ -+2014-07-21 Tomas Mraz -+ -+ Make pam_pwhistory and pam_unix tolerant of corrupted opasswd file. -+ * modules/pam_pwhistory/opasswd.c (parse_entry): Test for missing fields -+ in opasswd entry and return error. -+ * modules/pam_unix/passverify.c (save_old_password): Test for missing fields -+ in opasswd entry and skip it. -+ -+2014-07-01 Dmitry V. Levin -+ -+ doc: add missing build dependencies for soelim stubs. -+ * doc/man/Makefile.am [ENABLE_REGENERATE_MAN]: Add dependencies for -+ pam_verror.3, pam_vinfo.3, pam_vprompt.3, and pam_vsyslog.3 soelim stubs. -+ -+2014-06-23 Dmitry V. Levin -+ -+ doc: fix install in case of out of tree build (ticket #31) -+ * doc/adg/Makefile.am (install-data-local, releasedocs): Fall back -+ to srcdir if documentation files haven't been found in builddir. -+ (releasedocs): Treat missing documentation files as an error. -+ * doc/mwg/Makefile.am: Likewise. -+ * doc/sag/Makefile.am: Likewise. -+ -+2014-06-19 Dmitry V. Levin -+ -+ doc: fix installation of adg-*.html and mwg-*.html files (ticket #31) -+ Fix a typo due to which sag-*.html files might be installed instead of -+ adg-*.html and mwg-*.html files. -+ -+ * doc/adg/Makefile.am (install-data-local): Install adg-*.html instead -+ of sag-*.html. -+ * doc/mwg/Makefile.am (install-data-local): Install mwg-*.html instead -+ of sag-*.html. -+ -+ Patch-by: Mike Frysinger -+ -+2014-06-19 Tomas Mraz -+ -+ pam_limits: nofile refers to file descriptors not files. -+ modules/pam_limits/limits.conf.5.xml: Correct documentation of nofile limit. -+ modules/pam_limits/limits.conf: Likewise. -+ -+ pam_limits: clarify documentation of maxlogins and maxsyslogins limits. -+ modules/pam_limits/limits.conf.5.xml: clarify documentation of -+ maxlogins and maxsyslogins limits. -+ -+ pam_unix: Check for NULL return from Goodcrypt_md5(). -+ modules/pam_unix/pam_unix_passwd.c (check_old_password): Check for -+ NULL return from Goodcrypt_md5(). -+ -+ pam_unix: check for NULL return from malloc() -+ * modules/pam_unix/md5_crypt.c (crypt_md5): Check for NULL return from malloc(). -+ -+2014-05-22 Tomas Mraz -+ -+ pam_loginuid: Document one more possible case of PAM_IGNORE return. -+ modules/pam_loginuid/pam_loginuid.8.xml: Document one more possible case -+ of PAM_IGNORE return value. -+ -+ pam_loginuid: Document other possible return values. -+ modules/pam_loginuid/pam_loginuid.8.xml: Document the possible return -+ values. -+ -+2014-03-26 Dmitry V. Levin -+ -+ pam_timestamp: fix potential directory traversal issue (ticket #27) -+ pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of -+ the timestamp pathname it creates, so extra care should be taken to -+ avoid potential directory traversal issues. -+ -+ * modules/pam_timestamp/pam_timestamp.c (check_tty): Treat -+ "." and ".." tty values as invalid. -+ (get_ruser): Treat "." and ".." ruser values, as well as any ruser -+ value containing '/', as invalid. -+ -+ Fixes CVE-2014-2583. -+ -+ Reported-by: Sebastian Krahmer -+ -+2014-03-20 Tomas Mraz -+ -+ pam_userdb: document that .db suffix should not be used. -+ modules/pam_userdb/pam_userdb.8.xml: Document that .db suffix -+ should not be used and correct the example. -+ -+2014-03-11 Tomas Mraz -+ -+ pam_selinux: canonicalize user name. -+ SELinux expects canonical user name for example without domain component. -+ -+ * modules/pam_selinux/pam_selinux.c (compute_exec_context): Canonicalize user name with pam_modutil_getpwnam(). -+ -+2014-01-28 Dmitry V. Levin -+ -+ Change tarball name back to "Linux-PAM" -+ As a side effect of commit Linux-PAM-1_1_8-11-g3fa23ce, tarball name -+ changed accidentally from "Linux-PAM" to "linux-pam". -+ This change brings it back to "Linux-PAM". -+ -+ * configure.in (AC_INIT): Explicitly specify TARNAME argument. -+ -+2014-01-27 Dmitry V. Levin -+ -+ Introduce pam_modutil_sanitize_helper_fds. -+ This change introduces pam_modutil_sanitize_helper_fds - a new function -+ that redirects standard descriptors and closes all other descriptors. -+ -+ pam_modutil_sanitize_helper_fds supports three types of input and output -+ redirection: -+ - PAM_MODUTIL_IGNORE_FD: do not redirect at all. -+ - PAM_MODUTIL_PIPE_FD: redirect to a pipe. For stdin, it is implemented -+ by creating a pipe, closing its write end, and redirecting stdin to -+ its read end. Likewise, for stdout/stderr it is implemented by -+ creating a pipe, closing its read end, and redirecting to its write -+ end. Unlike stdin redirection, stdout/stderr redirection to a pipe -+ has a side effect that a process writing to such descriptor should be -+ prepared to handle SIGPIPE appropriately. -+ - PAM_MODUTIL_NULL_FD: redirect to /dev/null. For stdin, it is -+ implemented via PAM_MODUTIL_PIPE_FD because there is no functional -+ difference. For stdout/stderr, it is classic redirection to -+ /dev/null. -+ -+ PAM_MODUTIL_PIPE_FD is usually more suitable due to linux kernel -+ security restrictions, but when the helper process might be writing to -+ the corresponding descriptor and termination of the helper process by -+ SIGPIPE is not desirable, one should choose PAM_MODUTIL_NULL_FD. -+ -+ * libpam/pam_modutil_sanitize.c: New file. -+ * libpam/Makefile.am (libpam_la_SOURCES): Add it. -+ * libpam/include/security/pam_modutil.h (pam_modutil_redirect_fd, -+ pam_modutil_sanitize_helper_fds): New declarations. -+ * libpam/libpam.map (LIBPAM_MODUTIL_1.1.9): New interface. -+ * modules/pam_exec/pam_exec.c (call_exec): Use -+ pam_modutil_sanitize_helper_fds. -+ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. -+ * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. -+ * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): -+ Likewise. -+ * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. -+ * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. -+ * modules/pam_unix/support.h (MAX_FD_NO): Remove. -+ -+ pam_xauth: avoid potential SIGPIPE when writing to xauth process. -+ Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8. -+ -+ * modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process, -+ close the read end of input pipe after writing to its write end. -+ -+ pam_loginuid: log significant loginuid write errors. -+ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Log those errors -+ during /proc/self/loginuid update that are not ignored. -+ -+ Fix gratuitous use of strdup and x_strdup. -+ There is no need to copy strings passed as arguments to execve, -+ the only potentially noticeable effect of using strdup/x_strdup -+ would be a malformed argument list in case of memory allocation error. -+ -+ Also, x_strdup, being a thin wrapper around strdup, is of no benefit -+ when its argument is known to be non-NULL, and should not be used in -+ such cases. -+ -+ * modules/pam_cracklib/pam_cracklib.c (password_check): Use strdup -+ instead of x_strdup, the latter is of no benefit in this case. -+ * modules/pam_ftp/pam_ftp.c (lookup): Likewise. -+ * modules/pam_userdb/pam_userdb.c (user_lookup): Likewise. -+ * modules/pam_userdb/pam_userdb.h (x_strdup): Remove. -+ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Do not use -+ x_strdup for strings passed as arguments to execve. -+ * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. -+ * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. -+ * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. -+ (_unix_verify_password): Use strdup instead of x_strdup, the latter -+ is of no benefit in this case. -+ * modules/pam_xauth/pam_xauth.c (run_coprocess): Do not use strdup for -+ strings passed as arguments to execv. -+ -+ pam_userdb: fix password hash comparison. -+ Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed -+ passwords support in pam_userdb, hashes are compared case-insensitively. -+ This bug leads to accepting hashes for completely different passwords in -+ addition to those that should be accepted. -+ -+ Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for -+ modern password hashes with different lengths and settings, did not -+ update the hash comparison accordingly, which leads to accepting -+ computed hashes longer than stored hashes when the latter is a prefix -+ of the former. -+ -+ * modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed -+ hash whose length differs from the stored hash length. -+ Compare computed and stored hashes case-sensitively. -+ Fixes CVE-2013-7041. -+ -+ Bug-Debian: http://bugs.debian.org/731368 -+ -+2014-01-24 Dmitry V. Levin -+ -+ pam_xauth: log fatal errors preventing xauth process execution. -+ * modules/pam_xauth/pam_xauth.c (run_coprocess): Log errors from pipe() -+ and fork() calls. -+ -+2014-01-22 Dmitry V. Levin -+ -+ pam_loginuid: cleanup loginuid buffer initialization. -+ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Move loginuid -+ buffer initialization closer to its first use. -+ -+ libpam_misc: fix an inconsistency in handling memory allocation errors. -+ When misc_conv fails to allocate memory for pam_response array, it -+ returns PAM_CONV_ERR. However, when read_string fails to allocate -+ memory for a response string, it loses the response string and silently -+ ignores the error, with net result as if EOF has been read. -+ -+ * libpam_misc/misc_conv.c (read_string): Use strdup instead of x_strdup, -+ the latter is of no benefit in this case. -+ Do not ignore potential memory allocation errors returned by strdup, -+ forward them to misc_conv. -+ -+2014-01-20 Dmitry V. Levin -+ -+ pam_limits: fix utmp->ut_user handling. -+ ut_user member of struct utmp is a string that is not necessarily -+ null-terminated, so extra care should be taken when using it. -+ -+ * modules/pam_limits/pam_limits.c (check_logins): Convert ut->UT_USER to -+ a null-terminated string and consistently use it where a null-terminated -+ string is expected. -+ -+ pam_mkhomedir: check and create home directory for the same user (ticket #22) -+ Before pam_mkhomedir helper was introduced in commit -+ 7b14630ef39e71f603aeca0c47edf2f384717176, pam_mkhomedir was checking for -+ existance and creating the same directory - the home directory of the -+ user NAME returned by pam_get_item(PAM_USER). -+ -+ The change in behaviour accidentally introduced along with -+ mkhomedir_helper is not consistent: while the module still checks for -+ getpwnam(NAME)->pw_dir, the directory created by mkhomedir_helper is -+ getpwnam(getpwnam(NAME)->pw_name)->pw_dir, which is not necessarily -+ the same as the directory being checked. -+ -+ This change brings check and creation back in sync, both handling -+ getpwnam(NAME)->pw_dir. -+ -+ * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Replace -+ "struct passwd *" argument with user's name and home directory. -+ Pass user's name to MKHOMEDIR_HELPER. -+ (pam_sm_open_session): Update create_homedir call. -+ -+2014-01-20 Tomas Mraz -+ -+ pam_limits: detect and ignore stale utmp entries. -+ Original idea by Christopher Hailey -+ -+ * modules/pam_limits/pam_limits.c (check_logins): Use kill() to -+ detect if pid of the utmp entry is still running and ignore the entry -+ if it is not. -+ -+2014-01-19 Stéphane Graber -+ -+ pam_loginuid: Always return PAM_IGNORE in userns. -+ The previous patch to support user namespaces works fine with containers -+ that are started from a desktop/terminal session but fails when dealing -+ with containers that were started from a remote session such as ssh. -+ -+ I haven't looked at the exact reason for that in the kernel but on the -+ userspace side of things, the difference is that containers started from -+ an ssh session will happily let pam open /proc/self/loginuid read-write, -+ will let it read its content but will then fail with EPERM when trying -+ to write to it. -+ -+ So to make the userns support bullet proof, this commit moves the userns -+ check earlier in the function (which means a small performance impact as -+ it'll now happen everytime on kernels that have userns support) and will -+ set rc = PAM_IGNORE instead of rc = PAM_ERROR. -+ -+ The rest of the code is still executed in the event that PAM is run on a -+ future kernel where we have some kind of audit namespace that includes a -+ working loginuid. -+ -+2014-01-15 Steve Langasek -+ -+ pam_namespace: don't use bashisms in default namespace.init script. -+ * modules/pam_namespace/pam_namespace.c: call setuid() before execing the -+ namespace init script, so that scripts run with maximum privilege regardless -+ of the shell implementation. -+ * modules/pam_namespace/namespace.init: drop the '-p' bashism from the -+ shebang line -+ -+ This is not a POSIX standard option, it's a bashism. The bash manpage says -+ that it's used to prevent the effective user id from being reset to the real -+ user id on startup, and to ignore certain unsafe variables from the -+ environment. -+ -+ In the case of pam_namespace, the -p is not necessary for environment -+ sanitizing because the PAM module (properly) sanitizes the environment -+ before execing the script. -+ -+ The stated reason given in CVS history for passing -p is to "preserve euid -+ when called from setuid apps (su, newrole)." This should be done more -+ portably, by calling setuid() before spawning the shell. -+ -+ Bug-Debian: http://bugs.debian.org/624842 -+ Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 -+ -+2014-01-10 Stéphane Graber -+ -+ pam_loginuid: Ignore failure in user namespaces. -+ When running pam_loginuid in a container using the user namespaces, even -+ uid 0 isn't allowed to set the loginuid property. -+ -+ This change catches the EACCES from opening loginuid, checks if the user -+ is in the host namespace (by comparing the uid_map with the host's one) -+ and only if that's the case, sets rc to 1. -+ -+ Should uid_map not exist or be unreadable for some reason, it'll be -+ assumed that the process is running on the host's namespace. -+ -+ The initial reason behind this change was failure to ssh into an -+ unprivileged container (using a 3.13 kernel and current LXC) when using -+ a standard pam profile for sshd (which requires success from -+ pam_loginuid). -+ -+ I believe this solution doesn't have any drawback and will allow people -+ to use unprivileged containers normally. An alternative would be to have -+ all distros set pam_loginuid as optional but that'd be bad for any of -+ the other potential failure case which people may care about. -+ -+ There has also been some discussions to get some of the audit features -+ tied with the user namespaces but currently none of that has been merged -+ upstream and the currently proposed implementation doesn't cover -+ loginuid (nor is it clear how this should even work when loginuid is set -+ as immutable after initial write). -+ -+2014-01-10 Dmitry V. Levin -+ -+ pam_loginuid: return PAM_IGNORE when /proc/self/loginuid does not exist. -+ When /proc/self/loginuid does not exist, return PAM_IGNORE instead of -+ PAM_SUCCESS, so that we can distinguish between "loginuid set -+ successfully" and "loginuid not set, but this is expected". -+ -+ Suggested by Steve Langasek. -+ -+ * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Change return -+ code semantics: return PAM_SUCCESS on success, PAM_IGNORE when loginuid -+ does not exist, PAM_SESSION_ERR in case of any other error. -+ (_pam_loginuid): Forward the PAM error code returned by set_loginuid. -+ -+2013-11-20 Dmitry V. Levin -+ -+ pam_access: fix debug level logging (ticket #19) -+ * modules/pam_access/pam_access.c (group_match): Log the group token -+ passed to the function, not an uninitialized data on the stack. -+ -+ pam_warn: log flags passed to the module (ticket #25) -+ * modules/pam_warn/pam_warn.c (log_items): Take "flags" argument and -+ log it using pam_syslog. -+ (pam_sm_authenticate, pam_sm_setcred, pam_sm_chauthtok, -+ pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session): Pass -+ "flags" argument to log_items. -+ -+ Modernize AM_INIT_AUTOMAKE invocation. -+ Before this change, automake complained that two- and three-arguments -+ forms of AM_INIT_AUTOMAKE are deprecated. -+ -+ * configure.in: Pass PACKAGE and VERSION arguments to AC_INIT instead -+ of AM_INIT_AUTOMAKE. -+ -+ Fix autoconf warnings. -+ Before this change, autoconf complained that AC_COMPILE_IFELSE -+ and AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS. -+ -+ * configure.in: Call AC_USE_SYSTEM_EXTENSIONS before LT_INIT. -+ -+ pam_securetty: check return value of fgets. -+ Checking return value of fgets not only silences the warning from glibc -+ but also leads to a cleaner code. -+ -+ * modules/pam_securetty/pam_securetty.c (securetty_perform_check): -+ Check return value of fgets. -+ -+ pam_lastlog: fix format string. -+ gcc -Wformat justly complains: -+ format '%d' expects argument of type 'int', but argument 5 has type 'time_t' -+ -+ * modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Fix format -+ string. -+ -+2013-11-20 Darren Tucker -+ -+ If the correct loginuid is set already, skip writing it. -+ modules/pam_loginuid/pam_loginuid.c (set_loginuid): Read the current loginuid -+ and skip writing if already correctly set. -+ -+2013-11-11 Thorsten Kukuk -+ -+ Always ask for old password if changing NIS account. -+ * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): ask -+ for old password if NIS account. -+ -+2013-11-08 Thorsten Kukuk -+ -+ Allow DES as compatibility option for /etc/login.defs. -+ * modules/pam_unix/support.h: Add UNIX_DES -+ -+2013-10-14 Tomas Mraz -+ -+ Docfix: pam_prompt() and pam_vprompt() return int. -+ doc/man/pam_prompt.3.xml: pam_prompt() and pam_vprompt() return int. -+ -+ Make pam_tty_audit work with old kernels not supporting log_passwd. -+ modules/pam_tty_audit/pam_tty_audit.c(nl_recv): Pad result with zeros -+ if message is short from older kernel. -+ -+2013-09-25 Tomas Mraz -+ -+ Fix pam_tty_audit log_passwd support and regression. -+ modules/pam_tty_audit/pam_tty_audit.c: Add missing "config.h" include. -+ (pam_sm_open_session): Always copy the old status as initialization of new. -+ - 2013-09-19 Thorsten Kukuk - - Release version 1.1.8. -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am new/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am ---- old/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/conf/pam_conv1/Makefile.am 2015-01-09 14:28:29.000000000 +0100 -@@ -13,5 +13,3 @@ - noinst_PROGRAMS = pam_conv1 - - pam_conv1_SOURCES = pam_conv_l.l pam_conv_y.y -- --pam_conv1_LDADD = @LEXLIB@ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c ---- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c 2013-09-19 10:02:25.000000000 +0200 -+++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.c 2015-01-09 14:32:51.000000000 +0100 -@@ -8,7 +8,7 @@ - #define FLEX_SCANNER - #define YY_FLEX_MAJOR_VERSION 2 - #define YY_FLEX_MINOR_VERSION 5 --#define YY_FLEX_SUBMINOR_VERSION 35 -+#define YY_FLEX_SUBMINOR_VERSION 37 - #if YY_FLEX_SUBMINOR_VERSION > 0 - #define FLEX_BETA - #endif -@@ -53,7 +53,6 @@ - typedef unsigned char flex_uint8_t; - typedef unsigned short int flex_uint16_t; - typedef unsigned int flex_uint32_t; --#endif /* ! C99 */ - - /* Limits of integral types. */ - #ifndef INT8_MIN -@@ -84,6 +83,8 @@ - #define UINT32_MAX (4294967295U) - #endif - -+#endif /* ! C99 */ -+ - #endif /* ! FLEXINT_H */ - - #ifdef __cplusplus -@@ -152,7 +153,12 @@ - typedef struct yy_buffer_state *YY_BUFFER_STATE; - #endif - --extern int yyleng; -+#ifndef YY_TYPEDEF_YY_SIZE_T -+#define YY_TYPEDEF_YY_SIZE_T -+typedef size_t yy_size_t; -+#endif -+ -+extern yy_size_t yyleng; - - extern FILE *yyin, *yyout; - -@@ -178,11 +184,6 @@ - - #define unput(c) yyunput( c, (yytext_ptr) ) - --#ifndef YY_TYPEDEF_YY_SIZE_T --#define YY_TYPEDEF_YY_SIZE_T --typedef size_t yy_size_t; --#endif -- - #ifndef YY_STRUCT_YY_BUFFER_STATE - #define YY_STRUCT_YY_BUFFER_STATE - struct yy_buffer_state -@@ -200,7 +201,7 @@ - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ -- int yy_n_chars; -+ yy_size_t yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to -@@ -270,8 +271,8 @@ - - /* yy_hold_char holds the character lost when yytext is formed. */ - static char yy_hold_char; --static int yy_n_chars; /* number of characters read into yy_ch_buf */ --int yyleng; -+static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ -+yy_size_t yyleng; - - /* Points to current character in buffer. */ - static char *yy_c_buf_p = (char *) 0; -@@ -299,7 +300,7 @@ - - YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); - YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); --YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); -+YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); - - void *yyalloc (yy_size_t ); - void *yyrealloc (void *,yy_size_t ); -@@ -331,6 +332,9 @@ - - /* Begin user sect3 */ - -+#define yywrap() 1 -+#define YY_SKIP_YYWRAP -+ - typedef unsigned char YY_CHAR; - - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -@@ -479,7 +483,7 @@ - #include "pam_conv_y.h" - - extern int current_line; --#line 483 "pam_conv_l.c" -+#line 487 "pam_conv_l.c" - - #define INITIAL 0 - -@@ -518,7 +522,7 @@ - - void yyset_out (FILE * out_str ); - --int yyget_leng (void ); -+yy_size_t yyget_leng (void ); - - char *yyget_text (void ); - -@@ -568,7 +572,7 @@ - /* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ --#define ECHO fwrite( yytext, yyleng, 1, yyout ) -+#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) - #endif - - /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, -@@ -579,7 +583,7 @@ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ -- int n; \ -+ size_t n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ -@@ -661,10 +665,10 @@ - register char *yy_cp, *yy_bp; - register int yy_act; - --#line 27 "pam_conv_l.l" -+#line 28 "pam_conv_l.l" - - --#line 668 "pam_conv_l.c" -+#line 672 "pam_conv_l.c" - - if ( !(yy_init) ) - { -@@ -749,31 +753,31 @@ - - case 1: - YY_RULE_SETUP --#line 29 "pam_conv_l.l" -+#line 30 "pam_conv_l.l" - ; /* skip comments (sorry) */ - YY_BREAK - case 2: - /* rule 2 can match eol */ - YY_RULE_SETUP --#line 31 "pam_conv_l.l" -+#line 32 "pam_conv_l.l" - { - ++current_line; - } - YY_BREAK - case 3: - YY_RULE_SETUP --#line 35 "pam_conv_l.l" -+#line 36 "pam_conv_l.l" - { - return TOK; - } - YY_BREAK - case 4: - YY_RULE_SETUP --#line 39 "pam_conv_l.l" -+#line 40 "pam_conv_l.l" - ; /* Ignore */ - YY_BREAK - case YY_STATE_EOF(INITIAL): --#line 41 "pam_conv_l.l" -+#line 42 "pam_conv_l.l" - { - return EOFILE; - } -@@ -781,7 +785,7 @@ - case 5: - /* rule 5 can match eol */ - YY_RULE_SETUP --#line 45 "pam_conv_l.l" -+#line 46 "pam_conv_l.l" - { - ++current_line; - return NL; -@@ -789,10 +793,10 @@ - YY_BREAK - case 6: - YY_RULE_SETUP --#line 50 "pam_conv_l.l" -+#line 51 "pam_conv_l.l" - ECHO; - YY_BREAK --#line 796 "pam_conv_l.c" -+#line 800 "pam_conv_l.c" - - case YY_END_OF_BUFFER: - { -@@ -976,21 +980,21 @@ - - else - { -- int num_to_read = -+ yy_size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ - - /* just a shorter name for the current buffer */ -- YY_BUFFER_STATE b = YY_CURRENT_BUFFER; -+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; - - int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { -- int new_size = b->yy_buf_size * 2; -+ yy_size_t new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; -@@ -1021,7 +1025,7 @@ - - /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), -- (yy_n_chars), (size_t) num_to_read ); -+ (yy_n_chars), num_to_read ); - - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } -@@ -1116,7 +1120,7 @@ - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 20); - -- return yy_is_jam ? 0 : yy_current_state; -+ return yy_is_jam ? 0 : yy_current_state; - } - - static void yyunput (int c, register char * yy_bp ) -@@ -1131,7 +1135,7 @@ - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ -- register int number_to_move = (yy_n_chars) + 2; -+ register yy_size_t number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = -@@ -1180,7 +1184,7 @@ - - else - { /* need more input */ -- int offset = (yy_c_buf_p) - (yytext_ptr); -+ yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); - - switch ( yy_get_next_buffer( ) ) -@@ -1340,10 +1344,6 @@ - yyfree((void *) b ); - } - --#ifndef __cplusplus --extern int isatty (int ); --#endif /* __cplusplus */ -- - /* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. -@@ -1456,7 +1456,7 @@ - */ - static void yyensure_buffer_stack (void) - { -- int num_to_alloc; -+ yy_size_t num_to_alloc; - - if (!(yy_buffer_stack)) { - -@@ -1548,12 +1548,12 @@ - - /** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. -- * @param bytes the byte buffer to scan -- * @param len the number of bytes in the buffer pointed to by @a bytes. -+ * @param yybytes the byte buffer to scan -+ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ --YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) -+YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) - { - YY_BUFFER_STATE b; - char *buf; -@@ -1640,7 +1640,7 @@ - /** Get the length of the current token. - * - */ --int yyget_leng (void) -+yy_size_t yyget_leng (void) - { - return yyleng; - } -@@ -1788,7 +1788,7 @@ - - #define YYTABLES_NAME "yytables" - --#line 50 "pam_conv_l.l" -+#line 51 "pam_conv_l.l" - - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l ---- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_l.l 2015-01-09 14:28:29.000000000 +0100 -@@ -24,6 +24,7 @@ - extern int current_line; - %} - -+%option noyywrap - %% - - "#"[^\n]* ; /* skip comments (sorry) */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c ---- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c 2013-09-19 10:02:25.000000000 +0200 -+++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.c 2015-01-09 14:32:51.000000000 +0100 -@@ -1,24 +1,21 @@ --/* A Bison parser, made by GNU Bison 2.3. */ -+/* A Bison parser, made by GNU Bison 2.7. */ - --/* Skeleton implementation for Bison's Yacc-like parsers in C -- -- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 -- Free Software Foundation, Inc. -- -- This program is free software; you can redistribute it and/or modify -+/* Bison implementation for Yacc-like parsers in C -+ -+ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 2, or (at your option) -- any later version. -- -+ the Free Software Foundation, either version 3 of the License, or -+ (at your option) any later version. -+ - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. -- -+ - You should have received a copy of the GNU General Public License -- along with this program; if not, write to the Free Software -- Foundation, Inc., 51 Franklin Street, Fifth Floor, -- Boston, MA 02110-1301, USA. */ -+ along with this program. If not, see . */ - - /* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work -@@ -29,7 +26,7 @@ - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. -- -+ - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -@@ -47,7 +44,7 @@ - #define YYBISON 1 - - /* Bison version. */ --#define YYBISON_VERSION "2.3" -+#define YYBISON_VERSION "2.7" - - /* Skeleton name. */ - #define YYSKELETON_NAME "yacc.c" -@@ -55,31 +52,17 @@ - /* Pure parsers. */ - #define YYPURE 0 - --/* Using locations. */ --#define YYLSP_NEEDED 0 -- -+/* Push parsers. */ -+#define YYPUSH 0 - -- --/* Tokens. */ --#ifndef YYTOKENTYPE --# define YYTOKENTYPE -- /* Put the tokens into the symbol table, so that GDB and other debuggers -- know about them. */ -- enum yytokentype { -- NL = 258, -- EOFILE = 259, -- TOK = 260 -- }; --#endif --/* Tokens. */ --#define NL 258 --#define EOFILE 259 --#define TOK 260 -+/* Pull parsers. */ -+#define YYPULL 1 - - - - - /* Copy the first part of user declarations. */ -+/* Line 371 of yacc.c */ - #line 1 "pam_conv_y.y" - - -@@ -126,11 +109,16 @@ - const char *old_to_new_ctrl_flag(const char *old); - void yyerror(const char *format, ...); - -+/* Line 371 of yacc.c */ -+#line 114 "pam_conv_y.c" - --/* Enabling traces. */ --#ifndef YYDEBUG --# define YYDEBUG 0 --#endif -+# ifndef YY_NULL -+# if defined __cplusplus && 201103L <= __cplusplus -+# define YY_NULL nullptr -+# else -+# define YY_NULL 0 -+# endif -+# endif - - /* Enabling verbose error messages. */ - #ifdef YYERROR_VERBOSE -@@ -140,33 +128,76 @@ - # define YYERROR_VERBOSE 0 - #endif - --/* Enabling the token table. */ --#ifndef YYTOKEN_TABLE --# define YYTOKEN_TABLE 0 -+/* In a future release of Bison, this section will be replaced -+ by #include "y.tab.h". */ -+#ifndef YY_YY_PAM_CONV_Y_H_INCLUDED -+# define YY_YY_PAM_CONV_Y_H_INCLUDED -+/* Enabling traces. */ -+#ifndef YYDEBUG -+# define YYDEBUG 0 -+#endif -+#if YYDEBUG -+extern int yydebug; -+#endif -+ -+/* Tokens. */ -+#ifndef YYTOKENTYPE -+# define YYTOKENTYPE -+ /* Put the tokens into the symbol table, so that GDB and other debuggers -+ know about them. */ -+ enum yytokentype { -+ NL = 258, -+ EOFILE = 259, -+ TOK = 260 -+ }; - #endif -+/* Tokens. */ -+#define NL 258 -+#define EOFILE 259 -+#define TOK 260 -+ -+ - - #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - typedef union YYSTYPE --#line 47 "pam_conv_y.y" - { -+/* Line 387 of yacc.c */ -+#line 47 "pam_conv_y.y" -+ - int def; - char *string; --} --/* Line 187 of yacc.c. */ --#line 157 "pam_conv_y.c" -- YYSTYPE; -+ -+ -+/* Line 387 of yacc.c */ -+#line 173 "pam_conv_y.c" -+} YYSTYPE; -+# define YYSTYPE_IS_TRIVIAL 1 - # define yystype YYSTYPE /* obsolescent; will be withdrawn */ - # define YYSTYPE_IS_DECLARED 1 --# define YYSTYPE_IS_TRIVIAL 1 - #endif - -+extern YYSTYPE yylval; -+ -+#ifdef YYPARSE_PARAM -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void *YYPARSE_PARAM); -+#else -+int yyparse (); -+#endif -+#else /* ! YYPARSE_PARAM */ -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void); -+#else -+int yyparse (); -+#endif -+#endif /* ! YYPARSE_PARAM */ - -+#endif /* !YY_YY_PAM_CONV_Y_H_INCLUDED */ - - /* Copy the second part of user declarations. */ - -- --/* Line 216 of yacc.c. */ --#line 170 "pam_conv_y.c" -+/* Line 390 of yacc.c */ -+#line 201 "pam_conv_y.c" - - #ifdef short - # undef short -@@ -216,39 +247,39 @@ - #define YYSIZE_MAXIMUM ((YYSIZE_T) -1) - - #ifndef YY_ --# if YYENABLE_NLS -+# if defined YYENABLE_NLS && YYENABLE_NLS - # if ENABLE_NLS - # include /* INFRINGES ON USER NAME SPACE */ --# define YY_(msgid) dgettext ("bison-runtime", msgid) -+# define YY_(Msgid) dgettext ("bison-runtime", Msgid) - # endif - # endif - # ifndef YY_ --# define YY_(msgid) msgid -+# define YY_(Msgid) Msgid - # endif - #endif - - /* Suppress unused-variable warnings by "using" E. */ - #if ! defined lint || defined __GNUC__ --# define YYUSE(e) ((void) (e)) -+# define YYUSE(E) ((void) (E)) - #else --# define YYUSE(e) /* empty */ -+# define YYUSE(E) /* empty */ - #endif - - /* Identity function, used to suppress warnings about constant conditions. */ - #ifndef lint --# define YYID(n) (n) -+# define YYID(N) (N) - #else - #if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - static int --YYID (int i) -+YYID (int yyi) - #else - static int --YYID (i) -- int i; -+YYID (yyi) -+ int yyi; - #endif - { -- return i; -+ return yyi; - } - #endif - -@@ -269,11 +300,12 @@ - # define alloca _alloca - # else - # define YYSTACK_ALLOC alloca --# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ -+# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - # include /* INFRINGES ON USER NAME SPACE */ --# ifndef _STDLIB_H --# define _STDLIB_H 1 -+ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ -+# ifndef EXIT_SUCCESS -+# define EXIT_SUCCESS 0 - # endif - # endif - # endif -@@ -296,24 +328,24 @@ - # ifndef YYSTACK_ALLOC_MAXIMUM - # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM - # endif --# if (defined __cplusplus && ! defined _STDLIB_H \ -+# if (defined __cplusplus && ! defined EXIT_SUCCESS \ - && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) - # include /* INFRINGES ON USER NAME SPACE */ --# ifndef _STDLIB_H --# define _STDLIB_H 1 -+# ifndef EXIT_SUCCESS -+# define EXIT_SUCCESS 0 - # endif - # endif - # ifndef YYMALLOC - # define YYMALLOC malloc --# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ -+# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ - # endif - # endif - # ifndef YYFREE - # define YYFREE free --# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ -+# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - void free (void *); /* INFRINGES ON USER NAME SPACE */ - # endif -@@ -329,9 +361,9 @@ - /* A type that is properly aligned for any stack member. */ - union yyalloc - { -- yytype_int16 yyss; -- YYSTYPE yyvs; -- }; -+ yytype_int16 yyss_alloc; -+ YYSTYPE yyvs_alloc; -+}; - - /* The size of the maximum gap between one aligned stack and the next. */ - # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) -@@ -342,35 +374,19 @@ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - --/* Copy COUNT objects from FROM to TO. The source and destination do -- not overlap. */ --# ifndef YYCOPY --# if defined __GNUC__ && 1 < __GNUC__ --# define YYCOPY(To, From, Count) \ -- __builtin_memcpy (To, From, (Count) * sizeof (*(From))) --# else --# define YYCOPY(To, From, Count) \ -- do \ -- { \ -- YYSIZE_T yyi; \ -- for (yyi = 0; yyi < (Count); yyi++) \ -- (To)[yyi] = (From)[yyi]; \ -- } \ -- while (YYID (0)) --# endif --# endif -+# define YYCOPY_NEEDED 1 - - /* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ --# define YYSTACK_RELOCATE(Stack) \ -+# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ -- YYCOPY (&yyptr->Stack, Stack, yysize); \ -- Stack = &yyptr->Stack; \ -+ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ -+ Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ -@@ -378,6 +394,26 @@ - - #endif - -+#if defined YYCOPY_NEEDED && YYCOPY_NEEDED -+/* Copy COUNT objects from SRC to DST. The source and destination do -+ not overlap. */ -+# ifndef YYCOPY -+# if defined __GNUC__ && 1 < __GNUC__ -+# define YYCOPY(Dst, Src, Count) \ -+ __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src))) -+# else -+# define YYCOPY(Dst, Src, Count) \ -+ do \ -+ { \ -+ YYSIZE_T yyi; \ -+ for (yyi = 0; yyi < (Count); yyi++) \ -+ (Dst)[yyi] = (Src)[yyi]; \ -+ } \ -+ while (YYID (0)) -+# endif -+# endif -+#endif /* !YYCOPY_NEEDED */ -+ - /* YYFINAL -- State number of the termination state. */ - #define YYFINAL 2 - /* YYLAST -- Last index in YYTABLE. */ -@@ -457,13 +493,13 @@ - }; - #endif - --#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE -+#if YYDEBUG || YYERROR_VERBOSE || 0 - /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ - static const char *const yytname[] = - { - "$end", "error", "$undefined", "NL", "EOFILE", "TOK", "$accept", -- "complete", "line", "tokenls", "path", "tok", 0 -+ "complete", "line", "tokenls", "path", "tok", YY_NULL - }; - #endif - -@@ -490,8 +526,8 @@ - 1, 1 - }; - --/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state -- STATE-NUM when YYTABLE doesn't specify something else to do. Zero -+/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM. -+ Performed when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ - static const yytype_uint8 yydefact[] = - { -@@ -522,8 +558,7 @@ - - /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which -- number is the opposite. If zero, do what YYDEFACT says. -- If YYTABLE_NINF, syntax error. */ -+ number is the opposite. If YYTABLE_NINF, syntax error. */ - #define YYTABLE_NINF -1 - static const yytype_uint8 yytable[] = - { -@@ -531,6 +566,12 @@ - 9, 6, 0, 12 - }; - -+#define yypact_value_is_default(Yystate) \ -+ (!!((Yystate) == (-9))) -+ -+#define yytable_value_is_error(Yytable_value) \ -+ YYID (0) -+ - static const yytype_int8 yycheck[] = - { - 8, 3, 10, 5, 0, 1, 14, 3, 4, 5, -@@ -557,78 +598,50 @@ - - /* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. -- Once GCC version 2 has supplanted version 1, this can go. */ -+ Once GCC version 2 has supplanted version 1, this can go. However, -+ YYFAIL appears to be in use. Nevertheless, it is formally deprecated -+ in Bison 2.4.2's NEWS entry, where a plan to phase it out is -+ discussed. */ - - #define YYFAIL goto yyerrlab -+#if defined YYFAIL -+ /* This is here to suppress warnings from the GCC cpp's -+ -Wunused-macros. Normally we don't worry about that warning, but -+ some users do, and we want to make it easy for users to remove -+ YYFAIL uses, which will produce warnings from Bison 2.5. */ -+#endif - - #define YYRECOVERING() (!!yyerrstatus) - --#define YYBACKUP(Token, Value) \ --do \ -- if (yychar == YYEMPTY && yylen == 1) \ -- { \ -- yychar = (Token); \ -- yylval = (Value); \ -- yytoken = YYTRANSLATE (yychar); \ -- YYPOPSTACK (1); \ -- goto yybackup; \ -- } \ -- else \ -- { \ -+#define YYBACKUP(Token, Value) \ -+do \ -+ if (yychar == YYEMPTY) \ -+ { \ -+ yychar = (Token); \ -+ yylval = (Value); \ -+ YYPOPSTACK (yylen); \ -+ yystate = *yyssp; \ -+ goto yybackup; \ -+ } \ -+ else \ -+ { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ - while (YYID (0)) - -- -+/* Error token number */ - #define YYTERROR 1 - #define YYERRCODE 256 - - --/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. -- If N is 0, then set CURRENT to the empty location which ends -- the previous symbol: RHS[0] (always defined). */ -- --#define YYRHSLOC(Rhs, K) ((Rhs)[K]) --#ifndef YYLLOC_DEFAULT --# define YYLLOC_DEFAULT(Current, Rhs, N) \ -- do \ -- if (YYID (N)) \ -- { \ -- (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ -- (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ -- (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ -- (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ -- } \ -- else \ -- { \ -- (Current).first_line = (Current).last_line = \ -- YYRHSLOC (Rhs, 0).last_line; \ -- (Current).first_column = (Current).last_column = \ -- YYRHSLOC (Rhs, 0).last_column; \ -- } \ -- while (YYID (0)) --#endif -- -- --/* YY_LOCATION_PRINT -- Print the location on the stream. -- This macro was not mandated originally: define only if we know -- we won't break user code: when these are the locations we know. */ -- -+/* This macro is provided for backward compatibility. */ - #ifndef YY_LOCATION_PRINT --# if YYLTYPE_IS_TRIVIAL --# define YY_LOCATION_PRINT(File, Loc) \ -- fprintf (File, "%d.%d-%d.%d", \ -- (Loc).first_line, (Loc).first_column, \ -- (Loc).last_line, (Loc).last_column) --# else --# define YY_LOCATION_PRINT(File, Loc) ((void) 0) --# endif -+# define YY_LOCATION_PRINT(File, Loc) ((void) 0) - #endif - - - /* YYLEX -- calling `yylex' with the right arguments. */ -- - #ifdef YYLEX_PARAM - # define YYLEX yylex (YYLEX_PARAM) - #else -@@ -678,6 +691,8 @@ - YYSTYPE const * const yyvaluep; - #endif - { -+ FILE *yyo = yyoutput; -+ YYUSE (yyo); - if (!yyvaluep) - return; - # ifdef YYPRINT -@@ -689,7 +704,7 @@ - switch (yytype) - { - default: -- break; -+ break; - } - } - -@@ -727,17 +742,20 @@ - #if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - static void --yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) -+yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) - #else - static void --yy_stack_print (bottom, top) -- yytype_int16 *bottom; -- yytype_int16 *top; -+yy_stack_print (yybottom, yytop) -+ yytype_int16 *yybottom; -+ yytype_int16 *yytop; - #endif - { - YYFPRINTF (stderr, "Stack now"); -- for (; bottom <= top; ++bottom) -- YYFPRINTF (stderr, " %d", *bottom); -+ for (; yybottom <= yytop; yybottom++) -+ { -+ int yybot = *yybottom; -+ YYFPRINTF (stderr, " %d", yybot); -+ } - YYFPRINTF (stderr, "\n"); - } - -@@ -771,11 +789,11 @@ - /* The symbols being reduced. */ - for (yyi = 0; yyi < yynrhs; yyi++) - { -- fprintf (stderr, " $%d = ", yyi + 1); -+ YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - ); -- fprintf (stderr, "\n"); -+ YYFPRINTF (stderr, "\n"); - } - } - -@@ -812,7 +830,6 @@ - # define YYMAXDEPTH 10000 - #endif - -- - - #if YYERROR_VERBOSE - -@@ -915,115 +932,145 @@ - } - # endif - --/* Copy into YYRESULT an error message about the unexpected token -- YYCHAR while in state YYSTATE. Return the number of bytes copied, -- including the terminating null byte. If YYRESULT is null, do not -- copy anything; just return the number of bytes that would be -- copied. As a special case, return 0 if an ordinary "syntax error" -- message will do. Return YYSIZE_MAXIMUM if overflow occurs during -- size calculation. */ --static YYSIZE_T --yysyntax_error (char *yyresult, int yystate, int yychar) -+/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message -+ about the unexpected token YYTOKEN for the state stack whose top is -+ YYSSP. -+ -+ Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is -+ not large enough to hold the message. In that case, also set -+ *YYMSG_ALLOC to the required number of bytes. Return 2 if the -+ required number of bytes is too large to store. */ -+static int -+yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, -+ yytype_int16 *yyssp, int yytoken) - { -- int yyn = yypact[yystate]; -- -- if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) -- return 0; -- else -- { -- int yytype = YYTRANSLATE (yychar); -- YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); -- YYSIZE_T yysize = yysize0; -- YYSIZE_T yysize1; -- int yysize_overflow = 0; -- enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; -- char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; -- int yyx; -- --# if 0 -- /* This is so xgettext sees the translatable formats that are -- constructed on the fly. */ -- YY_("syntax error, unexpected %s"); -- YY_("syntax error, unexpected %s, expecting %s"); -- YY_("syntax error, unexpected %s, expecting %s or %s"); -- YY_("syntax error, unexpected %s, expecting %s or %s or %s"); -- YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); --# endif -- char *yyfmt; -- char const *yyf; -- static char const yyunexpected[] = "syntax error, unexpected %s"; -- static char const yyexpecting[] = ", expecting %s"; -- static char const yyor[] = " or %s"; -- char yyformat[sizeof yyunexpected -- + sizeof yyexpecting - 1 -- + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) -- * (sizeof yyor - 1))]; -- char const *yyprefix = yyexpecting; -- -- /* Start YYX at -YYN if negative to avoid negative indexes in -- YYCHECK. */ -- int yyxbegin = yyn < 0 ? -yyn : 0; -- -- /* Stay within bounds of both yycheck and yytname. */ -- int yychecklim = YYLAST - yyn + 1; -- int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; -- int yycount = 1; -- -- yyarg[0] = yytname[yytype]; -- yyfmt = yystpcpy (yyformat, yyunexpected); -- -- for (yyx = yyxbegin; yyx < yyxend; ++yyx) -- if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) -- { -- if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) -- { -- yycount = 1; -- yysize = yysize0; -- yyformat[sizeof yyunexpected - 1] = '\0'; -- break; -- } -- yyarg[yycount++] = yytname[yyx]; -- yysize1 = yysize + yytnamerr (0, yytname[yyx]); -- yysize_overflow |= (yysize1 < yysize); -- yysize = yysize1; -- yyfmt = yystpcpy (yyfmt, yyprefix); -- yyprefix = yyor; -- } -- -- yyf = YY_(yyformat); -- yysize1 = yysize + yystrlen (yyf); -- yysize_overflow |= (yysize1 < yysize); -- yysize = yysize1; -- -- if (yysize_overflow) -- return YYSIZE_MAXIMUM; -- -- if (yyresult) -- { -- /* Avoid sprintf, as that infringes on the user's name space. -- Don't have undefined behavior even if the translation -- produced a string with the wrong number of "%s"s. */ -- char *yyp = yyresult; -- int yyi = 0; -- while ((*yyp = *yyf) != '\0') -- { -- if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) -- { -- yyp += yytnamerr (yyp, yyarg[yyi++]); -- yyf += 2; -- } -- else -- { -- yyp++; -- yyf++; -- } -- } -- } -- return yysize; -- } -+ YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]); -+ YYSIZE_T yysize = yysize0; -+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; -+ /* Internationalized format string. */ -+ const char *yyformat = YY_NULL; -+ /* Arguments of yyformat. */ -+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; -+ /* Number of reported tokens (one for the "unexpected", one per -+ "expected"). */ -+ int yycount = 0; -+ -+ /* There are many possibilities here to consider: -+ - Assume YYFAIL is not used. It's too flawed to consider. See -+ -+ for details. YYERROR is fine as it does not invoke this -+ function. -+ - If this state is a consistent state with a default action, then -+ the only way this function was invoked is if the default action -+ is an error action. In that case, don't check for expected -+ tokens because there are none. -+ - The only way there can be no lookahead present (in yychar) is if -+ this state is a consistent state with a default action. Thus, -+ detecting the absence of a lookahead is sufficient to determine -+ that there is no unexpected or expected token to report. In that -+ case, just report a simple "syntax error". -+ - Don't assume there isn't a lookahead just because this state is a -+ consistent state with a default action. There might have been a -+ previous inconsistent state, consistent state with a non-default -+ action, or user semantic action that manipulated yychar. -+ - Of course, the expected token list depends on states to have -+ correct lookahead information, and it depends on the parser not -+ to perform extra reductions after fetching a lookahead from the -+ scanner and before detecting a syntax error. Thus, state merging -+ (from LALR or IELR) and default reductions corrupt the expected -+ token list. However, the list is correct for canonical LR with -+ one exception: it will still contain any token that will not be -+ accepted due to an error action in a later state. -+ */ -+ if (yytoken != YYEMPTY) -+ { -+ int yyn = yypact[*yyssp]; -+ yyarg[yycount++] = yytname[yytoken]; -+ if (!yypact_value_is_default (yyn)) -+ { -+ /* Start YYX at -YYN if negative to avoid negative indexes in -+ YYCHECK. In other words, skip the first -YYN actions for -+ this state because they are default actions. */ -+ int yyxbegin = yyn < 0 ? -yyn : 0; -+ /* Stay within bounds of both yycheck and yytname. */ -+ int yychecklim = YYLAST - yyn + 1; -+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; -+ int yyx; -+ -+ for (yyx = yyxbegin; yyx < yyxend; ++yyx) -+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR -+ && !yytable_value_is_error (yytable[yyx + yyn])) -+ { -+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) -+ { -+ yycount = 1; -+ yysize = yysize0; -+ break; -+ } -+ yyarg[yycount++] = yytname[yyx]; -+ { -+ YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]); -+ if (! (yysize <= yysize1 -+ && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) -+ return 2; -+ yysize = yysize1; -+ } -+ } -+ } -+ } -+ -+ switch (yycount) -+ { -+# define YYCASE_(N, S) \ -+ case N: \ -+ yyformat = S; \ -+ break -+ YYCASE_(0, YY_("syntax error")); -+ YYCASE_(1, YY_("syntax error, unexpected %s")); -+ YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); -+ YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); -+ YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); -+ YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); -+# undef YYCASE_ -+ } -+ -+ { -+ YYSIZE_T yysize1 = yysize + yystrlen (yyformat); -+ if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) -+ return 2; -+ yysize = yysize1; -+ } -+ -+ if (*yymsg_alloc < yysize) -+ { -+ *yymsg_alloc = 2 * yysize; -+ if (! (yysize <= *yymsg_alloc -+ && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) -+ *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; -+ return 1; -+ } -+ -+ /* Avoid sprintf, as that infringes on the user's name space. -+ Don't have undefined behavior even if the translation -+ produced a string with the wrong number of "%s"s. */ -+ { -+ char *yyp = *yymsg; -+ int yyi = 0; -+ while ((*yyp = *yyformat) != '\0') -+ if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) -+ { -+ yyp += yytnamerr (yyp, yyarg[yyi++]); -+ yyformat += 2; -+ } -+ else -+ { -+ yyp++; -+ yyformat++; -+ } -+ } -+ return 0; - } - #endif /* YYERROR_VERBOSE */ -- - - /*-----------------------------------------------. - | Release the memory associated to this symbol. | -@@ -1052,40 +1099,32 @@ - { - - default: -- break; -+ break; - } - } -- - --/* Prevent warnings from -Wmissing-prototypes. */ -- --#ifdef YYPARSE_PARAM --#if defined __STDC__ || defined __cplusplus --int yyparse (void *YYPARSE_PARAM); --#else --int yyparse (); --#endif --#else /* ! YYPARSE_PARAM */ --#if defined __STDC__ || defined __cplusplus --int yyparse (void); --#else --int yyparse (); --#endif --#endif /* ! YYPARSE_PARAM */ - - - --/* The look-ahead symbol. */ -+/* The lookahead symbol. */ - int yychar; - --/* The semantic value of the look-ahead symbol. */ --YYSTYPE yylval; -+ -+#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -+# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -+# define YY_IGNORE_MAYBE_UNINITIALIZED_END -+#endif -+#ifndef YY_INITIAL_VALUE -+# define YY_INITIAL_VALUE(Value) /* Nothing. */ -+#endif -+ -+/* The semantic value of the lookahead symbol. */ -+YYSTYPE yylval YY_INITIAL_VALUE(yyval_default); - - /* Number of syntax errors so far. */ - int yynerrs; - - -- - /*----------. - | yyparse. | - `----------*/ -@@ -1112,14 +1151,37 @@ - #endif - #endif - { -- -- int yystate; -+ int yystate; -+ /* Number of tokens to shift before error messages enabled. */ -+ int yyerrstatus; -+ -+ /* The stacks and their tools: -+ `yyss': related to states. -+ `yyvs': related to semantic values. -+ -+ Refer to the stacks through separate pointers, to allow yyoverflow -+ to reallocate them elsewhere. */ -+ -+ /* The state stack. */ -+ yytype_int16 yyssa[YYINITDEPTH]; -+ yytype_int16 *yyss; -+ yytype_int16 *yyssp; -+ -+ /* The semantic value stack. */ -+ YYSTYPE yyvsa[YYINITDEPTH]; -+ YYSTYPE *yyvs; -+ YYSTYPE *yyvsp; -+ -+ YYSIZE_T yystacksize; -+ - int yyn; - int yyresult; -- /* Number of tokens to shift before error messages enabled. */ -- int yyerrstatus; -- /* Look-ahead token as an internal (translated) token number. */ -+ /* Lookahead token as an internal (translated) token number. */ - int yytoken = 0; -+ /* The variables used to return semantic value and location from the -+ action routines. */ -+ YYSTYPE yyval; -+ - #if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; -@@ -1127,54 +1189,22 @@ - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; - #endif - -- /* Three stacks and their tools: -- `yyss': related to states, -- `yyvs': related to semantic values, -- `yyls': related to locations. -- -- Refer to the stacks thru separate pointers, to allow yyoverflow -- to reallocate them elsewhere. */ -- -- /* The state stack. */ -- yytype_int16 yyssa[YYINITDEPTH]; -- yytype_int16 *yyss = yyssa; -- yytype_int16 *yyssp; -- -- /* The semantic value stack. */ -- YYSTYPE yyvsa[YYINITDEPTH]; -- YYSTYPE *yyvs = yyvsa; -- YYSTYPE *yyvsp; -- -- -- - #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - -- YYSIZE_T yystacksize = YYINITDEPTH; -- -- /* The variables used to return semantic value and location from the -- action routines. */ -- YYSTYPE yyval; -- -- - /* The number of symbols on the RHS of the reduced rule. - Keep to zero when no symbol should be popped. */ - int yylen = 0; - -+ yyssp = yyss = yyssa; -+ yyvsp = yyvs = yyvsa; -+ yystacksize = YYINITDEPTH; -+ - YYDPRINTF ((stderr, "Starting parse\n")); - - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; -- yychar = YYEMPTY; /* Cause a token to be read. */ -- -- /* Initialize stack pointers. -- Waste one element of value and location stack -- so that they stay on the same level as the state stack. -- The wasted elements are never initialized. */ -- -- yyssp = yyss; -- yyvsp = yyvs; -- -+ yychar = YYEMPTY; /* Cause a token to be read. */ - goto yysetstate; - - /*------------------------------------------------------------. -@@ -1201,7 +1231,6 @@ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - -- - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might -@@ -1209,7 +1238,6 @@ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), -- - &yystacksize); - - yyss = yyss1; -@@ -1232,9 +1260,8 @@ - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; -- YYSTACK_RELOCATE (yyss); -- YYSTACK_RELOCATE (yyvs); -- -+ YYSTACK_RELOCATE (yyss_alloc, yyss); -+ YYSTACK_RELOCATE (yyvs_alloc, yyvs); - # undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); -@@ -1245,7 +1272,6 @@ - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - -- - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); - -@@ -1255,6 +1281,9 @@ - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - -+ if (yystate == YYFINAL) -+ YYACCEPT; -+ - goto yybackup; - - /*-----------. -@@ -1263,16 +1292,16 @@ - yybackup: - - /* Do appropriate processing given the current state. Read a -- look-ahead token if we need one and don't already have one. */ -+ lookahead token if we need one and don't already have one. */ - -- /* First try to decide what to do without reference to look-ahead token. */ -+ /* First try to decide what to do without reference to lookahead token. */ - yyn = yypact[yystate]; -- if (yyn == YYPACT_NINF) -+ if (yypact_value_is_default (yyn)) - goto yydefault; - -- /* Not known => get a look-ahead token if don't already have one. */ -+ /* Not known => get a lookahead token if don't already have one. */ - -- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ -+ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ - if (yychar == YYEMPTY) - { - YYDPRINTF ((stderr, "Reading a token: ")); -@@ -1298,29 +1327,27 @@ - yyn = yytable[yyn]; - if (yyn <= 0) - { -- if (yyn == 0 || yyn == YYTABLE_NINF) -- goto yyerrlab; -+ if (yytable_value_is_error (yyn)) -+ goto yyerrlab; - yyn = -yyn; - goto yyreduce; - } - -- if (yyn == YYFINAL) -- YYACCEPT; -- - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - -- /* Shift the look-ahead token. */ -+ /* Shift the lookahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - -- /* Discard the shifted token unless it is eof. */ -- if (yychar != YYEOF) -- yychar = YYEMPTY; -+ /* Discard the shifted token. */ -+ yychar = YYEMPTY; - - yystate = yyn; -+ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; -+ YY_IGNORE_MAYBE_UNINITIALIZED_END - - goto yynewstate; - -@@ -1357,6 +1384,7 @@ - switch (yyn) - { - case 5: -+/* Line 1792 of yacc.c */ - #line 64 "pam_conv_y.y" - { - return 0; -@@ -1364,6 +1392,7 @@ - break; - - case 6: -+/* Line 1792 of yacc.c */ - #line 70 "pam_conv_y.y" - { - char *filename; -@@ -1432,6 +1461,7 @@ - break; - - case 7: -+/* Line 1792 of yacc.c */ - #line 134 "pam_conv_y.y" - { - yyerror("malformed line"); -@@ -1439,6 +1469,7 @@ - break; - - case 8: -+/* Line 1792 of yacc.c */ - #line 140 "pam_conv_y.y" - { - (yyval.string)=NULL; -@@ -1446,6 +1477,7 @@ - break; - - case 9: -+/* Line 1792 of yacc.c */ - #line 143 "pam_conv_y.y" - { - int len; -@@ -1463,6 +1495,7 @@ - break; - - case 10: -+/* Line 1792 of yacc.c */ - #line 159 "pam_conv_y.y" - { - /* XXX - this could be used to check if file present */ -@@ -1471,6 +1504,7 @@ - break; - - case 11: -+/* Line 1792 of yacc.c */ - #line 165 "pam_conv_y.y" - { - (yyval.string) = strdup(yytext); -@@ -1478,10 +1512,21 @@ - break; - - --/* Line 1267 of yacc.c. */ --#line 1483 "pam_conv_y.c" -+/* Line 1792 of yacc.c */ -+#line 1517 "pam_conv_y.c" - default: break; - } -+ /* User semantic actions sometimes alter yychar, and that requires -+ that yytoken be updated with the new translation. We take the -+ approach of translating immediately before every use of yytoken. -+ One alternative is translating here after every semantic action, -+ but that translation would be missed if the semantic action invokes -+ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or -+ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an -+ incorrect destructor might then be invoked immediately. In the -+ case of YYERROR or YYBACKUP, subsequent parser actions might lead -+ to an incorrect destructor call or verbose syntax error message -+ before the lookahead is translated. */ - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); - - YYPOPSTACK (yylen); -@@ -1490,7 +1535,6 @@ - - *++yyvsp = yyval; - -- - /* Now `shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ -@@ -1510,6 +1554,10 @@ - | yyerrlab -- here on detecting error | - `------------------------------------*/ - yyerrlab: -+ /* Make sure we have latest lookahead translation. See comments at -+ user semantic actions for why this is necessary. */ -+ yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); -+ - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) - { -@@ -1517,37 +1565,36 @@ - #if ! YYERROR_VERBOSE - yyerror (YY_("syntax error")); - #else -+# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ -+ yyssp, yytoken) - { -- YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); -- if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) -- { -- YYSIZE_T yyalloc = 2 * yysize; -- if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) -- yyalloc = YYSTACK_ALLOC_MAXIMUM; -- if (yymsg != yymsgbuf) -- YYSTACK_FREE (yymsg); -- yymsg = (char *) YYSTACK_ALLOC (yyalloc); -- if (yymsg) -- yymsg_alloc = yyalloc; -- else -- { -- yymsg = yymsgbuf; -- yymsg_alloc = sizeof yymsgbuf; -- } -- } -- -- if (0 < yysize && yysize <= yymsg_alloc) -- { -- (void) yysyntax_error (yymsg, yystate, yychar); -- yyerror (yymsg); -- } -- else -- { -- yyerror (YY_("syntax error")); -- if (yysize != 0) -- goto yyexhaustedlab; -- } -+ char const *yymsgp = YY_("syntax error"); -+ int yysyntax_error_status; -+ yysyntax_error_status = YYSYNTAX_ERROR; -+ if (yysyntax_error_status == 0) -+ yymsgp = yymsg; -+ else if (yysyntax_error_status == 1) -+ { -+ if (yymsg != yymsgbuf) -+ YYSTACK_FREE (yymsg); -+ yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); -+ if (!yymsg) -+ { -+ yymsg = yymsgbuf; -+ yymsg_alloc = sizeof yymsgbuf; -+ yysyntax_error_status = 2; -+ } -+ else -+ { -+ yysyntax_error_status = YYSYNTAX_ERROR; -+ yymsgp = yymsg; -+ } -+ } -+ yyerror (yymsgp); -+ if (yysyntax_error_status == 2) -+ goto yyexhaustedlab; - } -+# undef YYSYNTAX_ERROR - #endif - } - -@@ -1555,7 +1602,7 @@ - - if (yyerrstatus == 3) - { -- /* If just tried and failed to reuse look-ahead token after an -+ /* If just tried and failed to reuse lookahead token after an - error, discard it. */ - - if (yychar <= YYEOF) -@@ -1572,7 +1619,7 @@ - } - } - -- /* Else will try to reuse look-ahead token after shifting the error -+ /* Else will try to reuse lookahead token after shifting the error - token. */ - goto yyerrlab1; - -@@ -1606,7 +1653,7 @@ - for (;;) - { - yyn = yypact[yystate]; -- if (yyn != YYPACT_NINF) -+ if (!yypact_value_is_default (yyn)) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) -@@ -1629,10 +1676,9 @@ - YY_STACK_PRINT (yyss, yyssp); - } - -- if (yyn == YYFINAL) -- YYACCEPT; -- -+ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; -+ YY_IGNORE_MAYBE_UNINITIALIZED_END - - - /* Shift the error token. */ -@@ -1656,7 +1702,7 @@ - yyresult = 1; - goto yyreturn; - --#ifndef yyoverflow -+#if !defined yyoverflow || YYERROR_VERBOSE - /*-------------------------------------------------. - | yyexhaustedlab -- memory exhaustion comes here. | - `-------------------------------------------------*/ -@@ -1667,9 +1713,14 @@ - #endif - - yyreturn: -- if (yychar != YYEOF && yychar != YYEMPTY) -- yydestruct ("Cleanup: discarding lookahead", -- yytoken, &yylval); -+ if (yychar != YYEMPTY) -+ { -+ /* Make sure we have latest lookahead translation. See comments at -+ user semantic actions for why this is necessary. */ -+ yytoken = YYTRANSLATE (yychar); -+ yydestruct ("Cleanup: discarding lookahead", -+ yytoken, &yylval); -+ } - /* Do not reclaim the symbols of the rule which action triggered - this YYABORT or YYACCEPT. */ - YYPOPSTACK (yylen); -@@ -1693,6 +1744,7 @@ - } - - -+/* Line 2055 of yacc.c */ - #line 169 "pam_conv_y.y" - - -@@ -1736,4 +1788,3 @@ - yyparse(); - exit(0); - } -- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h ---- old/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h 2013-09-19 10:02:25.000000000 +0200 -+++ new/Linux-PAM-1.1.8/conf/pam_conv1/pam_conv_y.h 2015-01-09 14:32:51.000000000 +0100 -@@ -1,24 +1,21 @@ --/* A Bison parser, made by GNU Bison 2.3. */ -+/* A Bison parser, made by GNU Bison 2.7. */ - --/* Skeleton interface for Bison's Yacc-like parsers in C -- -- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 -- Free Software Foundation, Inc. -- -- This program is free software; you can redistribute it and/or modify -+/* Bison interface for Yacc-like parsers in C -+ -+ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 2, or (at your option) -- any later version. -- -+ the Free Software Foundation, either version 3 of the License, or -+ (at your option) any later version. -+ - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. -- -+ - You should have received a copy of the GNU General Public License -- along with this program; if not, write to the Free Software -- Foundation, Inc., 51 Franklin Street, Fifth Floor, -- Boston, MA 02110-1301, USA. */ -+ along with this program. If not, see . */ - - /* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work -@@ -29,10 +26,20 @@ - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. -- -+ - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -+#ifndef YY_YY_PAM_CONV_Y_H_INCLUDED -+# define YY_YY_PAM_CONV_Y_H_INCLUDED -+/* Enabling traces. */ -+#ifndef YYDEBUG -+# define YYDEBUG 0 -+#endif -+#if YYDEBUG -+extern int yydebug; -+#endif -+ - /* Tokens. */ - #ifndef YYTOKENTYPE - # define YYTOKENTYPE -@@ -51,21 +58,38 @@ - - - -- - #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - typedef union YYSTYPE --#line 47 "pam_conv_y.y" - { -+/* Line 2058 of yacc.c */ -+#line 47 "pam_conv_y.y" -+ - int def; - char *string; --} --/* Line 1489 of yacc.c. */ --#line 64 "pam_conv_y.h" -- YYSTYPE; -+ -+ -+/* Line 2058 of yacc.c */ -+#line 73 "pam_conv_y.h" -+} YYSTYPE; -+# define YYSTYPE_IS_TRIVIAL 1 - # define yystype YYSTYPE /* obsolescent; will be withdrawn */ - # define YYSTYPE_IS_DECLARED 1 --# define YYSTYPE_IS_TRIVIAL 1 - #endif - - extern YYSTYPE yylval; - -+#ifdef YYPARSE_PARAM -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void *YYPARSE_PARAM); -+#else -+int yyparse (); -+#endif -+#else /* ! YYPARSE_PARAM */ -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void); -+#else -+int yyparse (); -+#endif -+#endif /* ! YYPARSE_PARAM */ -+ -+#endif /* !YY_YY_PAM_CONV_Y_H_INCLUDED */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/configure.in new/Linux-PAM-1.1.8/configure.in ---- old/Linux-PAM-1.1.8/configure.in 2013-09-18 14:30:13.000000000 +0200 -+++ new/Linux-PAM-1.1.8/configure.in 2015-01-09 14:28:29.000000000 +0100 -@@ -1,9 +1,8 @@ - dnl Process this file with autoconf to produce a configure script. --AC_INIT -+AC_INIT([Linux-PAM], [1.1.8], , [Linux-PAM]) - AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y]) - AC_CONFIG_AUX_DIR([build-aux]) --AM_INIT_AUTOMAKE("Linux-PAM", 1.1.8) --LT_INIT([disable-static]) -+AM_INIT_AUTOMAKE - AC_PREREQ([2.61]) - AC_CONFIG_HEADERS([config.h]) - AC_CONFIG_MACRO_DIR([m4]) -@@ -58,6 +57,11 @@ - - fi - -+dnl This should be called before any macros that run the C compiler. -+AC_USE_SYSTEM_EXTENSIONS -+ -+LT_INIT([disable-static]) -+ - dnl - dnl check if we should link everything static into libpam - dnl -@@ -76,7 +80,6 @@ - AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) - - dnl Checks for programs. --AC_USE_SYSTEM_EXTENSIONS - AC_PROG_CC - AC_PROG_YACC - AM_PROG_LEX -@@ -141,6 +144,15 @@ - AC_MSG_RESULT([$CC_FOR_BUILD]) - AC_SUBST(CC_FOR_BUILD) - -+if test "x${BUILD_CPPFLAGS+set}" != "xset" ; then -+ if test "x$cross_compiling" = "xyes" ; then -+ BUILD_CPPFLAGS= -+ else -+ BUILD_CPPFLAGS=${CPPFLAGS} -+ fi -+fi -+AC_SUBST(BUILD_CPPFLAGS) -+ - if test "x${BUILD_CFLAGS+set}" != "xset" ; then - if test "x$cross_compiling" = "xyes" ; then - BUILD_CFLAGS= -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/adg/Makefile.am new/Linux-PAM-1.1.8/doc/adg/Makefile.am ---- old/Linux-PAM-1.1.8/doc/adg/Makefile.am 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/adg/Makefile.am 2015-01-09 14:28:29.000000000 +0100 -@@ -57,20 +57,26 @@ - $(mkinstalldirs) $(DESTDIR)$(docdir) - $(mkinstalldirs) $(DESTDIR)$(pdfdir) - $(mkinstalldirs) $(DESTDIR)$(htmldir) -- test -f html/Linux-PAM_ADG.html || exit 0; \ -+ if test -f html/Linux-PAM_ADG.html; then \ - $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \ -- $(DESTDIR)$(htmldir)/ || \ -+ $(DESTDIR)$(htmldir)/; \ -+ elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \ - $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \ -- $(srcdir)/html/sag-*.html \ -- $(DESTDIR)$(htmldir)/ -- test -f Linux-PAM_ADG.txt || exit 0; \ -- $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \ -+ $(srcdir)/html/adg-*.html \ -+ $(DESTDIR)$(htmldir)/; \ -+ fi -+ if test -f Linux-PAM_ADG.txt; then \ -+ $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/; \ -+ elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \ - $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \ -- $(DESTDIR)$(docdir)/ -- test -f Linux-PAM_ADG.pdf || exit 0; \ -- $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \ -+ $(DESTDIR)$(docdir)/; \ -+ fi -+ if test -f Linux-PAM_ADG.pdf; then \ -+ $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/; \ -+ elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \ - $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \ -- $(DESTDIR)$(pdfdir)/ -+ $(DESTDIR)$(pdfdir)/; \ -+ fi - - uninstall-local: - -rm $(DESTDIR)$(htmldir)/Linux-PAM_ADG.html -@@ -80,19 +86,28 @@ - - releasedocs: all - $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html -- test -f html/Linux-PAM_ADG.html || exit 0; \ -+ if test -f html/Linux-PAM_ADG.html; then \ - cp -ap html/Linux-PAM_ADG.html html/adg-*.html \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \ -+ elif test -f $(srcdir)/html/Linux-PAM_ADG.html; then \ - cp -ap $(srcdir)/html/Linux-PAM_ADG.html \ - $(srcdir)/html/adg-*.html \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ -- test -f Linux-PAM_ADG.txt || exit 0; \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/; \ -+ else exit 1; \ -+ fi -+ if test -f Linux-PAM_ADG.txt; then \ - cp -p Linux-PAM_ADG.txt \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ -+ elif test -f $(srcdir)/Linux-PAM_ADG.txt; then \ - cp -p $(srcdir)/Linux-PAM_ADG.txt \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ -- test -f Linux-PAM_ADG.pdf || exit 0; \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ -+ else exit 1; \ -+ fi -+ if test -f Linux-PAM_ADG.pdf; then \ - cp -p Linux-PAM_ADG.pdf \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ -+ elif test -f $(srcdir)/Linux-PAM_ADG.pdf; then \ - cp -p $(srcdir)/Linux-PAM_ADG.pdf \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/; \ -+ else exit 1; \ -+ fi -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/Makefile.am new/Linux-PAM-1.1.8/doc/man/Makefile.am ---- old/Linux-PAM-1.1.8/doc/man/Makefile.am 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/Makefile.am 2015-01-09 14:28:29.000000000 +0100 -@@ -49,6 +49,10 @@ - PAM.8: pam.8 - pam_get_authtok_noverify.3: pam_get_authtok.3 - pam_get_authtok_verify.3: pam_get_authtok.3 -+pam_verror.3: pam_error.3 -+pam_vinfo.3: pam_info.3 -+pam_vprompt.3: pam_prompt.3 -+pam_vsyslog.3: pam_syslog.3 - pam.d.5: pam.conf.5 - test -f $(srcdir)/pam\\.d.5 && mv $(srcdir)/pam\\.d.5 $(srcdir)/pam.d.5 ||: - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/misc_conv.3 new/Linux-PAM-1.1.8/doc/man/misc_conv.3 ---- old/Linux-PAM-1.1.8/doc/man/misc_conv.3 2013-09-19 10:02:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/misc_conv.3 2015-01-09 14:33:00.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: misc_conv - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "MISC_CONV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "MISC_CONV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam.3 new/Linux-PAM-1.1.8/doc/man/pam.3 ---- old/Linux-PAM-1.1.8/doc/man/pam.3 2013-09-19 10:02:25.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam.3 2015-01-09 14:32:51.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/PAM.8 new/Linux-PAM-1.1.8/doc/man/PAM.8 ---- old/Linux-PAM-1.1.8/doc/man/PAM.8 2013-09-19 10:02:25.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/PAM.8 2015-01-09 14:32:52.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 new/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 2013-09-19 10:02:26.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_acct_mgmt.3 2015-01-09 14:32:53.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_acct_mgmt - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ACCT_MGMT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ACCT_MGMT" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 2013-09-19 10:02:26.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3 2015-01-09 14:32:53.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_authenticate - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_AUTHENTICATE" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_AUTHENTICATE" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -44,7 +44,7 @@ - \fBpam_authenticate\fR - function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&. - .PP --The PAM service module may request that the user enter their username vio the the conversation mechanism (see -+The PAM service module may request that the user enter their username via the conversation mechanism (see - \fBpam_start\fR(3) - and - \fBpam_conv\fR(3))\&. The name of the authenticated user will be present in the PAM item PAM_USER\&. This item may be recovered with a call to -@@ -82,7 +82,7 @@ - For some reason the application does not have sufficient credentials to authenticate the user\&. - .RE - .PP --PAM_AUTHINFO_UNVAIL -+PAM_AUTHINFO_UNAVAIL - .RS 4 - The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&. - .RE -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml ---- old/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_authenticate.3.xml 2015-01-09 14:28:29.000000000 +0100 -@@ -37,7 +37,7 @@ - - - The PAM service module may request that the user enter their -- username vio the the conversation mechanism (see -+ username via the conversation mechanism (see - - pam_start3 - and -@@ -109,7 +109,7 @@ - - - -- PAM_AUTHINFO_UNVAIL -+ PAM_AUTHINFO_UNAVAIL - - - The modules were not able to access the authentication -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 new/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 2013-09-19 10:02:27.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_chauthtok.3 2015-01-09 14:32:53.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_chauthtok - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_CHAUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_CHAUTHTOK" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_close_session.3 new/Linux-PAM-1.1.8/doc/man/pam_close_session.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_close_session.3 2013-09-19 10:02:27.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_close_session.3 2015-01-09 14:32:53.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_close_session - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_CLOSE_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_CLOSE_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam.conf.5 new/Linux-PAM-1.1.8/doc/man/pam.conf.5 ---- old/Linux-PAM-1.1.8/doc/man/pam.conf.5 2013-09-19 10:02:26.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam.conf.5 2015-01-09 14:32:52.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam.conf - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_conv.3 new/Linux-PAM-1.1.8/doc/man/pam_conv.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_conv.3 2013-09-19 10:02:27.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_conv.3 2015-01-09 14:32:53.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_conv - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_CONV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_CONV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_end.3 new/Linux-PAM-1.1.8/doc/man/pam_end.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_end.3 2013-09-19 10:02:27.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_end.3 2015-01-09 14:32:54.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_end - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_END" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_END" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_error.3 new/Linux-PAM-1.1.8/doc/man/pam_error.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_error.3 2013-09-19 10:02:28.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_error.3 2015-01-09 14:32:54.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_error - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ERROR" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ERROR" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 new/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 2013-09-19 10:02:28.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_fail_delay.3 2015-01-09 14:32:54.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_fail_delay - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_FAIL_DELAY" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_FAIL_DELAY" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 new/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 2013-09-19 10:02:28.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_get_authtok.3 2015-01-09 14:32:54.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_get_authtok - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_GET_AUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GET_AUTHTOK" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_data.3 new/Linux-PAM-1.1.8/doc/man/pam_get_data.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_get_data.3 2013-09-19 10:02:29.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_get_data.3 2015-01-09 14:32:55.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_get_data - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_GET_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GET_DATA" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_getenv.3 new/Linux-PAM-1.1.8/doc/man/pam_getenv.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_getenv.3 2013-09-19 10:02:29.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_getenv.3 2015-01-09 14:32:55.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_getenv - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_GETENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GETENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 new/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 2013-09-19 10:02:29.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_getenvlist.3 2015-01-09 14:32:56.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_getenvlist - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_GETENVLIST" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GETENVLIST" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_item.3 new/Linux-PAM-1.1.8/doc/man/pam_get_item.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_get_item.3 2013-09-19 10:02:29.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_get_item.3 2015-01-09 14:32:55.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_get_item - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_GET_ITEM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GET_ITEM" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_get_user.3 new/Linux-PAM-1.1.8/doc/man/pam_get_user.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_get_user.3 2013-09-19 10:02:29.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_get_user.3 2015-01-09 14:32:55.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_get_user - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_GET_USER" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_GET_USER" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_info.3 new/Linux-PAM-1.1.8/doc/man/pam_info.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_info.3 2013-09-19 10:02:30.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_info.3 2015-01-09 14:32:56.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_info - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_INFO" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_INFO" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 new/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 2013-09-19 10:02:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_misc_drop_env.3 2015-01-09 14:33:01.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_misc_drop_env - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_MISC_DROP_ENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_MISC_DROP_ENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 new/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 2013-09-19 10:02:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_misc_paste_env.3 2015-01-09 14:33:00.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_misc_paste_env - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_MISC_PASTE_ENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_MISC_PASTE_ENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 new/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 2013-09-19 10:02:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_misc_setenv.3 2015-01-09 14:33:01.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_misc_setenv - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_MISC_SETENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_MISC_SETENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_open_session.3 new/Linux-PAM-1.1.8/doc/man/pam_open_session.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_open_session.3 2013-09-19 10:02:30.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_open_session.3 2015-01-09 14:32:56.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_open_session - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_OPEN_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_OPEN_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_prompt.3 new/Linux-PAM-1.1.8/doc/man/pam_prompt.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_prompt.3 2013-09-19 10:02:30.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_prompt.3 2015-01-09 14:32:56.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_prompt - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_PROMPT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_PROMPT" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -36,10 +36,10 @@ - #include - .fi - .ft --.HP \w'void\ pam_prompt('u --.BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" --.HP \w'void\ pam_vprompt('u --.BI "void pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" -+.HP \w'int\ pam_prompt('u -+.BI "int pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" -+.HP \w'int\ pam_vprompt('u -+.BI "int pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" - .SH "DESCRIPTION" - .PP - The -@@ -61,7 +61,7 @@ - .PP - PAM_SUCCESS - .RS 4 --Transaction was successful created\&. -+Conversation succeded, response is set\&. - .RE - .PP - PAM_SYSTEM_ERR -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml new/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml ---- old/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_prompt.3.xml 2015-01-09 14:28:29.000000000 +0100 -@@ -22,7 +22,7 @@ - - #include <security/pam_ext.h> - -- void pam_prompt -+ int pam_prompt - pam_handle_t *pamh - int style - char **response -@@ -30,7 +30,7 @@ - ... - - -- void pam_vprompt -+ int pam_vprompt - pam_handle_t *pamh - int style - char **response -@@ -75,7 +75,7 @@ - PAM_SUCCESS - - -- Transaction was successful created. -+ Conversation succeded, response is set. - - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_putenv.3 new/Linux-PAM-1.1.8/doc/man/pam_putenv.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_putenv.3 2013-09-19 10:02:31.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_putenv.3 2015-01-09 14:32:57.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_putenv - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_PUTENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_PUTENV" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_setcred.3 new/Linux-PAM-1.1.8/doc/man/pam_setcred.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_setcred.3 2013-09-19 10:02:31.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_setcred.3 2015-01-09 14:32:58.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_setcred - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SETCRED" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SETCRED" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_set_data.3 new/Linux-PAM-1.1.8/doc/man/pam_set_data.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_set_data.3 2013-09-19 10:02:31.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_set_data.3 2015-01-09 14:32:57.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_set_data - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SET_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SET_DATA" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_set_item.3 new/Linux-PAM-1.1.8/doc/man/pam_set_item.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_set_item.3 2013-09-19 10:02:31.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_set_item.3 2015-01-09 14:32:57.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_set_item - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SET_ITEM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SET_ITEM" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 2013-09-19 10:02:32.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_sm_acct_mgmt.3 2015-01-09 14:32:58.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_sm_acct_mgmt - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SM_ACCT_MGMT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SM_ACCT_MGMT" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 2013-09-19 10:02:32.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_sm_authenticate.3 2015-01-09 14:32:58.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_sm_authenticate - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SM_AUTHENTICATE" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SM_AUTHENTICATE" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 2013-09-19 10:02:33.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_sm_chauthtok.3 2015-01-09 14:32:59.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_sm_chauthtok - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SM_CHAUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SM_CHAUTHTOK" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 2013-09-19 10:02:32.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_sm_close_session.3 2015-01-09 14:32:59.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_sm_close_session - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SM_CLOSE_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SM_CLOSE_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 2013-09-19 10:02:32.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_sm_open_session.3 2015-01-09 14:32:59.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_sm_open_session - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SM_OPEN_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SM_OPEN_SESSION" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 new/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 2013-09-19 10:02:33.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_sm_setcred.3 2015-01-09 14:32:59.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_sm_setcred - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SM_SETCRED" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SM_SETCRED" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_start.3 new/Linux-PAM-1.1.8/doc/man/pam_start.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_start.3 2013-09-19 10:02:33.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_start.3 2015-01-09 14:33:00.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_start - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_START" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_START" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_strerror.3 new/Linux-PAM-1.1.8/doc/man/pam_strerror.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_strerror.3 2013-09-19 10:02:33.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_strerror.3 2015-01-09 14:33:00.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_strerror - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_STRERROR" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_STRERROR" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_syslog.3 new/Linux-PAM-1.1.8/doc/man/pam_syslog.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_syslog.3 2013-09-19 10:02:31.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_syslog.3 2015-01-09 14:32:57.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_syslog - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SYSLOG" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_SYSLOG" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 new/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 ---- old/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 2013-09-19 10:02:28.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/man/pam_xauth_data.3 2015-01-09 14:32:54.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_xauth_data - .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_XAUTH_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_XAUTH_DATA" "3" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/mwg/Makefile.am new/Linux-PAM-1.1.8/doc/mwg/Makefile.am ---- old/Linux-PAM-1.1.8/doc/mwg/Makefile.am 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/mwg/Makefile.am 2015-01-09 14:28:29.000000000 +0100 -@@ -57,20 +57,26 @@ - $(mkinstalldirs) $(DESTDIR)$(docdir) - $(mkinstalldirs) $(DESTDIR)$(pdfdir) - $(mkinstalldirs) $(DESTDIR)$(htmldir) -- test -f html/Linux-PAM_MWG.html || exit 0; \ -+ if test -f html/Linux-PAM_MWG.html; then \ - $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \ -- $(DESTDIR)$(htmldir)/ || \ -+ $(DESTDIR)$(htmldir)/; \ -+ elif test -f $(srcdir)/html/Linux-PAM_MWG.html; then \ - $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \ -- $(srcdir)/html/sag-*.html \ -- $(DESTDIR)$(htmldir)/ -- test -f Linux-PAM_MWG.txt || exit 0; \ -- $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \ -+ $(srcdir)/html/mwg-*.html \ -+ $(DESTDIR)$(htmldir)/; \ -+ fi -+ if test -f Linux-PAM_MWG.txt; then \ -+ $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/; \ -+ elif test -f $(srcdir)/Linux-PAM_MWG.txt; then \ - $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \ -- $(DESTDIR)$(docdir)/ -- test -f Linux-PAM_MWG.pdf || exit 0; \ -- $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \ -+ $(DESTDIR)$(docdir)/; \ -+ fi -+ if test -f Linux-PAM_MWG.pdf; then \ -+ $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/; \ -+ elif test -f $(srcdir)/Linux-PAM_MWG.pdf; then \ - $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \ -- $(DESTDIR)$(pdfdir)/ -+ $(DESTDIR)$(pdfdir)/; \ -+ fi - - uninstall-local: - -rm $(DESTDIR)$(htmldir)/Linux-PAM_MWG.html -@@ -80,19 +86,28 @@ - - releasedocs: all - $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html -- test -f html/Linux-PAM_MWG.html || exit 0; \ -+ if test -f html/Linux-PAM_MWG.html; then \ - cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/; \ -+ elif test -f $(srcdir)/html/Linux-PAM_MWG.html; then \ - cp -ap $(srcdir)/html/Linux-PAM_MWG.html \ - $(srcdir)/html/mwg-*.html \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ -- test -f Linux-PAM_MWG.txt || exit 0; \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/; \ -+ else exit 1; \ -+ fi -+ if test -f Linux-PAM_MWG.txt; then \ - cp -p Linux-PAM_MWG.txt \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ -+ elif test -f $(srcdir)/Linux-PAM_MWG.txt; then \ - cp -p $(srcdir)/Linux-PAM_MWG.txt \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ -- test -f Linux-PAM_MWG.pdf || exit 0; \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ -+ else exit 1; \ -+ fi -+ if test -f Linux-PAM_MWG.pdf; then \ - cp -p Linux-PAM_MWG.pdf \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ -+ elif test -f $(srcdir)/Linux-PAM_MWG.pdf; then \ - cp -p $(srcdir)/Linux-PAM_MWG.pdf \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/; \ -+ else exit 1; \ -+ fi -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/sag/Makefile.am new/Linux-PAM-1.1.8/doc/sag/Makefile.am ---- old/Linux-PAM-1.1.8/doc/sag/Makefile.am 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/sag/Makefile.am 2015-01-09 14:28:29.000000000 +0100 -@@ -57,20 +57,26 @@ - $(mkinstalldirs) $(DESTDIR)$(docdir) - $(mkinstalldirs) $(DESTDIR)$(pdfdir) - $(mkinstalldirs) $(DESTDIR)$(htmldir) -- test -f html/Linux-PAM_SAG.html || exit 0; \ -+ if test -f html/Linux-PAM_SAG.html; then \ - $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \ -- $(DESTDIR)$(htmldir)/ || \ -+ $(DESTDIR)$(htmldir)/; \ -+ elif test -f $(srcdir)/html/Linux-PAM_SAG.html; then \ - $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \ - $(srcdir)/html/sag-*.html \ -- $(DESTDIR)$(htmldir)/ -- test -f Linux-PAM_SAG.txt || exit 0; \ -- $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \ -+ $(DESTDIR)$(htmldir)/; \ -+ fi -+ if test -f Linux-PAM_SAG.txt; then \ -+ $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/; \ -+ elif test -f $(srcdir)/Linux-PAM_SAG.txt; then \ - $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \ -- $(DESTDIR)$(docdir)/ -- test -f Linux-PAM_SAG.pdf || exit 0; \ -- $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \ -+ $(DESTDIR)$(docdir)/; \ -+ fi -+ if test -f Linux-PAM_SAG.pdf; then \ -+ $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/; \ -+ elif test -f $(srcdir)/Linux-PAM_SAG.pdf; then \ - $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \ -- $(DESTDIR)$(pdfdir)/ -+ $(DESTDIR)$(pdfdir)/; \ -+ fi - - uninstall-local: - -rm $(DESTDIR)$(htmldir)/Linux-PAM_SAG.html -@@ -80,19 +86,28 @@ - - releasedocs: all - $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html -- test -f html/Linux-PAM_SAG.html || exit 0; \ -+ if test -f html/Linux-PAM_SAG.html; then \ - cp -ap html/Linux-PAM_SAG.html html/sag-*.html \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/; \ -+ elif test -f $(srcdir)/html/Linux-PAM_SAG.html; then \ - cp -ap $(srcdir)/html/Linux-PAM_SAG.html \ - $(srcdir)/html/sag-*.html \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ -- test -f Linux-PAM_SAG.txt || exit 0; \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/; \ -+ else exit 1; \ -+ fi -+ if test -f Linux-PAM_SAG.txt; then \ - cp -p Linux-PAM_SAG.txt \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ -+ elif test -f $(srcdir)/Linux-PAM_SAG.txt; then \ - cp -p $(srcdir)/Linux-PAM_SAG.txt \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ -- test -f Linux-PAM_SAG.pdf || exit 0; \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ -+ else exit 1; \ -+ fi -+ if test -f Linux-PAM_SAG.pdf; then \ - cp -p Linux-PAM_SAG.pdf \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ -+ elif test -f $(srcdir)/Linux-PAM_SAG.pdf; then \ - cp -p $(srcdir)/Linux-PAM_SAG.pdf \ -- $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ -+ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/; \ -+ else exit 1; \ -+ fi -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/Makefile.am new/Linux-PAM-1.1.8/doc/specs/Makefile.am ---- old/Linux-PAM-1.1.8/doc/specs/Makefile.am 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/specs/Makefile.am 2015-01-09 14:28:29.000000000 +0100 -@@ -12,6 +12,7 @@ - AM_YFLAGS = -d - - CC = @CC_FOR_BUILD@ -+CPPFLAGS = @BUILD_CPPFLAGS@ - CFLAGS = @BUILD_CFLAGS@ - LDFLAGS = @BUILD_LDFLAGS@ - -@@ -21,6 +22,4 @@ - - padout_SOURCES = parse_l.l parse_y.y - --padout_LDADD = @LEXLIB@ -- - doc_DATA = draft-morgan-pam-current.txt rfc86.0.txt -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_l.c new/Linux-PAM-1.1.8/doc/specs/parse_l.c ---- old/Linux-PAM-1.1.8/doc/specs/parse_l.c 2013-09-19 10:02:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/specs/parse_l.c 2015-01-09 14:33:01.000000000 +0100 -@@ -8,7 +8,7 @@ - #define FLEX_SCANNER - #define YY_FLEX_MAJOR_VERSION 2 - #define YY_FLEX_MINOR_VERSION 5 --#define YY_FLEX_SUBMINOR_VERSION 35 -+#define YY_FLEX_SUBMINOR_VERSION 37 - #if YY_FLEX_SUBMINOR_VERSION > 0 - #define FLEX_BETA - #endif -@@ -53,7 +53,6 @@ - typedef unsigned char flex_uint8_t; - typedef unsigned short int flex_uint16_t; - typedef unsigned int flex_uint32_t; --#endif /* ! C99 */ - - /* Limits of integral types. */ - #ifndef INT8_MIN -@@ -84,6 +83,8 @@ - #define UINT32_MAX (4294967295U) - #endif - -+#endif /* ! C99 */ -+ - #endif /* ! FLEXINT_H */ - - #ifdef __cplusplus -@@ -152,7 +153,12 @@ - typedef struct yy_buffer_state *YY_BUFFER_STATE; - #endif - --extern int yyleng; -+#ifndef YY_TYPEDEF_YY_SIZE_T -+#define YY_TYPEDEF_YY_SIZE_T -+typedef size_t yy_size_t; -+#endif -+ -+extern yy_size_t yyleng; - - extern FILE *yyin, *yyout; - -@@ -178,11 +184,6 @@ - - #define unput(c) yyunput( c, (yytext_ptr) ) - --#ifndef YY_TYPEDEF_YY_SIZE_T --#define YY_TYPEDEF_YY_SIZE_T --typedef size_t yy_size_t; --#endif -- - #ifndef YY_STRUCT_YY_BUFFER_STATE - #define YY_STRUCT_YY_BUFFER_STATE - struct yy_buffer_state -@@ -200,7 +201,7 @@ - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ -- int yy_n_chars; -+ yy_size_t yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to -@@ -270,8 +271,8 @@ - - /* yy_hold_char holds the character lost when yytext is formed. */ - static char yy_hold_char; --static int yy_n_chars; /* number of characters read into yy_ch_buf */ --int yyleng; -+static yy_size_t yy_n_chars; /* number of characters read into yy_ch_buf */ -+yy_size_t yyleng; - - /* Points to current character in buffer. */ - static char *yy_c_buf_p = (char *) 0; -@@ -299,7 +300,7 @@ - - YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); - YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); --YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); -+YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,yy_size_t len ); - - void *yyalloc (yy_size_t ); - void *yyrealloc (void *,yy_size_t ); -@@ -331,6 +332,9 @@ - - /* Begin user sect3 */ - -+#define yywrap() 1 -+#define YY_SKIP_YYWRAP -+ - typedef unsigned char YY_CHAR; - - FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -@@ -465,7 +469,7 @@ - #include - - #include "parse_y.h" --#line 469 "parse_l.c" -+#line 473 "parse_l.c" - - #define INITIAL 0 - -@@ -504,7 +508,7 @@ - - void yyset_out (FILE * out_str ); - --int yyget_leng (void ); -+yy_size_t yyget_leng (void ); - - char *yyget_text (void ); - -@@ -554,7 +558,7 @@ - /* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ --#define ECHO fwrite( yytext, yyleng, 1, yyout ) -+#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) - #endif - - /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, -@@ -565,7 +569,7 @@ - if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ - { \ - int c = '*'; \ -- int n; \ -+ size_t n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ -@@ -647,10 +651,10 @@ - register char *yy_cp, *yy_bp; - register int yy_act; - --#line 11 "parse_l.l" -+#line 12 "parse_l.l" - - --#line 654 "parse_l.c" -+#line 658 "parse_l.c" - - if ( !(yy_init) ) - { -@@ -735,46 +739,46 @@ - - case 1: - YY_RULE_SETUP --#line 13 "parse_l.l" -+#line 14 "parse_l.l" - return NEW_COUNTER; - YY_BREAK - case 2: - YY_RULE_SETUP --#line 14 "parse_l.l" -+#line 15 "parse_l.l" - return LABEL; - YY_BREAK - case 3: - YY_RULE_SETUP --#line 15 "parse_l.l" -+#line 16 "parse_l.l" - return NO_INDENT; - YY_BREAK - case 4: - YY_RULE_SETUP --#line 16 "parse_l.l" -+#line 17 "parse_l.l" - return RIGHT; - YY_BREAK - case 5: - YY_RULE_SETUP --#line 17 "parse_l.l" -+#line 18 "parse_l.l" - return HASH; - YY_BREAK - case 6: - YY_RULE_SETUP --#line 18 "parse_l.l" -+#line 19 "parse_l.l" - return CHAR; - YY_BREAK - case 7: - /* rule 7 can match eol */ - YY_RULE_SETUP --#line 19 "parse_l.l" -+#line 20 "parse_l.l" - return NEWLINE; - YY_BREAK - case 8: - YY_RULE_SETUP --#line 21 "parse_l.l" -+#line 22 "parse_l.l" - ECHO; - YY_BREAK --#line 778 "parse_l.c" -+#line 782 "parse_l.c" - case YY_STATE_EOF(INITIAL): - yyterminate(); - -@@ -960,21 +964,21 @@ - - else - { -- int num_to_read = -+ yy_size_t num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ - - /* just a shorter name for the current buffer */ -- YY_BUFFER_STATE b = YY_CURRENT_BUFFER; -+ YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; - - int yy_c_buf_p_offset = - (int) ((yy_c_buf_p) - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { -- int new_size = b->yy_buf_size * 2; -+ yy_size_t new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; -@@ -1005,7 +1009,7 @@ - - /* Read in more data. */ - YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), -- (yy_n_chars), (size_t) num_to_read ); -+ (yy_n_chars), num_to_read ); - - YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); - } -@@ -1100,7 +1104,7 @@ - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 18); - -- return yy_is_jam ? 0 : yy_current_state; -+ return yy_is_jam ? 0 : yy_current_state; - } - - static void yyunput (int c, register char * yy_bp ) -@@ -1115,7 +1119,7 @@ - if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ -- register int number_to_move = (yy_n_chars) + 2; -+ register yy_size_t number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ - YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = -@@ -1164,7 +1168,7 @@ - - else - { /* need more input */ -- int offset = (yy_c_buf_p) - (yytext_ptr); -+ yy_size_t offset = (yy_c_buf_p) - (yytext_ptr); - ++(yy_c_buf_p); - - switch ( yy_get_next_buffer( ) ) -@@ -1324,10 +1328,6 @@ - yyfree((void *) b ); - } - --#ifndef __cplusplus --extern int isatty (int ); --#endif /* __cplusplus */ -- - /* Initializes or reinitializes a buffer. - * This function is sometimes called more than once on the same buffer, - * such as during a yyrestart() or at EOF. -@@ -1440,7 +1440,7 @@ - */ - static void yyensure_buffer_stack (void) - { -- int num_to_alloc; -+ yy_size_t num_to_alloc; - - if (!(yy_buffer_stack)) { - -@@ -1532,12 +1532,12 @@ - - /** Setup the input buffer state to scan the given bytes. The next call to yylex() will - * scan from a @e copy of @a bytes. -- * @param bytes the byte buffer to scan -- * @param len the number of bytes in the buffer pointed to by @a bytes. -+ * @param yybytes the byte buffer to scan -+ * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. - * - * @return the newly allocated buffer state object. - */ --YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) -+YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len ) - { - YY_BUFFER_STATE b; - char *buf; -@@ -1624,7 +1624,7 @@ - /** Get the length of the current token. - * - */ --int yyget_leng (void) -+yy_size_t yyget_leng (void) - { - return yyleng; - } -@@ -1772,7 +1772,7 @@ - - #define YYTABLES_NAME "yytables" - --#line 21 "parse_l.l" -+#line 22 "parse_l.l" - - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_l.l new/Linux-PAM-1.1.8/doc/specs/parse_l.l ---- old/Linux-PAM-1.1.8/doc/specs/parse_l.l 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/specs/parse_l.l 2015-01-09 14:28:29.000000000 +0100 -@@ -8,6 +8,7 @@ - #include "parse_y.h" - %} - -+%option noyywrap - %% - - \#[\$]+[a-zA-Z]*(\=[0-9]+)? return NEW_COUNTER; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_y.c new/Linux-PAM-1.1.8/doc/specs/parse_y.c ---- old/Linux-PAM-1.1.8/doc/specs/parse_y.c 2013-09-19 10:02:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/specs/parse_y.c 2015-01-09 14:33:01.000000000 +0100 -@@ -1,24 +1,21 @@ --/* A Bison parser, made by GNU Bison 2.3. */ -+/* A Bison parser, made by GNU Bison 2.7. */ - --/* Skeleton implementation for Bison's Yacc-like parsers in C -- -- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 -- Free Software Foundation, Inc. -- -- This program is free software; you can redistribute it and/or modify -+/* Bison implementation for Yacc-like parsers in C -+ -+ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 2, or (at your option) -- any later version. -- -+ the Free Software Foundation, either version 3 of the License, or -+ (at your option) any later version. -+ - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. -- -+ - You should have received a copy of the GNU General Public License -- along with this program; if not, write to the Free Software -- Foundation, Inc., 51 Franklin Street, Fifth Floor, -- Boston, MA 02110-1301, USA. */ -+ along with this program. If not, see . */ - - /* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work -@@ -29,7 +26,7 @@ - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. -- -+ - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -@@ -47,7 +44,7 @@ - #define YYBISON 1 - - /* Bison version. */ --#define YYBISON_VERSION "2.3" -+#define YYBISON_VERSION "2.7" - - /* Skeleton name. */ - #define YYSKELETON_NAME "yacc.c" -@@ -55,39 +52,17 @@ - /* Pure parsers. */ - #define YYPURE 0 - --/* Using locations. */ --#define YYLSP_NEEDED 0 -- -- -+/* Push parsers. */ -+#define YYPUSH 0 - --/* Tokens. */ --#ifndef YYTOKENTYPE --# define YYTOKENTYPE -- /* Put the tokens into the symbol table, so that GDB and other debuggers -- know about them. */ -- enum yytokentype { -- NEW_COUNTER = 258, -- LABEL = 259, -- HASH = 260, -- CHAR = 261, -- NEWLINE = 262, -- NO_INDENT = 263, -- RIGHT = 264 -- }; --#endif --/* Tokens. */ --#define NEW_COUNTER 258 --#define LABEL 259 --#define HASH 260 --#define CHAR 261 --#define NEWLINE 262 --#define NO_INDENT 263 --#define RIGHT 264 -+/* Pull parsers. */ -+#define YYPULL 1 - - - - - /* Copy the first part of user declarations. */ -+/* Line 371 of yacc.c */ - #line 2 "parse_y.y" - - #ifdef HAVE_CONFIG_H -@@ -113,11 +88,16 @@ - extern void set_label(const char *label, const char *target); - char *new_counter(const char *key); - -+/* Line 371 of yacc.c */ -+#line 93 "parse_y.c" - --/* Enabling traces. */ --#ifndef YYDEBUG --# define YYDEBUG 0 --#endif -+# ifndef YY_NULL -+# if defined __cplusplus && 201103L <= __cplusplus -+# define YY_NULL nullptr -+# else -+# define YY_NULL 0 -+# endif -+# endif - - /* Enabling verbose error messages. */ - #ifdef YYERROR_VERBOSE -@@ -127,33 +107,84 @@ - # define YYERROR_VERBOSE 0 - #endif - --/* Enabling the token table. */ --#ifndef YYTOKEN_TABLE --# define YYTOKEN_TABLE 0 -+/* In a future release of Bison, this section will be replaced -+ by #include "y.tab.h". */ -+#ifndef YY_YY_PARSE_Y_H_INCLUDED -+# define YY_YY_PARSE_Y_H_INCLUDED -+/* Enabling traces. */ -+#ifndef YYDEBUG -+# define YYDEBUG 0 -+#endif -+#if YYDEBUG -+extern int yydebug; - #endif - -+/* Tokens. */ -+#ifndef YYTOKENTYPE -+# define YYTOKENTYPE -+ /* Put the tokens into the symbol table, so that GDB and other debuggers -+ know about them. */ -+ enum yytokentype { -+ NEW_COUNTER = 258, -+ LABEL = 259, -+ HASH = 260, -+ CHAR = 261, -+ NEWLINE = 262, -+ NO_INDENT = 263, -+ RIGHT = 264 -+ }; -+#endif -+/* Tokens. */ -+#define NEW_COUNTER 258 -+#define LABEL 259 -+#define HASH 260 -+#define CHAR 261 -+#define NEWLINE 262 -+#define NO_INDENT 263 -+#define RIGHT 264 -+ -+ -+ - #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - typedef union YYSTYPE --#line 27 "parse_y.y" - { -+/* Line 387 of yacc.c */ -+#line 27 "parse_y.y" -+ - int def; - char *string; --} --/* Line 187 of yacc.c. */ --#line 144 "parse_y.c" -- YYSTYPE; -+ -+ -+/* Line 387 of yacc.c */ -+#line 160 "parse_y.c" -+} YYSTYPE; -+# define YYSTYPE_IS_TRIVIAL 1 - # define yystype YYSTYPE /* obsolescent; will be withdrawn */ - # define YYSTYPE_IS_DECLARED 1 --# define YYSTYPE_IS_TRIVIAL 1 - #endif - -+extern YYSTYPE yylval; - -+#ifdef YYPARSE_PARAM -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void *YYPARSE_PARAM); -+#else -+int yyparse (); -+#endif -+#else /* ! YYPARSE_PARAM */ -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void); -+#else -+int yyparse (); -+#endif -+#endif /* ! YYPARSE_PARAM */ - --/* Copy the second part of user declarations. */ -+#endif /* !YY_YY_PARSE_Y_H_INCLUDED */ - -+/* Copy the second part of user declarations. */ - --/* Line 216 of yacc.c. */ --#line 157 "parse_y.c" -+/* Line 390 of yacc.c */ -+#line 188 "parse_y.c" - - #ifdef short - # undef short -@@ -203,39 +234,39 @@ - #define YYSIZE_MAXIMUM ((YYSIZE_T) -1) - - #ifndef YY_ --# if YYENABLE_NLS -+# if defined YYENABLE_NLS && YYENABLE_NLS - # if ENABLE_NLS - # include /* INFRINGES ON USER NAME SPACE */ --# define YY_(msgid) dgettext ("bison-runtime", msgid) -+# define YY_(Msgid) dgettext ("bison-runtime", Msgid) - # endif - # endif - # ifndef YY_ --# define YY_(msgid) msgid -+# define YY_(Msgid) Msgid - # endif - #endif - - /* Suppress unused-variable warnings by "using" E. */ - #if ! defined lint || defined __GNUC__ --# define YYUSE(e) ((void) (e)) -+# define YYUSE(E) ((void) (E)) - #else --# define YYUSE(e) /* empty */ -+# define YYUSE(E) /* empty */ - #endif - - /* Identity function, used to suppress warnings about constant conditions. */ - #ifndef lint --# define YYID(n) (n) -+# define YYID(N) (N) - #else - #if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - static int --YYID (int i) -+YYID (int yyi) - #else - static int --YYID (i) -- int i; -+YYID (yyi) -+ int yyi; - #endif - { -- return i; -+ return yyi; - } - #endif - -@@ -256,11 +287,12 @@ - # define alloca _alloca - # else - # define YYSTACK_ALLOC alloca --# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ -+# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - # include /* INFRINGES ON USER NAME SPACE */ --# ifndef _STDLIB_H --# define _STDLIB_H 1 -+ /* Use EXIT_SUCCESS as a witness for stdlib.h. */ -+# ifndef EXIT_SUCCESS -+# define EXIT_SUCCESS 0 - # endif - # endif - # endif -@@ -283,24 +315,24 @@ - # ifndef YYSTACK_ALLOC_MAXIMUM - # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM - # endif --# if (defined __cplusplus && ! defined _STDLIB_H \ -+# if (defined __cplusplus && ! defined EXIT_SUCCESS \ - && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) - # include /* INFRINGES ON USER NAME SPACE */ --# ifndef _STDLIB_H --# define _STDLIB_H 1 -+# ifndef EXIT_SUCCESS -+# define EXIT_SUCCESS 0 - # endif - # endif - # ifndef YYMALLOC - # define YYMALLOC malloc --# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ -+# if ! defined malloc && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ - # endif - # endif - # ifndef YYFREE - # define YYFREE free --# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ -+# if ! defined free && ! defined EXIT_SUCCESS && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - void free (void *); /* INFRINGES ON USER NAME SPACE */ - # endif -@@ -316,9 +348,9 @@ - /* A type that is properly aligned for any stack member. */ - union yyalloc - { -- yytype_int16 yyss; -- YYSTYPE yyvs; -- }; -+ yytype_int16 yyss_alloc; -+ YYSTYPE yyvs_alloc; -+}; - - /* The size of the maximum gap between one aligned stack and the next. */ - # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) -@@ -329,35 +361,19 @@ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ - + YYSTACK_GAP_MAXIMUM) - --/* Copy COUNT objects from FROM to TO. The source and destination do -- not overlap. */ --# ifndef YYCOPY --# if defined __GNUC__ && 1 < __GNUC__ --# define YYCOPY(To, From, Count) \ -- __builtin_memcpy (To, From, (Count) * sizeof (*(From))) --# else --# define YYCOPY(To, From, Count) \ -- do \ -- { \ -- YYSIZE_T yyi; \ -- for (yyi = 0; yyi < (Count); yyi++) \ -- (To)[yyi] = (From)[yyi]; \ -- } \ -- while (YYID (0)) --# endif --# endif -+# define YYCOPY_NEEDED 1 - - /* Relocate STACK from its old location to the new one. The - local variables YYSIZE and YYSTACKSIZE give the old and new number of - elements in the stack, and YYPTR gives the new location of the - stack. Advance YYPTR to a properly aligned location for the next - stack. */ --# define YYSTACK_RELOCATE(Stack) \ -+# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ -- YYCOPY (&yyptr->Stack, Stack, yysize); \ -- Stack = &yyptr->Stack; \ -+ YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ -+ Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ -@@ -365,6 +381,26 @@ - - #endif - -+#if defined YYCOPY_NEEDED && YYCOPY_NEEDED -+/* Copy COUNT objects from SRC to DST. The source and destination do -+ not overlap. */ -+# ifndef YYCOPY -+# if defined __GNUC__ && 1 < __GNUC__ -+# define YYCOPY(Dst, Src, Count) \ -+ __builtin_memcpy (Dst, Src, (Count) * sizeof (*(Src))) -+# else -+# define YYCOPY(Dst, Src, Count) \ -+ do \ -+ { \ -+ YYSIZE_T yyi; \ -+ for (yyi = 0; yyi < (Count); yyi++) \ -+ (Dst)[yyi] = (Src)[yyi]; \ -+ } \ -+ while (YYID (0)) -+# endif -+# endif -+#endif /* !YYCOPY_NEEDED */ -+ - /* YYFINAL -- State number of the termination state. */ - #define YYFINAL 2 - /* YYLAST -- Last index in YYTABLE. */ -@@ -445,13 +481,13 @@ - }; - #endif - --#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE -+#if YYDEBUG || YYERROR_VERBOSE || 0 - /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. - First, the terminals, then, starting at YYNTOKENS, nonterminals. */ - static const char *const yytname[] = - { - "$end", "error", "$undefined", "NEW_COUNTER", "LABEL", "HASH", "CHAR", -- "NEWLINE", "NO_INDENT", "RIGHT", "$accept", "doc", "stuff", "text", 0 -+ "NEWLINE", "NO_INDENT", "RIGHT", "$accept", "doc", "stuff", "text", YY_NULL - }; - #endif - -@@ -478,8 +514,8 @@ - 1, 2, 1, 1, 1, 1 - }; - --/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state -- STATE-NUM when YYTABLE doesn't specify something else to do. Zero -+/* YYDEFACT[STATE-NAME] -- Default reduction number in state STATE-NUM. -+ Performed when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ - static const yytype_uint8 yydefact[] = - { -@@ -510,8 +546,7 @@ - - /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which -- number is the opposite. If zero, do what YYDEFACT says. -- If YYTABLE_NINF, syntax error. */ -+ number is the opposite. If YYTABLE_NINF, syntax error. */ - #define YYTABLE_NINF -1 - static const yytype_uint8 yytable[] = - { -@@ -520,6 +555,12 @@ - 10, 16, 13, 14, 0, 0, 0, 17 - }; - -+#define yypact_value_is_default(Yystate) \ -+ (!!((Yystate) == (-3))) -+ -+#define yytable_value_is_error(Yytable_value) \ -+ YYID (0) -+ - static const yytype_int8 yycheck[] = - { - 0, 3, 4, 5, 6, 7, 8, 7, 3, 4, -@@ -547,78 +588,50 @@ - - /* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. -- Once GCC version 2 has supplanted version 1, this can go. */ -+ Once GCC version 2 has supplanted version 1, this can go. However, -+ YYFAIL appears to be in use. Nevertheless, it is formally deprecated -+ in Bison 2.4.2's NEWS entry, where a plan to phase it out is -+ discussed. */ - - #define YYFAIL goto yyerrlab -+#if defined YYFAIL -+ /* This is here to suppress warnings from the GCC cpp's -+ -Wunused-macros. Normally we don't worry about that warning, but -+ some users do, and we want to make it easy for users to remove -+ YYFAIL uses, which will produce warnings from Bison 2.5. */ -+#endif - - #define YYRECOVERING() (!!yyerrstatus) - --#define YYBACKUP(Token, Value) \ --do \ -- if (yychar == YYEMPTY && yylen == 1) \ -- { \ -- yychar = (Token); \ -- yylval = (Value); \ -- yytoken = YYTRANSLATE (yychar); \ -- YYPOPSTACK (1); \ -- goto yybackup; \ -- } \ -- else \ -- { \ -+#define YYBACKUP(Token, Value) \ -+do \ -+ if (yychar == YYEMPTY) \ -+ { \ -+ yychar = (Token); \ -+ yylval = (Value); \ -+ YYPOPSTACK (yylen); \ -+ yystate = *yyssp; \ -+ goto yybackup; \ -+ } \ -+ else \ -+ { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ - while (YYID (0)) - -- -+/* Error token number */ - #define YYTERROR 1 - #define YYERRCODE 256 - - --/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. -- If N is 0, then set CURRENT to the empty location which ends -- the previous symbol: RHS[0] (always defined). */ -- --#define YYRHSLOC(Rhs, K) ((Rhs)[K]) --#ifndef YYLLOC_DEFAULT --# define YYLLOC_DEFAULT(Current, Rhs, N) \ -- do \ -- if (YYID (N)) \ -- { \ -- (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ -- (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ -- (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ -- (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ -- } \ -- else \ -- { \ -- (Current).first_line = (Current).last_line = \ -- YYRHSLOC (Rhs, 0).last_line; \ -- (Current).first_column = (Current).last_column = \ -- YYRHSLOC (Rhs, 0).last_column; \ -- } \ -- while (YYID (0)) --#endif -- -- --/* YY_LOCATION_PRINT -- Print the location on the stream. -- This macro was not mandated originally: define only if we know -- we won't break user code: when these are the locations we know. */ -- -+/* This macro is provided for backward compatibility. */ - #ifndef YY_LOCATION_PRINT --# if YYLTYPE_IS_TRIVIAL --# define YY_LOCATION_PRINT(File, Loc) \ -- fprintf (File, "%d.%d-%d.%d", \ -- (Loc).first_line, (Loc).first_column, \ -- (Loc).last_line, (Loc).last_column) --# else --# define YY_LOCATION_PRINT(File, Loc) ((void) 0) --# endif -+# define YY_LOCATION_PRINT(File, Loc) ((void) 0) - #endif - - - /* YYLEX -- calling `yylex' with the right arguments. */ -- - #ifdef YYLEX_PARAM - # define YYLEX yylex (YYLEX_PARAM) - #else -@@ -668,6 +681,8 @@ - YYSTYPE const * const yyvaluep; - #endif - { -+ FILE *yyo = yyoutput; -+ YYUSE (yyo); - if (!yyvaluep) - return; - # ifdef YYPRINT -@@ -679,7 +694,7 @@ - switch (yytype) - { - default: -- break; -+ break; - } - } - -@@ -717,17 +732,20 @@ - #if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) - static void --yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) -+yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) - #else - static void --yy_stack_print (bottom, top) -- yytype_int16 *bottom; -- yytype_int16 *top; -+yy_stack_print (yybottom, yytop) -+ yytype_int16 *yybottom; -+ yytype_int16 *yytop; - #endif - { - YYFPRINTF (stderr, "Stack now"); -- for (; bottom <= top; ++bottom) -- YYFPRINTF (stderr, " %d", *bottom); -+ for (; yybottom <= yytop; yybottom++) -+ { -+ int yybot = *yybottom; -+ YYFPRINTF (stderr, " %d", yybot); -+ } - YYFPRINTF (stderr, "\n"); - } - -@@ -761,11 +779,11 @@ - /* The symbols being reduced. */ - for (yyi = 0; yyi < yynrhs; yyi++) - { -- fprintf (stderr, " $%d = ", yyi + 1); -+ YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - ); -- fprintf (stderr, "\n"); -+ YYFPRINTF (stderr, "\n"); - } - } - -@@ -802,7 +820,6 @@ - # define YYMAXDEPTH 10000 - #endif - -- - - #if YYERROR_VERBOSE - -@@ -905,115 +922,145 @@ - } - # endif - --/* Copy into YYRESULT an error message about the unexpected token -- YYCHAR while in state YYSTATE. Return the number of bytes copied, -- including the terminating null byte. If YYRESULT is null, do not -- copy anything; just return the number of bytes that would be -- copied. As a special case, return 0 if an ordinary "syntax error" -- message will do. Return YYSIZE_MAXIMUM if overflow occurs during -- size calculation. */ --static YYSIZE_T --yysyntax_error (char *yyresult, int yystate, int yychar) -+/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message -+ about the unexpected token YYTOKEN for the state stack whose top is -+ YYSSP. -+ -+ Return 0 if *YYMSG was successfully written. Return 1 if *YYMSG is -+ not large enough to hold the message. In that case, also set -+ *YYMSG_ALLOC to the required number of bytes. Return 2 if the -+ required number of bytes is too large to store. */ -+static int -+yysyntax_error (YYSIZE_T *yymsg_alloc, char **yymsg, -+ yytype_int16 *yyssp, int yytoken) - { -- int yyn = yypact[yystate]; -- -- if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) -- return 0; -- else -- { -- int yytype = YYTRANSLATE (yychar); -- YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); -- YYSIZE_T yysize = yysize0; -- YYSIZE_T yysize1; -- int yysize_overflow = 0; -- enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; -- char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; -- int yyx; -- --# if 0 -- /* This is so xgettext sees the translatable formats that are -- constructed on the fly. */ -- YY_("syntax error, unexpected %s"); -- YY_("syntax error, unexpected %s, expecting %s"); -- YY_("syntax error, unexpected %s, expecting %s or %s"); -- YY_("syntax error, unexpected %s, expecting %s or %s or %s"); -- YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); --# endif -- char *yyfmt; -- char const *yyf; -- static char const yyunexpected[] = "syntax error, unexpected %s"; -- static char const yyexpecting[] = ", expecting %s"; -- static char const yyor[] = " or %s"; -- char yyformat[sizeof yyunexpected -- + sizeof yyexpecting - 1 -- + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) -- * (sizeof yyor - 1))]; -- char const *yyprefix = yyexpecting; -- -- /* Start YYX at -YYN if negative to avoid negative indexes in -- YYCHECK. */ -- int yyxbegin = yyn < 0 ? -yyn : 0; -- -- /* Stay within bounds of both yycheck and yytname. */ -- int yychecklim = YYLAST - yyn + 1; -- int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; -- int yycount = 1; -- -- yyarg[0] = yytname[yytype]; -- yyfmt = yystpcpy (yyformat, yyunexpected); -- -- for (yyx = yyxbegin; yyx < yyxend; ++yyx) -- if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) -- { -- if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) -- { -- yycount = 1; -- yysize = yysize0; -- yyformat[sizeof yyunexpected - 1] = '\0'; -- break; -- } -- yyarg[yycount++] = yytname[yyx]; -- yysize1 = yysize + yytnamerr (0, yytname[yyx]); -- yysize_overflow |= (yysize1 < yysize); -- yysize = yysize1; -- yyfmt = yystpcpy (yyfmt, yyprefix); -- yyprefix = yyor; -- } -- -- yyf = YY_(yyformat); -- yysize1 = yysize + yystrlen (yyf); -- yysize_overflow |= (yysize1 < yysize); -- yysize = yysize1; -- -- if (yysize_overflow) -- return YYSIZE_MAXIMUM; -- -- if (yyresult) -- { -- /* Avoid sprintf, as that infringes on the user's name space. -- Don't have undefined behavior even if the translation -- produced a string with the wrong number of "%s"s. */ -- char *yyp = yyresult; -- int yyi = 0; -- while ((*yyp = *yyf) != '\0') -- { -- if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) -- { -- yyp += yytnamerr (yyp, yyarg[yyi++]); -- yyf += 2; -- } -- else -- { -- yyp++; -- yyf++; -- } -- } -- } -- return yysize; -- } -+ YYSIZE_T yysize0 = yytnamerr (YY_NULL, yytname[yytoken]); -+ YYSIZE_T yysize = yysize0; -+ enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; -+ /* Internationalized format string. */ -+ const char *yyformat = YY_NULL; -+ /* Arguments of yyformat. */ -+ char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; -+ /* Number of reported tokens (one for the "unexpected", one per -+ "expected"). */ -+ int yycount = 0; -+ -+ /* There are many possibilities here to consider: -+ - Assume YYFAIL is not used. It's too flawed to consider. See -+ -+ for details. YYERROR is fine as it does not invoke this -+ function. -+ - If this state is a consistent state with a default action, then -+ the only way this function was invoked is if the default action -+ is an error action. In that case, don't check for expected -+ tokens because there are none. -+ - The only way there can be no lookahead present (in yychar) is if -+ this state is a consistent state with a default action. Thus, -+ detecting the absence of a lookahead is sufficient to determine -+ that there is no unexpected or expected token to report. In that -+ case, just report a simple "syntax error". -+ - Don't assume there isn't a lookahead just because this state is a -+ consistent state with a default action. There might have been a -+ previous inconsistent state, consistent state with a non-default -+ action, or user semantic action that manipulated yychar. -+ - Of course, the expected token list depends on states to have -+ correct lookahead information, and it depends on the parser not -+ to perform extra reductions after fetching a lookahead from the -+ scanner and before detecting a syntax error. Thus, state merging -+ (from LALR or IELR) and default reductions corrupt the expected -+ token list. However, the list is correct for canonical LR with -+ one exception: it will still contain any token that will not be -+ accepted due to an error action in a later state. -+ */ -+ if (yytoken != YYEMPTY) -+ { -+ int yyn = yypact[*yyssp]; -+ yyarg[yycount++] = yytname[yytoken]; -+ if (!yypact_value_is_default (yyn)) -+ { -+ /* Start YYX at -YYN if negative to avoid negative indexes in -+ YYCHECK. In other words, skip the first -YYN actions for -+ this state because they are default actions. */ -+ int yyxbegin = yyn < 0 ? -yyn : 0; -+ /* Stay within bounds of both yycheck and yytname. */ -+ int yychecklim = YYLAST - yyn + 1; -+ int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; -+ int yyx; -+ -+ for (yyx = yyxbegin; yyx < yyxend; ++yyx) -+ if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR -+ && !yytable_value_is_error (yytable[yyx + yyn])) -+ { -+ if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) -+ { -+ yycount = 1; -+ yysize = yysize0; -+ break; -+ } -+ yyarg[yycount++] = yytname[yyx]; -+ { -+ YYSIZE_T yysize1 = yysize + yytnamerr (YY_NULL, yytname[yyx]); -+ if (! (yysize <= yysize1 -+ && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) -+ return 2; -+ yysize = yysize1; -+ } -+ } -+ } -+ } -+ -+ switch (yycount) -+ { -+# define YYCASE_(N, S) \ -+ case N: \ -+ yyformat = S; \ -+ break -+ YYCASE_(0, YY_("syntax error")); -+ YYCASE_(1, YY_("syntax error, unexpected %s")); -+ YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); -+ YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); -+ YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); -+ YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); -+# undef YYCASE_ -+ } -+ -+ { -+ YYSIZE_T yysize1 = yysize + yystrlen (yyformat); -+ if (! (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)) -+ return 2; -+ yysize = yysize1; -+ } -+ -+ if (*yymsg_alloc < yysize) -+ { -+ *yymsg_alloc = 2 * yysize; -+ if (! (yysize <= *yymsg_alloc -+ && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) -+ *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; -+ return 1; -+ } -+ -+ /* Avoid sprintf, as that infringes on the user's name space. -+ Don't have undefined behavior even if the translation -+ produced a string with the wrong number of "%s"s. */ -+ { -+ char *yyp = *yymsg; -+ int yyi = 0; -+ while ((*yyp = *yyformat) != '\0') -+ if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) -+ { -+ yyp += yytnamerr (yyp, yyarg[yyi++]); -+ yyformat += 2; -+ } -+ else -+ { -+ yyp++; -+ yyformat++; -+ } -+ } -+ return 0; - } - #endif /* YYERROR_VERBOSE */ -- - - /*-----------------------------------------------. - | Release the memory associated to this symbol. | -@@ -1042,40 +1089,32 @@ - { - - default: -- break; -+ break; - } - } -- - --/* Prevent warnings from -Wmissing-prototypes. */ -- --#ifdef YYPARSE_PARAM --#if defined __STDC__ || defined __cplusplus --int yyparse (void *YYPARSE_PARAM); --#else --int yyparse (); --#endif --#else /* ! YYPARSE_PARAM */ --#if defined __STDC__ || defined __cplusplus --int yyparse (void); --#else --int yyparse (); --#endif --#endif /* ! YYPARSE_PARAM */ - - - --/* The look-ahead symbol. */ -+/* The lookahead symbol. */ - int yychar; - --/* The semantic value of the look-ahead symbol. */ --YYSTYPE yylval; -+ -+#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -+# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN -+# define YY_IGNORE_MAYBE_UNINITIALIZED_END -+#endif -+#ifndef YY_INITIAL_VALUE -+# define YY_INITIAL_VALUE(Value) /* Nothing. */ -+#endif -+ -+/* The semantic value of the lookahead symbol. */ -+YYSTYPE yylval YY_INITIAL_VALUE(yyval_default); - - /* Number of syntax errors so far. */ - int yynerrs; - - -- - /*----------. - | yyparse. | - `----------*/ -@@ -1102,14 +1141,37 @@ - #endif - #endif - { -- -- int yystate; -+ int yystate; -+ /* Number of tokens to shift before error messages enabled. */ -+ int yyerrstatus; -+ -+ /* The stacks and their tools: -+ `yyss': related to states. -+ `yyvs': related to semantic values. -+ -+ Refer to the stacks through separate pointers, to allow yyoverflow -+ to reallocate them elsewhere. */ -+ -+ /* The state stack. */ -+ yytype_int16 yyssa[YYINITDEPTH]; -+ yytype_int16 *yyss; -+ yytype_int16 *yyssp; -+ -+ /* The semantic value stack. */ -+ YYSTYPE yyvsa[YYINITDEPTH]; -+ YYSTYPE *yyvs; -+ YYSTYPE *yyvsp; -+ -+ YYSIZE_T yystacksize; -+ - int yyn; - int yyresult; -- /* Number of tokens to shift before error messages enabled. */ -- int yyerrstatus; -- /* Look-ahead token as an internal (translated) token number. */ -+ /* Lookahead token as an internal (translated) token number. */ - int yytoken = 0; -+ /* The variables used to return semantic value and location from the -+ action routines. */ -+ YYSTYPE yyval; -+ - #if YYERROR_VERBOSE - /* Buffer for error messages, and its allocated size. */ - char yymsgbuf[128]; -@@ -1117,54 +1179,22 @@ - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; - #endif - -- /* Three stacks and their tools: -- `yyss': related to states, -- `yyvs': related to semantic values, -- `yyls': related to locations. -- -- Refer to the stacks thru separate pointers, to allow yyoverflow -- to reallocate them elsewhere. */ -- -- /* The state stack. */ -- yytype_int16 yyssa[YYINITDEPTH]; -- yytype_int16 *yyss = yyssa; -- yytype_int16 *yyssp; -- -- /* The semantic value stack. */ -- YYSTYPE yyvsa[YYINITDEPTH]; -- YYSTYPE *yyvs = yyvsa; -- YYSTYPE *yyvsp; -- -- -- - #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) - -- YYSIZE_T yystacksize = YYINITDEPTH; -- -- /* The variables used to return semantic value and location from the -- action routines. */ -- YYSTYPE yyval; -- -- - /* The number of symbols on the RHS of the reduced rule. - Keep to zero when no symbol should be popped. */ - int yylen = 0; - -+ yyssp = yyss = yyssa; -+ yyvsp = yyvs = yyvsa; -+ yystacksize = YYINITDEPTH; -+ - YYDPRINTF ((stderr, "Starting parse\n")); - - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; -- yychar = YYEMPTY; /* Cause a token to be read. */ -- -- /* Initialize stack pointers. -- Waste one element of value and location stack -- so that they stay on the same level as the state stack. -- The wasted elements are never initialized. */ -- -- yyssp = yyss; -- yyvsp = yyvs; -- -+ yychar = YYEMPTY; /* Cause a token to be read. */ - goto yysetstate; - - /*------------------------------------------------------------. -@@ -1191,7 +1221,6 @@ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - -- - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might -@@ -1199,7 +1228,6 @@ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), -- - &yystacksize); - - yyss = yyss1; -@@ -1222,9 +1250,8 @@ - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; -- YYSTACK_RELOCATE (yyss); -- YYSTACK_RELOCATE (yyvs); -- -+ YYSTACK_RELOCATE (yyss_alloc, yyss); -+ YYSTACK_RELOCATE (yyvs_alloc, yyvs); - # undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); -@@ -1235,7 +1262,6 @@ - yyssp = yyss + yysize - 1; - yyvsp = yyvs + yysize - 1; - -- - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); - -@@ -1245,6 +1271,9 @@ - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); - -+ if (yystate == YYFINAL) -+ YYACCEPT; -+ - goto yybackup; - - /*-----------. -@@ -1253,16 +1282,16 @@ - yybackup: - - /* Do appropriate processing given the current state. Read a -- look-ahead token if we need one and don't already have one. */ -+ lookahead token if we need one and don't already have one. */ - -- /* First try to decide what to do without reference to look-ahead token. */ -+ /* First try to decide what to do without reference to lookahead token. */ - yyn = yypact[yystate]; -- if (yyn == YYPACT_NINF) -+ if (yypact_value_is_default (yyn)) - goto yydefault; - -- /* Not known => get a look-ahead token if don't already have one. */ -+ /* Not known => get a lookahead token if don't already have one. */ - -- /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ -+ /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ - if (yychar == YYEMPTY) - { - YYDPRINTF ((stderr, "Reading a token: ")); -@@ -1288,29 +1317,27 @@ - yyn = yytable[yyn]; - if (yyn <= 0) - { -- if (yyn == 0 || yyn == YYTABLE_NINF) -- goto yyerrlab; -+ if (yytable_value_is_error (yyn)) -+ goto yyerrlab; - yyn = -yyn; - goto yyreduce; - } - -- if (yyn == YYFINAL) -- YYACCEPT; -- - /* Count tokens shifted since error; after three, turn off error - status. */ - if (yyerrstatus) - yyerrstatus--; - -- /* Shift the look-ahead token. */ -+ /* Shift the lookahead token. */ - YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - -- /* Discard the shifted token unless it is eof. */ -- if (yychar != YYEOF) -- yychar = YYEMPTY; -+ /* Discard the shifted token. */ -+ yychar = YYEMPTY; - - yystate = yyn; -+ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; -+ YY_IGNORE_MAYBE_UNINITIALIZED_END - - goto yynewstate; - -@@ -1347,6 +1374,7 @@ - switch (yyn) - { - case 3: -+/* Line 1792 of yacc.c */ - #line 40 "parse_y.y" - { - printf("\n"); -@@ -1355,6 +1383,7 @@ - break; - - case 4: -+/* Line 1792 of yacc.c */ - #line 44 "parse_y.y" - { - if (strlen((yyvsp[(2) - (3)].string)) > (PAPER_WIDTH-(indent ? strlen(INDENT_STRING):0))) { -@@ -1368,6 +1397,7 @@ - break; - - case 5: -+/* Line 1792 of yacc.c */ - #line 53 "parse_y.y" - { - char fixed[PAPER_WIDTH+1]; -@@ -1391,6 +1421,7 @@ - break; - - case 6: -+/* Line 1792 of yacc.c */ - #line 72 "parse_y.y" - { - char fixed[PAPER_WIDTH+1]; -@@ -1422,6 +1453,7 @@ - break; - - case 7: -+/* Line 1792 of yacc.c */ - #line 99 "parse_y.y" - { - char fixed[PAPER_WIDTH+1]; -@@ -1453,6 +1485,7 @@ - break; - - case 8: -+/* Line 1792 of yacc.c */ - #line 128 "parse_y.y" - { - (yyval.string) = strdup(""); -@@ -1460,6 +1493,7 @@ - break; - - case 9: -+/* Line 1792 of yacc.c */ - #line 131 "parse_y.y" - { - (yyval.string) = malloc(strlen((yyvsp[(1) - (2)].string))+strlen((yyvsp[(2) - (2)].string))+1); -@@ -1470,6 +1504,7 @@ - break; - - case 10: -+/* Line 1792 of yacc.c */ - #line 139 "parse_y.y" - { - (yyval.string) = strdup(yytext); -@@ -1477,6 +1512,7 @@ - break; - - case 11: -+/* Line 1792 of yacc.c */ - #line 142 "parse_y.y" - { - (yyval.string) = malloc(strlen((yyvsp[(1) - (2)].string))+2); -@@ -1486,6 +1522,7 @@ - break; - - case 12: -+/* Line 1792 of yacc.c */ - #line 147 "parse_y.y" - { - (yyval.string) = strdup(""); -@@ -1494,6 +1531,7 @@ - break; - - case 13: -+/* Line 1792 of yacc.c */ - #line 151 "parse_y.y" - { - (yyval.string) = strdup("#"); -@@ -1501,6 +1539,7 @@ - break; - - case 14: -+/* Line 1792 of yacc.c */ - #line 154 "parse_y.y" - { - if (((yyval.string) = get_label(yytext)) == NULL) { -@@ -1511,6 +1550,7 @@ - break; - - case 15: -+/* Line 1792 of yacc.c */ - #line 160 "parse_y.y" - { - (yyval.string) = new_counter(yytext); -@@ -1518,10 +1558,21 @@ - break; - - --/* Line 1267 of yacc.c. */ --#line 1523 "parse_y.c" -+/* Line 1792 of yacc.c */ -+#line 1563 "parse_y.c" - default: break; - } -+ /* User semantic actions sometimes alter yychar, and that requires -+ that yytoken be updated with the new translation. We take the -+ approach of translating immediately before every use of yytoken. -+ One alternative is translating here after every semantic action, -+ but that translation would be missed if the semantic action invokes -+ YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or -+ if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an -+ incorrect destructor might then be invoked immediately. In the -+ case of YYERROR or YYBACKUP, subsequent parser actions might lead -+ to an incorrect destructor call or verbose syntax error message -+ before the lookahead is translated. */ - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); - - YYPOPSTACK (yylen); -@@ -1530,7 +1581,6 @@ - - *++yyvsp = yyval; - -- - /* Now `shift' the result of the reduction. Determine what state - that goes to, based on the state we popped back to and the rule - number reduced by. */ -@@ -1550,6 +1600,10 @@ - | yyerrlab -- here on detecting error | - `------------------------------------*/ - yyerrlab: -+ /* Make sure we have latest lookahead translation. See comments at -+ user semantic actions for why this is necessary. */ -+ yytoken = yychar == YYEMPTY ? YYEMPTY : YYTRANSLATE (yychar); -+ - /* If not already recovering from an error, report this error. */ - if (!yyerrstatus) - { -@@ -1557,37 +1611,36 @@ - #if ! YYERROR_VERBOSE - yyerror (YY_("syntax error")); - #else -+# define YYSYNTAX_ERROR yysyntax_error (&yymsg_alloc, &yymsg, \ -+ yyssp, yytoken) - { -- YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); -- if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) -- { -- YYSIZE_T yyalloc = 2 * yysize; -- if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) -- yyalloc = YYSTACK_ALLOC_MAXIMUM; -- if (yymsg != yymsgbuf) -- YYSTACK_FREE (yymsg); -- yymsg = (char *) YYSTACK_ALLOC (yyalloc); -- if (yymsg) -- yymsg_alloc = yyalloc; -- else -- { -- yymsg = yymsgbuf; -- yymsg_alloc = sizeof yymsgbuf; -- } -- } -- -- if (0 < yysize && yysize <= yymsg_alloc) -- { -- (void) yysyntax_error (yymsg, yystate, yychar); -- yyerror (yymsg); -- } -- else -- { -- yyerror (YY_("syntax error")); -- if (yysize != 0) -- goto yyexhaustedlab; -- } -+ char const *yymsgp = YY_("syntax error"); -+ int yysyntax_error_status; -+ yysyntax_error_status = YYSYNTAX_ERROR; -+ if (yysyntax_error_status == 0) -+ yymsgp = yymsg; -+ else if (yysyntax_error_status == 1) -+ { -+ if (yymsg != yymsgbuf) -+ YYSTACK_FREE (yymsg); -+ yymsg = (char *) YYSTACK_ALLOC (yymsg_alloc); -+ if (!yymsg) -+ { -+ yymsg = yymsgbuf; -+ yymsg_alloc = sizeof yymsgbuf; -+ yysyntax_error_status = 2; -+ } -+ else -+ { -+ yysyntax_error_status = YYSYNTAX_ERROR; -+ yymsgp = yymsg; -+ } -+ } -+ yyerror (yymsgp); -+ if (yysyntax_error_status == 2) -+ goto yyexhaustedlab; - } -+# undef YYSYNTAX_ERROR - #endif - } - -@@ -1595,7 +1648,7 @@ - - if (yyerrstatus == 3) - { -- /* If just tried and failed to reuse look-ahead token after an -+ /* If just tried and failed to reuse lookahead token after an - error, discard it. */ - - if (yychar <= YYEOF) -@@ -1612,7 +1665,7 @@ - } - } - -- /* Else will try to reuse look-ahead token after shifting the error -+ /* Else will try to reuse lookahead token after shifting the error - token. */ - goto yyerrlab1; - -@@ -1646,7 +1699,7 @@ - for (;;) - { - yyn = yypact[yystate]; -- if (yyn != YYPACT_NINF) -+ if (!yypact_value_is_default (yyn)) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) -@@ -1669,10 +1722,9 @@ - YY_STACK_PRINT (yyss, yyssp); - } - -- if (yyn == YYFINAL) -- YYACCEPT; -- -+ YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN - *++yyvsp = yylval; -+ YY_IGNORE_MAYBE_UNINITIALIZED_END - - - /* Shift the error token. */ -@@ -1696,7 +1748,7 @@ - yyresult = 1; - goto yyreturn; - --#ifndef yyoverflow -+#if !defined yyoverflow || YYERROR_VERBOSE - /*-------------------------------------------------. - | yyexhaustedlab -- memory exhaustion comes here. | - `-------------------------------------------------*/ -@@ -1707,9 +1759,14 @@ - #endif - - yyreturn: -- if (yychar != YYEOF && yychar != YYEMPTY) -- yydestruct ("Cleanup: discarding lookahead", -- yytoken, &yylval); -+ if (yychar != YYEMPTY) -+ { -+ /* Make sure we have latest lookahead translation. See comments at -+ user semantic actions for why this is necessary. */ -+ yytoken = YYTRANSLATE (yychar); -+ yydestruct ("Cleanup: discarding lookahead", -+ yytoken, &yylval); -+ } - /* Do not reclaim the symbols of the rule which action triggered - this YYABORT or YYACCEPT. */ - YYPOPSTACK (yylen); -@@ -1733,6 +1790,7 @@ - } - - -+/* Line 2055 of yacc.c */ - #line 165 "parse_y.y" - - -@@ -1867,4 +1925,3 @@ - { - return yyparse(); - } -- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/doc/specs/parse_y.h new/Linux-PAM-1.1.8/doc/specs/parse_y.h ---- old/Linux-PAM-1.1.8/doc/specs/parse_y.h 2013-09-19 10:02:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/doc/specs/parse_y.h 2015-01-09 14:33:01.000000000 +0100 -@@ -1,24 +1,21 @@ --/* A Bison parser, made by GNU Bison 2.3. */ -+/* A Bison parser, made by GNU Bison 2.7. */ - --/* Skeleton interface for Bison's Yacc-like parsers in C -- -- Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 -- Free Software Foundation, Inc. -- -- This program is free software; you can redistribute it and/or modify -+/* Bison interface for Yacc-like parsers in C -+ -+ Copyright (C) 1984, 1989-1990, 2000-2012 Free Software Foundation, Inc. -+ -+ This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by -- the Free Software Foundation; either version 2, or (at your option) -- any later version. -- -+ the Free Software Foundation, either version 3 of the License, or -+ (at your option) any later version. -+ - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. -- -+ - You should have received a copy of the GNU General Public License -- along with this program; if not, write to the Free Software -- Foundation, Inc., 51 Franklin Street, Fifth Floor, -- Boston, MA 02110-1301, USA. */ -+ along with this program. If not, see . */ - - /* As a special exception, you may create a larger work that contains - part or all of the Bison parser skeleton and distribute that work -@@ -29,10 +26,20 @@ - special exception, which will cause the skeleton and the resulting - Bison output files to be licensed under the GNU General Public - License without this special exception. -- -+ - This special exception was added by the Free Software Foundation in - version 2.2 of Bison. */ - -+#ifndef YY_YY_PARSE_Y_H_INCLUDED -+# define YY_YY_PARSE_Y_H_INCLUDED -+/* Enabling traces. */ -+#ifndef YYDEBUG -+# define YYDEBUG 0 -+#endif -+#if YYDEBUG -+extern int yydebug; -+#endif -+ - /* Tokens. */ - #ifndef YYTOKENTYPE - # define YYTOKENTYPE -@@ -59,21 +66,38 @@ - - - -- - #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED - typedef union YYSTYPE --#line 27 "parse_y.y" - { -+/* Line 2058 of yacc.c */ -+#line 27 "parse_y.y" -+ - int def; - char *string; --} --/* Line 1489 of yacc.c. */ --#line 72 "parse_y.h" -- YYSTYPE; -+ -+ -+/* Line 2058 of yacc.c */ -+#line 81 "parse_y.h" -+} YYSTYPE; -+# define YYSTYPE_IS_TRIVIAL 1 - # define yystype YYSTYPE /* obsolescent; will be withdrawn */ - # define YYSTYPE_IS_DECLARED 1 --# define YYSTYPE_IS_TRIVIAL 1 - #endif - - extern YYSTYPE yylval; - -+#ifdef YYPARSE_PARAM -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void *YYPARSE_PARAM); -+#else -+int yyparse (); -+#endif -+#else /* ! YYPARSE_PARAM */ -+#if defined __STDC__ || defined __cplusplus -+int yyparse (void); -+#else -+int yyparse (); -+#endif -+#endif /* ! YYPARSE_PARAM */ -+ -+#endif /* !YY_YY_PARSE_Y_H_INCLUDED */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h new/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h ---- old/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/include/security/pam_modutil.h 2015-01-09 14:28:29.000000000 +0100 -@@ -129,6 +129,19 @@ - pam_modutil_regain_priv(pam_handle_t *pamh, - struct pam_modutil_privs *p); - -+enum pam_modutil_redirect_fd { -+ PAM_MODUTIL_IGNORE_FD, /* do not redirect */ -+ PAM_MODUTIL_PIPE_FD, /* redirect to a pipe */ -+ PAM_MODUTIL_NULL_FD, /* redirect to /dev/null */ -+}; -+ -+/* redirect standard descriptors, close all other descriptors. */ -+extern int PAM_NONNULL((1)) -+pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, -+ enum pam_modutil_redirect_fd redirect_stdin, -+ enum pam_modutil_redirect_fd redirect_stdout, -+ enum pam_modutil_redirect_fd redirect_stderr); -+ - #ifdef __cplusplus - } - #endif -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/libpam.map new/Linux-PAM-1.1.8/libpam/libpam.map ---- old/Linux-PAM-1.1.8/libpam/libpam.map 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/libpam.map 2015-01-09 14:28:29.000000000 +0100 -@@ -67,3 +67,8 @@ - pam_modutil_drop_priv; - pam_modutil_regain_priv; - } LIBPAM_MODUTIL_1.1; -+ -+LIBPAM_MODUTIL_1.1.9 { -+ global: -+ pam_modutil_sanitize_helper_fds; -+} LIBPAM_MODUTIL_1.1.3; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/Makefile.am new/Linux-PAM-1.1.8/libpam/Makefile.am ---- old/Linux-PAM-1.1.8/libpam/Makefile.am 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/Makefile.am 2015-01-09 14:28:29.000000000 +0100 -@@ -43,4 +43,4 @@ - pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ - pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ - pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ -- pam_modutil_priv.c -+ pam_modutil_priv.c pam_modutil_sanitize.c -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_account.c new/Linux-PAM-1.1.8/libpam/pam_account.c ---- old/Linux-PAM-1.1.8/libpam/pam_account.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_account.c 2015-01-09 14:28:29.000000000 +0100 -@@ -19,9 +19,5 @@ - - retval = _pam_dispatch(pamh, flags, PAM_ACCOUNT); - --#ifdef HAVE_LIBAUDIT -- retval = _pam_auditlog(pamh, PAM_ACCOUNT, retval, flags); --#endif -- - return retval; - } -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_audit.c new/Linux-PAM-1.1.8/libpam/pam_audit.c ---- old/Linux-PAM-1.1.8/libpam/pam_audit.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_audit.c 2015-01-09 14:28:29.000000000 +0100 -@@ -6,12 +6,12 @@ - Authors: - Steve Grubb */ - --#include --#include - #include "pam_private.h" - #include "pam_modutil_private.h" - - #ifdef HAVE_LIBAUDIT -+#include -+#include - #include - #include - #include -@@ -25,17 +25,24 @@ - - static int - _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type, -- const char *message, int retval) -+ const char *message, const char *grantors, int retval) - { - static int old_errno = -1; -- int rc; -- char buf[32]; -- -- snprintf(buf, sizeof(buf), "PAM:%s", message); -+ int rc = -ENOMEM; -+ char *buf; -+ const char *grantors_field = " grantors="; -+ -+ if (grantors == NULL) { -+ grantors = ""; -+ grantors_field = ""; -+ } - -- rc = audit_log_acct_message (audit_fd, type, NULL, buf, -- (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", -- -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS ); -+ if (asprintf(&buf, "PAM:%s%s%s", message, grantors_field, grantors) >= 0) { -+ rc = audit_log_acct_message(audit_fd, type, NULL, buf, -+ (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", -+ -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS); -+ free(buf); -+ } - - /* libaudit sets errno to his own negative error code. This can be - an official errno number, but must not. It can also be a audit -@@ -78,12 +85,54 @@ - return audit_fd; - } - -+static int -+_pam_list_grantors(struct handler *hlist, int retval, char **list) -+{ -+ *list = NULL; -+ -+ if (retval == PAM_SUCCESS) { -+ struct handler *h; -+ char *p = NULL; -+ size_t len = 0; -+ -+ for (h = hlist; h != NULL; h = h->next) { -+ if (h->grantor) { -+ len += strlen(h->mod_name) + 1; -+ } -+ } -+ -+ if (len == 0) { -+ return 0; -+ } -+ -+ *list = malloc(len); -+ if (*list == NULL) { -+ return -1; -+ } -+ -+ for (h = hlist; h != NULL; h = h->next) { -+ if (h->grantor) { -+ if (p == NULL) { -+ p = *list; -+ } else { -+ p = stpcpy(p, ","); -+ } -+ -+ p = stpcpy(p, h->mod_name); -+ } -+ } -+ } -+ -+ return 0; -+} -+ - int --_pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags) -+_pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags, struct handler *h) - { - const char *message; - int type; - int audit_fd; -+ char *grantors; - - if ((audit_fd=_pam_audit_open(pamh)) == -1) { - return PAM_SYSTEM_ERR; -@@ -134,9 +183,18 @@ - retval = PAM_SYSTEM_ERR; - } - -- if (_pam_audit_writelog(pamh, audit_fd, type, message, retval) < 0) -+ if (_pam_list_grantors(h, retval, &grantors) < 0) { -+ /* allocation failure */ -+ pam_syslog(pamh, LOG_CRIT, "_pam_list_grantors() failed: %m"); -+ retval = PAM_SYSTEM_ERR; -+ } -+ -+ if (_pam_audit_writelog(pamh, audit_fd, type, message, -+ grantors ? grantors : "?", retval) < 0) - retval = PAM_SYSTEM_ERR; - -+ free(grantors); -+ - audit_close(audit_fd); - return retval; - } -@@ -149,7 +207,7 @@ - * stacks having been run. Assume that this is sshd faking - * things for an unknown user. - */ -- _pam_auditlog(pamh, _PAM_ACTION_DONE, PAM_USER_UNKNOWN, 0); -+ _pam_auditlog(pamh, _PAM_ACTION_DONE, PAM_USER_UNKNOWN, 0, NULL); - } - - return 0; -@@ -168,7 +226,7 @@ - return retval; - } - -- rc = _pam_audit_writelog(pamh, audit_fd, type, message, retval); -+ rc = _pam_audit_writelog(pamh, audit_fd, type, message, NULL, retval); - - audit_close(audit_fd); - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_auth.c new/Linux-PAM-1.1.8/libpam/pam_auth.c ---- old/Linux-PAM-1.1.8/libpam/pam_auth.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_auth.c 2015-01-09 14:28:29.000000000 +0100 -@@ -45,10 +45,6 @@ - prelude_send_alert(pamh, retval); - #endif - --#ifdef HAVE_LIBAUDIT -- retval = _pam_auditlog(pamh, PAM_AUTHENTICATE, retval, flags); --#endif -- - return retval; - } - -@@ -71,10 +67,6 @@ - - retval = _pam_dispatch(pamh, flags, PAM_SETCRED); - --#ifdef HAVE_LIBAUDIT -- retval = _pam_auditlog(pamh, PAM_SETCRED, retval, flags); --#endif -- - D(("pam_setcred exit")); - - return retval; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_dispatch.c new/Linux-PAM-1.1.8/libpam/pam_dispatch.c ---- old/Linux-PAM-1.1.8/libpam/pam_dispatch.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_dispatch.c 2015-01-09 14:28:29.000000000 +0100 -@@ -217,8 +217,14 @@ - status = retval; - } - } -- if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { -- goto decision_made; -+ if ( impression == _PAM_POSITIVE ) { -+ if ( retval == PAM_SUCCESS ) { -+ h->grantor = 1; -+ } -+ -+ if ( action == _PAM_ACTION_DONE ) { -+ goto decision_made; -+ } - } - break; - -@@ -262,6 +268,9 @@ - || (impression == _PAM_POSITIVE - && status == PAM_SUCCESS) ) { - if ( retval != PAM_IGNORE || cached_retval == retval ) { -+ if ( impression == _PAM_UNDEF && retval == PAM_SUCCESS ) { -+ h->grantor = 1; -+ } - impression = _PAM_POSITIVE; - status = retval; - } -@@ -308,6 +317,13 @@ - return status; - } - -+static void _pam_clear_grantors(struct handler *h) -+{ -+ for (; h != NULL; h = h->next) { -+ h->grantor = 0; -+ } -+} -+ - /* - * This function translates the module dispatch request into a pointer - * to the stack of modules that will actually be run. the -@@ -318,21 +334,21 @@ - int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) - { - struct handler *h = NULL; -- int retval, use_cached_chain; -+ int retval = PAM_SYSTEM_ERR, use_cached_chain; - _pam_boolean resumed; - - IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR); - - if (__PAM_FROM_MODULE(pamh)) { - D(("called from a module!?")); -- return PAM_SYSTEM_ERR; -+ goto end; - } - - /* Load all modules, resolve all symbols */ - - if ((retval = _pam_init_handlers(pamh)) != PAM_SUCCESS) { - pam_syslog(pamh, LOG_ERR, "unable to dispatch function"); -- return retval; -+ goto end; - } - - use_cached_chain = _PAM_PLEASE_FREEZE; -@@ -360,7 +376,8 @@ - break; - default: - pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); -- return PAM_ABORT; -+ retval = PAM_ABORT; -+ goto end; - } - - if (h == NULL) { /* there was no handlers.conf... entry; will use -@@ -393,11 +410,13 @@ - pam_syslog(pamh, LOG_ERR, - "application failed to re-exec stack [%d:%d]", - pamh->former.choice, choice); -- return PAM_ABORT; -+ retval = PAM_ABORT; -+ goto end; - } - resumed = PAM_TRUE; - } else { - resumed = PAM_FALSE; -+ _pam_clear_grantors(h); - } - - __PAM_TO_MODULE(pamh); -@@ -417,5 +436,13 @@ - pamh->former.choice = PAM_NOT_STACKED; - } - -+end: -+ -+#ifdef HAVE_LIBAUDIT -+ if (choice != PAM_CHAUTHTOK || flags & PAM_UPDATE_AUTHTOK || retval != PAM_SUCCESS) { -+ retval = _pam_auditlog(pamh, choice, retval, flags, h); -+ } -+#endif -+ - return retval; - } -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_get_authtok.c new/Linux-PAM-1.1.8/libpam/pam_get_authtok.c ---- old/Linux-PAM-1.1.8/libpam/pam_get_authtok.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_get_authtok.c 2015-01-09 14:28:29.000000000 +0100 -@@ -151,8 +151,9 @@ - if (retval != PAM_SUCCESS || resp[0] == NULL || - (chpass > 1 && resp[1] == NULL)) - { -- /* We want to abort the password change */ -- pam_error (pamh, _("Password change aborted.")); -+ /* We want to abort */ -+ if (chpass) -+ pam_error (pamh, _("Password change aborted.")); - return PAM_AUTHTOK_ERR; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_handlers.c new/Linux-PAM-1.1.8/libpam/pam_handlers.c ---- old/Linux-PAM-1.1.8/libpam/pam_handlers.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_handlers.c 2015-01-09 14:28:29.000000000 +0100 -@@ -611,6 +611,12 @@ - if (dot) - *dot = '\0'; - -+ if (*retval == '\0' || strcmp(retval, "?") == 0) { -+ /* do not allow empty module name or "?" to avoid confusing audit trail */ -+ _pam_drop(retval); -+ return NULL; -+ } -+ - return retval; - } - -@@ -888,7 +894,9 @@ - (*handler_p)->cached_retval_p = &((*handler_p)->cached_retval); - (*handler_p)->argc = argc; - (*handler_p)->argv = argv; /* not a copy */ -- (*handler_p)->mod_name = extract_modulename(mod_path); -+ if (((*handler_p)->mod_name = extract_modulename(mod_path)) == NULL) -+ return PAM_ABORT; -+ (*handler_p)->grantor = 0; - (*handler_p)->next = NULL; - - /* some of the modules have a second calling function */ -@@ -920,7 +928,9 @@ - } else { - (*handler_p2)->argv = NULL; /* no arguments */ - } -- (*handler_p2)->mod_name = extract_modulename(mod_path); -+ if (((*handler_p2)->mod_name = extract_modulename(mod_path)) == NULL) -+ return PAM_ABORT; -+ (*handler_p2)->grantor = 0; - (*handler_p2)->next = NULL; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c new/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c ---- old/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c 1970-01-01 01:00:00.000000000 +0100 -+++ new/Linux-PAM-1.1.8/libpam/pam_modutil_sanitize.c 2015-01-09 14:28:29.000000000 +0100 -@@ -0,0 +1,175 @@ -+/* -+ * This file implements the following functions: -+ * pam_modutil_sanitize_helper_fds: -+ * redirects standard descriptors, closes all other descriptors. -+ */ -+ -+#include "pam_modutil_private.h" -+#include -+#include -+#include -+#include -+#include -+ -+/* -+ * Creates a pipe, closes its write end, redirects fd to its read end. -+ * Returns fd on success, -1 otherwise. -+ */ -+static int -+redirect_in_pipe(pam_handle_t *pamh, int fd, const char *name) -+{ -+ int in[2]; -+ -+ if (pipe(in) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); -+ return -1; -+ } -+ -+ close(in[1]); -+ -+ if (in[0] == fd) -+ return fd; -+ -+ if (dup2(in[0], fd) != fd) { -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); -+ fd = -1; -+ } -+ -+ close(in[0]); -+ return fd; -+} -+ -+/* -+ * Creates a pipe, closes its read end, redirects fd to its write end. -+ * Returns fd on success, -1 otherwise. -+ */ -+static int -+redirect_out_pipe(pam_handle_t *pamh, int fd, const char *name) -+{ -+ int out[2]; -+ -+ if (pipe(out) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); -+ return -1; -+ } -+ -+ close(out[0]); -+ -+ if (out[1] == fd) -+ return fd; -+ -+ if (dup2(out[1], fd) != fd) { -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); -+ fd = -1; -+ } -+ -+ close(out[1]); -+ return fd; -+} -+ -+/* -+ * Opens /dev/null for writing, redirects fd there. -+ * Returns fd on success, -1 otherwise. -+ */ -+static int -+redirect_out_null(pam_handle_t *pamh, int fd, const char *name) -+{ -+ int null = open("/dev/null", O_WRONLY); -+ -+ if (null < 0) { -+ pam_syslog(pamh, LOG_ERR, "open of %s failed: %m", "/dev/null"); -+ return -1; -+ } -+ -+ if (null == fd) -+ return fd; -+ -+ if (dup2(null, fd) != fd) { -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name); -+ fd = -1; -+ } -+ -+ close(null); -+ return fd; -+} -+ -+static int -+redirect_out(pam_handle_t *pamh, enum pam_modutil_redirect_fd mode, -+ int fd, const char *name) -+{ -+ switch (mode) { -+ case PAM_MODUTIL_PIPE_FD: -+ if (redirect_out_pipe(pamh, fd, name) < 0) -+ return -1; -+ break; -+ case PAM_MODUTIL_NULL_FD: -+ if (redirect_out_null(pamh, fd, name) < 0) -+ return -1; -+ break; -+ case PAM_MODUTIL_IGNORE_FD: -+ break; -+ } -+ return fd; -+} -+ -+/* Closes all descriptors after stderr. */ -+static void -+close_fds(void) -+{ -+ /* -+ * An arbitrary upper limit for the maximum file descriptor number -+ * returned by RLIMIT_NOFILE. -+ */ -+ const int MAX_FD_NO = 65535; -+ -+ /* The lower limit is the same as for _POSIX_OPEN_MAX. */ -+ const int MIN_FD_NO = 20; -+ -+ int fd; -+ struct rlimit rlim; -+ -+ if (getrlimit(RLIMIT_NOFILE, &rlim) || rlim.rlim_max > MAX_FD_NO) -+ fd = MAX_FD_NO; -+ else if (rlim.rlim_max < MIN_FD_NO) -+ fd = MIN_FD_NO; -+ else -+ fd = rlim.rlim_max - 1; -+ -+ for (; fd > STDERR_FILENO; --fd) -+ close(fd); -+} -+ -+int -+pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, -+ enum pam_modutil_redirect_fd stdin_mode, -+ enum pam_modutil_redirect_fd stdout_mode, -+ enum pam_modutil_redirect_fd stderr_mode) -+{ -+ if (stdin_mode != PAM_MODUTIL_IGNORE_FD && -+ redirect_in_pipe(pamh, STDIN_FILENO, "stdin") < 0) { -+ return -1; -+ } -+ -+ if (redirect_out(pamh, stdout_mode, STDOUT_FILENO, "stdout") < 0) -+ return -1; -+ -+ /* -+ * If stderr should not be ignored and -+ * redirect mode for stdout and stderr are the same, -+ * optimize by redirecting stderr to stdout. -+ */ -+ if (stderr_mode != PAM_MODUTIL_IGNORE_FD && -+ stdout_mode == stderr_mode) { -+ if (dup2(STDOUT_FILENO, STDERR_FILENO) != STDERR_FILENO) { -+ pam_syslog(pamh, LOG_ERR, -+ "dup2 of %s failed: %m", "stderr"); -+ return -1; -+ } -+ } else { -+ if (redirect_out(pamh, stderr_mode, STDERR_FILENO, "stderr") < 0) -+ return -1; -+ } -+ -+ close_fds(); -+ return 0; -+} -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_password.c new/Linux-PAM-1.1.8/libpam/pam_password.c ---- old/Linux-PAM-1.1.8/libpam/pam_password.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_password.c 2015-01-09 14:28:29.000000000 +0100 -@@ -57,9 +57,5 @@ - D(("will resume when ready", retval)); - } - --#ifdef HAVE_LIBAUDIT -- retval = _pam_auditlog(pamh, PAM_CHAUTHTOK, retval, flags); --#endif -- - return retval; - } -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_private.h new/Linux-PAM-1.1.8/libpam/pam_private.h ---- old/Linux-PAM-1.1.8/libpam/pam_private.h 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_private.h 2015-01-09 14:28:29.000000000 +0100 -@@ -55,6 +55,7 @@ - struct handler *next; - char *mod_name; - int stack_level; -+ int grantor; - }; - - #define PAM_HT_MODULE 0 -@@ -316,7 +317,7 @@ - do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0) - - #ifdef HAVE_LIBAUDIT --extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags); -+extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags, struct handler *h); - extern int _pam_audit_end(pam_handle_t *pamh, int pam_status); - #endif - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam/pam_session.c new/Linux-PAM-1.1.8/libpam/pam_session.c ---- old/Linux-PAM-1.1.8/libpam/pam_session.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam/pam_session.c 2015-01-09 14:28:29.000000000 +0100 -@@ -22,9 +22,6 @@ - } - retval = _pam_dispatch(pamh, flags, PAM_OPEN_SESSION); - --#ifdef HAVE_LIBAUDIT -- retval = _pam_auditlog(pamh, PAM_OPEN_SESSION, retval, flags); --#endif - return retval; - } - -@@ -43,10 +40,6 @@ - - retval = _pam_dispatch(pamh, flags, PAM_CLOSE_SESSION); - --#ifdef HAVE_LIBAUDIT -- retval = _pam_auditlog(pamh, PAM_CLOSE_SESSION, retval, flags); --#endif -- - return retval; - - } -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c new/Linux-PAM-1.1.8/libpam_misc/misc_conv.c ---- old/Linux-PAM-1.1.8/libpam_misc/misc_conv.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/libpam_misc/misc_conv.c 2015-01-09 14:28:29.000000000 +0100 -@@ -210,8 +210,12 @@ - } - line[nc] = '\0'; - } -- *retstr = x_strdup(line); -+ *retstr = strdup(line); - _pam_overwrite(line); -+ if (!*retstr) { -+ D(("no memory for response string")); -+ nc = -1; -+ } - - goto cleanexit; /* return malloc()ed string */ - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 new/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 ---- old/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 2013-09-19 10:02:01.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_access/access.conf.5 2015-01-09 14:32:26.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: access.conf - .\" Author: [see the "AUTHORS" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "ACCESS\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "ACCESS\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 new/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 ---- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 2013-09-19 10:02:01.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_access/pam_access.8 2015-01-09 14:32:27.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_access - .\" Author: [see the "AUTHORS" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ACCESS" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ACCESS" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c new/Linux-PAM-1.1.8/modules/pam_access/pam_access.c ---- old/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_access/pam_access.c 2015-01-09 14:28:29.000000000 +0100 -@@ -412,8 +412,8 @@ - return NO; - } - #ifdef HAVE_LIBAUDIT -- if (!item->noaudit && line[0] == '-' && (match == YES || (match == ALL && -- nonall_match == YES))) { -+ if (!item->noaudit && (match == YES || (match == ALL && -+ nonall_match == YES)) && line[0] == '-') { - pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION, - "pam_access", 0); - } -@@ -573,7 +573,7 @@ - - if (debug) - pam_syslog (pamh, LOG_DEBUG, -- "group_match: grp=%s, user=%s", grptok, usr); -+ "group_match: grp=%s, user=%s", tok, usr); - - if (strlen(tok) < 3) - return NO; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_access/README new/Linux-PAM-1.1.8/modules/pam_access/README ---- old/Linux-PAM-1.1.8/modules/pam_access/README 2013-09-19 10:02:01.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_access/README 2015-01-09 14:32:26.000000000 +0100 -@@ -83,7 +83,7 @@ - - + : root : 192.168.201. - --User root should be able to have access from hosts foo1.bar.org and -+User root should be able to have access from hosts foo1.bar.org and - foo2.bar.org (uses string matching also). - - + : root : foo1.bar.org foo2.bar.org -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 ---- old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 2013-06-18 16:25:44.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.8 2015-01-09 14:32:27.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_cracklib - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 06/18/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_CRACKLIB" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_CRACKLIB" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c ---- old/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_cracklib/pam_cracklib.c 2015-01-09 14:28:29.000000000 +0100 -@@ -619,16 +619,16 @@ - return msg; - } - -- newmono = str_lower(x_strdup(new)); -+ newmono = str_lower(strdup(new)); - if (!newmono) - msg = _("memory allocation error"); - -- usermono = str_lower(x_strdup(user)); -+ usermono = str_lower(strdup(user)); - if (!usermono) - msg = _("memory allocation error"); - - if (!msg && old) { -- oldmono = str_lower(x_strdup(old)); -+ oldmono = str_lower(strdup(old)); - if (oldmono) - wrapped = malloc(strlen(oldmono) * 2 + 1); - if (wrapped) { -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 new/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 ---- old/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 2013-09-19 10:02:02.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_debug/pam_debug.8 2015-01-09 14:32:28.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_debug - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_DEBUG" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DEBUG" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 new/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 ---- old/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 2013-09-19 10:02:02.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_deny/pam_deny.8 2015-01-09 14:32:28.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_deny - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_DENY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_DENY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 ---- old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 2013-09-19 10:02:03.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.8 2015-01-09 14:32:28.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_echo - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ECHO" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ECHO" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c ---- old/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_echo/pam_echo.c 2015-01-09 14:28:29.000000000 +0100 -@@ -180,16 +180,23 @@ - - /* load file into message buffer. */ - if ((fstat (fd, &st) < 0) || !st.st_size) -- return PAM_IGNORE; -+ { -+ close (fd); -+ return PAM_IGNORE; -+ } - - mtmp = malloc (st.st_size + 1); - if (!mtmp) -- return PAM_BUF_ERR; -+ { -+ close (fd); -+ return PAM_BUF_ERR; -+ } - - if (pam_modutil_read (fd, mtmp, st.st_size) == -1) - { - pam_syslog (pamh, LOG_ERR, "Error while reading %s: %m", file); - free (mtmp); -+ close (fd); - return PAM_IGNORE; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 new/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 ---- old/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 2013-09-19 10:02:04.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_env/pam_env.8 2015-01-09 14:32:29.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_env - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_ENV" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 new/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 ---- old/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 2013-09-19 10:02:03.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_env/pam_env.conf.5 2015-01-09 14:32:29.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_env.conf - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ENV\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ENV\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_env/README new/Linux-PAM-1.1.8/modules/pam_env/README ---- old/Linux-PAM-1.1.8/modules/pam_env/README 2013-09-19 10:02:03.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_env/README 2015-01-09 14:32:29.000000000 +0100 -@@ -5,7 +5,7 @@ - DESCRIPTION - - The pam_env PAM module allows the (un)setting of environment variables. --Supported is the use of previously set environment variables as well as -+Supported is the use of previously set environment variables as well as - PAM_ITEMs such as PAM_RHOST. - - By default rules for (un)setting of variables is taken from the config file / -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 ---- old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 2013-09-19 10:02:04.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.8 2015-01-09 14:32:30.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_exec - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_EXEC" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_EXEC" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c ---- old/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c 2013-09-04 14:58:29.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_exec/pam_exec.c 2015-01-09 14:28:29.000000000 +0100 -@@ -302,6 +302,10 @@ - char **envlist, **tmp; - int envlen, nitems; - char *envstr; -+ enum pam_modutil_redirect_fd redirect_stdin = -+ expose_authtok ? PAM_MODUTIL_IGNORE_FD : PAM_MODUTIL_PIPE_FD; -+ enum pam_modutil_redirect_fd redirect_stdout = -+ (use_stdout || logfile) ? PAM_MODUTIL_IGNORE_FD : PAM_MODUTIL_NULL_FD; - - /* First, move all the pipes off of stdin, stdout, and stderr, to ensure - * that calls to dup2 won't close them. */ -@@ -330,18 +334,6 @@ - _exit (err); - } - } -- else -- { -- close (STDIN_FILENO); -- -- /* New stdin. */ -- if ((i = open ("/dev/null", O_RDWR)) < 0) -- { -- int err = errno; -- pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); -- _exit (err); -- } -- } - - /* Set up stdout. */ - -@@ -368,32 +360,34 @@ - logfile); - _exit (err); - } -- if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0) -+ if (i != STDOUT_FILENO) - { -- pam_modutil_write (i, buffer, strlen (buffer)); -- free (buffer); -+ if (dup2 (i, STDOUT_FILENO) == -1) -+ { -+ int err = errno; -+ pam_syslog (pamh, LOG_ERR, "dup2 failed: %m"); -+ _exit (err); -+ } -+ close (i); - } -- } -- else -- { -- close (STDOUT_FILENO); -- if ((i = open ("/dev/null", O_RDWR)) < 0) -+ if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0) - { -- int err = errno; -- pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); -- _exit (err); -+ pam_modutil_write (STDOUT_FILENO, buffer, strlen (buffer)); -+ free (buffer); - } - } - -- if (dup2 (STDOUT_FILENO, STDERR_FILENO) == -1) -+ if ((use_stdout || logfile) && -+ dup2 (STDOUT_FILENO, STDERR_FILENO) == -1) - { - int err = errno; - pam_syslog (pamh, LOG_ERR, "dup2 failed: %m"); - _exit (err); - } - -- for (i = 3; i < sysconf (_SC_OPEN_MAX); i++) -- close (i); -+ if (pam_modutil_sanitize_helper_fds(pamh, redirect_stdin, -+ redirect_stdout, redirect_stdout) < 0) -+ _exit(1); - - if (call_setuid) - if (setuid (geteuid ()) == -1) -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 new/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 ---- old/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 2013-09-19 10:02:05.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_faildelay/pam_faildelay.8 2015-01-09 14:32:30.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_faildelay - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_FAILDELAY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FAILDELAY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 ---- old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 2013-09-19 10:02:05.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.8 2015-01-09 14:32:31.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_filter - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_FILTER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FILTER" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c ---- old/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_filter/pam_filter.c 2015-01-09 14:28:29.000000000 +0100 -@@ -341,6 +341,11 @@ - pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); - if (aterminal) { - (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); -+ close(fd[0]); -+ } else { -+ /* Socket pair */ -+ close(fd[0]); -+ close(fd[1]); - } - - return PAM_AUTH_ERR; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_filter/README new/Linux-PAM-1.1.8/modules/pam_filter/README ---- old/Linux-PAM-1.1.8/modules/pam_filter/README 2013-09-19 10:02:05.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_filter/README 2015-01-09 14:32:30.000000000 +0100 -@@ -45,17 +45,17 @@ - have read the pam(3) manual page. Basically, for each management group - there are up to two ways of calling the module's functions. In the case of - the authentication and session components there are actually two separate -- functions. For the case of authentication, these functions are -+ functions. For the case of authentication, these functions are - pam_authenticate(3) and pam_setcred(3), here run1 means run the filter from - the pam_authenticate function and run2 means run the filter from - pam_setcred. In the case of the session modules, run1 implies that the -- filter is invoked at the pam_open_session(3) stage, and run2 for -+ filter is invoked at the pam_open_session(3) stage, and run2 for - pam_close_session(3). - - For the case of the account component. Either run1 or run2 may be used. - - For the case of the password component, run1 is used to indicate that the -- filter is run on the first occasion of pam_chauthtok(3) (the -+ filter is run on the first occasion of pam_chauthtok(3) (the - PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run - on the second occasion (the PAM_UPDATE_AUTHTOK phase). - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 ---- old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 2013-09-19 10:02:06.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.8 2015-01-09 14:32:31.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_ftp - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_FTP" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_FTP" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c ---- old/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_ftp/pam_ftp.c 2015-01-09 14:28:29.000000000 +0100 -@@ -81,7 +81,7 @@ - char *list_copy, *x; - char *sptr = NULL; - -- list_copy = x_strdup(list); -+ list_copy = strdup(list); - x = list_copy; - while (list_copy && (l = strtok_r(x, ",", &sptr))) { - x = NULL; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_ftp/README new/Linux-PAM-1.1.8/modules/pam_ftp/README ---- old/Linux-PAM-1.1.8/modules/pam_ftp/README 2013-09-19 10:02:05.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_ftp/README 2015-01-09 14:32:31.000000000 +0100 -@@ -7,7 +7,7 @@ - pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of - access. - --This module intercepts the user's name and password. If the name is ftp or -+This module intercepts the user's name and password. If the name is ftp or - anonymous, the user's password is broken up at the @ delimiter into a PAM_RUSER - and a PAM_RHOST part; these pam-items being set accordingly. The username ( - PAM_USER) is set to ftp. In this case the module succeeds. Alternatively, the -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c new/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c ---- old/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_keyinit/pam_keyinit.c 2015-01-09 14:28:29.000000000 +0100 -@@ -218,7 +218,8 @@ - - if (uid != old_uid && setreuid(uid, -1) < 0) { - error(pamh, "Unable to change UID to %d temporarily\n", uid); -- setregid(old_gid, -1); -+ if (setregid(old_gid, -1) < 0) -+ error(pamh, "Unable to change GID back to %d\n", old_gid); - return PAM_SESSION_ERR; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in new/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_lastlog/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_lastlog --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_lastlog_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_lastlog_la_SOURCES = pam_lastlog.c - pam_lastlog_la_OBJECTS = pam_lastlog.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_lastlog.c - DIST_SOURCES = pam_lastlog.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_lastlog.la: $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_lastlog.la: $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_DEPENDENCIES) $(EXTRA_pam_lastlog_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_lastlog.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_lastlog.log: tst-pam_lastlog -+ @p='tst-pam_lastlog'; \ -+ b='tst-pam_lastlog'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_lastlog.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 ---- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 2013-09-19 10:02:08.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.8 2015-01-09 14:32:33.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_lastlog - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_LASTLOG" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LASTLOG" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c ---- old/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_lastlog/pam_lastlog.c 2015-01-09 14:28:29.000000000 +0100 -@@ -350,6 +350,8 @@ - return PAM_SERVICE_ERR; - } - -+ memset(&last_login, 0, sizeof(last_login)); -+ - /* set this login date */ - D(("set the most recent login time")); - (void) time(&ll_time); /* set the time */ -@@ -364,14 +366,12 @@ - } - - /* copy to last_login */ -- last_login.ll_host[0] = '\0'; - strncat(last_login.ll_host, remote_host, sizeof(last_login.ll_host)-1); - - /* set the terminal line */ - terminal_line = get_tty(pamh); - - /* copy to last_login */ -- last_login.ll_line[0] = '\0'; - strncat(last_login.ll_line, terminal_line, sizeof(last_login.ll_line)-1); - terminal_line = NULL; - -@@ -628,7 +628,8 @@ - lltime = (time(NULL) - lltime) / (24*60*60); - - if (lltime > inactive_days) { -- pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime); -+ pam_syslog(pamh, LOG_INFO, "user %s inactive for %ld days - denied", -+ user, (long) lltime); - return PAM_AUTH_ERR; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf ---- old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf 2015-01-09 14:28:29.000000000 +0100 -@@ -21,7 +21,7 @@ - # - data - max data size (KB) - # - fsize - maximum filesize (KB) - # - memlock - max locked-in-memory address space (KB) --# - nofile - max number of open files -+# - nofile - max number of open file descriptors - # - rss - max resident set size (KB) - # - stack - max stack size (KB) - # - cpu - max CPU time (MIN) -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 ---- old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 2013-09-19 10:02:08.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5 2015-01-09 14:32:34.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: limits.conf - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "LIMITS\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "LIMITS\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -202,7 +202,7 @@ - .PP - \fBnofile\fR - .RS 4 --maximum number of open files -+maximum number of open file descriptors - .RE - .PP - \fBrss\fR -@@ -232,13 +232,14 @@ - .PP - \fBmaxlogins\fR - .RS 4 --maximum number of logins for this user except for this with --\fIuid=0\fR -+maximum number of logins for this user (this limit does not apply to user with -+\fIuid=0\fR) - .RE - .PP - \fBmaxsyslogins\fR - .RS 4 --maximum number of all logins on system -+maximum number of all logins on system; user is not allowed to log\-in if total number of all users\*(Aq logins is greater than specified number (this limit does not apply to user with -+\fIuid=0\fR) - .RE - .PP - \fBpriority\fR -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml ---- old/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_limits/limits.conf.5.xml 2015-01-09 14:28:29.000000000 +0100 -@@ -178,7 +178,7 @@ - - - -- maximum number of open files -+ maximum number of open file descriptors - - - -@@ -214,14 +214,17 @@ - - - -- maximum number of logins for this user except -- for this with uid=0 -+ maximum number of logins for this user (this limit does -+ not apply to user with uid=0) - - - - - -- maximum number of all logins on system -+ maximum number of all logins on system; user is not -+ allowed to log-in if total number of all users' logins is -+ greater than specified number (this limit does not apply to -+ user with uid=0) - - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in new/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_limits/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_limits --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,39 +128,268 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ - "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_limits_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_limits_la_SOURCES = pam_limits.c - pam_limits_la_OBJECTS = pam_limits.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_limits.c - DIST_SOURCES = pam_limits.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man5dir = $(mandir)/man5 - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) $(secureconf_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -122,6 +397,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -132,6 +408,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -181,6 +458,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -204,6 +482,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -226,6 +506,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -261,7 +542,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -302,7 +582,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -333,9 +613,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -343,6 +623,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -358,14 +640,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_limits.la: $(pam_limits_la_OBJECTS) $(pam_limits_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_limits_la_OBJECTS) $(pam_limits_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_limits.la: $(pam_limits_la_OBJECTS) $(pam_limits_la_DEPENDENCIES) $(EXTRA_pam_limits_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_limits_la_OBJECTS) $(pam_limits_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -376,25 +661,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_limits.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -403,11 +688,18 @@ - -rm -rf .libs _libs - install-man5: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" -- @list=''; test -n "$(man5dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.5[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man5dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.5[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -436,16 +728,21 @@ - sed -n '/\.5[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -474,13 +771,14 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - install-secureconfDATA: $(secureconf_DATA) - @$(NORMAL_INSTALL) -- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ -+ fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ -@@ -494,30 +792,17 @@ - @$(NORMAL_UNINSTALL) - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ -- test -n "$$files" || exit 0; \ -- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -529,15 +814,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -546,116 +827,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_limits.log: tst-pam_limits -+ @p='tst-pam_limits'; \ -+ b='tst-pam_limits'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -703,11 +1057,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -797,22 +1159,22 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-data-local install-dvi install-dvi-am \ -- install-exec install-exec-am install-html install-html-am \ -- install-info install-info-am install-man install-man5 \ -- install-man8 install-pdf install-pdf-am install-ps \ -- install-ps-am install-secureconfDATA \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-data-local install-dvi \ -+ install-dvi-am install-exec install-exec-am install-html \ -+ install-html-am install-info install-info-am install-man \ -+ install-man5 install-man8 install-pdf install-pdf-am \ -+ install-ps install-ps-am install-secureconfDATA \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man5 \ -- uninstall-man8 uninstall-secureconfDATA \ -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ - uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_limits.8.xml limits.conf.5.xml -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 ---- old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 2013-09-19 10:02:08.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.8 2015-01-09 14:32:34.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_limits - .\" Author: [see the "AUTHORS" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_LIMITS" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_LIMITS" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c ---- old/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_limits/pam_limits.c 2015-01-09 14:28:29.000000000 +0100 -@@ -27,6 +27,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -269,16 +270,27 @@ - continue; - } - if (!pl->flag_numsyslogins) { -+ char user[sizeof(ut->UT_USER) + 1]; -+ user[0] = '\0'; -+ strncat(user, ut->UT_USER, sizeof(ut->UT_USER)); -+ - if (((pl->login_limit_def == LIMITS_DEF_USER) - || (pl->login_limit_def == LIMITS_DEF_GROUP) - || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) -- && strncmp(name, ut->UT_USER, sizeof(ut->UT_USER)) != 0) { -+ && strcmp(name, user) != 0) { - continue; - } - if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) -- && !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { -+ && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { - continue; - } -+ if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { -+ /* process does not exist anymore */ -+ pam_syslog(pamh, LOG_WARNING, -+ "Stale utmp entry (pid %d) for '%s' ignored", -+ ut->ut_pid, user); -+ continue; -+ } - } - if (++count > limit) { - break; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in new/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_listfile/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_listfile --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_listfile_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_listfile_la_SOURCES = pam_listfile.c - pam_listfile_la_OBJECTS = pam_listfile.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_listfile.c - DIST_SOURCES = pam_listfile.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_listfile.la: $(pam_listfile_la_OBJECTS) $(pam_listfile_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_listfile_la_OBJECTS) $(pam_listfile_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_listfile.la: $(pam_listfile_la_OBJECTS) $(pam_listfile_la_DEPENDENCIES) $(EXTRA_pam_listfile_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_listfile_la_OBJECTS) $(pam_listfile_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_listfile.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_listfile.log: tst-pam_listfile -+ @p='tst-pam_listfile'; \ -+ b='tst-pam_listfile'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_listfile.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 new/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 ---- old/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 2013-09-19 10:02:09.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_listfile/pam_listfile.8 2015-01-09 14:32:34.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_listfile - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_LISTFILE" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LISTFILE" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_listfile/README new/Linux-PAM-1.1.8/modules/pam_listfile/README ---- old/Linux-PAM-1.1.8/modules/pam_listfile/README 2013-09-19 10:02:09.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_listfile/README 2015-01-09 14:32:34.000000000 +0100 -@@ -7,7 +7,7 @@ - pam_listfile is a PAM module which provides a way to deny or allow services - based on an arbitrary file. - --The module gets the item of the type specified -- user specifies the username, -+The module gets the item of the type specified -- user specifies the username, - PAM_USER; tty specifies the name of the terminal over which the request has - been made, PAM_TTY; rhost specifies the name of the remote host (if any) from - which the request was made, PAM_RHOST; and ruser specifies the name of the -@@ -24,7 +24,7 @@ - - An additional argument, apply=, can be used to restrict the application of the - above to a specific user (apply=username) or a given group (apply=@groupname). --This added restriction is only meaningful when used with the tty, rhost and -+This added restriction is only meaningful when used with the tty, rhost and - shell items. - - Besides this last one, all arguments should be specified; do not count on any -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in new/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_localuser/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_localuser --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_localuser_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_localuser_la_SOURCES = pam_localuser.c - pam_localuser_la_OBJECTS = pam_localuser.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_localuser.c - DIST_SOURCES = pam_localuser.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_localuser.la: $(pam_localuser_la_OBJECTS) $(pam_localuser_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_localuser_la_OBJECTS) $(pam_localuser_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_localuser.la: $(pam_localuser_la_OBJECTS) $(pam_localuser_la_DEPENDENCIES) $(EXTRA_pam_localuser_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_localuser_la_OBJECTS) $(pam_localuser_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_localuser.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_localuser.log: tst-pam_localuser -+ @p='tst-pam_localuser'; \ -+ b='tst-pam_localuser'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_localuser.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 new/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 ---- old/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 2013-09-19 10:02:09.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_localuser/pam_localuser.8 2015-01-09 14:32:35.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_localuser - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_LOCALUSER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOCALUSER" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in new/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_loginuid/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_loginuid --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_loginuid_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_loginuid_la_SOURCES = pam_loginuid.c - pam_loginuid_la_OBJECTS = pam_loginuid.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_loginuid.c - DIST_SOURCES = pam_loginuid.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_loginuid.la: $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_loginuid.la: $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_DEPENDENCIES) $(EXTRA_pam_loginuid_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_loginuid.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_loginuid.log: tst-pam_loginuid -+ @p='tst-pam_loginuid'; \ -+ b='tst-pam_loginuid'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_loginuid.8.xml -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 ---- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 2013-09-19 10:02:10.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8 2015-01-09 14:32:35.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_loginuid - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_LOGINUID" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_LOGINUID" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -49,9 +49,19 @@ - .SH "RETURN VALUES" - .PP - .PP -+PAM_SUCCESS -+.RS 4 -+The loginuid value is set and auditd is running if check requested\&. -+.RE -+.PP -+PAM_IGNORE -+.RS 4 -+The /proc/self/loginuid file is not present on the system or the login process runs inside uid namespace and kernel does not support overwriting loginuid\&. -+.RE -+.PP - PAM_SESSION_ERR - .RS 4 --An error occurred during session management\&. -+Any other error prevented setting loginuid or auditd is not running\&. - .RE - .SH "EXAMPLES" - .sp -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml ---- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.8.xml 2015-01-09 14:28:29.000000000 +0100 -@@ -69,14 +69,31 @@ - - - -+ PAM_SUCCESS -+ -+ -+ The loginuid value is set and auditd is running if check requested. -+ -+ -+ -+ -+ PAM_IGNORE -+ -+ -+ The /proc/self/loginuid file is not present on the system or the -+ login process runs inside uid namespace and kernel does not support -+ overwriting loginuid. -+ -+ -+ -+ - PAM_SESSION_ERR - - -- An error occurred during session management. -+ Any other error prevented setting loginuid or auditd is not running. - - - -- - - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c ---- old/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_loginuid/pam_loginuid.c 2015-01-09 14:28:29.000000000 +0100 -@@ -47,25 +47,56 @@ - - /* - * This function writes the loginuid to the /proc system. It returns -- * 0 on success and 1 on failure. -+ * PAM_SUCCESS on success, -+ * PAM_IGNORE when /proc/self/loginuid does not exist, -+ * PAM_SESSION_ERR in case of any other error. - */ - static int set_loginuid(pam_handle_t *pamh, uid_t uid) - { -- int fd, count, rc = 0; -- char loginuid[24]; -+ int fd, count, rc = PAM_SESSION_ERR; -+ char loginuid[24], buf[24]; -+ static const char host_uid_map[] = " 0 0 4294967295\n"; -+ char uid_map[sizeof(host_uid_map)]; -+ -+ /* loginuid in user namespaces currently isn't writable and in some -+ case, not even readable, so consider any failure as ignorable (but try -+ anyway, in case we hit a kernel which supports it). */ -+ fd = open("/proc/self/uid_map", O_RDONLY); -+ if (fd >= 0) { -+ count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); -+ if (strncmp(uid_map, host_uid_map, count) != 0) -+ rc = PAM_IGNORE; -+ close(fd); -+ } - -- count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); -- fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); -+ fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); - if (fd < 0) { -- if (errno != ENOENT) { -- rc = 1; -- pam_syslog(pamh, LOG_ERR, -- "Cannot open /proc/self/loginuid: %m"); -+ if (errno == ENOENT) { -+ rc = PAM_IGNORE; -+ } -+ if (rc != PAM_IGNORE) { -+ pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", -+ "/proc/self/loginuid"); - } - return rc; - } -- if (pam_modutil_write(fd, loginuid, count) != count) -- rc = 1; -+ -+ count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); -+ if (pam_modutil_read(fd, buf, sizeof(buf)) == count && -+ memcmp(buf, loginuid, count) == 0) { -+ rc = PAM_SUCCESS; -+ goto done; /* already correct */ -+ } -+ if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && -+ pam_modutil_write(fd, loginuid, count) == count) { -+ rc = PAM_SUCCESS; -+ } else { -+ if (rc != PAM_IGNORE) { -+ pam_syslog(pamh, LOG_ERR, "Error writing %s: %m", -+ "/proc/self/loginuid"); -+ } -+ } -+ done: - close(fd); - return rc; - } -@@ -165,6 +196,7 @@ - { - const char *user = NULL; - struct passwd *pwd; -+ int ret; - #ifdef HAVE_LIBAUDIT - int require_auditd = 0; - #endif -@@ -183,9 +215,14 @@ - return PAM_SESSION_ERR; - } - -- if (set_loginuid(pamh, pwd->pw_uid)) { -- pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); -- return PAM_SESSION_ERR; -+ ret = set_loginuid(pamh, pwd->pw_uid); -+ switch (ret) { -+ case PAM_SUCCESS: -+ case PAM_IGNORE: -+ break; -+ default: -+ pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); -+ return ret; - } - - #ifdef HAVE_LIBAUDIT -@@ -195,11 +232,12 @@ - argv++; - } - -- if (require_auditd) -- return check_auditd(); -- else -+ if (require_auditd) { -+ int rc = check_auditd(); -+ return rc != PAM_SUCCESS ? rc : ret; -+ } else - #endif -- return PAM_SUCCESS; -+ return ret; - } - - /* -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in new/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mail/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_mail --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_mail_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_mail_la_SOURCES = pam_mail.c - pam_mail_la_OBJECTS = pam_mail.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_mail.c - DIST_SOURCES = pam_mail.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_mail.la: $(pam_mail_la_OBJECTS) $(pam_mail_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_mail_la_OBJECTS) $(pam_mail_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_mail.la: $(pam_mail_la_OBJECTS) $(pam_mail_la_DEPENDENCIES) $(EXTRA_pam_mail_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_mail_la_OBJECTS) $(pam_mail_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mail.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_mail.log: tst-pam_mail -+ @p='tst-pam_mail'; \ -+ b='tst-pam_mail'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_mail.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 new/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 ---- old/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 2013-09-19 10:02:10.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mail/pam_mail.8 2015-01-09 14:32:36.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_mail - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_MAIL" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MAIL" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mail/README new/Linux-PAM-1.1.8/modules/pam_mail/README ---- old/Linux-PAM-1.1.8/modules/pam_mail/README 2013-09-19 10:02:10.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mail/README 2015-01-09 14:32:36.000000000 +0100 -@@ -45,7 +45,7 @@ - - nopen - -- Don't print any mail information on login. This flag is useful to get the -+ Don't print any mail information on login. This flag is useful to get the - MAIL environment variable set, but to not display any information about it. - - quiet -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in new/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -23,6 +22,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -44,7 +88,9 @@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - sbin_PROGRAMS = mkhomedir_helper$(EXEEXT) - subdir = modules/pam_mkhomedir --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -85,45 +131,275 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ - "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_mkhomedir_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - am_pam_mkhomedir_la_OBJECTS = pam_mkhomedir.lo - pam_mkhomedir_la_OBJECTS = $(am_pam_mkhomedir_la_OBJECTS) --pam_mkhomedir_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -- $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+pam_mkhomedir_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ -+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ -+ $(AM_CFLAGS) $(CFLAGS) $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) \ -+ -o $@ - PROGRAMS = $(sbin_PROGRAMS) - am_mkhomedir_helper_OBJECTS = mkhomedir_helper.$(OBJEXT) - mkhomedir_helper_OBJECTS = $(am_mkhomedir_helper_OBJECTS) - mkhomedir_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) - DIST_SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -131,6 +407,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -141,6 +418,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -190,6 +468,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -213,6 +492,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -235,6 +516,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -270,7 +552,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -312,7 +593,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -343,9 +624,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -353,6 +634,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -368,24 +651,32 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) -- $(pam_mkhomedir_la_LINK) -rpath $(securelibdir) $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $(EXTRA_pam_mkhomedir_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(pam_mkhomedir_la_LINK) -rpath $(securelibdir) $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_LIBADD) $(LIBS) - install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) -- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ -+ fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ -- while read p p1; do if test -f $$p || test -f $$p1; \ -- then echo "$$p"; echo "$$p"; else :; fi; \ -+ while read p p1; do if test -f $$p \ -+ || test -f $$p1 \ -+ ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ -- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -+ sed -e 'p;s,.*/,,;n;h' \ -+ -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ -@@ -406,7 +697,8 @@ - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -- -e 's/$$/$(EXEEXT)/' `; \ -+ -e 's/$$/$(EXEEXT)/' \ -+ `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files -@@ -419,9 +711,10 @@ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list --mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) -+ -+mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) $(EXTRA_mkhomedir_helper_DEPENDENCIES) - @rm -f mkhomedir_helper$(EXEEXT) -- $(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS) -+ $(AM_V_CCLD)$(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -433,25 +726,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -460,11 +753,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -493,30 +793,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -528,15 +815,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -545,116 +828,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_mkhomedir.log: tst-pam_mkhomedir -+ @p='tst-pam_mkhomedir'; \ -+ b='tst-pam_mkhomedir'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -702,11 +1058,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -795,20 +1159,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-generic clean-libtool clean-sbinPROGRAMS \ -- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ -- distclean-generic distclean-libtool distclean-tags distdir dvi \ -- dvi-am html html-am info info-am install install-am \ -- install-data install-data-am install-dvi install-dvi-am \ -- install-exec install-exec-am install-html install-html-am \ -- install-info install-info-am install-man install-man8 \ -- install-pdf install-pdf-am install-ps install-ps-am \ -- install-sbinPROGRAMS install-securelibLTLIBRARIES \ -- install-strip installcheck installcheck-am installdirs \ -- maintainer-clean maintainer-clean-generic mostlyclean \ -- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ -- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ -+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ -+ distclean distclean-compile distclean-generic \ -+ distclean-libtool distclean-tags distdir dvi dvi-am html \ -+ html-am info info-am install install-am install-data \ -+ install-data-am install-dvi install-dvi-am install-exec \ -+ install-exec-am install-html install-html-am install-info \ -+ install-info-am install-man install-man8 install-pdf \ -+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ -+ install-securelibLTLIBRARIES install-strip installcheck \ -+ installcheck-am installdirs maintainer-clean \ -+ maintainer-clean-generic mostlyclean mostlyclean-compile \ -+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ - uninstall-man8 uninstall-sbinPROGRAMS \ - uninstall-securelibLTLIBRARIES - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 ---- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 2013-09-19 10:02:11.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.8 2015-01-09 14:32:37.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: mkhomedir_helper - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "MKHOMEDIR_HELPER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "MKHOMEDIR_HELPER" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c ---- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/mkhomedir_helper.c 2015-01-09 14:28:29.000000000 +0100 -@@ -231,7 +231,7 @@ - if ((srcfd = open(newsource, O_RDONLY)) < 0 || fstat(srcfd, &st) != 0) - { - pam_syslog(NULL, LOG_DEBUG, -- "unable to open src file %s: %m", newsource); -+ "unable to open or stat src file %s: %m", newsource); - closedir(d); - - #ifndef PATH_MAX -@@ -241,20 +241,6 @@ - - return PAM_PERM_DENIED; - } -- if (stat(newsource, &st) != 0) -- { -- pam_syslog(NULL, LOG_DEBUG, "unable to stat src file %s: %m", -- newsource); -- close(srcfd); -- closedir(d); -- --#ifndef PATH_MAX -- free(newsource); newsource = NULL; -- free(newdest); newdest = NULL; --#endif -- -- return PAM_PERM_DENIED; -- } - - /* Open the dest file */ - if ((destfd = open(newdest, O_WRONLY | O_TRUNC | O_CREAT, 0600)) < 0) -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 ---- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 2013-09-19 10:02:11.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.8 2015-01-09 14:32:36.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_mkhomedir - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_MKHOMEDIR" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_MKHOMEDIR" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c ---- old/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_mkhomedir/pam_mkhomedir.c 2015-01-09 14:28:29.000000000 +0100 -@@ -58,8 +58,6 @@ - #include - #include - --#define MAX_FD_NO 10000 -- - /* argument parsing */ - #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ - #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ -@@ -103,14 +101,14 @@ - /* Do the actual work of creating a home dir */ - static int - create_homedir (pam_handle_t *pamh, options_t *opt, -- const struct passwd *pwd) -+ const char *user, const char *dir) - { - int retval, child; - struct sigaction newsa, oldsa; - - /* Mention what is happening, if the notification fails that is OK */ - if (!(opt->ctrl & MKHOMEDIR_QUIET)) -- pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); -+ pam_info(pamh, _("Creating directory '%s'."), dir); - - - D(("called.")); -@@ -131,26 +129,21 @@ - /* fork */ - child = fork(); - if (child == 0) { -- int i; -- struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL, NULL }; -+ const char *args[] = { NULL, NULL, NULL, NULL, NULL }; - -- if (getrlimit(RLIMIT_NOFILE, &rlim)==0) { -- if (rlim.rlim_max >= MAX_FD_NO) -- rlim.rlim_max = MAX_FD_NO; -- for (i=0; i < (int)rlim.rlim_max; i++) { -- close(i); -- } -- } -+ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, -+ PAM_MODUTIL_PIPE_FD, -+ PAM_MODUTIL_PIPE_FD) < 0) -+ _exit(PAM_SYSTEM_ERR); - - /* exec the mkhomedir helper */ -- args[0] = x_strdup(MKHOMEDIR_HELPER); -- args[1] = pwd->pw_name; -- args[2] = x_strdup(opt->umask); -- args[3] = x_strdup(opt->skeldir); -+ args[0] = MKHOMEDIR_HELPER; -+ args[1] = user; -+ args[2] = opt->umask; -+ args[3] = opt->skeldir; - -- execve(MKHOMEDIR_HELPER, args, envp); -+ execve(MKHOMEDIR_HELPER, (char *const *) args, envp); - - /* should not get here: exit with error */ - D(("helper binary is not available")); -@@ -181,7 +174,7 @@ - - if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { - pam_error(pamh, _("Unable to create and initialize directory '%s'."), -- pwd->pw_dir); -+ dir); - } - - D(("returning %d", retval)); -@@ -230,7 +223,7 @@ - return PAM_SUCCESS; - } - -- return create_homedir(pamh, &opt, pwd); -+ return create_homedir(pamh, &opt, user, pwd->pw_dir); - } - - /* Ignore */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in new/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in 2013-09-19 10:01:34.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_motd/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_motd --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_motd_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_motd_la_SOURCES = pam_motd.c - pam_motd_la_OBJECTS = pam_motd.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_motd.c - DIST_SOURCES = pam_motd.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_motd.la: $(pam_motd_la_OBJECTS) $(pam_motd_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_motd_la_OBJECTS) $(pam_motd_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_motd.la: $(pam_motd_la_OBJECTS) $(pam_motd_la_DEPENDENCIES) $(EXTRA_pam_motd_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_motd_la_OBJECTS) $(pam_motd_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_motd.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_motd.log: tst-pam_motd -+ @p='tst-pam_motd'; \ -+ b='tst-pam_motd'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_motd.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 new/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 ---- old/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 2013-09-19 10:02:12.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_motd/pam_motd.8 2015-01-09 14:32:37.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_motd - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_MOTD" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_MOTD" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in new/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_namespace/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -24,6 +23,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -44,8 +88,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_namespace --DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ -- $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -86,6 +131,12 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" \ - "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(man5dir)" \ - "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" -@@ -96,36 +147,259 @@ - @HAVE_UNSHARE_TRUE@am_pam_namespace_la_OBJECTS = pam_namespace.lo \ - @HAVE_UNSHARE_TRUE@ md5.lo argv_parse.lo - pam_namespace_la_OBJECTS = $(am_pam_namespace_la_OBJECTS) -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = - @HAVE_UNSHARE_TRUE@am_pam_namespace_la_rpath = -rpath $(securelibdir) - SCRIPTS = $(secureconf_SCRIPTS) -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = $(pam_namespace_la_SOURCES) - DIST_SOURCES = $(am__pam_namespace_la_SOURCES_DIST) -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man5dir = $(mandir)/man5 - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) $(secureconf_DATA) - HEADERS = $(noinst_HEADERS) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -133,6 +407,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -143,6 +418,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -192,6 +468,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -215,6 +492,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -237,6 +516,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -272,7 +552,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -317,7 +596,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -348,9 +627,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -358,6 +637,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -373,18 +654,24 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_namespace.la: $(pam_namespace_la_OBJECTS) $(pam_namespace_la_DEPENDENCIES) -- $(LINK) $(am_pam_namespace_la_rpath) $(pam_namespace_la_OBJECTS) $(pam_namespace_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_namespace.la: $(pam_namespace_la_OBJECTS) $(pam_namespace_la_DEPENDENCIES) $(EXTRA_pam_namespace_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) $(am_pam_namespace_la_rpath) $(pam_namespace_la_OBJECTS) $(pam_namespace_la_LIBADD) $(LIBS) - install-secureconfSCRIPTS: $(secureconf_SCRIPTS) - @$(NORMAL_INSTALL) -- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" - @list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ -+ fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ -@@ -412,9 +699,7 @@ - @list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || exit 0; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 's,.*/,,;$(transform)'`; \ -- test -n "$$list" || exit 0; \ -- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files -+ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -427,25 +712,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_namespace.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -454,11 +739,18 @@ - -rm -rf .libs _libs - install-man5: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" -- @list=''; test -n "$(man5dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.5[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man5dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.5[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -487,16 +779,21 @@ - sed -n '/\.5[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -525,13 +822,14 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - install-secureconfDATA: $(secureconf_DATA) - @$(NORMAL_INSTALL) -- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ -+ fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ -@@ -545,30 +843,17 @@ - @$(NORMAL_UNINSTALL) - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ -- test -n "$$files" || exit 0; \ -- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -580,15 +865,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -597,116 +878,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_namespace.log: tst-pam_namespace -+ @p='tst-pam_namespace'; \ -+ b='tst-pam_namespace'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -754,11 +1108,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -849,23 +1211,24 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-data-local install-dvi install-dvi-am \ -- install-exec install-exec-am install-html install-html-am \ -- install-info install-info-am install-man install-man5 \ -- install-man8 install-pdf install-pdf-am install-ps \ -- install-ps-am install-secureconfDATA install-secureconfSCRIPTS \ -- install-securelibLTLIBRARIES install-strip installcheck \ -- installcheck-am installdirs maintainer-clean \ -- maintainer-clean-generic mostlyclean mostlyclean-compile \ -- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man5 \ -- uninstall-man8 uninstall-secureconfDATA \ -- uninstall-secureconfSCRIPTS uninstall-securelibLTLIBRARIES -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-data-local install-dvi \ -+ install-dvi-am install-exec install-exec-am install-html \ -+ install-html-am install-info install-info-am install-man \ -+ install-man5 install-man8 install-pdf install-pdf-am \ -+ install-ps install-ps-am install-secureconfDATA \ -+ install-secureconfSCRIPTS install-securelibLTLIBRARIES \ -+ install-strip installcheck installcheck-am installdirs \ -+ maintainer-clean maintainer-clean-generic mostlyclean \ -+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ -+ pdf pdf-am ps ps-am recheck tags tags-am uninstall \ -+ uninstall-am uninstall-man uninstall-man5 uninstall-man8 \ -+ uninstall-secureconfDATA uninstall-secureconfSCRIPTS \ -+ uninstall-securelibLTLIBRARIES - - - @HAVE_UNSHARE_TRUE@install-data-local: -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 ---- old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 2013-09-19 10:02:12.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.conf.5 2015-01-09 14:32:38.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: namespace.conf - .\" Author: [see the "AUTHORS" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "NAMESPACE\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "NAMESPACE\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init ---- old/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_namespace/namespace.init 2015-01-09 14:28:29.000000000 +0100 -@@ -1,4 +1,4 @@ --#!/bin/sh -p -+#!/bin/sh - # It receives polydir path as $1, the instance path as $2, - # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, - # and user name in $4. -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 ---- old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 2013-09-19 10:02:12.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.8 2015-01-09 14:32:38.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_namespace - .\" Author: [see the "AUTHORS" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_NAMESPACE" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_NAMESPACE" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c ---- old/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_namespace/pam_namespace.c 2015-01-09 14:28:29.000000000 +0100 -@@ -1205,6 +1205,11 @@ - _exit(1); - } - #endif -+ /* Pass maximum privs when we exec() */ -+ if (setuid(geteuid()) < 0) { -+ /* ignore failures, they don't matter */ -+ } -+ - if (execle(init_script, init_script, - polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) - _exit(1); -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_namespace/README new/Linux-PAM-1.1.8/modules/pam_namespace/README ---- old/Linux-PAM-1.1.8/modules/pam_namespace/README 2013-09-19 10:02:12.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_namespace/README 2015-01-09 14:32:37.000000000 +0100 -@@ -173,7 +173,7 @@ - - The directory where polyinstantiated instances are to be created, must exist - and must have, by default, the mode of 0000. The requirement that the instance --parent be of mode 0000 can be overridden with the command line option -+parent be of mode 0000 can be overridden with the command line option - ignore_instance_parent_mode - - In case of context or level polyinstantiation the SELinux context which is used -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in new/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_nologin/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_nologin --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_nologin_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_nologin_la_SOURCES = pam_nologin.c - pam_nologin_la_OBJECTS = pam_nologin.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_nologin.c - DIST_SOURCES = pam_nologin.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_nologin.la: $(pam_nologin_la_OBJECTS) $(pam_nologin_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_nologin_la_OBJECTS) $(pam_nologin_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_nologin.la: $(pam_nologin_la_OBJECTS) $(pam_nologin_la_DEPENDENCIES) $(EXTRA_pam_nologin_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_nologin_la_OBJECTS) $(pam_nologin_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_nologin.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_nologin.log: tst-pam_nologin -+ @p='tst-pam_nologin'; \ -+ b='tst-pam_nologin'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_nologin.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 new/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 ---- old/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 2013-09-19 10:02:13.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_nologin/pam_nologin.8 2015-01-09 14:32:38.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_nologin - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_NOLOGIN" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_NOLOGIN" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in new/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_permit/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_permit --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_permit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_permit_la_SOURCES = pam_permit.c - pam_permit_la_OBJECTS = pam_permit.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_permit.c - DIST_SOURCES = pam_permit.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_permit.la: $(pam_permit_la_OBJECTS) $(pam_permit_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_permit_la_OBJECTS) $(pam_permit_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_permit.la: $(pam_permit_la_OBJECTS) $(pam_permit_la_DEPENDENCIES) $(EXTRA_pam_permit_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_permit_la_OBJECTS) $(pam_permit_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_permit.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_permit.log: tst-pam_permit -+ @p='tst-pam_permit'; \ -+ b='tst-pam_permit'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_permit.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 new/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 ---- old/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 2013-09-19 10:02:13.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_permit/pam_permit.8 2015-01-09 14:32:39.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_permit - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_PERMIT" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_PERMIT" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in new/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_pwhistory/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -22,6 +21,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -42,8 +86,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_pwhistory --DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ -- $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -84,38 +129,267 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_pwhistory_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - am_pam_pwhistory_la_OBJECTS = pam_pwhistory.lo opasswd.lo - pam_pwhistory_la_OBJECTS = $(am_pam_pwhistory_la_OBJECTS) -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = $(pam_pwhistory_la_SOURCES) - DIST_SOURCES = $(pam_pwhistory_la_SOURCES) -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) - HEADERS = $(noinst_HEADERS) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -123,6 +397,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -133,6 +408,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -182,6 +458,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -205,6 +482,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -227,6 +506,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -262,7 +542,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -300,7 +579,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -331,9 +610,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -341,6 +620,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -356,14 +637,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_pwhistory.la: $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_pwhistory.la: $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_DEPENDENCIES) $(EXTRA_pam_pwhistory_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -375,25 +659,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -402,11 +686,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -435,30 +726,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -470,15 +748,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -487,116 +761,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_pwhistory.log: tst-pam_pwhistory -+ @p='tst-pam_pwhistory'; \ -+ b='tst-pam_pwhistory'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -644,11 +991,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -736,21 +1091,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_pwhistory.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c new/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c ---- old/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_pwhistory/opasswd.c 2015-01-09 14:28:29.000000000 +0100 -@@ -82,10 +82,15 @@ - { - const char delimiters[] = ":"; - char *endptr; -+ char *count; - - data->user = strsep (&line, delimiters); - data->uid = strsep (&line, delimiters); -- data->count = strtol (strsep (&line, delimiters), &endptr, 10); -+ count = strsep (&line, delimiters); -+ if (count == NULL) -+ return 1; -+ -+ data->count = strtol (count, &endptr, 10); - if (endptr != NULL && *endptr != '\0') - return 1; - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 new/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 ---- old/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 2013-09-19 10:02:14.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_pwhistory/pam_pwhistory.8 2015-01-09 14:32:39.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_pwhistory - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_PWHISTORY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_PWHISTORY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in new/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_rhosts/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_rhosts --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_rhosts_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_rhosts_la_SOURCES = pam_rhosts.c - pam_rhosts_la_OBJECTS = pam_rhosts.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_rhosts.c - DIST_SOURCES = pam_rhosts.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_rhosts.la: $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_rhosts.la: $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_DEPENDENCIES) $(EXTRA_pam_rhosts_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rhosts.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_rhosts.log: tst-pam_rhosts -+ @p='tst-pam_rhosts'; \ -+ b='tst-pam_rhosts'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_rhosts.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 new/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 ---- old/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 2013-09-19 10:02:14.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_rhosts/pam_rhosts.8 2015-01-09 14:32:40.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_rhosts - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_RHOSTS" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_RHOSTS" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rhosts/README new/Linux-PAM-1.1.8/modules/pam_rhosts/README ---- old/Linux-PAM-1.1.8/modules/pam_rhosts/README 2013-09-19 10:02:14.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_rhosts/README 2015-01-09 14:32:39.000000000 +0100 -@@ -17,7 +17,7 @@ - personal configuration file. - - The module authenticates a remote user (internally specified by the item --PAM_RUSER connecting from the remote host (internally specified by the item -+PAM_RUSER connecting from the remote host (internally specified by the item - PAM_RHOST). Accordingly, for applications to be compatible this authentication - module they must set these items prior to calling pam_authenticate(). The - module is not capable of independently probing the network connection for such -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in new/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_rootok/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -42,7 +86,9 @@ - @HAVE_LIBSELINUX_TRUE@am__append_1 = -DWITH_SELINUX - @HAVE_VERSIONING_TRUE@am__append_2 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_rootok --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -83,37 +129,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_rootok_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_rootok_la_SOURCES = pam_rootok.c - pam_rootok_la_OBJECTS = pam_rootok.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_rootok.c - DIST_SOURCES = pam_rootok.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -121,6 +396,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -131,6 +407,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -180,6 +457,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -203,6 +481,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -225,6 +505,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -260,7 +541,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -297,7 +577,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -328,9 +608,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -338,6 +618,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -353,14 +635,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_rootok.la: $(pam_rootok_la_OBJECTS) $(pam_rootok_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_rootok_la_OBJECTS) $(pam_rootok_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_rootok.la: $(pam_rootok_la_OBJECTS) $(pam_rootok_la_DEPENDENCIES) $(EXTRA_pam_rootok_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_rootok_la_OBJECTS) $(pam_rootok_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -371,25 +656,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rootok.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -398,11 +683,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -431,30 +723,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -466,15 +745,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -483,116 +758,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_rootok.log: tst-pam_rootok -+ @p='tst-pam_rootok'; \ -+ b='tst-pam_rootok'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -640,11 +988,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -732,21 +1088,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_rootok.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 new/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 ---- old/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 2013-09-19 10:02:15.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_rootok/pam_rootok.8 2015-01-09 14:32:40.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_rootok - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_ROOTOK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_ROOTOK" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in new/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_securetty/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_securetty --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_securetty_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_securetty_la_SOURCES = pam_securetty.c - pam_securetty_la_OBJECTS = pam_securetty.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_securetty.c - DIST_SOURCES = pam_securetty.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_securetty.la: $(pam_securetty_la_OBJECTS) $(pam_securetty_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_securetty_la_OBJECTS) $(pam_securetty_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_securetty.la: $(pam_securetty_la_OBJECTS) $(pam_securetty_la_DEPENDENCIES) $(EXTRA_pam_securetty_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_securetty_la_OBJECTS) $(pam_securetty_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_securetty.log: tst-pam_securetty -+ @p='tst-pam_securetty'; \ -+ b='tst-pam_securetty'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_securetty.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 ---- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 2013-09-19 10:02:15.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.8 2015-01-09 14:32:41.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_securetty - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SECURETTY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SECURETTY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c ---- old/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_securetty/pam_securetty.c 2015-01-09 14:28:29.000000000 +0100 -@@ -159,11 +159,10 @@ - if (cmdlinefile != NULL) { - char line[LINE_MAX], *p; - -- line[0] = 0; -- fgets(line, sizeof(line), cmdlinefile); -+ p = fgets(line, sizeof(line), cmdlinefile); - fclose(cmdlinefile); - -- for (p = line; p; p = strstr(p+1, "console=")) { -+ for (; p; p = strstr(p+1, "console=")) { - char *e; - - /* Test whether this is a beginning of a word? */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in new/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_selinux/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -22,6 +21,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -43,7 +87,9 @@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - @HAVE_LIBSELINUX_TRUE@noinst_PROGRAMS = pam_selinux_check$(EXEEXT) - subdir = modules/pam_selinux --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -84,14 +130,25 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_selinux_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_selinux_la_SOURCES = pam_selinux.c - pam_selinux_la_OBJECTS = pam_selinux.lo --pam_selinux_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -- $(pam_selinux_la_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+pam_selinux_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ -+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ -+ $(AM_CFLAGS) $(CFLAGS) $(pam_selinux_la_LDFLAGS) $(LDFLAGS) -o \ -+ $@ - @HAVE_LIBSELINUX_TRUE@am_pam_selinux_la_rpath = -rpath $(securelibdir) - PROGRAMS = $(noinst_PROGRAMS) - pam_selinux_check_SOURCES = pam_selinux_check.c -@@ -99,32 +156,251 @@ - @HAVE_LIBSELINUX_TRUE@pam_selinux_check_DEPENDENCIES = \ - @HAVE_LIBSELINUX_TRUE@ $(top_builddir)/libpam/libpam.la \ - @HAVE_LIBSELINUX_TRUE@ $(top_builddir)/libpam_misc/libpam_misc.la -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_selinux.c pam_selinux_check.c - DIST_SOURCES = pam_selinux.c pam_selinux_check.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -132,6 +408,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -142,6 +419,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -191,6 +469,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -214,6 +493,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -236,6 +517,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -271,7 +553,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -315,7 +596,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -346,9 +627,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -356,6 +637,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -371,14 +654,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_selinux.la: $(pam_selinux_la_OBJECTS) $(pam_selinux_la_DEPENDENCIES) -- $(pam_selinux_la_LINK) $(am_pam_selinux_la_rpath) $(pam_selinux_la_OBJECTS) $(pam_selinux_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_selinux.la: $(pam_selinux_la_OBJECTS) $(pam_selinux_la_DEPENDENCIES) $(EXTRA_pam_selinux_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(pam_selinux_la_LINK) $(am_pam_selinux_la_rpath) $(pam_selinux_la_OBJECTS) $(pam_selinux_la_LIBADD) $(LIBS) - - clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ -@@ -388,9 +674,10 @@ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list --pam_selinux_check$(EXEEXT): $(pam_selinux_check_OBJECTS) $(pam_selinux_check_DEPENDENCIES) -+ -+pam_selinux_check$(EXEEXT): $(pam_selinux_check_OBJECTS) $(pam_selinux_check_DEPENDENCIES) $(EXTRA_pam_selinux_check_DEPENDENCIES) - @rm -f pam_selinux_check$(EXEEXT) -- $(LINK) $(pam_selinux_check_OBJECTS) $(pam_selinux_check_LDADD) $(LIBS) -+ $(AM_V_CCLD)$(LINK) $(pam_selinux_check_OBJECTS) $(pam_selinux_check_LDADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -402,25 +689,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux_check.Po@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -429,11 +716,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -462,30 +756,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -497,15 +778,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -514,116 +791,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_selinux.log: tst-pam_selinux -+ @p='tst-pam_selinux'; \ -+ b='tst-pam_selinux'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -671,11 +1021,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -763,21 +1121,22 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-generic clean-libtool clean-noinstPROGRAMS \ -- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ -- distclean-generic distclean-libtool distclean-tags distdir dvi \ -- dvi-am html html-am info info-am install install-am \ -- install-data install-data-am install-dvi install-dvi-am \ -- install-exec install-exec-am install-html install-html-am \ -- install-info install-info-am install-man install-man8 \ -- install-pdf install-pdf-am install-ps install-ps-am \ -+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ -+ distclean distclean-compile distclean-generic \ -+ distclean-libtool distclean-tags distdir dvi dvi-am html \ -+ html-am info info-am install install-am install-data \ -+ install-data-am install-dvi install-dvi-am install-exec \ -+ install-exec-am install-html install-html-am install-info \ -+ install-info-am install-man install-man8 install-pdf \ -+ install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_selinux.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 ---- old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 2013-06-18 16:26:03.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.8 2015-01-09 14:32:41.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_selinux - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 06/18/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SELINUX" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c ---- old/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_selinux/pam_selinux.c 2015-01-09 14:28:29.000000000 +0100 -@@ -491,12 +491,17 @@ - char *level = NULL; - security_context_t *contextlist = NULL; - int num_contexts = 0; -+ const struct passwd *pwd; - - if (!(username = get_item(pamh, PAM_USER))) { - pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name"); - return PAM_USER_UNKNOWN; - } - -+ if ((pwd = pam_modutil_getpwnam(pamh, username)) != NULL) { -+ username = pwd->pw_name; -+ } /* ignore error and keep using original username */ -+ - /* compute execute context */ - #ifdef HAVE_GETSEUSER - if (!(service = get_item(pamh, PAM_SERVICE))) { -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in new/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_sepermit/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -22,6 +21,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -42,7 +86,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_sepermit --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -83,44 +129,274 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ - "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_sepermit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_sepermit_la_SOURCES = pam_sepermit.c - pam_sepermit_la_OBJECTS = pam_sepermit.lo --pam_sepermit_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -- $(pam_sepermit_la_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+pam_sepermit_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ -+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ -+ $(AM_CFLAGS) $(CFLAGS) $(pam_sepermit_la_LDFLAGS) $(LDFLAGS) \ -+ -o $@ - @HAVE_LIBSELINUX_TRUE@am_pam_sepermit_la_rpath = -rpath \ - @HAVE_LIBSELINUX_TRUE@ $(securelibdir) -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_sepermit.c - DIST_SOURCES = pam_sepermit.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man5dir = $(mandir)/man5 - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) $(secureconf_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -128,6 +404,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -138,6 +415,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -187,6 +465,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -210,6 +489,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -232,6 +513,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -267,7 +549,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -310,7 +591,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -341,9 +622,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -351,6 +632,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -366,14 +649,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_sepermit.la: $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_DEPENDENCIES) -- $(pam_sepermit_la_LINK) $(am_pam_sepermit_la_rpath) $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_sepermit.la: $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_DEPENDENCIES) $(EXTRA_pam_sepermit_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(pam_sepermit_la_LINK) $(am_pam_sepermit_la_rpath) $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -384,25 +670,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_sepermit.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -411,11 +697,18 @@ - -rm -rf .libs _libs - install-man5: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" -- @list=''; test -n "$(man5dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.5[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man5dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.5[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -444,16 +737,21 @@ - sed -n '/\.5[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -482,13 +780,14 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - install-secureconfDATA: $(secureconf_DATA) - @$(NORMAL_INSTALL) -- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ -+ fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ -@@ -502,30 +801,17 @@ - @$(NORMAL_UNINSTALL) - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ -- test -n "$$files" || exit 0; \ -- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) -+ -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -537,15 +823,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -554,116 +836,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_sepermit.log: tst-pam_sepermit -+ @p='tst-pam_sepermit'; \ -+ b='tst-pam_sepermit'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -711,11 +1066,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -806,22 +1169,22 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-data-local install-dvi install-dvi-am \ -- install-exec install-exec-am install-html install-html-am \ -- install-info install-info-am install-man install-man5 \ -- install-man8 install-pdf install-pdf-am install-ps \ -- install-ps-am install-secureconfDATA \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-data-local install-dvi \ -+ install-dvi-am install-exec install-exec-am install-html \ -+ install-html-am install-info install-info-am install-man \ -+ install-man5 install-man8 install-pdf install-pdf-am \ -+ install-ps install-ps-am install-secureconfDATA \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man5 \ -- uninstall-man8 uninstall-secureconfDATA \ -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ - uninstall-securelibLTLIBRARIES - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 new/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 ---- old/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 2013-06-18 16:26:03.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_sepermit/pam_sepermit.8 2015-01-09 14:32:41.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_sepermit - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 06/18/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SEPERMIT" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SEPERMIT" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 new/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 ---- old/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 2013-06-18 16:26:04.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_sepermit/sepermit.conf.5 2015-01-09 14:32:42.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: sepermit.conf - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 06/18/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "SEPERMIT\&.CONF" "5" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "SEPERMIT\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in new/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_shells/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_shells --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_shells_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_shells_la_SOURCES = pam_shells.c - pam_shells_la_OBJECTS = pam_shells.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_shells.c - DIST_SOURCES = pam_shells.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_shells.la: $(pam_shells_la_OBJECTS) $(pam_shells_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_shells_la_OBJECTS) $(pam_shells_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_shells.la: $(pam_shells_la_OBJECTS) $(pam_shells_la_DEPENDENCIES) $(EXTRA_pam_shells_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_shells_la_OBJECTS) $(pam_shells_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_shells.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_shells.log: tst-pam_shells -+ @p='tst-pam_shells'; \ -+ b='tst-pam_shells'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_shells.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 new/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 ---- old/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 2013-09-19 10:02:16.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_shells/pam_shells.8 2015-01-09 14:32:42.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_shells - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_SHELLS" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_SHELLS" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in new/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_stress/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -20,6 +19,51 @@ - # - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -40,7 +84,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_stress --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -81,33 +127,262 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_stress_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_stress_la_SOURCES = pam_stress.c - pam_stress_la_OBJECTS = pam_stress.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_stress.c - DIST_SOURCES = pam_stress.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -115,6 +390,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -125,6 +401,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -174,6 +451,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -197,6 +475,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -219,6 +499,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -254,7 +535,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -286,7 +566,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -317,9 +597,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -327,6 +607,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -342,14 +624,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_stress.la: $(pam_stress_la_OBJECTS) $(pam_stress_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_stress_la_OBJECTS) $(pam_stress_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_stress.la: $(pam_stress_la_OBJECTS) $(pam_stress_la_DEPENDENCIES) $(EXTRA_pam_stress_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_stress_la_OBJECTS) $(pam_stress_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -360,25 +645,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_stress.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -386,26 +671,15 @@ - clean-libtool: - -rm -rf .libs _libs - --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -417,15 +691,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -434,101 +704,187 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_stress.log: tst-pam_stress -+ @p='tst-pam_stress'; \ -+ b='tst-pam_stress'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ -@@ -578,11 +934,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -667,19 +1031,20 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-pdf install-pdf-am \ -- install-ps install-ps-am install-securelibLTLIBRARIES \ -- install-strip installcheck installcheck-am installdirs \ -- maintainer-clean maintainer-clean-generic mostlyclean \ -- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ -- pdf pdf-am ps ps-am tags uninstall uninstall-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-pdf \ -+ install-pdf-am install-ps install-ps-am \ -+ install-securelibLTLIBRARIES install-strip installcheck \ -+ installcheck-am installdirs maintainer-clean \ -+ maintainer-clean-generic mostlyclean mostlyclean-compile \ -+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -+ recheck tags tags-am uninstall uninstall-am \ - uninstall-securelibLTLIBRARIES - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in new/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_succeed_if/Makefile.in 2015-01-09 14:29:52.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_succeed_if --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_succeed_if_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_succeed_if_la_SOURCES = pam_succeed_if.c - pam_succeed_if_la_OBJECTS = pam_succeed_if.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_succeed_if.c - DIST_SOURCES = pam_succeed_if.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_succeed_if.la: $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_succeed_if.la: $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_DEPENDENCIES) $(EXTRA_pam_succeed_if_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_succeed_if_la_OBJECTS) $(pam_succeed_if_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_succeed_if.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_succeed_if.log: tst-pam_succeed_if -+ @p='tst-pam_succeed_if'; \ -+ b='tst-pam_succeed_if'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_succeed_if.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 ---- old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 2013-09-19 10:02:17.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.8 2015-01-09 14:32:43.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_succeed_if - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM - .\" Source: Linux-PAM - .\" Language: English - .\" --.TH "PAM_SUCCEED_IF" "8" "09/19/2013" "Linux-PAM" "Linux\-PAM" -+.TH "PAM_SUCCEED_IF" "8" "01/09/2015" "Linux-PAM" "Linux\-PAM" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c ---- old/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_succeed_if/pam_succeed_if.c 2015-01-09 14:28:29.000000000 +0100 -@@ -68,20 +68,20 @@ - * PAM_SERVICE_ERR if the arguments can't be parsed as numbers. */ - static int - evaluate_num(const pam_handle_t *pamh, const char *left, -- const char *right, int (*cmp)(int, int)) -+ const char *right, int (*cmp)(long long, long long)) - { -- long l, r; -+ long long l, r; - char *p; - int ret = PAM_SUCCESS; - - errno = 0; -- l = strtol(left, &p, 0); -+ l = strtoll(left, &p, 0); - if ((p == NULL) || (*p != '\0') || errno) { - pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", left); - ret = PAM_SERVICE_ERR; - } - -- r = strtol(right, &p, 0); -+ r = strtoll(right, &p, 0); - if ((p == NULL) || (*p != '\0') || errno) { - pam_syslog(pamh, LOG_INFO, "\"%s\" is not a number", right); - ret = PAM_SERVICE_ERR; -@@ -96,32 +96,32 @@ - - /* Simple numeric comparison callbacks. */ - static int --eq(int i, int j) -+eq(long long i, long long j) - { - return i == j; - } - static int --ne(int i, int j) -+ne(long long i, long long j) - { - return i != j; - } - static int --lt(int i, int j) -+lt(long long i, long long j) - { - return i < j; - } - static int --le(int i, int j) -+le(long long i, long long j) - { - return lt(i, j) || eq(i, j); - } - static int --gt(int i, int j) -+gt(long long i, long long j) - { - return i > j; - } - static int --ge(int i, int j) -+ge(long long i, long long j) - { - return gt(i, j) || eq(i, j); - } -@@ -298,7 +298,7 @@ - } - if (strcasecmp(left, "rhost") == 0) { - const void *rhost; -- if (pam_get_item(pamh, PAM_SERVICE, &rhost) != PAM_SUCCESS || -+ if (pam_get_item(pamh, PAM_RHOST, &rhost) != PAM_SUCCESS || - rhost == NULL) - rhost = ""; - snprintf(buf, sizeof(buf), "%s", (const char *)rhost); -@@ -306,7 +306,7 @@ - } - if (strcasecmp(left, "tty") == 0) { - const void *tty; -- if (pam_get_item(pamh, PAM_SERVICE, &tty) != PAM_SUCCESS || -+ if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS || - tty == NULL) - tty = ""; - snprintf(buf, sizeof(buf), "%s", (const char *)tty); -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in new/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tally/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -23,6 +22,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -44,8 +88,9 @@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - sbin_PROGRAMS = pam_tally$(EXEEXT) - subdir = modules/pam_tally --DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ -- $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -86,46 +131,275 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ - "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_tally_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_tally_la_SOURCES = pam_tally.c - pam_tally_la_OBJECTS = pam_tally.lo --pam_tally_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+pam_tally_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(pam_tally_la_LDFLAGS) $(LDFLAGS) -o $@ - PROGRAMS = $(sbin_PROGRAMS) - am_pam_tally_OBJECTS = pam_tally_app.$(OBJEXT) - pam_tally_OBJECTS = $(am_pam_tally_OBJECTS) - pam_tally_LDADD = $(LDADD) -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_tally.c $(pam_tally_SOURCES) - DIST_SOURCES = pam_tally.c $(pam_tally_SOURCES) -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) - HEADERS = $(noinst_HEADERS) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -133,6 +407,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -143,6 +418,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -192,6 +468,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -215,6 +492,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -237,6 +516,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -272,7 +552,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -311,7 +590,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -342,9 +621,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -352,6 +631,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -367,24 +648,32 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_tally.la: $(pam_tally_la_OBJECTS) $(pam_tally_la_DEPENDENCIES) -- $(pam_tally_la_LINK) -rpath $(securelibdir) $(pam_tally_la_OBJECTS) $(pam_tally_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_tally.la: $(pam_tally_la_OBJECTS) $(pam_tally_la_DEPENDENCIES) $(EXTRA_pam_tally_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(pam_tally_la_LINK) -rpath $(securelibdir) $(pam_tally_la_OBJECTS) $(pam_tally_la_LIBADD) $(LIBS) - install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) -- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ -+ fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ -- while read p p1; do if test -f $$p || test -f $$p1; \ -- then echo "$$p"; echo "$$p"; else :; fi; \ -+ while read p p1; do if test -f $$p \ -+ || test -f $$p1 \ -+ ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ -- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -+ sed -e 'p;s,.*/,,;n;h' \ -+ -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ -@@ -405,7 +694,8 @@ - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -- -e 's/$$/$(EXEEXT)/' `; \ -+ -e 's/$$/$(EXEEXT)/' \ -+ `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files -@@ -418,9 +708,10 @@ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list --pam_tally$(EXEEXT): $(pam_tally_OBJECTS) $(pam_tally_DEPENDENCIES) -+ -+pam_tally$(EXEEXT): $(pam_tally_OBJECTS) $(pam_tally_DEPENDENCIES) $(EXTRA_pam_tally_DEPENDENCIES) - @rm -f pam_tally$(EXEEXT) -- $(LINK) $(pam_tally_OBJECTS) $(pam_tally_LDADD) $(LIBS) -+ $(AM_V_CCLD)$(LINK) $(pam_tally_OBJECTS) $(pam_tally_LDADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -432,25 +723,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally_app.Po@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -459,11 +750,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -492,30 +790,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -527,15 +812,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -544,116 +825,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_tally.log: tst-pam_tally -+ @p='tst-pam_tally'; \ -+ b='tst-pam_tally'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -701,11 +1055,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -794,20 +1156,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-generic clean-libtool clean-sbinPROGRAMS \ -- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ -- distclean-generic distclean-libtool distclean-tags distdir dvi \ -- dvi-am html html-am info info-am install install-am \ -- install-data install-data-am install-dvi install-dvi-am \ -- install-exec install-exec-am install-html install-html-am \ -- install-info install-info-am install-man install-man8 \ -- install-pdf install-pdf-am install-ps install-ps-am \ -- install-sbinPROGRAMS install-securelibLTLIBRARIES \ -- install-strip installcheck installcheck-am installdirs \ -- maintainer-clean maintainer-clean-generic mostlyclean \ -- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ -- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ -+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ -+ distclean distclean-compile distclean-generic \ -+ distclean-libtool distclean-tags distdir dvi dvi-am html \ -+ html-am info info-am install install-am install-data \ -+ install-data-am install-dvi install-dvi-am install-exec \ -+ install-exec-am install-html install-html-am install-info \ -+ install-info-am install-man install-man8 install-pdf \ -+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ -+ install-securelibLTLIBRARIES install-strip installcheck \ -+ installcheck-am installdirs maintainer-clean \ -+ maintainer-clean-generic mostlyclean mostlyclean-compile \ -+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ - uninstall-man8 uninstall-sbinPROGRAMS \ - uninstall-securelibLTLIBRARIES - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 new/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 ---- old/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 2013-09-19 10:02:17.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tally/pam_tally.8 2015-01-09 14:32:43.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_tally - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_TALLY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TALLY" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally/README new/Linux-PAM-1.1.8/modules/pam_tally/README ---- old/Linux-PAM-1.1.8/modules/pam_tally/README 2013-09-19 10:02:17.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tally/README 2015-01-09 14:32:43.000000000 +0100 -@@ -32,7 +32,7 @@ - - onerr=[fail|succeed] - -- If something weird happens (like unable to open the file), return with -+ If something weird happens (like unable to open the file), return with - PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM - error code. - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in new/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tally2/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -24,6 +23,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -45,8 +89,9 @@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - sbin_PROGRAMS = pam_tally2$(EXEEXT) - subdir = modules/pam_tally2 --DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ -- $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -87,6 +132,12 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ - "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) -@@ -95,7 +146,11 @@ - $(am__DEPENDENCIES_1) - am_pam_tally2_la_OBJECTS = pam_tally2.lo - pam_tally2_la_OBJECTS = $(am_pam_tally2_la_OBJECTS) --pam_tally2_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+pam_tally2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(pam_tally2_la_LDFLAGS) $(LDFLAGS) -o $@ - PROGRAMS = $(sbin_PROGRAMS) -@@ -103,33 +158,252 @@ - pam_tally2_OBJECTS = $(am_pam_tally2_OBJECTS) - pam_tally2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ - $(am__DEPENDENCIES_1) -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES) - DIST_SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES) -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) - HEADERS = $(noinst_HEADERS) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -137,6 +411,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -147,6 +422,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -196,6 +472,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -219,6 +496,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -241,6 +520,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -276,7 +556,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -317,7 +596,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -348,9 +627,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -358,6 +637,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -373,24 +654,32 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) -- $(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) $(EXTRA_pam_tally2_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS) - install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) -- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ -+ fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ -- while read p p1; do if test -f $$p || test -f $$p1; \ -- then echo "$$p"; echo "$$p"; else :; fi; \ -+ while read p p1; do if test -f $$p \ -+ || test -f $$p1 \ -+ ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ -- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -+ sed -e 'p;s,.*/,,;n;h' \ -+ -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ -@@ -411,7 +700,8 @@ - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -- -e 's/$$/$(EXEEXT)/' `; \ -+ -e 's/$$/$(EXEEXT)/' \ -+ `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files -@@ -424,9 +714,10 @@ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list --pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) -+ -+pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) $(EXTRA_pam_tally2_DEPENDENCIES) - @rm -f pam_tally2$(EXEEXT) -- $(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS) -+ $(AM_V_CCLD)$(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -438,25 +729,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2_app.Po@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -465,11 +756,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -498,30 +796,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -533,15 +818,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -550,116 +831,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_tally2.log: tst-pam_tally2 -+ @p='tst-pam_tally2'; \ -+ b='tst-pam_tally2'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -707,11 +1061,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -800,20 +1162,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-generic clean-libtool clean-sbinPROGRAMS \ -- clean-securelibLTLIBRARIES ctags distclean distclean-compile \ -- distclean-generic distclean-libtool distclean-tags distdir dvi \ -- dvi-am html html-am info info-am install install-am \ -- install-data install-data-am install-dvi install-dvi-am \ -- install-exec install-exec-am install-html install-html-am \ -- install-info install-info-am install-man install-man8 \ -- install-pdf install-pdf-am install-ps install-ps-am \ -- install-sbinPROGRAMS install-securelibLTLIBRARIES \ -- install-strip installcheck installcheck-am installdirs \ -- maintainer-clean maintainer-clean-generic mostlyclean \ -- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ -- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ -+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ -+ distclean distclean-compile distclean-generic \ -+ distclean-libtool distclean-tags distdir dvi dvi-am html \ -+ html-am info info-am install install-am install-data \ -+ install-data-am install-dvi install-dvi-am install-exec \ -+ install-exec-am install-html install-html-am install-info \ -+ install-info-am install-man install-man8 install-pdf \ -+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ -+ install-securelibLTLIBRARIES install-strip installcheck \ -+ installcheck-am installdirs maintainer-clean \ -+ maintainer-clean-generic mostlyclean mostlyclean-compile \ -+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ - uninstall-man8 uninstall-sbinPROGRAMS \ - uninstall-securelibLTLIBRARIES - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 ---- old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 2013-09-19 10:02:18.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.8 2015-01-09 14:32:43.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_tally2 - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_TALLY2" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TALLY2" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c ---- old/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tally2/pam_tally2.c 2015-01-09 14:28:29.000000000 +0100 -@@ -451,11 +451,8 @@ - alarm(oldalarm); - } - -- if (fileinfo.st_size < (off_t)(uid+1)*(off_t)sizeof(*tally)) { -+ if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { - memset(tally, 0, sizeof(*tally)); -- } else if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { -- memset(tally, 0, sizeof(*tally)); -- /* Shouldn't happen */ - } - - tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tally2/README new/Linux-PAM-1.1.8/modules/pam_tally2/README ---- old/Linux-PAM-1.1.8/modules/pam_tally2/README 2013-09-19 10:02:18.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tally2/README 2015-01-09 14:32:43.000000000 +0100 -@@ -28,7 +28,7 @@ - - onerr=[fail|succeed] - -- If something weird happens (like unable to open the file), return with -+ If something weird happens (like unable to open the file), return with - PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM - error code. - -@@ -108,7 +108,7 @@ - magic_root - - If the module is invoked by a user with uid=0 the counter is not -- changed. The sysadmin should use this for user launched services, like -+ changed. The sysadmin should use this for user launched services, like - su, otherwise this argument should be omitted. - - NOTES -@@ -117,7 +117,7 @@ - is caused by requirement of compatibility of the tallylog file format between - 32bit and 64bit architectures on multiarch systems. - --There is no setuid wrapper for access to the data file such as when the -+There is no setuid wrapper for access to the data file such as when the - pam_tally2.so module is called from xscreensaver. As this would make it - impossible to share PAM configuration with such services the following - workaround is used: If the data file cannot be opened because of insufficient -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_time/Makefile.in new/Linux-PAM-1.1.8/modules/pam_time/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_time/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_time/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_time --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,39 +128,268 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ - "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_time_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_time_la_SOURCES = pam_time.c - pam_time_la_OBJECTS = pam_time.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_time.c - DIST_SOURCES = pam_time.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man5dir = $(mandir)/man5 - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) $(secureconf_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -122,6 +397,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -132,6 +408,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -181,6 +458,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -204,6 +482,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -226,6 +506,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -261,7 +542,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -300,7 +580,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -331,9 +611,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -341,6 +621,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -356,14 +638,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_time.la: $(pam_time_la_OBJECTS) $(pam_time_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_time_la_OBJECTS) $(pam_time_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_time.la: $(pam_time_la_OBJECTS) $(pam_time_la_DEPENDENCIES) $(EXTRA_pam_time_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_time_la_OBJECTS) $(pam_time_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -374,25 +659,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_time.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -401,11 +686,18 @@ - -rm -rf .libs _libs - install-man5: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" -- @list=''; test -n "$(man5dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.5[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man5dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.5[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -434,16 +726,21 @@ - sed -n '/\.5[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -472,13 +769,14 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - install-secureconfDATA: $(secureconf_DATA) - @$(NORMAL_INSTALL) -- test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \ -+ fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ -@@ -492,30 +790,17 @@ - @$(NORMAL_UNINSTALL) - @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ -- test -n "$$files" || exit 0; \ -- echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -527,15 +812,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -544,116 +825,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_time.log: tst-pam_time -+ @p='tst-pam_time'; \ -+ b='tst-pam_time'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -701,11 +1055,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -795,20 +1157,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man5 install-man8 \ -- install-pdf install-pdf-am install-ps install-ps-am \ -- install-secureconfDATA install-securelibLTLIBRARIES \ -- install-strip installcheck installcheck-am installdirs \ -- maintainer-clean maintainer-clean-generic mostlyclean \ -- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ -- pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man5 \ -+ install-man8 install-pdf install-pdf-am install-ps \ -+ install-ps-am install-secureconfDATA \ -+ install-securelibLTLIBRARIES install-strip installcheck \ -+ installcheck-am installdirs maintainer-clean \ -+ maintainer-clean-generic mostlyclean mostlyclean-compile \ -+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ - uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ - uninstall-securelibLTLIBRARIES - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 new/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 ---- old/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 2013-09-19 10:02:19.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_time/pam_time.8 2015-01-09 14:32:44.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_time - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_TIME" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" -+.TH "PAM_TIME" "8" "01/09/2015" "Linux-PAM Manual" "Linux-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 new/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 ---- old/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 2013-09-19 10:02:18.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_time/time.conf.5 2015-01-09 14:32:44.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: time.conf - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "TIME\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "TIME\&.CONF" "5" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in new/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in 2013-09-19 10:01:35.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_timestamp/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -24,6 +23,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -47,8 +91,9 @@ - sbin_PROGRAMS = pam_timestamp_check$(EXEEXT) - noinst_PROGRAMS = hmacfile$(EXEEXT) - subdir = modules/pam_timestamp --DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ -- $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -89,6 +134,12 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ - "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) -@@ -96,9 +147,14 @@ - am_pam_timestamp_la_OBJECTS = pam_timestamp_la-pam_timestamp.lo \ - pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo - pam_timestamp_la_OBJECTS = $(am_pam_timestamp_la_OBJECTS) --pam_timestamp_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pam_timestamp_la_CFLAGS) \ -- $(CFLAGS) $(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+pam_timestamp_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ -+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ -+ $(pam_timestamp_la_CFLAGS) $(CFLAGS) \ -+ $(pam_timestamp_la_LDFLAGS) $(LDFLAGS) -o $@ - PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS) - am_hmacfile_OBJECTS = hmacfile.$(OBJEXT) hmacsha1.$(OBJEXT) \ - sha1.$(OBJEXT) -@@ -108,40 +164,259 @@ - pam_timestamp_check-pam_timestamp_check.$(OBJEXT) - pam_timestamp_check_OBJECTS = $(am_pam_timestamp_check_OBJECTS) - pam_timestamp_check_DEPENDENCIES = $(top_builddir)/libpam/libpam.la --pam_timestamp_check_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -- $(LIBTOOLFLAGS) --mode=link $(CCLD) \ -+pam_timestamp_check_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ -+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(pam_timestamp_check_CFLAGS) $(CFLAGS) \ - $(pam_timestamp_check_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \ - $(pam_timestamp_check_SOURCES) - DIST_SOURCES = $(pam_timestamp_la_SOURCES) $(hmacfile_SOURCES) \ - $(pam_timestamp_check_SOURCES) -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) - HEADERS = $(noinst_HEADERS) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck - am__EXEEXT_1 = hmacfile$(EXEEXT) -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -149,6 +424,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -159,6 +435,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -208,6 +485,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -231,6 +509,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -253,6 +533,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -288,7 +569,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -335,7 +615,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -366,9 +646,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -376,6 +656,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -391,14 +673,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_timestamp.la: $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_DEPENDENCIES) -- $(pam_timestamp_la_LINK) -rpath $(securelibdir) $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_timestamp.la: $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_DEPENDENCIES) $(EXTRA_pam_timestamp_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(pam_timestamp_la_LINK) -rpath $(securelibdir) $(pam_timestamp_la_OBJECTS) $(pam_timestamp_la_LIBADD) $(LIBS) - - clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ -@@ -410,14 +695,19 @@ - rm -f $$list - install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) -- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ -+ fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ -- while read p p1; do if test -f $$p || test -f $$p1; \ -- then echo "$$p"; echo "$$p"; else :; fi; \ -+ while read p p1; do if test -f $$p \ -+ || test -f $$p1 \ -+ ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ -- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -+ sed -e 'p;s,.*/,,;n;h' \ -+ -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ -@@ -438,7 +728,8 @@ - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -- -e 's/$$/$(EXEEXT)/' `; \ -+ -e 's/$$/$(EXEEXT)/' \ -+ `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files -@@ -451,12 +742,14 @@ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list --hmacfile$(EXEEXT): $(hmacfile_OBJECTS) $(hmacfile_DEPENDENCIES) -+ -+hmacfile$(EXEEXT): $(hmacfile_OBJECTS) $(hmacfile_DEPENDENCIES) $(EXTRA_hmacfile_DEPENDENCIES) - @rm -f hmacfile$(EXEEXT) -- $(LINK) $(hmacfile_OBJECTS) $(hmacfile_LDADD) $(LIBS) --pam_timestamp_check$(EXEEXT): $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) $(hmacfile_OBJECTS) $(hmacfile_LDADD) $(LIBS) -+ -+pam_timestamp_check$(EXEEXT): $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_DEPENDENCIES) $(EXTRA_pam_timestamp_check_DEPENDENCIES) - @rm -f pam_timestamp_check$(EXEEXT) -- $(pam_timestamp_check_LINK) $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_LDADD) $(LIBS) -+ $(AM_V_CCLD)$(pam_timestamp_check_LINK) $(pam_timestamp_check_OBJECTS) $(pam_timestamp_check_LDADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -473,60 +766,60 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Po@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - pam_timestamp_la-pam_timestamp.lo: pam_timestamp.c --@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-pam_timestamp.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo $(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_timestamp.c' object='pam_timestamp_la-pam_timestamp.lo' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-pam_timestamp.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-pam_timestamp.Tpo $(DEPDIR)/pam_timestamp_la-pam_timestamp.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pam_timestamp.c' object='pam_timestamp_la-pam_timestamp.lo' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo '$(srcdir)/'`pam_timestamp.c - - pam_timestamp_la-hmacsha1.lo: hmacsha1.c --@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmacsha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo $(DEPDIR)/pam_timestamp_la-hmacsha1.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmacsha1.c' object='pam_timestamp_la-hmacsha1.lo' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-hmacsha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-hmacsha1.Tpo $(DEPDIR)/pam_timestamp_la-hmacsha1.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hmacsha1.c' object='pam_timestamp_la-hmacsha1.lo' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo '$(srcdir)/'`hmacsha1.c - - pam_timestamp_la-sha1.lo: sha1.c --@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-sha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-sha1.Tpo -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_la-sha1.Tpo $(DEPDIR)/pam_timestamp_la-sha1.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='sha1.c' object='pam_timestamp_la-sha1.lo' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -MT pam_timestamp_la-sha1.lo -MD -MP -MF $(DEPDIR)/pam_timestamp_la-sha1.Tpo -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_la-sha1.Tpo $(DEPDIR)/pam_timestamp_la-sha1.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='sha1.c' object='pam_timestamp_la-sha1.lo' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_la_CFLAGS) $(CFLAGS) -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo '$(srcdir)/'`sha1.c - - pam_timestamp_check-pam_timestamp_check.o: pam_timestamp_check.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.o -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.o -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo '$(srcdir)/'`pam_timestamp_check.c - - pam_timestamp_check-pam_timestamp_check.obj: pam_timestamp_check.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.obj -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -MT pam_timestamp_check-pam_timestamp_check.obj -MD -MP -MF $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Tpo $(DEPDIR)/pam_timestamp_check-pam_timestamp_check.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='pam_timestamp_check.c' object='pam_timestamp_check-pam_timestamp_check.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(pam_timestamp_check_CFLAGS) $(CFLAGS) -c -o pam_timestamp_check-pam_timestamp_check.obj `if test -f 'pam_timestamp_check.c'; then $(CYGPATH_W) 'pam_timestamp_check.c'; else $(CYGPATH_W) '$(srcdir)/pam_timestamp_check.c'; fi` - - mostlyclean-libtool: - -rm -f *.lo -@@ -535,11 +828,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -568,30 +868,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) -+ -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -603,15 +890,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -620,116 +903,196 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_timestamp.log: tst-pam_timestamp -+ @p='tst-pam_timestamp'; \ -+ b='tst-pam_timestamp'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+hmacfile.log: hmacfile$(EXEEXT) -+ @p='hmacfile$(EXEEXT)'; \ -+ b='hmacfile'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -777,11 +1140,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -870,22 +1241,23 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-generic clean-libtool clean-noinstPROGRAMS \ -- clean-sbinPROGRAMS clean-securelibLTLIBRARIES ctags distclean \ -- distclean-compile distclean-generic distclean-libtool \ -- distclean-tags distdir dvi dvi-am html html-am info info-am \ -- install install-am install-data install-data-am install-dvi \ -- install-dvi-am install-exec install-exec-am install-html \ -- install-html-am install-info install-info-am install-man \ -- install-man8 install-pdf install-pdf-am install-ps \ -- install-ps-am install-sbinPROGRAMS \ -+ clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \ -+ ctags ctags-am distclean distclean-compile distclean-generic \ -+ distclean-libtool distclean-tags distdir dvi dvi-am html \ -+ html-am info info-am install install-am install-data \ -+ install-data-am install-dvi install-dvi-am install-exec \ -+ install-exec-am install-html install-html-am install-info \ -+ install-info-am install-man install-man8 install-pdf \ -+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-sbinPROGRAMS \ -+ uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_timestamp.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 ---- old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 2013-09-19 10:02:19.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.8 2015-01-09 14:32:45.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_timestamp - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_TIMESTAMP" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TIMESTAMP" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c ---- old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp.c 2015-01-09 14:28:29.000000000 +0100 -@@ -158,7 +158,7 @@ - tty = strrchr(tty, '/') + 1; - } - /* Make sure the tty wasn't actually a directory (no basename). */ -- if (strlen(tty) == 0) { -+ if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { - return NULL; - } - return tty; -@@ -243,6 +243,17 @@ - if (pwd != NULL) { - ruser = pwd->pw_name; - } -+ } else { -+ /* -+ * This ruser is used by format_timestamp_name as a component -+ * of constructed timestamp pathname, so ".", "..", and '/' -+ * are disallowed to avoid potential path traversal issues. -+ */ -+ if (!strcmp(ruser, ".") || -+ !strcmp(ruser, "..") || -+ strchr(ruser, '/')) { -+ ruser = NULL; -+ } - } - if (ruser == NULL || strlen(ruser) >= ruserbuflen) { - *ruserbuf = '\0'; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 ---- old/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 2013-09-19 10:02:19.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_timestamp/pam_timestamp_check.8 2015-01-09 14:32:45.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_timestamp_check - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_TIMESTAMP_CHECK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TIMESTAMP_CHECK" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in new/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in 2013-09-19 10:01:36.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_tty_audit --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,40 +128,269 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - @HAVE_AUDIT_TTY_STATUS_TRUE@pam_tty_audit_la_DEPENDENCIES = \ - @HAVE_AUDIT_TTY_STATUS_TRUE@ $(top_builddir)/libpam/libpam.la - pam_tty_audit_la_SOURCES = pam_tty_audit.c - pam_tty_audit_la_OBJECTS = pam_tty_audit.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = - @HAVE_AUDIT_TTY_STATUS_TRUE@am_pam_tty_audit_la_rpath = -rpath \ - @HAVE_AUDIT_TTY_STATUS_TRUE@ $(securelibdir) -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_tty_audit.c - DIST_SOURCES = pam_tty_audit.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -123,6 +398,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -133,6 +409,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -182,6 +459,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -205,6 +483,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -227,6 +507,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -262,7 +543,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -297,7 +577,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -328,9 +608,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -338,6 +618,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -353,14 +635,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_tty_audit.la: $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_DEPENDENCIES) -- $(LINK) $(am_pam_tty_audit_la_rpath) $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_tty_audit.la: $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_DEPENDENCIES) $(EXTRA_pam_tty_audit_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) $(am_pam_tty_audit_la_rpath) $(pam_tty_audit_la_OBJECTS) $(pam_tty_audit_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -371,25 +656,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tty_audit.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -398,11 +683,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -431,30 +723,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -466,15 +745,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -483,116 +758,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_tty_audit.log: tst-pam_tty_audit -+ @p='tst-pam_tty_audit'; \ -+ b='tst-pam_tty_audit'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -640,11 +988,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -732,21 +1088,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_tty_audit.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 ---- old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 2013-09-04 15:47:58.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.8 2015-01-09 14:32:45.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_tty_audit - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/04/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_TTY_AUDIT" "8" "09/04/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_TTY_AUDIT" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c ---- old/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2013-08-28 10:53:40.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/pam_tty_audit.c 2015-01-09 14:28:29.000000000 +0100 -@@ -36,6 +36,7 @@ - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - DAMAGE. */ - -+#include "config.h" - #include - #include - #include -@@ -108,7 +109,7 @@ - struct msghdr msg; - struct nlmsghdr nlm; - struct iovec iov[2]; -- ssize_t res; -+ ssize_t res, resdiff; - - again: - iov[0].iov_base = &nlm; -@@ -119,6 +120,7 @@ - msg.msg_iovlen = 1; - msg.msg_control = NULL; - msg.msg_controllen = 0; -+ msg.msg_flags = 0; - if (type != NLMSG_ERROR) - { - res = recvmsg (fd, &msg, MSG_PEEK); -@@ -160,12 +162,17 @@ - res = recvmsg (fd, &msg, 0); - if (res == -1) - return -1; -- if ((size_t)res != NLMSG_LENGTH (size) -+ resdiff = NLMSG_LENGTH(size) - (size_t)res; -+ if (resdiff < 0 - || nlm.nlmsg_type != type) - { - errno = EIO; - return -1; - } -+ else if (resdiff > 0) -+ { -+ memset((char *)buf + size - resdiff, 0, resdiff); -+ } - return 0; - } - -@@ -275,6 +282,8 @@ - return PAM_SESSION_ERR; - } - -+ memcpy(&new_status, old_status, sizeof(new_status)); -+ - new_status.enabled = (command == CMD_ENABLE ? 1 : 0); - #ifdef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD - new_status.log_passwd = log_passwd; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_tty_audit/README new/Linux-PAM-1.1.8/modules/pam_tty_audit/README ---- old/Linux-PAM-1.1.8/modules/pam_tty_audit/README 2013-09-19 10:02:20.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_tty_audit/README 2015-01-09 14:32:45.000000000 +0100 -@@ -42,7 +42,7 @@ - users is explicitly disabled. Therefore, it is recommended to use disable=* as - the first option for most daemons using PAM. - --To view the data that was logged by the kernel to audit use the command -+To view the data that was logged by the kernel to audit use the command - aureport --tty. - - EXAMPLES -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in new/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in 2013-09-19 10:01:36.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_umask/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_umask --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_umask_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_umask_la_SOURCES = pam_umask.c - pam_umask_la_OBJECTS = pam_umask.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_umask.c - DIST_SOURCES = pam_umask.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_umask.la: $(pam_umask_la_OBJECTS) $(pam_umask_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_umask_la_OBJECTS) $(pam_umask_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_umask.la: $(pam_umask_la_OBJECTS) $(pam_umask_la_DEPENDENCIES) $(EXTRA_pam_umask_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_umask_la_OBJECTS) $(pam_umask_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_umask.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_umask.log: tst-pam_umask -+ @p='tst-pam_umask'; \ -+ b='tst-pam_umask'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_umask.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 new/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 ---- old/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 2013-09-19 10:02:20.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_umask/pam_umask.8 2015-01-09 14:32:46.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_umask - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_UMASK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UMASK" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in new/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in 2013-09-19 10:01:36.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -23,6 +22,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -47,8 +91,9 @@ - noinst_PROGRAMS = bigcrypt$(EXEEXT) - @STATIC_MODULES_TRUE@am__append_3 = pam_unix_static.c - subdir = modules/pam_unix --DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ -- $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -89,6 +134,12 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ - "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) -@@ -104,7 +155,11 @@ - pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ - yppasswd_xdr.lo md5_good.lo md5_broken.lo $(am__objects_1) - pam_unix_la_OBJECTS = $(am_pam_unix_la_OBJECTS) --pam_unix_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+pam_unix_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(pam_unix_la_LDFLAGS) $(LDFLAGS) -o $@ - PROGRAMS = $(noinst_PROGRAMS) $(sbin_PROGRAMS) -@@ -112,9 +167,9 @@ - bigcrypt-bigcrypt_main.$(OBJEXT) - bigcrypt_OBJECTS = $(am_bigcrypt_OBJECTS) - bigcrypt_DEPENDENCIES = --bigcrypt_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(bigcrypt_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+bigcrypt_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(bigcrypt_CFLAGS) \ -+ $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ - am_unix_chkpwd_OBJECTS = unix_chkpwd-unix_chkpwd.$(OBJEXT) \ - unix_chkpwd-md5_good.$(OBJEXT) \ - unix_chkpwd-md5_broken.$(OBJEXT) \ -@@ -122,7 +177,7 @@ - unix_chkpwd-passverify.$(OBJEXT) - unix_chkpwd_OBJECTS = $(am_unix_chkpwd_OBJECTS) - unix_chkpwd_DEPENDENCIES = --unix_chkpwd_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -+unix_chkpwd_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(unix_chkpwd_CFLAGS) \ - $(CFLAGS) $(unix_chkpwd_LDFLAGS) $(LDFLAGS) -o $@ - am_unix_update_OBJECTS = unix_update-unix_update.$(OBJEXT) \ -@@ -132,38 +187,257 @@ - unix_update-passverify.$(OBJEXT) - unix_update_OBJECTS = $(am_unix_update_OBJECTS) - unix_update_DEPENDENCIES = --unix_update_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -+unix_update_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(unix_update_CFLAGS) \ - $(CFLAGS) $(unix_update_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = $(pam_unix_la_SOURCES) $(bigcrypt_SOURCES) \ - $(unix_chkpwd_SOURCES) $(unix_update_SOURCES) - DIST_SOURCES = $(am__pam_unix_la_SOURCES_DIST) $(bigcrypt_SOURCES) \ - $(unix_chkpwd_SOURCES) $(unix_update_SOURCES) -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) - HEADERS = $(noinst_HEADERS) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -171,6 +445,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -181,6 +456,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -230,6 +506,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -253,6 +530,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -275,6 +554,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -310,7 +590,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -376,7 +655,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -407,9 +686,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -417,6 +696,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -432,14 +713,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_unix.la: $(pam_unix_la_OBJECTS) $(pam_unix_la_DEPENDENCIES) -- $(pam_unix_la_LINK) -rpath $(securelibdir) $(pam_unix_la_OBJECTS) $(pam_unix_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_unix.la: $(pam_unix_la_OBJECTS) $(pam_unix_la_DEPENDENCIES) $(EXTRA_pam_unix_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(pam_unix_la_LINK) -rpath $(securelibdir) $(pam_unix_la_OBJECTS) $(pam_unix_la_LIBADD) $(LIBS) - - clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ -@@ -451,14 +735,19 @@ - rm -f $$list - install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) -- test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ -+ if test -n "$$list"; then \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ -+ fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ -- while read p p1; do if test -f $$p || test -f $$p1; \ -- then echo "$$p"; echo "$$p"; else :; fi; \ -+ while read p p1; do if test -f $$p \ -+ || test -f $$p1 \ -+ ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ -- sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -+ sed -e 'p;s,.*/,,;n;h' \ -+ -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ -@@ -479,7 +768,8 @@ - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -- -e 's/$$/$(EXEEXT)/' `; \ -+ -e 's/$$/$(EXEEXT)/' \ -+ `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files -@@ -492,15 +782,18 @@ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list --bigcrypt$(EXEEXT): $(bigcrypt_OBJECTS) $(bigcrypt_DEPENDENCIES) -+ -+bigcrypt$(EXEEXT): $(bigcrypt_OBJECTS) $(bigcrypt_DEPENDENCIES) $(EXTRA_bigcrypt_DEPENDENCIES) - @rm -f bigcrypt$(EXEEXT) -- $(bigcrypt_LINK) $(bigcrypt_OBJECTS) $(bigcrypt_LDADD) $(LIBS) --unix_chkpwd$(EXEEXT): $(unix_chkpwd_OBJECTS) $(unix_chkpwd_DEPENDENCIES) -+ $(AM_V_CCLD)$(bigcrypt_LINK) $(bigcrypt_OBJECTS) $(bigcrypt_LDADD) $(LIBS) -+ -+unix_chkpwd$(EXEEXT): $(unix_chkpwd_OBJECTS) $(unix_chkpwd_DEPENDENCIES) $(EXTRA_unix_chkpwd_DEPENDENCIES) - @rm -f unix_chkpwd$(EXEEXT) -- $(unix_chkpwd_LINK) $(unix_chkpwd_OBJECTS) $(unix_chkpwd_LDADD) $(LIBS) --unix_update$(EXEEXT): $(unix_update_OBJECTS) $(unix_update_DEPENDENCIES) -+ $(AM_V_CCLD)$(unix_chkpwd_LINK) $(unix_chkpwd_OBJECTS) $(unix_chkpwd_LDADD) $(LIBS) -+ -+unix_update$(EXEEXT): $(unix_update_OBJECTS) $(unix_update_DEPENDENCIES) $(EXTRA_unix_update_DEPENDENCIES) - @rm -f unix_update$(EXEEXT) -- $(unix_update_LINK) $(unix_update_OBJECTS) $(unix_update_LDADD) $(LIBS) -+ $(AM_V_CCLD)$(unix_update_LINK) $(unix_update_OBJECTS) $(unix_update_LDADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -533,193 +826,193 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/yppasswd_xdr.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - bigcrypt-bigcrypt.o: bigcrypt.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='bigcrypt-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='bigcrypt-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c - - bigcrypt-bigcrypt.obj: bigcrypt.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='bigcrypt-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt.Tpo -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt.Tpo $(DEPDIR)/bigcrypt-bigcrypt.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='bigcrypt-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` - - bigcrypt-bigcrypt_main.o: bigcrypt_main.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.o -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo '$(srcdir)/'`bigcrypt_main.c - - bigcrypt-bigcrypt_main.obj: bigcrypt_main.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -MT bigcrypt-bigcrypt_main.obj -MD -MP -MF $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/bigcrypt-bigcrypt_main.Tpo $(DEPDIR)/bigcrypt-bigcrypt_main.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt_main.c' object='bigcrypt-bigcrypt_main.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(bigcrypt_CFLAGS) $(CFLAGS) -c -o bigcrypt-bigcrypt_main.obj `if test -f 'bigcrypt_main.c'; then $(CYGPATH_W) 'bigcrypt_main.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt_main.c'; fi` - - unix_chkpwd-unix_chkpwd.o: unix_chkpwd.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo '$(srcdir)/'`unix_chkpwd.c - - unix_chkpwd-unix_chkpwd.obj: unix_chkpwd.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-unix_chkpwd.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-unix_chkpwd.Tpo $(DEPDIR)/unix_chkpwd-unix_chkpwd.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_chkpwd.c' object='unix_chkpwd-unix_chkpwd.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-unix_chkpwd.obj `if test -f 'unix_chkpwd.c'; then $(CYGPATH_W) 'unix_chkpwd.c'; else $(CYGPATH_W) '$(srcdir)/unix_chkpwd.c'; fi` - - unix_chkpwd-md5_good.o: md5_good.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_chkpwd-md5_good.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_chkpwd-md5_good.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c - - unix_chkpwd-md5_good.obj: md5_good.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_chkpwd-md5_good.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_good.Tpo -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_good.Tpo $(DEPDIR)/unix_chkpwd-md5_good.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_chkpwd-md5_good.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` - - unix_chkpwd-md5_broken.o: md5_broken.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_chkpwd-md5_broken.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_chkpwd-md5_broken.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c - - unix_chkpwd-md5_broken.obj: md5_broken.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_chkpwd-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-md5_broken.Tpo -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-md5_broken.Tpo $(DEPDIR)/unix_chkpwd-md5_broken.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_chkpwd-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` - - unix_chkpwd-bigcrypt.o: bigcrypt.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_chkpwd-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_chkpwd-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c - - unix_chkpwd-bigcrypt.obj: bigcrypt.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_chkpwd-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-bigcrypt.Tpo $(DEPDIR)/unix_chkpwd-bigcrypt.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_chkpwd-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` - - unix_chkpwd-passverify.o: passverify.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_chkpwd-passverify.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.o -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_chkpwd-passverify.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c - - unix_chkpwd-passverify.obj: passverify.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_chkpwd-passverify.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -MT unix_chkpwd-passverify.obj -MD -MP -MF $(DEPDIR)/unix_chkpwd-passverify.Tpo -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_chkpwd-passverify.Tpo $(DEPDIR)/unix_chkpwd-passverify.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_chkpwd-passverify.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_chkpwd_CFLAGS) $(CFLAGS) -c -o unix_chkpwd-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` - - unix_update-unix_update.o: unix_update.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.o -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_update.c' object='unix_update-unix_update.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.o -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_update.c' object='unix_update-unix_update.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo '$(srcdir)/'`unix_update.c - - unix_update-unix_update.obj: unix_update.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.obj -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='unix_update.c' object='unix_update-unix_update.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-unix_update.obj -MD -MP -MF $(DEPDIR)/unix_update-unix_update.Tpo -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-unix_update.Tpo $(DEPDIR)/unix_update-unix_update.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='unix_update.c' object='unix_update-unix_update.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-unix_update.obj `if test -f 'unix_update.c'; then $(CYGPATH_W) 'unix_update.c'; else $(CYGPATH_W) '$(srcdir)/unix_update.c'; fi` - - unix_update-md5_good.o: md5_good.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.o -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_update-md5_good.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.o -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_update-md5_good.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo '$(srcdir)/'`md5_good.c - - unix_update-md5_good.obj: md5_good.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_good.c' object='unix_update-md5_good.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_good.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_good.Tpo -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_good.Tpo $(DEPDIR)/unix_update-md5_good.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_good.c' object='unix_update-md5_good.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_good.obj `if test -f 'md5_good.c'; then $(CYGPATH_W) 'md5_good.c'; else $(CYGPATH_W) '$(srcdir)/md5_good.c'; fi` - - unix_update-md5_broken.o: md5_broken.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_update-md5_broken.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.o -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_update-md5_broken.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo '$(srcdir)/'`md5_broken.c - - unix_update-md5_broken.obj: md5_broken.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='md5_broken.c' object='unix_update-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-md5_broken.obj -MD -MP -MF $(DEPDIR)/unix_update-md5_broken.Tpo -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-md5_broken.Tpo $(DEPDIR)/unix_update-md5_broken.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='md5_broken.c' object='unix_update-md5_broken.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-md5_broken.obj `if test -f 'md5_broken.c'; then $(CYGPATH_W) 'md5_broken.c'; else $(CYGPATH_W) '$(srcdir)/md5_broken.c'; fi` - - unix_update-bigcrypt.o: bigcrypt.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_update-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.o -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_update-bigcrypt.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo '$(srcdir)/'`bigcrypt.c - - unix_update-bigcrypt.obj: bigcrypt.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bigcrypt.c' object='unix_update-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-bigcrypt.obj -MD -MP -MF $(DEPDIR)/unix_update-bigcrypt.Tpo -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-bigcrypt.Tpo $(DEPDIR)/unix_update-bigcrypt.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='bigcrypt.c' object='unix_update-bigcrypt.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-bigcrypt.obj `if test -f 'bigcrypt.c'; then $(CYGPATH_W) 'bigcrypt.c'; else $(CYGPATH_W) '$(srcdir)/bigcrypt.c'; fi` - - unix_update-passverify.o: passverify.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.o -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_update-passverify.o' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.o -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_update-passverify.o' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.o `test -f 'passverify.c' || echo '$(srcdir)/'`passverify.c - - unix_update-passverify.obj: passverify.c --@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.obj -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='passverify.c' object='unix_update-passverify.obj' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -MT unix_update-passverify.obj -MD -MP -MF $(DEPDIR)/unix_update-passverify.Tpo -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/unix_update-passverify.Tpo $(DEPDIR)/unix_update-passverify.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='passverify.c' object='unix_update-passverify.obj' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(unix_update_CFLAGS) $(CFLAGS) -c -o unix_update-passverify.obj `if test -f 'passverify.c'; then $(CYGPATH_W) 'passverify.c'; else $(CYGPATH_W) '$(srcdir)/passverify.c'; fi` - - mostlyclean-libtool: - -rm -f *.lo -@@ -728,11 +1021,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -761,30 +1061,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -796,15 +1083,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -813,116 +1096,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -- else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -- fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- skipped="($$skip tests were not run)"; \ -+ color_start= color_end=; \ - fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_unix.log: tst-pam_unix -+ @p='tst-pam_unix'; \ -+ b='tst-pam_unix'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -970,11 +1326,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -1063,22 +1427,23 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-generic clean-libtool clean-noinstPROGRAMS \ -- clean-sbinPROGRAMS clean-securelibLTLIBRARIES ctags distclean \ -- distclean-compile distclean-generic distclean-libtool \ -- distclean-tags distdir dvi dvi-am html html-am info info-am \ -- install install-am install-data install-data-am install-dvi \ -- install-dvi-am install-exec install-exec-am install-html \ -- install-html-am install-info install-info-am install-man \ -- install-man8 install-pdf install-pdf-am install-ps \ -- install-ps-am install-sbinPROGRAMS \ -+ clean-sbinPROGRAMS clean-securelibLTLIBRARIES cscopelist-am \ -+ ctags ctags-am distclean distclean-compile distclean-generic \ -+ distclean-libtool distclean-tags distdir dvi dvi-am html \ -+ html-am info info-am install install-am install-data \ -+ install-data-am install-dvi install-dvi-am install-exec \ -+ install-exec-am install-html install-html-am install-info \ -+ install-info-am install-man install-man8 install-pdf \ -+ install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-sbinPROGRAMS \ -+ uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_unix.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c new/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/md5_crypt.c 2015-01-09 14:28:29.000000000 +0100 -@@ -51,6 +51,8 @@ - /* TODO: now that we're using malloc'ed memory, get rid of the - strange constant buffer size. */ - passwd = malloc(120); -+ if (passwd == NULL) -+ return NULL; - - /* If it starts with the magic string, then skip that */ - if (!strncmp(sp, magic, strlen(magic))) -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 ---- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 2013-09-19 10:02:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix.8 2015-01-09 14:32:46.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_unix - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_UNIX" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_UNIX" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c 2013-09-16 11:11:51.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_acct.c 2015-01-09 14:28:29.000000000 +0100 -@@ -98,24 +98,21 @@ - /* fork */ - child = fork(); - if (child == 0) { -- int i=0; -- struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL }; -- -- /* reopen stdout as pipe */ -- dup2(fds[1], STDOUT_FILENO); -+ const char *args[] = { NULL, NULL, NULL, NULL }; - - /* XXX - should really tidy up PAM here too */ - -- if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { -- if (rlim.rlim_max >= MAX_FD_NO) -- rlim.rlim_max = MAX_FD_NO; -- for (i=0; i < (int)rlim.rlim_max; i++) { -- if (i != STDOUT_FILENO) { -- close(i); -- } -- } -+ /* reopen stdout as pipe */ -+ if (dup2(fds[1], STDOUT_FILENO) != STDOUT_FILENO) { -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdout"); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } -+ -+ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, -+ PAM_MODUTIL_IGNORE_FD, -+ PAM_MODUTIL_PIPE_FD) < 0) { -+ _exit(PAM_AUTHINFO_UNAVAIL); - } - - if (geteuid() == 0) { -@@ -130,11 +127,11 @@ - } - - /* exec binary helper */ -- args[0] = x_strdup(CHKPWD_HELPER); -- args[1] = x_strdup(user); -- args[2] = x_strdup("chkexpiry"); -+ args[0] = CHKPWD_HELPER; -+ args[1] = user; -+ args[2] = "chkexpiry"; - -- execve(CHKPWD_HELPER, args, envp); -+ execve(CHKPWD_HELPER, (char *const *) args, envp); - - pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); - /* should not get here: exit with error */ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2013-09-16 11:09:47.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/pam_unix_passwd.c 2015-01-09 14:28:29.000000000 +0100 -@@ -201,39 +201,37 @@ - /* fork */ - child = fork(); - if (child == 0) { -- int i=0; -- struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; -+ const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; - char buffer[16]; - - /* XXX - should really tidy up PAM here too */ - - /* reopen stdin as pipe */ -- dup2(fds[0], STDIN_FILENO); -+ if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) { -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - -- if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { -- if (rlim.rlim_max >= MAX_FD_NO) -- rlim.rlim_max = MAX_FD_NO; -- for (i=0; i < (int)rlim.rlim_max; i++) { -- if (i != STDIN_FILENO) -- close(i); -- } -+ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, -+ PAM_MODUTIL_PIPE_FD, -+ PAM_MODUTIL_PIPE_FD) < 0) { -+ _exit(PAM_AUTHINFO_UNAVAIL); - } - - /* exec binary helper */ -- args[0] = x_strdup(UPDATE_HELPER); -- args[1] = x_strdup(user); -- args[2] = x_strdup("update"); -+ args[0] = UPDATE_HELPER; -+ args[1] = user; -+ args[2] = "update"; - if (on(UNIX_SHADOW, ctrl)) -- args[3] = x_strdup("1"); -+ args[3] = "1"; - else -- args[3] = x_strdup("0"); -+ args[3] = "0"; - - snprintf(buffer, sizeof(buffer), "%d", remember); -- args[4] = x_strdup(buffer); -+ args[4] = buffer; - -- execve(UPDATE_HELPER, args, envp); -+ execve(UPDATE_HELPER, (char *const *) args, envp); - - /* should not get here: exit with error */ - D(("helper binary is not available")); -@@ -303,7 +301,7 @@ - s_pas = strtok_r(NULL, ":,", &sptr); - while (s_pas != NULL) { - char *md5pass = Goodcrypt_md5(newpass, s_pas); -- if (!strcmp(md5pass, s_pas)) { -+ if (md5pass == NULL || !strcmp(md5pass, s_pas)) { - _pam_delete(md5pass); - retval = PAM_AUTHTOK_ERR; - break; -@@ -614,7 +612,8 @@ - - if (_unix_blankpasswd(pamh, ctrl, user)) { - return PAM_SUCCESS; -- } else if (off(UNIX__IAMROOT, ctrl)) { -+ } else if (off(UNIX__IAMROOT, ctrl) || -+ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) { - /* instruct user what is happening */ - if (asprintf(&Announce, _("Changing password for %s."), - user) < 0) { -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/passverify.c new/Linux-PAM-1.1.8/modules/pam_unix/passverify.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/passverify.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/passverify.c 2015-01-09 14:28:29.000000000 +0100 -@@ -639,11 +639,23 @@ - continue; - buf[strlen(buf) - 1] = '\0'; - s_luser = strtok_r(buf, ":", &sptr); -+ if (s_luser == NULL) { -+ found = 0; -+ continue; -+ } - s_uid = strtok_r(NULL, ":", &sptr); -+ if (s_uid == NULL) { -+ found = 0; -+ continue; -+ } - s_npas = strtok_r(NULL, ":", &sptr); -+ if (s_npas == NULL) { -+ found = 0; -+ continue; -+ } - s_pas = strtok_r(NULL, ":", &sptr); - npas = strtol(s_npas, NULL, 10) + 1; -- while (npas > howmany) { -+ while (npas > howmany && s_pas != NULL) { - s_pas = strpbrk(s_pas, ","); - if (s_pas != NULL) - s_pas++; -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/README new/Linux-PAM-1.1.8/modules/pam_unix/README ---- old/Linux-PAM-1.1.8/modules/pam_unix/README 2013-09-19 10:02:20.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/README 2015-01-09 14:32:46.000000000 +0100 -@@ -12,9 +12,9 @@ - The account component performs the task of establishing the status of the - user's account and password based on the following shadow elements: expire, - last_change, max_change, min_change, warn_change. In the case of the latter, it --may offer advice to the user on changing their password or, through the -+may offer advice to the user on changing their password or, through the - PAM_AUTHTOKEN_REQD return, delay giving service to the user until they have --established a new password. The entries listed above are documented in the -+established a new password. The entries listed above are documented in the - shadow(5) manual page. Should the user's record not contain one or more of - these entries, the corresponding shadow check is not performed. - -@@ -100,7 +100,7 @@ - - The last n passwords for each user are saved in /etc/security/opasswd in - order to force password change history and keep the user from alternating -- between the same password too frequently. Instead of this option the -+ between the same password too frequently. Instead of this option the - pam_pwhistory module should be used. - - shadow -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.c new/Linux-PAM-1.1.8/modules/pam_unix/support.c ---- old/Linux-PAM-1.1.8/modules/pam_unix/support.c 2013-09-16 11:11:51.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/support.c 2015-01-09 14:28:29.000000000 +0100 -@@ -564,23 +564,21 @@ - /* fork */ - child = fork(); - if (child == 0) { -- int i=0; -- struct rlimit rlim; - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL }; -+ const char *args[] = { NULL, NULL, NULL, NULL }; - - /* XXX - should really tidy up PAM here too */ - - /* reopen stdin as pipe */ -- dup2(fds[0], STDIN_FILENO); -+ if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) { -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); -+ _exit(PAM_AUTHINFO_UNAVAIL); -+ } - -- if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { -- if (rlim.rlim_max >= MAX_FD_NO) -- rlim.rlim_max = MAX_FD_NO; -- for (i=0; i < (int)rlim.rlim_max; i++) { -- if (i != STDIN_FILENO) -- close(i); -- } -+ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, -+ PAM_MODUTIL_PIPE_FD, -+ PAM_MODUTIL_PIPE_FD) < 0) { -+ _exit(PAM_AUTHINFO_UNAVAIL); - } - - if (geteuid() == 0) { -@@ -593,15 +591,15 @@ - } - - /* exec binary helper */ -- args[0] = strdup(CHKPWD_HELPER); -- args[1] = x_strdup(user); -+ args[0] = CHKPWD_HELPER; -+ args[1] = user; - if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ -- args[2]=strdup("nullok"); -+ args[2]="nullok"; - } else { -- args[2]=strdup("nonull"); -+ args[2]="nonull"; - } - -- execve(CHKPWD_HELPER, args, envp); -+ execve(CHKPWD_HELPER, (char *const *) args, envp); - - /* should not get here: exit with error */ - D(("helper binary is not available")); -@@ -788,10 +786,10 @@ - login_name = ""; - } - -- new->user = x_strdup(name ? name : ""); -+ new->user = strdup(name ? name : ""); - new->uid = getuid(); - new->euid = geteuid(); -- new->name = x_strdup(login_name); -+ new->name = strdup(login_name); - - /* any previous failures for this user ? */ - if (pam_get_data(pamh, data_name, &void_old) -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/support.h new/Linux-PAM-1.1.8/modules/pam_unix/support.h ---- old/Linux-PAM-1.1.8/modules/pam_unix/support.h 2013-06-18 16:24:05.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/support.h 2015-01-09 14:28:29.000000000 +0100 -@@ -97,8 +97,9 @@ - password hash algorithms */ - #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ - #define UNIX_MIN_PASS_LEN 27 /* min length for password */ -+#define UNIX_DES 28 /* DES, default */ - /* -------------- */ --#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ -+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ - - #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) - -@@ -135,12 +136,11 @@ - /* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, - /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, - /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, -+/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1}, - }; - - #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) - --#define MAX_FD_NO 2000000 -- - /* use this to free strings. ESPECIALLY password strings */ - - #define _pam_delete(xx) \ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 new/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 ---- old/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 2013-09-19 10:02:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/unix_chkpwd.8 2015-01-09 14:32:47.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: unix_chkpwd - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "UNIX_CHKPWD" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "UNIX_CHKPWD" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 new/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 ---- old/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 2013-09-19 10:02:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_unix/unix_update.8 2015-01-09 14:32:47.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: unix_update - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "UNIX_UPDATE" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "UNIX_UPDATE" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in new/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in 2013-09-19 10:01:36.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_userdb/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -22,6 +21,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -42,8 +86,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_userdb --DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ -- $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp $(noinst_HEADERS) \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -84,40 +129,269 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - @HAVE_LIBDB_TRUE@pam_userdb_la_DEPENDENCIES = \ - @HAVE_LIBDB_TRUE@ $(top_builddir)/libpam/libpam.la - pam_userdb_la_SOURCES = pam_userdb.c - pam_userdb_la_OBJECTS = pam_userdb.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = - @HAVE_LIBDB_TRUE@am_pam_userdb_la_rpath = -rpath $(securelibdir) -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_userdb.c - DIST_SOURCES = pam_userdb.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) - HEADERS = $(noinst_HEADERS) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -125,6 +399,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -135,6 +410,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -184,6 +460,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -207,6 +484,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -229,6 +508,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -264,7 +544,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -302,7 +581,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -333,9 +612,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -343,6 +622,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -358,14 +639,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_userdb.la: $(pam_userdb_la_OBJECTS) $(pam_userdb_la_DEPENDENCIES) -- $(LINK) $(am_pam_userdb_la_rpath) $(pam_userdb_la_OBJECTS) $(pam_userdb_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_userdb.la: $(pam_userdb_la_OBJECTS) $(pam_userdb_la_DEPENDENCIES) $(EXTRA_pam_userdb_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) $(am_pam_userdb_la_rpath) $(pam_userdb_la_OBJECTS) $(pam_userdb_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -376,25 +660,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_userdb.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -403,11 +687,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -436,30 +727,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -471,15 +749,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -488,116 +762,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_userdb.log: tst-pam_userdb -+ @p='tst-pam_userdb'; \ -+ b='tst-pam_userdb'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -645,11 +992,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -737,21 +1092,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_userdb.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 ---- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 2013-06-18 16:26:14.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8 2015-01-09 14:32:47.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_userdb - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 06/18/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_USERDB" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_USERDB" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -@@ -53,7 +53,9 @@ - /path/database - database for performing lookup\&. There is no default; the module will return - \fBPAM_IGNORE\fR --if no database is provided\&. -+if no database is provided\&. Note that the path to the database file should be specified without the -+\&.db -+suffix\&. - .RE - .PP - \fBdebug\fR -@@ -139,7 +141,7 @@ - .RS 4 - .\} - .nf --auth sufficient pam_userdb\&.so icase db=/etc/dbtest\&.db -+auth sufficient pam_userdb\&.so icase db=/etc/dbtest - - .fi - .if n \{\ -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml ---- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.8.xml 2015-01-09 14:28:29.000000000 +0100 -@@ -89,7 +89,8 @@ - Use the /path/database database for - performing lookup. There is no default; the module will - return PAM_IGNORE if no -- database is provided. -+ database is provided. Note that the path to the database file -+ should be specified without the .db suffix. - - - -@@ -260,7 +261,7 @@ - - EXAMPLES - --auth sufficient pam_userdb.so icase db=/etc/dbtest.db -+auth sufficient pam_userdb.so icase db=/etc/dbtest - - - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c ---- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.c 2015-01-09 14:28:29.000000000 +0100 -@@ -184,7 +184,7 @@ - else - key.dsize = strlen(key.dptr); - } else { -- key.dptr = x_strdup(user); -+ key.dptr = strdup(user); - key.dsize = strlen(user); - } - -@@ -222,12 +222,15 @@ - } else { - cryptpw = crypt (pass, data.dptr); - -- if (cryptpw) { -- compare = strncasecmp (data.dptr, cryptpw, data.dsize); -+ if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { -+ compare = memcmp(data.dptr, cryptpw, data.dsize); - } else { - compare = -2; - if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); -+ if (cryptpw) -+ pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); -+ else -+ pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); - } - }; - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h ---- old/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_userdb/pam_userdb.h 2015-01-09 14:28:29.000000000 +0100 -@@ -15,9 +15,6 @@ - #define PAM_USE_FPASS_ARG 0x0040 - #define PAM_TRY_FPASS_ARG 0x0080 - --/* Useful macros */ --#define x_strdup(s) ( (s) ? strdup(s):NULL ) -- - /* The name of the module we are compiling */ - #ifndef MODULE_NAME - #define MODULE_NAME "pam_userdb" -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_userdb/README new/Linux-PAM-1.1.8/modules/pam_userdb/README ---- old/Linux-PAM-1.1.8/modules/pam_userdb/README 2013-09-19 10:02:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_userdb/README 2015-01-09 14:32:47.000000000 +0100 -@@ -13,14 +13,15 @@ - crypt=[crypt|none] - - Indicates whether encrypted or plaintext passwords are stored in the -- database. If it is crypt, passwords should be stored in the database in -+ database. If it is crypt, passwords should be stored in the database in - crypt(3) form. If none is selected, passwords should be stored in the - database as plaintext. - - db=/path/database - - Use the /path/database database for performing lookup. There is no default; -- the module will return PAM_IGNORE if no database is provided. -+ the module will return PAM_IGNORE if no database is provided. Note that the -+ path to the database file should be specified without the .db suffix. - - debug - -@@ -65,7 +66,7 @@ - - EXAMPLES - --auth sufficient pam_userdb.so icase db=/etc/dbtest.db -+auth sufficient pam_userdb.so icase db=/etc/dbtest - - - AUTHOR -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in new/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in 2013-09-19 10:01:36.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_warn/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_warn --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_warn_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_warn_la_SOURCES = pam_warn.c - pam_warn_la_OBJECTS = pam_warn.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_warn.c - DIST_SOURCES = pam_warn.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_warn.la: $(pam_warn_la_OBJECTS) $(pam_warn_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_warn_la_OBJECTS) $(pam_warn_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_warn.la: $(pam_warn_la_OBJECTS) $(pam_warn_la_DEPENDENCIES) $(EXTRA_pam_warn_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_warn_la_OBJECTS) $(pam_warn_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_warn.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_warn.log: tst-pam_warn -+ @p='tst-pam_warn'; \ -+ b='tst-pam_warn'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_warn.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 ---- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 2013-09-19 10:02:22.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.8 2015-01-09 14:32:48.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_warn - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_WARN" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WARN" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c ---- old/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_warn/pam_warn.c 2015-01-09 14:28:29.000000000 +0100 -@@ -33,7 +33,7 @@ - value = value ? value : default_value ; \ - } while (0) - --static void log_items(pam_handle_t *pamh, const char *function) -+static void log_items(pam_handle_t *pamh, const char *function, int flags) - { - const void *service=NULL, *user=NULL, *terminal=NULL, - *rhost=NULL, *ruser=NULL; -@@ -45,8 +45,8 @@ - OBTAIN(PAM_RHOST, rhost, ""); - - pam_syslog(pamh, LOG_NOTICE, -- "function=[%s] service=[%s] terminal=[%s] user=[%s]" -- " ruser=[%s] rhost=[%s]\n", function, -+ "function=[%s] flags=%#x service=[%s] terminal=[%s] user=[%s]" -+ " ruser=[%s] rhost=[%s]\n", function, flags, - (const char *) service, (const char *) terminal, - (const char *) user, (const char *) ruser, - (const char *) rhost); -@@ -55,52 +55,52 @@ - /* --- authentication management functions (only) --- */ - - PAM_EXTERN --int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN --int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - /* password updating functions */ - - PAM_EXTERN --int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - - PAM_EXTERN int --pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, -+pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -- log_items(pamh, __FUNCTION__); -+ log_items(pamh, __FUNCTION__, flags); - return PAM_IGNORE; - } - -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in new/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in 2013-09-19 10:01:36.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_wheel/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_wheel --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_wheel_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_wheel_la_SOURCES = pam_wheel.c - pam_wheel_la_OBJECTS = pam_wheel.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_wheel.c - DIST_SOURCES = pam_wheel.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_wheel.la: $(pam_wheel_la_OBJECTS) $(pam_wheel_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_wheel_la_OBJECTS) $(pam_wheel_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_wheel.la: $(pam_wheel_la_OBJECTS) $(pam_wheel_la_DEPENDENCIES) $(EXTRA_pam_wheel_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_wheel_la_OBJECTS) $(pam_wheel_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_wheel.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_wheel.log: tst-pam_wheel -+ @p='tst-pam_wheel'; \ -+ b='tst-pam_wheel'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_wheel.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 new/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 ---- old/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 2013-09-19 10:02:22.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_wheel/pam_wheel.8 2015-01-09 14:32:48.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_wheel - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_WHEEL" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_WHEEL" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in new/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in ---- old/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in 2013-09-19 10:01:36.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_xauth/Makefile.in 2015-01-09 14:29:53.000000000 +0100 -@@ -1,9 +1,8 @@ --# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# Makefile.in generated by automake 1.13.4 from Makefile.am. - # @configure_input@ - --# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, --# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, --# Inc. -+# Copyright (C) 1994-2013 Free Software Foundation, Inc. -+ - # This Makefile.in is free software; the Free Software Foundation - # gives unlimited permission to copy and/or distribute it, - # with or without modifications, as long as this notice is preserved. -@@ -21,6 +20,51 @@ - - - VPATH = @srcdir@ -+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -+am__make_running_with_option = \ -+ case $${target_option-} in \ -+ ?) ;; \ -+ *) echo "am__make_running_with_option: internal error: invalid" \ -+ "target option '$${target_option-}' specified" >&2; \ -+ exit 1;; \ -+ esac; \ -+ has_opt=no; \ -+ sane_makeflags=$$MAKEFLAGS; \ -+ if $(am__is_gnu_make); then \ -+ sane_makeflags=$$MFLAGS; \ -+ else \ -+ case $$MAKEFLAGS in \ -+ *\\[\ \ ]*) \ -+ bs=\\; \ -+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ -+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ -+ esac; \ -+ fi; \ -+ skip_next=no; \ -+ strip_trailopt () \ -+ { \ -+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ -+ }; \ -+ for flg in $$sane_makeflags; do \ -+ test $$skip_next = yes && { skip_next=no; continue; }; \ -+ case $$flg in \ -+ *=*|--*) continue;; \ -+ -*I) strip_trailopt 'I'; skip_next=yes;; \ -+ -*I?*) strip_trailopt 'I';; \ -+ -*O) strip_trailopt 'O'; skip_next=yes;; \ -+ -*O?*) strip_trailopt 'O';; \ -+ -*l) strip_trailopt 'l'; skip_next=yes;; \ -+ -*l?*) strip_trailopt 'l';; \ -+ -[dEDm]) skip_next=yes;; \ -+ -[JT]) skip_next=yes;; \ -+ esac; \ -+ case $$flg in \ -+ *$$target_option*) has_opt=yes; break;; \ -+ esac; \ -+ done; \ -+ test $$has_opt = yes -+am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -+am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) - pkgdatadir = $(datadir)/@PACKAGE@ - pkgincludedir = $(includedir)/@PACKAGE@ - pkglibdir = $(libdir)/@PACKAGE@ -@@ -41,7 +85,9 @@ - host_triplet = @host@ - @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map - subdir = modules/pam_xauth --DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ -+ $(top_srcdir)/build-aux/depcomp \ -+ $(top_srcdir)/build-aux/test-driver README - ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 - am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 \ -@@ -82,37 +128,266 @@ - am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -+am__uninstall_files_from_dir = { \ -+ test -z "$$files" \ -+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ -+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ -+ $(am__cd) "$$dir" && rm -f $$files; }; \ -+ } - am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" - LTLIBRARIES = $(securelib_LTLIBRARIES) - pam_xauth_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la - pam_xauth_la_SOURCES = pam_xauth.c - pam_xauth_la_OBJECTS = pam_xauth.lo -+AM_V_lt = $(am__v_lt_@AM_V@) -+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -+am__v_lt_0 = --silent -+am__v_lt_1 = -+AM_V_P = $(am__v_P_@AM_V@) -+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -+am__v_P_0 = false -+am__v_P_1 = : -+AM_V_GEN = $(am__v_GEN_@AM_V@) -+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -+am__v_GEN_0 = @echo " GEN " $@; -+am__v_GEN_1 = -+AM_V_at = $(am__v_at_@AM_V@) -+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -+am__v_at_0 = @ -+am__v_at_1 = - DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) - depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp - am__depfiles_maybe = depfiles - am__mv = mv -f - COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) --LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ -- $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ -+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ -+ $(AM_CFLAGS) $(CFLAGS) -+AM_V_CC = $(am__v_CC_@AM_V@) -+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -+am__v_CC_0 = @echo " CC " $@; -+am__v_CC_1 = - CCLD = $(CC) --LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ -- --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ -- $(LDFLAGS) -o $@ -+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ -+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -+ $(AM_LDFLAGS) $(LDFLAGS) -o $@ -+AM_V_CCLD = $(am__v_CCLD_@AM_V@) -+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -+am__v_CCLD_0 = @echo " CCLD " $@; -+am__v_CCLD_1 = - SOURCES = pam_xauth.c - DIST_SOURCES = pam_xauth.c -+am__can_run_installinfo = \ -+ case $$AM_UPDATE_INFO_DIR in \ -+ n|no|NO) false;; \ -+ *) (install-info --version) >/dev/null 2>&1;; \ -+ esac - man8dir = $(mandir)/man8 - NROFF = nroff - MANS = $(man_MANS) - DATA = $(noinst_DATA) -+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -+# Read a list of newline-separated strings from the standard input, -+# and print each of them once, without duplicates. Input order is -+# *not* preserved. -+am__uniquify_input = $(AWK) '\ -+ BEGIN { nonempty = 0; } \ -+ { items[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in items) print i; }; } \ -+' -+# Make sure the list of sources is unique. This is necessary because, -+# e.g., the same source file might be shared among _SOURCES variables -+# for different programs/libraries. -+am__define_uniq_tagged_files = \ -+ list='$(am__tagged_files)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | $(am__uniquify_input)` - ETAGS = etags - CTAGS = ctags --am__tty_colors = \ --red=; grn=; lgn=; blu=; std= -+am__tty_colors_dummy = \ -+ mgn= red= grn= lgn= blu= brg= std=; \ -+ am__color_tests=no -+am__tty_colors = { \ -+ $(am__tty_colors_dummy); \ -+ if test "X$(AM_COLOR_TESTS)" = Xno; then \ -+ am__color_tests=no; \ -+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ -+ am__color_tests=yes; \ -+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ -+ am__color_tests=yes; \ -+ fi; \ -+ if test $$am__color_tests = yes; then \ -+ red=''; \ -+ grn=''; \ -+ lgn=''; \ -+ blu=''; \ -+ mgn=''; \ -+ brg=''; \ -+ std=''; \ -+ fi; \ -+} -+am__recheck_rx = ^[ ]*:recheck:[ ]* -+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -+# A command that, given a newline-separated list of test names on the -+# standard input, print the name of the tests that are to be re-run -+# upon "make recheck". -+am__list_recheck_tests = $(AWK) '{ \ -+ recheck = 1; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ { \ -+ if ((getline line2 < ($$0 ".log")) < 0) \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ -+ { \ -+ recheck = 0; \ -+ break; \ -+ } \ -+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ -+ { \ -+ break; \ -+ } \ -+ }; \ -+ if (recheck) \ -+ print $$0; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# A command that, given a newline-separated list of test names on the -+# standard input, create the global log from their .trs and .log files. -+am__create_global_log = $(AWK) ' \ -+function fatal(msg) \ -+{ \ -+ print "fatal: making $@: " msg | "cat >&2"; \ -+ exit 1; \ -+} \ -+function rst_section(header) \ -+{ \ -+ print header; \ -+ len = length(header); \ -+ for (i = 1; i <= len; i = i + 1) \ -+ printf "="; \ -+ printf "\n\n"; \ -+} \ -+{ \ -+ copy_in_global_log = 1; \ -+ global_test_result = "RUN"; \ -+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".trs"); \ -+ if (line ~ /$(am__global_test_result_rx)/) \ -+ { \ -+ sub("$(am__global_test_result_rx)", "", line); \ -+ sub("[ ]*$$", "", line); \ -+ global_test_result = line; \ -+ } \ -+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ -+ copy_in_global_log = 0; \ -+ }; \ -+ if (copy_in_global_log) \ -+ { \ -+ rst_section(global_test_result ": " $$0); \ -+ while ((rc = (getline line < ($$0 ".log"))) != 0) \ -+ { \ -+ if (rc < 0) \ -+ fatal("failed to read from " $$0 ".log"); \ -+ print line; \ -+ }; \ -+ printf "\n"; \ -+ }; \ -+ close ($$0 ".trs"); \ -+ close ($$0 ".log"); \ -+}' -+# Restructured Text title. -+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -+# Solaris 10 'make', and several other traditional 'make' implementations, -+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -+# by disabling -e (using the XSI extension "set +e") if it's set. -+am__sh_e_setup = case $$- in *e*) set +e;; esac -+# Default flags passed to test drivers. -+am__common_driver_flags = \ -+ --color-tests "$$am__color_tests" \ -+ --enable-hard-errors "$$am__enable_hard_errors" \ -+ --expect-failure "$$am__expect_failure" -+# To be inserted before the command running the test. Creates the -+# directory for the log if needed. Stores in $dir the directory -+# containing $f, in $tst the test, in $log the log. Executes the -+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -+# will run the test scripts (or their associated LOG_COMPILER, if -+# thy have one). -+am__check_pre = \ -+$(am__sh_e_setup); \ -+$(am__vpath_adj_setup) $(am__vpath_adj) \ -+$(am__tty_colors); \ -+srcdir=$(srcdir); export srcdir; \ -+case "$@" in \ -+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ -+ *) am__odir=.;; \ -+esac; \ -+test "x$$am__odir" = x"." || test -d "$$am__odir" \ -+ || $(MKDIR_P) "$$am__odir" || exit $$?; \ -+if test -f "./$$f"; then dir=./; \ -+elif test -f "$$f"; then dir=; \ -+else dir="$(srcdir)/"; fi; \ -+tst=$$dir$$f; log='$@'; \ -+if test -n '$(DISABLE_HARD_ERRORS)'; then \ -+ am__enable_hard_errors=no; \ -+else \ -+ am__enable_hard_errors=yes; \ -+fi; \ -+case " $(XFAIL_TESTS) " in \ -+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ -+ am__expect_failure=yes;; \ -+ *) \ -+ am__expect_failure=no;; \ -+esac; \ -+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -+# A shell command to get the names of the tests scripts with any registered -+# extension removed (i.e., equivalently, the names of the test logs, with -+# the '.log' extension removed). The result is saved in the shell variable -+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -+# since that might cause problem with VPATH rewrites for suffix-less tests. -+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -+am__set_TESTS_bases = \ -+ bases='$(TEST_LOGS)'; \ -+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ -+ bases=`echo $$bases` -+RECHECK_LOGS = $(TEST_LOGS) -+AM_RECURSIVE_TARGETS = check recheck -+TEST_SUITE_LOG = test-suite.log -+TEST_EXTENSIONS = @EXEEXT@ .test -+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -+am__set_b = \ -+ case '$@' in \ -+ */*) \ -+ case '$*' in \ -+ */*) b='$*';; \ -+ *) b=`echo '$@' | sed 's/\.log$$//'`; \ -+ esac;; \ -+ *) \ -+ b='$*';; \ -+ esac -+am__test_logs1 = $(TESTS:=.log) -+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -+TEST_LOGS = $(am__test_logs2:.test.log=.log) -+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ -+ $(TEST_LOG_FLAGS) - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - ACLOCAL = @ACLOCAL@ - AMTAR = @AMTAR@ -+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ - AR = @AR@ - AUTOCONF = @AUTOCONF@ - AUTOHEADER = @AUTOHEADER@ -@@ -120,6 +395,7 @@ - AWK = @AWK@ - BROWSER = @BROWSER@ - BUILD_CFLAGS = @BUILD_CFLAGS@ -+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ - BUILD_LDFLAGS = @BUILD_LDFLAGS@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ -@@ -130,6 +406,7 @@ - CYGPATH_W = @CYGPATH_W@ - DEFS = @DEFS@ - DEPDIR = @DEPDIR@ -+DLLTOOL = @DLLTOOL@ - DSYMUTIL = @DSYMUTIL@ - DUMPBIN = @DUMPBIN@ - ECHO_C = @ECHO_C@ -@@ -179,6 +456,7 @@ - LTLIBINTL = @LTLIBINTL@ - LTLIBOBJS = @LTLIBOBJS@ - MAKEINFO = @MAKEINFO@ -+MANIFEST_TOOL = @MANIFEST_TOOL@ - MKDIR_P = @MKDIR_P@ - MSGFMT = @MSGFMT@ - MSGFMT_015 = @MSGFMT_015@ -@@ -202,6 +480,8 @@ - PIE_CFLAGS = @PIE_CFLAGS@ - PIE_LDFLAGS = @PIE_LDFLAGS@ - PKG_CONFIG = @PKG_CONFIG@ -+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ - POSUB = @POSUB@ - RANLIB = @RANLIB@ - SCONFIGDIR = @SCONFIGDIR@ -@@ -224,6 +504,7 @@ - abs_srcdir = @abs_srcdir@ - abs_top_builddir = @abs_top_builddir@ - abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_AR = @ac_ct_AR@ - ac_ct_CC = @ac_ct_CC@ - ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ - am__include = @am__include@ -@@ -259,7 +540,6 @@ - libtirpc_LIBS = @libtirpc_LIBS@ - localedir = @localedir@ - localstatedir = @localstatedir@ --lt_ECHO = @lt_ECHO@ - mandir = @mandir@ - mkdir_p = @mkdir_p@ - oldincludedir = @oldincludedir@ -@@ -295,7 +575,7 @@ - all: all-am - - .SUFFIXES: --.SUFFIXES: .c .lo .o .obj -+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs - $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ -@@ -326,9 +606,9 @@ - $(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - $(am__aclocal_m4_deps): -+ - install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) -- test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ -@@ -336,6 +616,8 @@ - else :; fi; \ - done; \ - test -z "$$list2" || { \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } -@@ -351,14 +633,17 @@ - - clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) -- @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ -- dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ -- test "$$dir" != "$$p" || dir=.; \ -- echo "rm -f \"$${dir}/so_locations\""; \ -- rm -f "$${dir}/so_locations"; \ -- done --pam_xauth.la: $(pam_xauth_la_OBJECTS) $(pam_xauth_la_DEPENDENCIES) -- $(LINK) -rpath $(securelibdir) $(pam_xauth_la_OBJECTS) $(pam_xauth_la_LIBADD) $(LIBS) -+ @list='$(securelib_LTLIBRARIES)'; \ -+ locs=`for p in $$list; do echo $$p; done | \ -+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ -+ sort -u`; \ -+ test -z "$$locs" || { \ -+ echo rm -f $${locs}; \ -+ rm -f $${locs}; \ -+ } -+ -+pam_xauth.la: $(pam_xauth_la_OBJECTS) $(pam_xauth_la_DEPENDENCIES) $(EXTRA_pam_xauth_la_DEPENDENCIES) -+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_xauth_la_OBJECTS) $(pam_xauth_la_LIBADD) $(LIBS) - - mostlyclean-compile: - -rm -f *.$(OBJEXT) -@@ -369,25 +654,25 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_xauth.Plo@am__quote@ - - .c.o: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - - .c.obj: --@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - - .c.lo: --@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< --@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo --@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ --@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< -+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - - mostlyclean-libtool: - -rm -f *.lo -@@ -396,11 +681,18 @@ - -rm -rf .libs _libs - install-man8: $(man_MANS) - @$(NORMAL_INSTALL) -- test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" -- @list=''; test -n "$(man8dir)" || exit 0; \ -- { for i in $$list; do echo "$$i"; done; \ -- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ -- sed -n '/\.8[a-z]*$$/p'; \ -+ @list1=''; \ -+ list2='$(man_MANS)'; \ -+ test -n "$(man8dir)" \ -+ && test -n "`echo $$list1$$list2`" \ -+ || exit 0; \ -+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ -+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ -+ { for i in $$list1; do echo "$$i"; done; \ -+ if test -n "$$list2"; then \ -+ for i in $$list2; do echo "$$i"; done \ -+ | sed -n '/\.8[a-z]*$$/p'; \ -+ fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ -@@ -429,30 +721,17 @@ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ -- test -z "$$files" || { \ -- echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ -- cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } -- --ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -- mkid -fID $$unique --tags: TAGS -+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - --TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -+ID: $(am__tagged_files) -+ $(am__define_uniq_tagged_files); mkid -fID $$unique -+tags: tags-am -+TAGS: tags -+ -+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ -@@ -464,15 +743,11 @@ - $$unique; \ - fi; \ - fi --ctags: CTAGS --CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -- $(TAGS_FILES) $(LISP) -- list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -- unique=`for i in $$list; do \ -- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -- done | \ -- $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -- END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ctags: ctags-am -+ -+CTAGS: ctags -+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) -+ $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique -@@ -481,116 +756,189 @@ - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -+cscopelist: cscopelist-am -+ -+cscopelist-am: $(am__tagged_files) -+ list='$(am__tagged_files)'; \ -+ case "$(srcdir)" in \ -+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ -+ *) sdir=$(subdir)/$(srcdir) ;; \ -+ esac; \ -+ for i in $$list; do \ -+ if test -f "$$i"; then \ -+ echo "$(subdir)/$$i"; \ -+ else \ -+ echo "$$sdir/$$i"; \ -+ fi; \ -+ done >> $(top_builddir)/cscope.files - - distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - --check-TESTS: $(TESTS) -- @failed=0; all=0; xfail=0; xpass=0; skip=0; \ -- srcdir=$(srcdir); export srcdir; \ -- list=' $(TESTS) '; \ -- $(am__tty_colors); \ -- if test -n "$$list"; then \ -- for tst in $$list; do \ -- if test -f ./$$tst; then dir=./; \ -- elif test -f $$tst; then dir=; \ -- else dir="$(srcdir)/"; fi; \ -- if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xpass=`expr $$xpass + 1`; \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=XPASS; \ -- ;; \ -- *) \ -- col=$$grn; res=PASS; \ -- ;; \ -- esac; \ -- elif test $$? -ne 77; then \ -- all=`expr $$all + 1`; \ -- case " $(XFAIL_TESTS) " in \ -- *[\ \ ]$$tst[\ \ ]*) \ -- xfail=`expr $$xfail + 1`; \ -- col=$$lgn; res=XFAIL; \ -- ;; \ -- *) \ -- failed=`expr $$failed + 1`; \ -- col=$$red; res=FAIL; \ -- ;; \ -- esac; \ -- else \ -- skip=`expr $$skip + 1`; \ -- col=$$blu; res=SKIP; \ -- fi; \ -- echo "$${col}$$res$${std}: $$tst"; \ -- done; \ -- if test "$$all" -eq 1; then \ -- tests="test"; \ -- All=""; \ -- else \ -- tests="tests"; \ -- All="All "; \ -+# Recover from deleted '.trs' file; this should ensure that -+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -+# to avoid problems with "make -n". -+.log.trs: -+ rm -f $< $@ -+ $(MAKE) $(AM_MAKEFLAGS) $< -+ -+# Leading 'am--fnord' is there to ensure the list of targets does not -+# expand to empty, as could happen e.g. with make check TESTS=''. -+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -+am--force-recheck: -+ @: -+ -+$(TEST_SUITE_LOG): $(TEST_LOGS) -+ @$(am__set_TESTS_bases); \ -+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ -+ redo_bases=`for i in $$bases; do \ -+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ -+ done`; \ -+ if test -n "$$redo_bases"; then \ -+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ -+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ -+ if $(am__make_dryrun); then :; else \ -+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ -- if test "$$failed" -eq 0; then \ -- if test "$$xfail" -eq 0; then \ -- banner="$$All$$all $$tests passed"; \ -+ fi; \ -+ if test -n "$$am__remaking_logs"; then \ -+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ -+ "recursion detected" >&2; \ -+ else \ -+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ -+ fi; \ -+ if $(am__make_dryrun); then :; else \ -+ st=0; \ -+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ -+ for i in $$redo_bases; do \ -+ test -f $$i.trs && test -r $$i.trs \ -+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ -+ test -f $$i.log && test -r $$i.log \ -+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \ -+ done; \ -+ test $$st -eq 0 || exit 1; \ -+ fi -+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ -+ ws='[ ]'; \ -+ results=`for b in $$bases; do echo $$b.trs; done`; \ -+ test -n "$$results" || results=/dev/null; \ -+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ -+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ -+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ -+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ -+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ -+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ -+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ -+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \ -+ success=true; \ -+ else \ -+ success=false; \ -+ fi; \ -+ br='==================='; br=$$br$$br$$br$$br; \ -+ result_count () \ -+ { \ -+ if test x"$$1" = x"--maybe-color"; then \ -+ maybe_colorize=yes; \ -+ elif test x"$$1" = x"--no-color"; then \ -+ maybe_colorize=no; \ - else \ -- if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ -- banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ -+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ -- else \ -- if test "$$xpass" -eq 0; then \ -- banner="$$failed of $$all $$tests failed"; \ -+ shift; \ -+ desc=$$1 count=$$2; \ -+ if test $$maybe_colorize = yes && test $$count -gt 0; then \ -+ color_start=$$3 color_end=$$std; \ - else \ -- if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ -- banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ -+ color_start= color_end=; \ - fi; \ -- fi; \ -- dashes="$$banner"; \ -- skipped=""; \ -- if test "$$skip" -ne 0; then \ -- if test "$$skip" -eq 1; then \ -- skipped="($$skip test was not run)"; \ -- else \ -- skipped="($$skip tests were not run)"; \ -- fi; \ -- test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$skipped"; \ -- fi; \ -- report=""; \ -- if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ -- report="Please report to $(PACKAGE_BUGREPORT)"; \ -- test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ -- dashes="$$report"; \ -- fi; \ -- dashes=`echo "$$dashes" | sed s/./=/g`; \ -- if test "$$failed" -eq 0; then \ -- echo "$$grn$$dashes"; \ -- else \ -- echo "$$red$$dashes"; \ -- fi; \ -- echo "$$banner"; \ -- test -z "$$skipped" || echo "$$skipped"; \ -- test -z "$$report" || echo "$$report"; \ -- echo "$$dashes$$std"; \ -- test "$$failed" -eq 0; \ -- else :; fi -+ echo "$${color_start}# $$desc $$count$${color_end}"; \ -+ }; \ -+ create_testsuite_report () \ -+ { \ -+ result_count $$1 "TOTAL:" $$all "$$brg"; \ -+ result_count $$1 "PASS: " $$pass "$$grn"; \ -+ result_count $$1 "SKIP: " $$skip "$$blu"; \ -+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ -+ result_count $$1 "FAIL: " $$fail "$$red"; \ -+ result_count $$1 "XPASS:" $$xpass "$$red"; \ -+ result_count $$1 "ERROR:" $$error "$$mgn"; \ -+ }; \ -+ { \ -+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ -+ $(am__rst_title); \ -+ create_testsuite_report --no-color; \ -+ echo; \ -+ echo ".. contents:: :depth: 2"; \ -+ echo; \ -+ for b in $$bases; do echo $$b; done \ -+ | $(am__create_global_log); \ -+ } >$(TEST_SUITE_LOG).tmp || exit 1; \ -+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ -+ if $$success; then \ -+ col="$$grn"; \ -+ else \ -+ col="$$red"; \ -+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ -+ fi; \ -+ echo "$${col}$$br$${std}"; \ -+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ -+ echo "$${col}$$br$${std}"; \ -+ create_testsuite_report --maybe-color; \ -+ echo "$$col$$br$$std"; \ -+ if $$success; then :; else \ -+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ -+ if test -n "$(PACKAGE_BUGREPORT)"; then \ -+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ -+ fi; \ -+ echo "$$col$$br$$std"; \ -+ fi; \ -+ $$success || exit 1 -+ -+check-TESTS: -+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list -+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \ -+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ -+ exit $$?; -+recheck: all -+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -+ @set +e; $(am__set_TESTS_bases); \ -+ bases=`for i in $$bases; do echo $$i; done \ -+ | $(am__list_recheck_tests)` || exit 1; \ -+ log_list=`for i in $$bases; do echo $$i.log; done`; \ -+ log_list=`echo $$log_list`; \ -+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ -+ am__force_recheck=am--force-recheck \ -+ TEST_LOGS="$$log_list"; \ -+ exit $$? -+tst-pam_xauth.log: tst-pam_xauth -+ @p='tst-pam_xauth'; \ -+ b='tst-pam_xauth'; \ -+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+.test.log: -+ @p='$<'; \ -+ $(am__set_b); \ -+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+ --log-file $$b.log --trs-file $$b.trs \ -+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+ "$$tst" $(AM_TESTS_FD_REDIRECT) -+@am__EXEEXT_TRUE@.test$(EXEEXT).log: -+@am__EXEEXT_TRUE@ @p='$<'; \ -+@am__EXEEXT_TRUE@ $(am__set_b); \ -+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - - distdir: $(DISTFILES) -- @list='$(MANS)'; if test -n "$$list"; then \ -- list=`for p in $$list; do \ -- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ -- if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ -- if test -n "$$list" && \ -- grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ -- echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ -- grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ -- echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ -- echo " typically \`make maintainer-clean' will remove them" >&2; \ -- exit 1; \ -- else :; fi; \ -- else :; fi - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ -@@ -638,11 +986,19 @@ - - installcheck: installcheck-am - install-strip: -- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -- `test -z '$(STRIP)' || \ -- echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+ if test -z '$(STRIP)'; then \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ install; \ -+ else \ -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ -+ fi - mostlyclean-generic: -+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) -+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) -+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - - clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) -@@ -730,21 +1086,21 @@ - - .MAKE: check-am install-am install-strip - --.PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ -- clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ -- distclean distclean-compile distclean-generic \ -- distclean-libtool distclean-tags distdir dvi dvi-am html \ -- html-am info info-am install install-am install-data \ -- install-data-am install-dvi install-dvi-am install-exec \ -- install-exec-am install-html install-html-am install-info \ -- install-info-am install-man install-man8 install-pdf \ -- install-pdf-am install-ps install-ps-am \ -+.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ -+ clean-generic clean-libtool clean-securelibLTLIBRARIES \ -+ cscopelist-am ctags ctags-am distclean distclean-compile \ -+ distclean-generic distclean-libtool distclean-tags distdir dvi \ -+ dvi-am html html-am info info-am install install-am \ -+ install-data install-data-am install-dvi install-dvi-am \ -+ install-exec install-exec-am install-html install-html-am \ -+ install-info install-info-am install-man install-man8 \ -+ install-pdf install-pdf-am install-ps install-ps-am \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ -- tags uninstall uninstall-am uninstall-man uninstall-man8 \ -- uninstall-securelibLTLIBRARIES -+ recheck tags tags-am uninstall uninstall-am uninstall-man \ -+ uninstall-man8 uninstall-securelibLTLIBRARIES - - @ENABLE_REGENERATE_MAN_TRUE@README: pam_xauth.8.xml - @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 ---- old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 2013-09-19 10:02:23.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.8 2015-01-09 14:32:49.000000000 +0100 -@@ -2,12 +2,12 @@ - .\" Title: pam_xauth - .\" Author: [see the "AUTHOR" section] - .\" Generator: DocBook XSL Stylesheets v1.78.1 --.\" Date: 09/19/2013 -+.\" Date: 01/09/2015 - .\" Manual: Linux-PAM Manual - .\" Source: Linux-PAM Manual - .\" Language: English - .\" --.TH "PAM_XAUTH" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" -+.TH "PAM_XAUTH" "8" "01/09/2015" "Linux-PAM Manual" "Linux\-PAM Manual" - .\" ----------------------------------------------------------------- - .\" * Define some portability stuff - .\" ----------------------------------------------------------------- -diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c ---- old/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c 2013-06-18 16:11:21.000000000 +0200 -+++ new/Linux-PAM-1.1.8/modules/pam_xauth/pam_xauth.c 2015-01-09 14:28:29.000000000 +0100 -@@ -103,9 +103,11 @@ - - /* Create stdio pipery. */ - if (pipe(ipipe) == -1) { -+ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); - return -1; - } - if (pipe(opipe) == -1) { -+ pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m"); - close(ipipe[0]); - close(ipipe[1]); - return -1; -@@ -114,6 +116,7 @@ - /* Fork off a child. */ - child = fork(); - if (child == -1) { -+ pam_syslog(pamh, LOG_ERR, "Could not fork: %m"); - close(ipipe[0]); - close(ipipe[1]); - close(opipe[0]); -@@ -124,9 +127,7 @@ - if (child == 0) { - /* We're the child. */ - size_t j; -- char *args[10]; -- const char *tmp; -- int maxopened; -+ const char *args[10]; - /* Drop privileges. */ - if (setgid(gid) == -1) - { -@@ -148,42 +149,48 @@ - (unsigned long) geteuid ()); - _exit (err); - } -- /* Initialize the argument list. */ -- memset(args, 0, sizeof(args)); - /* Set the pipe descriptors up as stdin and stdout, and close - * everything else, including the original values for the - * descriptors. */ -- dup2(ipipe[0], STDIN_FILENO); -- dup2(opipe[1], STDOUT_FILENO); -- maxopened = (int)sysconf(_SC_OPEN_MAX); -- for (i = 0; i < maxopened; i++) { -- if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { -- close(i); -- } -+ if (dup2(ipipe[0], STDIN_FILENO) != STDIN_FILENO) { -+ int err = errno; -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin"); -+ _exit(err); - } -+ if (dup2(opipe[1], STDOUT_FILENO) != STDOUT_FILENO) { -+ int err = errno; -+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdout"); -+ _exit(err); -+ } -+ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD, -+ PAM_MODUTIL_IGNORE_FD, -+ PAM_MODUTIL_NULL_FD) < 0) { -+ _exit(1); -+ } -+ /* Initialize the argument list. */ -+ memset(args, 0, sizeof(args)); - /* Convert the varargs list into a regular array of strings. */ - va_start(ap, command); -- args[0] = strdup(command); -+ args[0] = command; - for (j = 1; j < ((sizeof(args) / sizeof(args[0])) - 1); j++) { -- tmp = va_arg(ap, const char*); -- if (tmp == NULL) { -+ args[j] = va_arg(ap, const char*); -+ if (args[j] == NULL) { - break; - } -- args[j] = strdup(tmp); - } - /* Run the command. */ -- execv(command, args); -+ execv(command, (char *const *) args); - /* Never reached. */ - _exit(1); - } - - /* We're the parent, so close the other ends of the pipes. */ -- close(ipipe[0]); - close(opipe[1]); - /* Send input to the process (if we have any), then send an EOF. */ - if (input) { - (void)pam_modutil_write(ipipe[1], input, strlen(input)); - } -+ close(ipipe[0]); /* close here to avoid possible SIGPIPE above */ - close(ipipe[1]); - - /* Read data output until we run out of stuff to read. */ diff --git a/pam.changes b/pam.changes index ddfb741..8ac1edd 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + ------------------------------------------------------------------- Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 864933e..2eadda8 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,11 +29,11 @@ BuildRequires: flex %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.83.1 -%define libpam_misc_so_version 0.82.0 +%define libpam_so_version 0.84.1 +%define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version: 1.1.8 +Version: 1.2.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause @@ -52,7 +52,6 @@ Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf Patch0: fix-man-links.dif -Patch1: Linux-PAM-git-20150109.diff Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -103,7 +102,6 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 -%patch1 -p2 %patch2 -p1 %patch3 -p1 -- 2.51.1 From 170456c6aa3bf506e439f27b66ec188c11631f9dc80fdf44f27887879be5a47e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 26 Jun 2015 07:43:40 +0000 Subject: [PATCH 087/226] - Update to version 1.2.1 - security update for CVE-2015-3238 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=149 --- Linux-PAM-1.2.0-docs.tar.bz2 | 3 --- Linux-PAM-1.2.0.tar.bz2 | 3 --- Linux-PAM-1.2.1-docs.tar.bz2 | 3 +++ Linux-PAM-1.2.1.tar.bz2 | 3 +++ pam.changes | 6 ++++++ pam.spec | 2 +- 6 files changed, 13 insertions(+), 7 deletions(-) delete mode 100644 Linux-PAM-1.2.0-docs.tar.bz2 delete mode 100644 Linux-PAM-1.2.0.tar.bz2 create mode 100644 Linux-PAM-1.2.1-docs.tar.bz2 create mode 100644 Linux-PAM-1.2.1.tar.bz2 diff --git a/Linux-PAM-1.2.0-docs.tar.bz2 b/Linux-PAM-1.2.0-docs.tar.bz2 deleted file mode 100644 index 0c027aa..0000000 --- a/Linux-PAM-1.2.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3bc9ae398f759e372dbf4065ceed2df8b1ac5ab62c6688cb5f7849ce773df2c3 -size 490586 diff --git a/Linux-PAM-1.2.0.tar.bz2 b/Linux-PAM-1.2.0.tar.bz2 deleted file mode 100644 index 5dd0fa1..0000000 --- a/Linux-PAM-1.2.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cd8beac5961e942e9c73b32a3cd1a3457755f8fb35d07c9ec64511e19e135ea4 -size 1278831 diff --git a/Linux-PAM-1.2.1-docs.tar.bz2 b/Linux-PAM-1.2.1-docs.tar.bz2 new file mode 100644 index 0000000..32e575a --- /dev/null +++ b/Linux-PAM-1.2.1-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1f8860544d935f744546a4bb15167e3e42736c4e37756534117bdfaa822e6b25 +size 491551 diff --git a/Linux-PAM-1.2.1.tar.bz2 b/Linux-PAM-1.2.1.tar.bz2 new file mode 100644 index 0000000..92da79f --- /dev/null +++ b/Linux-PAM-1.2.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 +size 1279523 diff --git a/pam.changes b/pam.changes index 8ac1edd..6de9767 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + ------------------------------------------------------------------- Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 2eadda8..efe3771 100644 --- a/pam.spec +++ b/pam.spec @@ -33,7 +33,7 @@ BuildRequires: libselinux-devel %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version: 1.2.0 +Version: 1.2.1 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause -- 2.51.1 From 8bde79bedcc3390f8fe8003b3cec0901c06674796b033576605fff4740987980 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 25 Jul 2015 17:48:00 +0000 Subject: [PATCH 088/226] Accepting request 318619 from home:endzone:branches:Linux-PAM Add folder /etc/security/limits.d as mentioned in 'man pam_limits' OBS-URL: https://build.opensuse.org/request/show/318619 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=151 --- pam.changes | 5 +++++ pam.spec | 1 + 2 files changed, 6 insertions(+) diff --git a/pam.changes b/pam.changes index 6de9767..493b067 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + ------------------------------------------------------------------- Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index efe3771..9fb2aee 100644 --- a/pam.spec +++ b/pam.spec @@ -206,6 +206,7 @@ install -m 644 NEWS COPYING $DOC %defattr(-,root,root) %dir %{_sysconfdir}/pam.d %dir %{_sysconfdir}/security +%dir %{_sysconfdir}/security/limits.d %config(noreplace) %{_sysconfdir}/pam.d/other %config(noreplace) %{_sysconfdir}/pam.d/common-* %config(noreplace) %{_sysconfdir}/securetty -- 2.51.1 From c640f626d0b33b8d4e1e913c47c6245cc9620d8a8c81950be67c9ad2a88a5941 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 23 Mar 2016 10:21:53 +0000 Subject: [PATCH 089/226] - Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=153 --- ...encies-from-pam_access-they-were-nev.patch | 71 +++++++++++++++++++ pam.changes | 5 ++ pam.spec | 4 +- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch diff --git a/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch b/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch new file mode 100644 index 0000000..a472871 --- /dev/null +++ b/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch @@ -0,0 +1,71 @@ +From a64de52d1621ac3d3dd03f66742b48bef0101043 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 23 Mar 2016 11:16:55 +0100 +Subject: [PATCH] Remove YP dependencies from pam_access, they were never used + and such not needed. + +* modules/pam_access/Makefile.am: Remove NIS_CFLAGS and NIS_LIBS +* modules/pam_access/pam_access.c: Remove yp_get_default_domain case, + it will never be used. +--- + modules/pam_access/Makefile.am | 4 ++-- + modules/pam_access/pam_access.c | 8 -------- + 2 files changed, 2 insertions(+), 10 deletions(-) + +diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am +index 0527674..6c0f738 100644 +--- a/modules/pam_access/Makefile.am ++++ b/modules/pam_access/Makefile.am +@@ -15,14 +15,14 @@ securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" $(NIS_CFLAGS) ++ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + + securelib_LTLIBRARIES = pam_access.la +-pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la $(NIS_LIBS) ++pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la + + secureconf_DATA = access.conf + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index b32a966..d4c847a 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -44,9 +44,6 @@ + #include + #include + #include +-#ifdef HAVE_RPCSVC_YPCLNT_H +-#include +-#endif + #ifdef HAVE_LIBAUDIT + #include + #endif +@@ -470,8 +467,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, + { + int retval; + char *mydomain = NULL; +- +-#if defined(HAVE_GETDOMAINNAME) + char domainname_res[256]; + + if (getdomainname (domainname_res, sizeof (domainname_res)) == 0) +@@ -481,9 +476,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, + mydomain = domainname_res; + } + } +-#elif defined(HAVE_YP_GET_DEFAULT_DOMAIN) +- yp_get_default_domain(&mydomain); +-#endif + + #ifdef HAVE_INNETGR + retval = innetgr (netgroup, machine, user, mydomain); +-- +1.8.5.6 + diff --git a/pam.changes b/pam.changes index 493b067..d447c3b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + ------------------------------------------------------------------- Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de diff --git a/pam.spec b/pam.spec index 9fb2aee..0e4b3e5 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -54,6 +54,7 @@ Source9: baselibs.conf Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff +Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -104,6 +105,7 @@ building both PAM-aware applications and modules for use with PAM. %patch0 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build autoreconf -fiv -- 2.51.1 From a118ec1963a461d51e53f1b9370a0a072f4dd38ae57934963502b97f6d1ecebb Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 23 Mar 2016 14:37:11 +0000 Subject: [PATCH 090/226] - Add 0002-Remove-enable-static-modules-option-and-support-from.patch - Add 0003-fix-nis-checks.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=154 --- ...atic-modules-option-and-support-from.patch | 3256 +++++++++++++++++ 0003-fix-nis-checks.patch | 70 + pam.changes | 2 + pam.spec | 4 + 4 files changed, 3332 insertions(+) create mode 100644 0002-Remove-enable-static-modules-option-and-support-from.patch create mode 100644 0003-fix-nis-checks.patch diff --git a/0002-Remove-enable-static-modules-option-and-support-from.patch b/0002-Remove-enable-static-modules-option-and-support-from.patch new file mode 100644 index 0000000..247f2ce --- /dev/null +++ b/0002-Remove-enable-static-modules-option-and-support-from.patch @@ -0,0 +1,3256 @@ +From dfffaec4953f1271963b1a3a9761289c757bf347 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 23 Mar 2016 11:25:53 +0100 +Subject: [PATCH] Remove "--enable-static-modules" option and support from + Linux-PAM. It was never official supported and was broken since years. + +* configure.ac: Remove --enable-static-modules option. +* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. +* doc/man/pam_sm_authenticate.3.xml: Likewise. +* doc/man/pam_sm_chauthtok.3.xml: Likewise. +* doc/man/pam_sm_close_session.3.xml: Likewise. +* doc/man/pam_sm_open_session.3.xml: Likewise. +* doc/man/pam_sm_setcred.3.xml: Likewise. +* libpam/Makefile.am: Remove STATIC_MODULES cases. +* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. +* libpam/pam_dynamic.c: Likewise. +* libpam/pam_handlers.c: Likewise. +* libpam/pam_private.h: Likewise. +* libpam/pam_static.c: Remove file. +* libpam/pam_static_modules.h: Remove header file. +* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. +* modules/pam_cracklib/pam_cracklib.c: Likewise. +* modules/pam_debug/pam_debug.c: Likewise. +* modules/pam_deny/pam_deny.c: Likewise. +* modules/pam_echo/pam_echo.c: Likewise. +* modules/pam_env/pam_env.c: Likewise. +* modules/pam_exec/pam_exec.c: Likewise. +* modules/pam_faildelay/pam_faildelay.c: Likewise. +* modules/pam_filter/pam_filter.c: Likewise. +* modules/pam_ftp/pam_ftp.c: Likewise. +* modules/pam_group/pam_group.c: Likewise. +* modules/pam_issue/pam_issue.c: Likewise. +* modules/pam_keyinit/pam_keyinit.c: Likewise. +* modules/pam_lastlog/pam_lastlog.c: Likewise. +* modules/pam_limits/pam_limits.c: Likewise. +* modules/pam_listfile/pam_listfile.c: Likewise. +* modules/pam_localuser/pam_localuser.c: Likewise. +* modules/pam_loginuid/pam_loginuid.c: Likewise. +* modules/pam_mail/pam_mail.c: Likewise. +* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. +* modules/pam_motd/pam_motd.c: Likewise. +* modules/pam_namespace/pam_namespace.c: Likewise. +* modules/pam_nologin/pam_nologin.c: Likewise. +* modules/pam_permit/pam_permit.c: Likewise. +* modules/pam_pwhistory/pam_pwhistory.c: Likewise. +* modules/pam_rhosts/pam_rhosts.c: Likewise. +* modules/pam_rootok/pam_rootok.c: Likewise. +* modules/pam_securetty/pam_securetty.c: Likewise. +* modules/pam_selinux/pam_selinux.c: Likewise. +* modules/pam_sepermit/pam_sepermit.c: Likewise. +* modules/pam_shells/pam_shells.c: Likewise. +* modules/pam_stress/pam_stress.c: Likewise. +* modules/pam_succeed_if/pam_succeed_if.c: Likewise. +* modules/pam_tally/pam_tally.c: Likewise. +* modules/pam_tally2/pam_tally2.c: Likewise. +* modules/pam_time/pam_time.c: Likewise. +* modules/pam_timestamp/pam_timestamp.c: Likewise. +* modules/pam_tty_audit/pam_tty_audit.c: Likewise. +* modules/pam_umask/pam_umask.c: Likewise. +* modules/pam_userdb/pam_userdb.c: Likewise. +* modules/pam_warn/pam_warn.c: Likewise. +* modules/pam_wheel/pam_wheel.c: Likewise. +* modules/pam_xauth/pam_xauth.c: Likewise. +* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. +* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. +* modules/pam_unix/pam_unix_auth.c: Likewise. +* modules/pam_unix/pam_unix_passwd.c: Likewise. +* modules/pam_unix/pam_unix_sess.c: Likewise. +* modules/pam_unix/pam_unix_static.c: Removed. +* modules/pam_unix/pam_unix_static.h: Removed. +* po/POTFILES.in: Remove removed files. +* tests/tst-dlopen.c: Remove PAM_STATIC part. +--- + configure.ac | 19 +--- + doc/man/pam_sm_acct_mgmt.3.xml | 2 +- + doc/man/pam_sm_authenticate.3.xml | 2 +- + doc/man/pam_sm_chauthtok.3.xml | 2 +- + doc/man/pam_sm_close_session.3.xml | 2 +- + doc/man/pam_sm_open_session.3.xml | 2 +- + doc/man/pam_sm_setcred.3.xml | 2 +- + libpam/Makefile.am | 9 +- + libpam/include/security/pam_modules.h | 78 +++-------------- + libpam/pam_dynamic.c | 3 - + libpam/pam_handlers.c | 53 +----------- + libpam/pam_private.h | 12 --- + libpam/pam_static.c | 127 --------------------------- + libpam/pam_static_modules.h | 148 -------------------------------- + modules/pam_access/pam_access.c | 27 ++---- + modules/pam_cracklib/pam_cracklib.c | 17 +--- + modules/pam_debug/pam_debug.c | 22 ----- + modules/pam_deny/pam_deny.c | 25 ++---- + modules/pam_echo/pam_echo.c | 15 ---- + modules/pam_env/pam_env.c | 28 ++---- + modules/pam_exec/pam_exec.c | 24 ++---- + modules/pam_faildelay/pam_faildelay.c | 19 ---- + modules/pam_filter/pam_filter.c | 40 +++------ + modules/pam_ftp/pam_ftp.c | 21 +---- + modules/pam_group/pam_group.c | 19 +--- + modules/pam_issue/pam_issue.c | 20 +---- + modules/pam_keyinit/pam_keyinit.c | 16 ---- + modules/pam_lastlog/pam_lastlog.c | 26 ++---- + modules/pam_limits/pam_limits.c | 19 +--- + modules/pam_listfile/pam_listfile.c | 30 ++----- + modules/pam_localuser/pam_localuser.c | 28 ++---- + modules/pam_loginuid/pam_loginuid.c | 19 +--- + modules/pam_mail/pam_mail.c | 21 +---- + modules/pam_mkhomedir/pam_mkhomedir.c | 18 +--- + modules/pam_motd/pam_motd.c | 20 +---- + modules/pam_namespace/pam_namespace.c | 19 +--- + modules/pam_nologin/pam_nologin.c | 23 +---- + modules/pam_permit/pam_permit.c | 28 ++---- + modules/pam_pwhistory/pam_pwhistory.c | 15 +--- + modules/pam_rhosts/pam_rhosts.c | 19 +--- + modules/pam_rootok/pam_rootok.c | 24 +----- + modules/pam_securetty/pam_securetty.c | 22 +---- + modules/pam_selinux/pam_selinux.c | 8 +- + modules/pam_sepermit/pam_sepermit.c | 20 +---- + modules/pam_shells/pam_shells.c | 19 ---- + modules/pam_stress/pam_stress.c | 22 ----- + modules/pam_succeed_if/pam_succeed_if.c | 25 ++---- + modules/pam_tally/pam_tally.c | 33 +------ + modules/pam_tally2/pam_tally2.c | 33 +------ + modules/pam_time/pam_time.c | 17 +--- + modules/pam_timestamp/pam_timestamp.c | 23 +---- + modules/pam_tty_audit/pam_tty_audit.c | 13 --- + modules/pam_umask/pam_umask.c | 20 +---- + modules/pam_unix/Makefile.am | 6 +- + modules/pam_unix/pam_unix_acct.c | 6 +- + modules/pam_unix/pam_unix_auth.c | 6 +- + modules/pam_unix/pam_unix_passwd.c | 6 +- + modules/pam_unix/pam_unix_sess.c | 6 +- + modules/pam_unix/pam_unix_static.c | 23 ----- + modules/pam_unix/pam_unix_static.h | 6 -- + modules/pam_userdb/pam_userdb.c | 23 +---- + modules/pam_warn/pam_warn.c | 25 +----- + modules/pam_wheel/pam_wheel.c | 22 +---- + modules/pam_xauth/pam_xauth.c | 13 --- + po/POTFILES.in | 1 - + tests/tst-dlopen.c | 4 - + 66 files changed, 152 insertions(+), 1313 deletions(-) + delete mode 100644 libpam/pam_static.c + delete mode 100644 libpam/pam_static_modules.h + delete mode 100644 modules/pam_unix/pam_unix_static.c + delete mode 100644 modules/pam_unix/pam_unix_static.h + +diff --git a/configure.ac b/configure.ac +index f33b959..d5cc644 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -61,23 +61,8 @@ dnl This should be called before any macros that run the C compiler. + AC_USE_SYSTEM_EXTENSIONS + + LT_INIT([disable-static]) +- +-dnl +-dnl check if we should link everything static into libpam +-dnl +-AC_ARG_ENABLE(static-modules,AS_HELP_STRING([--enable-static-modules], +- [do not make the modules dynamically loadable]), +- STATIC_MODULES=$enableval,STATIC_MODULES=no) +-if test "$STATIC_MODULES" != "no" ; then +- CFLAGS="$CFLAGS -DPAM_STATIC" +- AC_ENABLE_STATIC([yes]) +- AC_ENABLE_SHARED([no]) +-else +-# per default don't build static libraries +- AC_ENABLE_STATIC([no]) +- AC_ENABLE_SHARED([yes]) +-fi +-AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) ++AC_ENABLE_STATIC([no]) ++AC_ENABLE_SHARED([yes]) + + dnl Checks for programs. + AC_PROG_CC +diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml +index 35aa28a..ff99867 100644 +--- a/doc/man/pam_sm_acct_mgmt.3.xml ++++ b/doc/man/pam_sm_acct_mgmt.3.xml +@@ -20,7 +20,7 @@ + #define PAM_SM_ACCOUNT + #include <security/pam_modules.h> + +- PAM_EXTERN int pam_sm_acct_mgmt ++ int pam_sm_acct_mgmt + pam_handle_t *pamh + int flags + int argc +diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml +index 9121aed..4299726 100644 +--- a/doc/man/pam_sm_authenticate.3.xml ++++ b/doc/man/pam_sm_authenticate.3.xml +@@ -20,7 +20,7 @@ + #define PAM_SM_AUTH + #include <security/pam_modules.h> + +- PAM_EXTERN int pam_sm_authenticate ++ int pam_sm_authenticate + pam_handle_t *pamh + int flags + int argc +diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml +index d6d3093..d8f36d6 100644 +--- a/doc/man/pam_sm_chauthtok.3.xml ++++ b/doc/man/pam_sm_chauthtok.3.xml +@@ -20,7 +20,7 @@ + #define PAM_SM_PASSWORD + #include <security/pam_modules.h> + +- PAM_EXTERN int pam_sm_chauthtok ++ int pam_sm_chauthtok + pam_handle_t *pamh + int flags + int argc +diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml +index f2e6718..db579ff 100644 +--- a/doc/man/pam_sm_close_session.3.xml ++++ b/doc/man/pam_sm_close_session.3.xml +@@ -20,7 +20,7 @@ + #define PAM_SM_SESSION + #include <security/pam_modules.h> + +- PAM_EXTERN int pam_sm_close_session ++ int pam_sm_close_session + pam_handle_t *pamh + int flags + int argc +diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml +index 0851c34..0c9ec77 100644 +--- a/doc/man/pam_sm_open_session.3.xml ++++ b/doc/man/pam_sm_open_session.3.xml +@@ -20,7 +20,7 @@ + #define PAM_SM_SESSION + #include <security/pam_modules.h> + +- PAM_EXTERN int pam_sm_open_session ++ int pam_sm_open_session + pam_handle_t *pamh + int flags + int argc +diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml +index e557000..5cfe899 100644 +--- a/doc/man/pam_sm_setcred.3.xml ++++ b/doc/man/pam_sm_setcred.3.xml +@@ -20,7 +20,7 @@ + #define PAM_SM_AUTH + #include <security/pam_modules.h> + +- PAM_EXTERN int pam_sm_setcred ++ int pam_sm_setcred + pam_handle_t *pamh + int flags + int argc +diff --git a/libpam/Makefile.am b/libpam/Makefile.am +index ac2a1fb..04a8df0 100644 +--- a/libpam/Makefile.am ++++ b/libpam/Makefile.am +@@ -18,16 +18,11 @@ include_HEADERS = include/security/_pam_compat.h \ + include/security/pam_ext.h include/security/pam_modutil.h + + noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ +- pam_modutil_private.h pam_static_modules.h ++ pam_modutil_private.h + + libpam_la_LDFLAGS = -no-undefined -version-info 84:1:84 + libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ + +-if STATIC_MODULES +- libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \ +- @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil +- AM_CFLAGS += $(NIS_CFLAGS) +-endif + if HAVE_VERSIONING + libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map + endif +@@ -38,7 +33,7 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ + pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ + pam_handlers.c pam_item.c \ + pam_misc.c pam_password.c pam_prelude.c \ +- pam_session.c pam_start.c pam_static.c pam_strerror.c \ ++ pam_session.c pam_start.c pam_strerror.c \ + pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ + pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ + pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ +diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h +index 5c516c4..37568e9 100644 +--- a/libpam/include/security/pam_modules.h ++++ b/libpam/include/security/pam_modules.h +@@ -30,80 +30,26 @@ pam_get_data(const pam_handle_t *pamh, const char *module_data_name, + extern int PAM_NONNULL((1,2)) + pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt); + +-#ifdef PAM_STATIC +- +-#define PAM_EXTERN static +- +-struct pam_module { +- const char *name; /* Name of the module */ +- +- /* These are function pointers to the module's key functions. */ +- +- int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +-}; +- +-#else /* !PAM_STATIC */ +- +-#define PAM_EXTERN extern +- +-#endif /* PAM_STATIC */ +- +-/* Lots of files include pam_modules.h that don't need these +- * declared. However, when they are declared static, they +- * need to be defined later. So we have to protect C files +- * that include these without wanting these functions defined.. */ +- +-#if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC) +- + /* Authentication API's */ +-PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +-PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- +-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH)) +- || !defined(PAM_STATIC)*/ +- +-#if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC) ++int pam_sm_authenticate(pam_handle_t *pamh, int flags, ++ int argc, const char **argv); ++int pam_sm_setcred(pam_handle_t *pamh, int flags, ++ int argc, const char **argv); + + /* Account Management API's */ +-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- +-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) +- || !defined(PAM_STATIC)*/ +- +-#if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC) ++int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, ++ int argc, const char **argv); + + /* Session Management API's */ +-PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- +-PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, +- int argc, const char **argv); ++int pam_sm_open_session(pam_handle_t *pamh, int flags, ++ int argc, const char **argv); + +-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION)) +- || !defined(PAM_STATIC)*/ +- +-#if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC) ++int pam_sm_close_session(pam_handle_t *pamh, int flags, ++ int argc, const char **argv); + + /* Password Management API's */ +-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, +- int argc, const char **argv); +- +-#endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) +- || !defined(PAM_STATIC)*/ ++int pam_sm_chauthtok(pam_handle_t *pamh, int flags, ++ int argc, const char **argv); + + /* The following two flags are for use across the Linux-PAM/module + * interface only. The Application is not permitted to use these +diff --git a/libpam/pam_dynamic.c b/libpam/pam_dynamic.c +index e1155e5..50bfd79 100644 +--- a/libpam/pam_dynamic.c ++++ b/libpam/pam_dynamic.c +@@ -33,8 +33,6 @@ + + #include "pam_private.h" + +-#ifndef PAM_STATIC +- + #ifdef PAM_SHL + # include + #elif defined(PAM_DYLD) +@@ -139,4 +137,3 @@ _pam_dlerror (void) + #endif + } + +-#endif +diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c +index bc3fd9d..91cccad 100644 +--- a/libpam/pam_handlers.c ++++ b/libpam/pam_handlers.c +@@ -665,9 +665,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) + { + int x = 0; + int success; +-#ifndef PAM_STATIC + char *mod_full_isa_path=NULL, *isa=NULL; +-#endif + struct loaded_module *mod; + + D(("_pam_load_module: loading module `%s'", mod_path)); +@@ -701,27 +699,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) + /* Be pessimistic... */ + success = PAM_ABORT; + +-#ifdef PAM_STATIC +- /* Only load static function if function was not found dynamically. +- * This code should work even if no dynamic loading is available. */ +- if (success != PAM_SUCCESS) { +- D(("_pam_load_module: open static handler %s", mod_path)); +- mod->dl_handle = _pam_open_static_handler(pamh, mod_path); +- if (mod->dl_handle == NULL) { +- D(("_pam_load_module: unable to find static handler %s", +- mod_path)); +- if (handler_type != PAM_HT_SILENT_MODULE) +- pam_syslog(pamh, LOG_ERR, +- "unable to open static handler %s", mod_path); +- /* Didn't find module in dynamic or static..will mark bad */ +- } else { +- D(("static module added successfully")); +- success = PAM_SUCCESS; +- mod->type = PAM_MT_STATIC_MOD; +- pamh->handlers.modules_used++; +- } +- } +-#else + D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); + mod->dl_handle = _pam_dlopen(mod_path); + D(("_pam_load_module: _pam_dlopen'ed")); +@@ -758,7 +735,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) + mod->type = PAM_MT_DYNAMIC_MOD; + pamh->handlers.modules_used++; + } +-#endif + + if (success != PAM_SUCCESS) { /* add a malformed module */ + mod->dl_handle = NULL; +@@ -869,16 +845,8 @@ int _pam_add_handler(pam_handle_t *pamh + } + + /* are the modules reliable? */ +- if ( +-#ifdef PAM_STATIC +- mod_type != PAM_MT_STATIC_MOD +- && +-#else +- mod_type != PAM_MT_DYNAMIC_MOD +- && +-#endif +- mod_type != PAM_MT_FAULTY_MOD +- ) { ++ if (mod_type != PAM_MT_DYNAMIC_MOD && ++ mod_type != PAM_MT_FAULTY_MOD) { + D(("_pam_add_handlers: illegal module library type; %d", mod_type)); + pam_syslog(pamh, LOG_ERR, + "internal error: module library type not known: %s;%d", +@@ -888,30 +856,15 @@ int _pam_add_handler(pam_handle_t *pamh + + /* now identify this module's functions - for non-faulty modules */ + +-#ifdef PAM_STATIC +- if ((mod_type == PAM_MT_STATIC_MOD) && +- (func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) { +- pam_syslog(pamh, LOG_ERR, "unable to resolve static symbol: %s", sym); +- } +-#else + if ((mod_type == PAM_MT_DYNAMIC_MOD) && + !(func = _pam_dlsym(mod->dl_handle, sym)) ) { + pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym); + } +-#endif + if (sym2) { +-#ifdef PAM_STATIC +- if ((mod_type == PAM_MT_STATIC_MOD) && +- (func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2)) +- == NULL) { +- pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); +- } +-#else + if ((mod_type == PAM_MT_DYNAMIC_MOD) && + !(func2 = _pam_dlsym(mod->dl_handle, sym2)) ) { + pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); + } +-#endif + } + + /* here func (and perhaps func2) point to the appropriate functions */ +@@ -994,11 +947,9 @@ int _pam_free_handlers(pam_handle_t *pamh) + while (pamh->handlers.modules_used) { + D(("_pam_free_handlers: dlclose(%s)", mod->name)); + free(mod->name); +-#ifndef PAM_STATIC + if (mod->type == PAM_MT_DYNAMIC_MOD) { + _pam_dlclose(mod->dl_handle); + } +-#endif + mod++; + pamh->handlers.modules_used--; + } +diff --git a/libpam/pam_private.h b/libpam/pam_private.h +index 1138277..7ff9f75 100644 +--- a/libpam/pam_private.h ++++ b/libpam/pam_private.h +@@ -241,22 +241,10 @@ void _pam_await_timer(pam_handle_t *pamh, int status); + typedef void (*voidfunc(void))(void); + typedef int (*servicefn)(pam_handle_t *, int, int, char **); + +-#ifdef PAM_STATIC +-/* The next two in ../modules/_pam_static/pam_static.c */ +- +-/* Return pointer to data structure used to define a static module */ +-struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, +- const char *path); +- +-/* Return pointer to function requested from static module */ +- +-voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname); +-#else + void *_pam_dlopen (const char *mod_path); + servicefn _pam_dlsym (void *handle, const char *symbol); + void _pam_dlclose (void *handle); + const char *_pam_dlerror (void); +-#endif + + /* For now we just use a stack and linear search for module data. */ + /* If it becomes apparent that there is a lot of data, it should */ +diff --git a/libpam/pam_static.c b/libpam/pam_static.c +deleted file mode 100644 +index 511026d..0000000 +--- a/libpam/pam_static.c ++++ /dev/null +@@ -1,127 +0,0 @@ +-/* +- * pam_static.c -- static module loading helper functions +- * +- * created by Michael K. Johnson, johnsonm@redhat.com +- */ +- +-/* This whole file is only used for PAM_STATIC */ +- +-#ifdef PAM_STATIC +- +-#include +-#include +-#include +- +-#include "pam_private.h" +- +-#include "pam_static_modules.h" +- +-/* +- * and now for the functions +- */ +- +-/* Return pointer to data structure used to define a static module */ +-struct pam_module * +-_pam_open_static_handler (pam_handle_t *pamh, const char *path) +-{ +- int i; +- const char *clpath = path; +- char *lpath, *end; +- +- if (strchr(clpath, '/')) { +- /* ignore path and leading "/" */ +- clpath = strrchr(path, '/') + 1; +- } +- /* create copy to muck with (must free before return) */ +- lpath = _pam_strdup(clpath); +- /* chop .so off copy if it exists (or other extension on other +- platform...) */ +- end = strstr(lpath, ".so"); +- if (end) { +- *end = '\0'; +- } +- +- /* now go find the module */ +- for (i = 0; static_modules[i] != NULL; i++) { +- D(("%s=?%s\n", lpath, static_modules[i]->name)); +- if (static_modules[i]->name && +- ! strcmp(static_modules[i]->name, lpath)) { +- break; +- } +- } +- +- if (static_modules[i] == NULL) { +- pam_syslog (pamh, LOG_ERR, "no static module named %s", lpath); +- } +- +- free(lpath); +- return (static_modules[i]); +-} +- +-/* Return pointer to function requested from static module +- * Can't just return void *, because ANSI C disallows casting a +- * pointer to a function to a void *... +- * This definition means: +- * _pam_get_static_sym is a function taking two arguments and +- * returning a pointer to a function which takes no arguments +- * and returns void... */ +-voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname) { +- +- if (! strcmp(symname, "pam_sm_authenticate")) { +- return ((voidfunc *)mod->pam_sm_authenticate); +- } else if (! strcmp(symname, "pam_sm_setcred")) { +- return ((voidfunc *)mod->pam_sm_setcred); +- } else if (! strcmp(symname, "pam_sm_acct_mgmt")) { +- return ((voidfunc *)mod->pam_sm_acct_mgmt); +- } else if (! strcmp(symname, "pam_sm_open_session")) { +- return ((voidfunc *)mod->pam_sm_open_session); +- } else if (! strcmp(symname, "pam_sm_close_session")) { +- return ((voidfunc *)mod->pam_sm_close_session); +- } else if (! strcmp(symname, "pam_sm_chauthtok")) { +- return ((voidfunc *)mod->pam_sm_chauthtok); +- } +- /* getting to this point is an error */ +- return ((voidfunc *)NULL); +-} +- +-#else /* ! PAM_STATIC */ +- +-typedef int blarg; +- +-#endif /* ! PAM_STATIC */ +- +-/* +- * Copyright (C) 1995 by Red Hat Software, Michael K. Johnson +- * All rights reserved +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, and the entire permission notice in its entirety, +- * including the disclaimer of warranties. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. The name of the author may not be used to endorse or promote +- * products derived from this software without specific prior +- * written permission. +- * +- * ALTERNATIVELY, this product may be distributed under the terms of +- * the GNU Public License, in which case the provisions of the GPL are +- * required INSTEAD OF the above restrictions. (This clause is +- * necessary due to a potential bad interaction between the GPL and +- * the restrictions contained in a BSD-style copyright.) +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED +- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +diff --git a/libpam/pam_static_modules.h b/libpam/pam_static_modules.h +deleted file mode 100644 +index 698989b..0000000 +--- a/libpam/pam_static_modules.h ++++ /dev/null +@@ -1,148 +0,0 @@ +-/* +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, and the entire permission notice in its entirety, +- * including the disclaimer of warranties. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. The name of the author may not be used to endorse or promote +- * products derived from this software without specific prior +- * written permission. +- * +- * ALTERNATIVELY, this product may be distributed under the terms of +- * the GNU Public License, in which case the provisions of the GPL are +- * required INSTEAD OF the above restrictions. (This clause is +- * necessary due to a potential bad interaction between the GPL and +- * the restrictions contained in a BSD-style copyright.) +- * +- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED +- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +- +-/* Pointers to static module data. */ +- +-extern struct pam_module _pam_access_modstruct; +-extern struct pam_module _pam_cracklib_modstruct; +-extern struct pam_module _pam_debug_modstruct; +-extern struct pam_module _pam_deny_modstruct; +-extern struct pam_module _pam_echo_modstruct; +-extern struct pam_module _pam_env_modstruct; +-extern struct pam_module _pam_exec_modstruct; +-extern struct pam_module _pam_faildelay_modstruct; +-extern struct pam_module _pam_filter_modstruct; +-extern struct pam_module _pam_ftp_modstruct; +-extern struct pam_module _pam_group_modstruct; +-extern struct pam_module _pam_issue_modstruct; +-#ifdef HAVE_KEY_MANAGEMENT +-extern struct pam_module _pam_keyinit_modstruct; +-#endif +-extern struct pam_module _pam_lastlog_modstruct; +-extern struct pam_module _pam_limits_modstruct; +-extern struct pam_module _pam_listfile_modstruct; +-extern struct pam_module _pam_localuser_modstruct; +-extern struct pam_module _pam_loginuid_modstruct; +-extern struct pam_module _pam_mail_modstruct; +-extern struct pam_module _pam_mkhomedir_modstruct; +-extern struct pam_module _pam_motd_modstruct; +-#ifdef HAVE_UNSHARE +-extern struct pam_module _pam_namespace_modstruct; +-#endif +-extern struct pam_module _pam_nologin_modstruct; +-extern struct pam_module _pam_permit_modstruct; +-extern struct pam_module _pam_pwhistory_modstruct; +-extern struct pam_module _pam_rhosts_modstruct; +-extern struct pam_module _pam_rootok_modstruct; +-extern struct pam_module _pam_securetty_modstruct; +-#ifdef WITH_SELINUX +-extern struct pam_module _pam_selinux_modstruct; +-extern struct pam_module _pam_sepermit_modstruct; +-#endif +-extern struct pam_module _pam_shells_modstruct; +-extern struct pam_module _pam_stress_modstruct; +-extern struct pam_module _pam_succeed_if_modstruct; +-extern struct pam_module _pam_tally_modstruct; +-extern struct pam_module _pam_tally2_modstruct; +-extern struct pam_module _pam_time_modstruct; +-extern struct pam_module _pam_timestamp_modstruct; +-#ifdef HAVE_AUDIT_TTY_STATUS +-extern struct pam_module _pam_tty_audit_modstruct; +-#endif +-extern struct pam_module _pam_umask_modstruct; +-extern struct pam_module _pam_unix_modstruct; +-extern struct pam_module _pam_userdb_modstruct; +-extern struct pam_module _pam_warn_modstruct; +-extern struct pam_module _pam_wheel_modstruct; +-extern struct pam_module _pam_xauth_modstruct; +- +-/* and here is a structure that connects libpam to the above static +- modules. */ +- +-static struct pam_module *static_modules[] = { +- &_pam_access_modstruct, +-#ifdef HAVE_LIBCRACK +- &_pam_cracklib_modstruct, +-#endif +- &_pam_debug_modstruct, +- &_pam_deny_modstruct, +- &_pam_echo_modstruct, +- &_pam_env_modstruct, +- &_pam_exec_modstruct, +- &_pam_faildelay_modstruct, +- &_pam_filter_modstruct, +- &_pam_ftp_modstruct, +- &_pam_group_modstruct, +- &_pam_issue_modstruct, +-#ifdef HAVE_KEY_MANAGEMENT +- &_pam_keyinit_modstruct, +-#endif +- &_pam_lastlog_modstruct, +- &_pam_limits_modstruct, +- &_pam_listfile_modstruct, +- &_pam_localuser_modstruct, +- &_pam_loginuid_modstruct, +- &_pam_mail_modstruct, +- &_pam_mkhomedir_modstruct, +- &_pam_motd_modstruct, +-#ifdef HAVE_UNSHARE +- &_pam_namespace_modstruct, +-#endif +- &_pam_nologin_modstruct, +- &_pam_permit_modstruct, +- &_pam_pwhistory_modstruct, +- &_pam_rhosts_modstruct, +- &_pam_rootok_modstruct, +- &_pam_securetty_modstruct, +-#ifdef WITH_SELINUX +- &_pam_selinux_modstruct, +- &_pam_sepermit_modstruct, +-#endif +- &_pam_shells_modstruct, +- &_pam_stress_modstruct, +- &_pam_succeed_if_modstruct, +- &_pam_tally_modstruct, +- &_pam_tally2_modstruct, +- &_pam_time_modstruct, +- &_pam_timestamp_modstruct, +-#ifdef HAVE_AUDIT_TTY_STATUS +- &_pam_tty_audit_modstruct, +-#endif +- &_pam_umask_modstruct, +- &_pam_unix_modstruct, +- &_pam_userdb_modstruct, +- &_pam_warn_modstruct, +- &_pam_wheel_modstruct, +- &_pam_xauth_modstruct, +- NULL +-}; +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index d4c847a..3ac1ad0 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -792,7 +792,7 @@ network_netmask_match (pam_handle_t *pamh, + + /* --- public PAM management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -904,35 +904,35 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + } + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate (pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -940,18 +940,3 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, + } + + /* end of module definition */ +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_access_modstruct = { +- "pam_access", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok +-}; +-#endif +diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c +index 5eefd0b..1654931 100644 +--- a/modules/pam_cracklib/pam_cracklib.c ++++ b/modules/pam_cracklib/pam_cracklib.c +@@ -728,8 +728,8 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, + /* The Main Thing (by Cristian Gafton, CEO at this module :-) + * (stolen from http://home.netscape.com) + */ +-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, +- int argc, const char **argv) ++int ++pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + unsigned int ctrl; + struct cracklib_options options; +@@ -858,19 +858,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + + + +-#ifdef PAM_STATIC +-/* static module data */ +-struct pam_module _pam_cracklib_modstruct = { +- "pam_cracklib", +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- pam_sm_chauthtok +-}; +-#endif +- + /* + * Copyright (c) Cristian Gafton , 1996. + * All rights reserved +diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c +index a65d1bf..9b68d38 100644 +--- a/modules/pam_debug/pam_debug.c ++++ b/modules/pam_debug/pam_debug.c +@@ -75,7 +75,6 @@ static int parse_args(int retval, const char *event, + return retval; + } + +-PAM_EXTERN + int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -103,7 +102,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + return retval; + } + +-PAM_EXTERN + int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -112,7 +110,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, + + /* --- account management functions --- */ + +-PAM_EXTERN + int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -121,7 +118,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + + /* --- password management --- */ + +-PAM_EXTERN + int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -134,14 +130,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, + + /* --- session management --- */ + +-PAM_EXTERN + int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { + return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv); + } + +-PAM_EXTERN + int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -149,19 +143,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + } + + /* end of module definition */ +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_debug_modstruct = { +- "pam_debug", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok +-}; +- +-#endif +diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c +index 544c5bd..155a1f5 100644 +--- a/modules/pam_deny/pam_deny.c ++++ b/modules/pam_deny/pam_deny.c +@@ -25,14 +25,14 @@ + + /* --- authentication management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_AUTH_ERR; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -41,7 +41,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- account management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -50,7 +50,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- password management --- */ + +-PAM_EXTERN int ++int + pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -59,14 +59,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- session management --- */ + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SESSION_ERR; + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -74,16 +74,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + } + + /* end of module definition */ +- +-/* static module data */ +-#ifdef PAM_STATIC +-struct pam_module _pam_deny_modstruct = { +- "pam_deny", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok +-}; +-#endif +diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c +index d0879fb..860ff0a 100644 +--- a/modules/pam_echo/pam_echo.c ++++ b/modules/pam_echo/pam_echo.c +@@ -262,18 +262,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, + return PAM_IGNORE; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_echo_modstruct = { +- "pam_echo", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok, +-}; +- +-#endif +diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c +index 1bfdf08..0b8002f 100644 +--- a/modules/pam_env/pam_env.c ++++ b/modules/pam_env/pam_env.c +@@ -768,7 +768,7 @@ static void _clean_var(VAR *var) + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -839,7 +839,7 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) + return retval; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -847,7 +847,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, + return PAM_SERVICE_ERR; + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -855,7 +855,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, + return handle_env (pamh, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -863,7 +863,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + return handle_env (pamh, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -871,7 +871,7 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -879,20 +879,4 @@ pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, + return PAM_SERVICE_ERR; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_env_modstruct = { +- "pam_env", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c +index 17ba6ca..0ab6548 100644 +--- a/modules/pam_exec/pam_exec.c ++++ b/modules/pam_exec/pam_exec.c +@@ -467,14 +467,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + return PAM_SYSTEM_ERR; /* will never be reached. */ + } + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { + return call_exec ("auth", pamh, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -483,7 +483,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* password updating functions */ + +-PAM_EXTERN int ++int + pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -492,35 +492,23 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, + return call_exec ("password", pamh, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { + return call_exec ("account", pamh, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { + return call_exec ("open_session", pamh, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { + return call_exec ("close_session", pamh, argc, argv); + } +- +-#ifdef PAM_STATIC +-struct pam_module _pam_exec_modstruct = { +- "pam_exec", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok, +-}; +-#endif +diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c +index 072b7dd..7ea8f83 100644 +--- a/modules/pam_faildelay/pam_faildelay.c ++++ b/modules/pam_faildelay/pam_faildelay.c +@@ -152,7 +152,6 @@ search_key (const char *filename) + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN + int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -204,28 +203,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + return i; + } + +-PAM_EXTERN + int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_IGNORE; + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_faildelay_modstruct = { +- "pam_faildelay", +- pam_sm_authenticate, +- pam_sm_setcred, +- NULL, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c +index 9935d99..6e6a0cf 100644 +--- a/modules/pam_filter/pam_filter.c ++++ b/modules/pam_filter/pam_filter.c +@@ -663,23 +663,23 @@ static int need_a_filter(pam_handle_t *pamh + + /* ------------------ authentication ----------------- */ + +-PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh +- , int flags, int argc, const char **argv) ++int pam_sm_authenticate(pam_handle_t *pamh, ++ int flags, int argc, const char **argv) + { + return need_a_filter(pamh, flags, argc, argv + , "authenticate", FILTER_RUN1); + } + +-PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags +- , int argc, const char **argv) ++int pam_sm_setcred(pam_handle_t *pamh, int flags, ++ int argc, const char **argv) + { + return need_a_filter(pamh, flags, argc, argv, "setcred", FILTER_RUN2); + } + + /* --------------- account management ---------------- */ + +-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, +- const char **argv) ++int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, ++ const char **argv) + { + return need_a_filter(pamh, flags, argc, argv + , "setcred", FILTER_RUN1|FILTER_RUN2 ); +@@ -687,15 +687,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + + /* --------------- session management ---------------- */ + +-PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags +- , int argc, const char **argv) ++int pam_sm_open_session(pam_handle_t *pamh, int flags, ++ int argc, const char **argv) + { + return need_a_filter(pamh, flags, argc, argv + , "open_session", FILTER_RUN1); + } + +-PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags +- , int argc, const char **argv) ++int pam_sm_close_session(pam_handle_t *pamh, int flags, ++ int argc, const char **argv) + { + return need_a_filter(pamh, flags, argc, argv + , "close_session", FILTER_RUN2); +@@ -704,8 +704,8 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags + /* --------- updating authentication tokens --------- */ + + +-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags +- , int argc, const char **argv) ++int pam_sm_chauthtok(pam_handle_t *pamh, int flags, ++ int argc, const char **argv) + { + int runN; + +@@ -720,19 +720,3 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags + + return need_a_filter(pamh, flags, argc, argv, "chauthtok", runN); + } +- +-#ifdef PAM_STATIC +- +-/* ------------ stuff for static modules ------------ */ +- +-struct pam_module _pam_filter_modstruct = { +- "pam_filter", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok, +-}; +- +-#endif +diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c +index 221d8f8..6b6cf2a 100644 +--- a/modules/pam_ftp/pam_ftp.c ++++ b/modules/pam_ftp/pam_ftp.c +@@ -111,7 +111,7 @@ static int lookup(const char *name, const char *list, const char **_user) + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -210,28 +210,11 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + } + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_IGNORE; + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_ftp_modstruct = { +- "pam_ftp", +- pam_sm_authenticate, +- pam_sm_setcred, +- NULL, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c +index be5f20f..da8237f 100644 +--- a/modules/pam_group/pam_group.c ++++ b/modules/pam_group/pam_group.c +@@ -739,14 +739,14 @@ static int check_account(pam_handle_t *pamh, const char *service, + + /* --- public authentication management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +@@ -817,18 +817,3 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, + } + + /* end of module definition */ +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_group_modstruct = { +- "pam_group", +- pam_sm_authenticate, +- pam_sm_setcred, +- NULL, +- NULL, +- NULL, +- NULL +-}; +-#endif +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index 060baad..5b5ee41 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -42,7 +42,7 @@ static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt); + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -120,7 +120,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -291,20 +291,4 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + return PAM_SUCCESS; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_issue_modstruct = { +- "pam_issue", +- pam_sm_authenticate, +- pam_sm_setcred, +- NULL, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c +index f82eead..5dd7b06 100644 +--- a/modules/pam_keyinit/pam_keyinit.c ++++ b/modules/pam_keyinit/pam_keyinit.c +@@ -165,7 +165,6 @@ static void kill_keyrings(pam_handle_t *pamh) + /* + * open a PAM session by making sure there's a session keyring + */ +-PAM_EXTERN + int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -238,7 +237,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + /* + * close a PAM session by revoking the session keyring if requested + */ +-PAM_EXTERN + int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -253,17 +251,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + return PAM_SUCCESS; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_keyinit_modstruct = { +- "pam_keyinit", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +-#endif +diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c +index 76a33e4..1e2f08d 100644 +--- a/modules/pam_lastlog/pam_lastlog.c ++++ b/modules/pam_lastlog/pam_lastlog.c +@@ -566,7 +566,7 @@ cleanup: + } + + /* --- authentication (locking out inactive users) functions --- */ +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -636,14 +636,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + + /* --- session management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -702,7 +702,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, + return retval; + } + +-PAM_EXTERN int ++int + pam_sm_close_session (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -719,20 +719,4 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, + return PAM_SUCCESS; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_lastlog_modstruct = { +- "pam_lastlog", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index eabc856..d63c683 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -1002,7 +1002,7 @@ static int setup_limits(pam_handle_t *pamh, + } + + /* now the session stuff */ +-PAM_EXTERN int ++int + pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -1096,7 +1096,7 @@ out: + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -1104,21 +1104,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + return PAM_SUCCESS; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_limits_modstruct = { +- "pam_limits", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +-#endif +- + /* + * Copyright (c) Cristian Gafton, 1996-1997, + * All rights reserved. +diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c +index 2af2afd..c236406 100644 +--- a/modules/pam_listfile/pam_listfile.c ++++ b/modules/pam_listfile/pam_listfile.c +@@ -53,7 +53,7 @@ + + #define LESSER(a, b) ((a) < (b) ? (a) : (b)) + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -370,55 +370,37 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + } + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_open_session (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_close_session (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_chauthtok (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_listfile_modstruct = { +- "pam_listfile", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok, +-}; +- +-#endif /* PAM_STATIC */ +- +-/* end of module definition */ +diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c +index aa43bc4..e32ea6d 100644 +--- a/modules/pam_localuser/pam_localuser.c ++++ b/modules/pam_localuser/pam_localuser.c +@@ -55,7 +55,7 @@ + + #define MODULE_NAME "pam_localuser" + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -123,52 +123,36 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + return ret; + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_open_session (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_close_session (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_chauthtok (pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_localuser_modstruct = { +- "pam_localuser", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok +-}; +- +-#endif +diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c +index 9a1589e..96bfd98 100644 +--- a/modules/pam_loginuid/pam_loginuid.c ++++ b/modules/pam_loginuid/pam_loginuid.c +@@ -247,34 +247,21 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, + * + * This is here for vsftpd which doesn't seem to run the session stack + */ +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return _pam_loginuid(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return _pam_loginuid(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } +- +-/* static module data */ +-#ifdef PAM_STATIC +-struct pam_module _pam_loginuid_modstruct = { +- "pam_loginuid", +- NULL, +- NULL, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +-#endif +diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c +index f5ba173..0022f6d 100644 +--- a/modules/pam_mail/pam_mail.c ++++ b/modules/pam_mail/pam_mail.c +@@ -338,7 +338,7 @@ static int _do_mail(pam_handle_t *, int, int, const char **, int); + + /* --- authentication functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -346,7 +346,6 @@ pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, + } + + /* Checking mail as part of authentication */ +-PAM_EXTERN + int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, + const char **argv) + { +@@ -357,7 +356,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, + + /* --- session management functions --- */ + +-PAM_EXTERN + int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc + ,const char **argv) + { +@@ -365,7 +363,6 @@ int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc + } + + /* Checking mail as part of the session management */ +-PAM_EXTERN + int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, + const char **argv) + { +@@ -475,20 +472,4 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, + return retval; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_mail_modstruct = { +- "pam_mail", +- pam_sm_authenticate, +- pam_sm_setcred, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c +index c922089..daed63a 100644 +--- a/modules/pam_mkhomedir/pam_mkhomedir.c ++++ b/modules/pam_mkhomedir/pam_mkhomedir.c +@@ -183,7 +183,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN int ++int + pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, + const char **argv) + { +@@ -227,25 +227,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, + } + + /* Ignore */ +-PAM_EXTERN + int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +-struct pam_module _pam_mkhomedir_modstruct = +-{ +- "pam_mkhomedir", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL, +-}; +- +-#endif +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index ff9b169..11c7b56 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -39,7 +39,7 @@ + + /* --- session management functions (only) --- */ + +-PAM_EXTERN int ++int + pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -48,7 +48,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + + static char default_motd[] = DEFAULT_MOTD; + +-PAM_EXTERN + int pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -110,21 +109,4 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, + return retval; + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_motd_modstruct = { +- "pam_motd", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 92883f5..d02ea09 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -2008,7 +2008,7 @@ static int get_user_data(struct instance_data *idata) + /* + * Entry point from pam_open_session call. + */ +-PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { + int i, retval; +@@ -2104,7 +2104,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + /* + * Entry point from pam_close_session call. + */ +-PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, ++int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { + int i, retval; +@@ -2183,18 +2183,3 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + + return PAM_SUCCESS; + } +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_namespace_modstruct = { +- "pam_namespace", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +-#endif +diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c +index f047c32..9fd91fd 100644 +--- a/modules/pam_nologin/pam_nologin.c ++++ b/modules/pam_nologin/pam_nologin.c +@@ -135,7 +135,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) + + /* --- authentication management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -146,7 +146,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + return perform_check(pamh, &opts); + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc, const char **argv) + { +@@ -159,7 +159,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- account management function --- */ + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -170,21 +170,4 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + return perform_check(pamh, &opts); + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_nologin_modstruct = { +- "pam_nologin", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif /* PAM_STATIC */ +- + /* end of module definition */ +diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c +index e4539b0..c773087 100644 +--- a/modules/pam_permit/pam_permit.c ++++ b/modules/pam_permit/pam_permit.c +@@ -30,7 +30,7 @@ + + /* --- authentication management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -56,7 +56,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -65,7 +65,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- account management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -74,7 +74,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- password management --- */ + +-PAM_EXTERN int ++int + pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -83,14 +83,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- session management --- */ + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -98,19 +98,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, + } + + /* end of module definition */ +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_permit_modstruct = { +- "pam_permit", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok +-}; +- +-#endif +diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c +index 654edd3..0c07dc1 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.c ++++ b/modules/pam_pwhistory/pam_pwhistory.c +@@ -106,7 +106,7 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) + /* This module saves the current crypted password in /etc/security/opasswd + and then compares the new password with all entries in this file. */ + +-PAM_EXTERN int ++int + pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) + { + struct passwd *pwd; +@@ -235,16 +235,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) + return PAM_SUCCESS; + } + +- +-#ifdef PAM_STATIC +-/* static module data */ +-struct pam_module _pam_pwhistory_modstruct = { +- "pam_pwhistory", +- NULL, +- NULL, +- NULL, +- NULL, +- NULL, +- pam_sm_chauthtok +-}; +-#endif +diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c +index bc9e76f..d6e7030 100644 +--- a/modules/pam_rhosts/pam_rhosts.c ++++ b/modules/pam_rhosts/pam_rhosts.c +@@ -43,7 +43,6 @@ + #include + #include + +-PAM_EXTERN + int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, + const char **argv) + { +@@ -130,26 +129,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, + } + + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_rhosts_modstruct = { +- "pam_rhosts", +- pam_sm_authenticate, +- pam_sm_setcred, +- NULL, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif +diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c +index 88bed0c..17baabe 100644 +--- a/modules/pam_rootok/pam_rootok.c ++++ b/modules/pam_rootok/pam_rootok.c +@@ -135,7 +135,7 @@ check_for_root (pam_handle_t *pamh, int ctrl) + + /* --- management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -146,14 +146,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + return check_for_root (pamh, ctrl); + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -164,7 +164,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + return check_for_root (pamh, ctrl); + } + +-PAM_EXTERN int ++int + pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -175,20 +175,4 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, + return check_for_root (pamh, ctrl); + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_rootok_modstruct = { +- "pam_rootok", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- pam_sm_chauthtok, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c +index 0474130..e279efa 100644 +--- a/modules/pam_securetty/pam_securetty.c ++++ b/modules/pam_securetty/pam_securetty.c +@@ -235,7 +235,6 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, + + /* --- authentication management functions --- */ + +-PAM_EXTERN + int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, + const char **argv) + { +@@ -247,7 +246,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, + return securetty_perform_check(pamh, ctrl, __FUNCTION__); + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -256,7 +255,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- account management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -269,21 +268,4 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + return securetty_perform_check(pamh, ctrl, __FUNCTION__); + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_securetty_modstruct = { +- "pam_securetty", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif /* PAM_STATIC */ +- + /* end of module definition */ +diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c +index b2a75e0..6daba1e 100644 +--- a/modules/pam_selinux/pam_selinux.c ++++ b/modules/pam_selinux/pam_selinux.c +@@ -757,7 +757,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, + return set_context(pamh, data, debug, verbose); + } + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -765,14 +765,14 @@ pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, + return PAM_AUTH_ERR; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -813,7 +813,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + create_context(pamh, argc, argv, debug, verbose); + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c +index 8af1266..0b90a39 100644 +--- a/modules/pam_sepermit/pam_sepermit.c ++++ b/modules/pam_sepermit/pam_sepermit.c +@@ -363,7 +363,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, + return -1; + } + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -430,31 +430,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + return rv; + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_sepermit_modstruct = { +- "pam_sepermit", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- NULL +-}; +-#endif +diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c +index 68bd607..c8acb9e 100644 +--- a/modules/pam_shells/pam_shells.c ++++ b/modules/pam_shells/pam_shells.c +@@ -104,14 +104,12 @@ static int perform_check(pam_handle_t *pamh) + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN + int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return perform_check(pamh); + } + +-PAM_EXTERN + int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { +@@ -120,27 +118,10 @@ int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + + /* --- account management functions (only) --- */ + +-PAM_EXTERN + int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return perform_check(pamh); + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_shells_modstruct = { +- "pam_shells", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif /* PAM_STATIC */ +- + /* end of module definition */ +diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c +index c1695d7..44c3a30 100644 +--- a/modules/pam_stress/pam_stress.c ++++ b/modules/pam_stress/pam_stress.c +@@ -213,7 +213,6 @@ wipe_up (pam_handle_t *pamh UNUSED, void *data, int error UNUSED) + free(data); + } + +-PAM_EXTERN + int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -281,7 +280,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, + return retval; + } + +-PAM_EXTERN + int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -299,7 +297,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, + + /* account management functions */ + +-PAM_EXTERN + int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -334,7 +331,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + return PAM_SUCCESS; + } + +-PAM_EXTERN + int pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -362,7 +358,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, + return PAM_SUCCESS; + } + +-PAM_EXTERN + int pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -390,7 +385,6 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, + return PAM_SUCCESS; + } + +-PAM_EXTERN + int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -552,19 +546,3 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + return retval; + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_stress_modstruct = { +- "pam_stress", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok +-}; +- +-#endif +diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c +index aa828fc..c39b1cb 100644 +--- a/modules/pam_succeed_if/pam_succeed_if.c ++++ b/modules/pam_succeed_if/pam_succeed_if.c +@@ -400,7 +400,7 @@ evaluate(pam_handle_t *pamh, int debug, + return PAM_SERVICE_ERR; + } + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -544,46 +544,33 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + return ret; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } + +-PAM_EXTERN int ++int + pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + return pam_sm_authenticate(pamh, flags, argc, argv); + } +- +-/* static module data */ +-#ifdef PAM_STATIC +-struct pam_module _pam_succeed_if_modstruct = { +- "pam_succeed_if", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok +-}; +-#endif +diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c +index c712885..66a515c 100644 +--- a/modules/pam_tally/pam_tally.c ++++ b/modules/pam_tally/pam_tally.c +@@ -615,7 +615,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) + + #ifdef PAM_SM_AUTH + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -649,7 +649,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, + return rvcheck != PAM_SUCCESS ? rvcheck : rvbump; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -694,7 +694,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, + + /* To reset failcount of user on successfull login */ + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc, const char **argv) + { +@@ -733,33 +733,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + + /*-----------------------------------------------------------------------*/ + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_tally_modstruct = { +- MODULE_NAME, +-#ifdef PAM_SM_AUTH +- pam_sm_authenticate, +- pam_sm_setcred, +-#else +- NULL, +- NULL, +-#endif +-#ifdef PAM_SM_ACCOUNT +- pam_sm_acct_mgmt, +-#else +- NULL, +-#endif +- NULL, +- NULL, +- NULL, +-}; +- +-#endif /* #ifdef PAM_STATIC */ +- +-/*-----------------------------------------------------------------------*/ +- + #else /* #ifndef MAIN */ + + static const char *cline_filename = DEFAULT_LOGFILE; +diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c +index 9187cbf..9f3bebe 100644 +--- a/modules/pam_tally2/pam_tally2.c ++++ b/modules/pam_tally2/pam_tally2.c +@@ -737,7 +737,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_ + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -770,7 +770,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + return rv; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -810,7 +810,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, + + /* To reset failcount of user on successfull login */ + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -846,33 +846,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + + /*-----------------------------------------------------------------------*/ + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_tally2_modstruct = { +- MODULE_NAME, +-#ifdef PAM_SM_AUTH +- pam_sm_authenticate, +- pam_sm_setcred, +-#else +- NULL, +- NULL, +-#endif +-#ifdef PAM_SM_ACCOUNT +- pam_sm_acct_mgmt, +-#else +- NULL, +-#endif +- NULL, +- NULL, +- NULL, +-}; +- +-#endif /* #ifdef PAM_STATIC */ +- +-/*-----------------------------------------------------------------------*/ +- + #else /* #ifndef MAIN */ + + static const char *cline_filename = DEFAULT_LOGFILE; +diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c +index c94737c..75d0864 100644 +--- a/modules/pam_time/pam_time.c ++++ b/modules/pam_time/pam_time.c +@@ -588,7 +588,7 @@ check_account(pam_handle_t *pamh, const char *service, + + /* --- public account management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -663,18 +663,3 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + } + + /* end of module definition */ +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_time_modstruct = { +- "pam_time", +- NULL, +- NULL, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- NULL +-}; +-#endif +diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c +index 1bf0e84..b18efdf 100644 +--- a/modules/pam_timestamp/pam_timestamp.c ++++ b/modules/pam_timestamp/pam_timestamp.c +@@ -357,7 +357,7 @@ verbose_success(pam_handle_t *pamh, long diff) + pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); + } + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) + { + struct stat st; +@@ -547,13 +547,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) + return PAM_AUTH_ERR; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) + { + char path[BUFLEN], subdir[BUFLEN], *text, *p; +@@ -670,27 +670,12 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-#ifdef PAM_STATIC +-/* static module data */ +- +-struct pam_module _pam_timestamp_modstruct = { +- "pam_timestamp", +- pam_sm_authenticate, +- pam_sm_setcred, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +-#endif +- +- + #else /* PAM_TIMESTAMP_MAIN */ + + #define USAGE "Usage: %s [[-k] | [-d]] [target user]\n" +diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c +index 6003f4e..bce3ab7 100644 +--- a/modules/pam_tty_audit/pam_tty_audit.c ++++ b/modules/pam_tty_audit/pam_tty_audit.c +@@ -360,16 +360,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, + } + return PAM_SUCCESS; + } +- +-/* static module data */ +-#ifdef PAM_STATIC +-struct pam_module _pam_tty_audit_modstruct = { +- "pam_tty_audit", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +-#endif +diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c +index 863f038..ab49064 100644 +--- a/modules/pam_umask/pam_umask.c ++++ b/modules/pam_umask/pam_umask.c +@@ -249,7 +249,7 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options, + } + + +-PAM_EXTERN int ++int + pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -297,27 +297,11 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + return retval; + } + +-PAM_EXTERN int ++int + pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_umask_modstruct = { +- "pam_umask", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am +index 56ed591..ab0d55a 100644 +--- a/modules/pam_unix/Makefile.am ++++ b/modules/pam_unix/Makefile.am +@@ -34,8 +34,7 @@ pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ + + securelib_LTLIBRARIES = pam_unix.la + +-noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ +- pam_unix_static.h ++noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h + + sbin_PROGRAMS = unix_chkpwd unix_update + +@@ -44,9 +43,6 @@ noinst_PROGRAMS = bigcrypt + pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ + passverify.c yppasswd_xdr.c md5_good.c md5_broken.c +-if STATIC_MODULES +-pam_unix_la_SOURCES += pam_unix_static.c +-endif + + bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + bigcrypt_CFLAGS = $(AM_CFLAGS) +diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c +index f8b39c9..17a0890 100644 +--- a/modules/pam_unix/pam_unix_acct.c ++++ b/modules/pam_unix/pam_unix_acct.c +@@ -53,11 +53,7 @@ + + /* indicate that the following groups are defined */ + +-#ifdef PAM_STATIC +-# include "pam_unix_static.h" +-#else +-# define PAM_SM_ACCOUNT +-#endif ++#define PAM_SM_ACCOUNT + + #include + #include +diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c +index 9a547b3..9f66c5d 100644 +--- a/modules/pam_unix/pam_unix_auth.c ++++ b/modules/pam_unix/pam_unix_auth.c +@@ -50,11 +50,7 @@ + + /* indicate the following groups are defined */ + +-#ifdef PAM_STATIC +-# include "pam_unix_static.h" +-#else +-# define PAM_SM_AUTH +-#endif ++#define PAM_SM_AUTH + + #define _PAM_EXTERN_FUNCTIONS + #include +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index c2e5de5..e3d3209 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -64,11 +64,7 @@ + + /* indicate the following groups are defined */ + +-#ifdef PAM_STATIC +-# include "pam_unix_static.h" +-#else +-# define PAM_SM_PASSWORD +-#endif ++#define PAM_SM_PASSWORD + + #include + #include +diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c +index 5d00181..dbc6298 100644 +--- a/modules/pam_unix/pam_unix_sess.c ++++ b/modules/pam_unix/pam_unix_sess.c +@@ -49,11 +49,7 @@ + + /* indicate the following groups are defined */ + +-#ifdef PAM_STATIC +-# include "pam_unix_static.h" +-#else +-# define PAM_SM_SESSION +-#endif ++#define PAM_SM_SESSION + + #include + #include +diff --git a/modules/pam_unix/pam_unix_static.c b/modules/pam_unix/pam_unix_static.c +deleted file mode 100644 +index 160268c..0000000 +--- a/modules/pam_unix/pam_unix_static.c ++++ /dev/null +@@ -1,23 +0,0 @@ +-#include "config.h" +- +-#ifdef PAM_STATIC +- +-#define static extern +-#define PAM_SM_ACCOUNT +-#define PAM_SM_AUTH +-#define PAM_SM_PASSWORD +-#define PAM_SM_SESSION +-#include "pam_unix_static.h" +-#include +- +-struct pam_module _pam_unix_modstruct = { +- "pam_unix", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok, +-}; +- +-#endif +diff --git a/modules/pam_unix/pam_unix_static.h b/modules/pam_unix/pam_unix_static.h +deleted file mode 100644 +index 39b05ef..0000000 +--- a/modules/pam_unix/pam_unix_static.h ++++ /dev/null +@@ -1,6 +0,0 @@ +-#define pam_sm_acct_mgmt _pam_unix_sm_acct_mgmt +-#define pam_sm_authenticate _pam_unix_sm_authenticate +-#define pam_sm_setcred _pam_unix_sm_setcred +-#define pam_sm_chauthtok _pam_unix_sm_chauthtok +-#define pam_sm_open_session _pam_unix_sm_open_session +-#define pam_sm_close_session _pam_unix_sm_close_session +diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c +index 8df1a40..09ab8d3 100644 +--- a/modules/pam_userdb/pam_userdb.c ++++ b/modules/pam_userdb/pam_userdb.c +@@ -334,7 +334,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -423,14 +423,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -475,23 +475,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, + return PAM_SUCCESS; + } + +- +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_userdb_modstruct = { +- "pam_userdb", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- NULL, +-}; +- +-#endif +- + /* + * Copyright (c) Cristian Gafton , 1999 + * All rights reserved +diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c +index a26c48d..1d196ad 100644 +--- a/modules/pam_warn/pam_warn.c ++++ b/modules/pam_warn/pam_warn.c +@@ -54,7 +54,6 @@ static void log_items(pam_handle_t *pamh, const char *function, int flags) + + /* --- authentication management functions (only) --- */ + +-PAM_EXTERN + int pam_sm_authenticate(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +@@ -62,7 +61,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, + return PAM_IGNORE; + } + +-PAM_EXTERN + int pam_sm_setcred(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +@@ -72,7 +70,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, + + /* password updating functions */ + +-PAM_EXTERN + int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +@@ -80,7 +77,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +@@ -88,7 +85,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_open_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +@@ -96,7 +93,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, + return PAM_IGNORE; + } + +-PAM_EXTERN int ++int + pam_sm_close_session(pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) + { +@@ -104,20 +101,4 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, + return PAM_IGNORE; + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_warn_modstruct = { +- "pam_warn", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- pam_sm_open_session, +- pam_sm_close_session, +- pam_sm_chauthtok, +-}; +- +-#endif +- + /* end of module definition */ +diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c +index d7d8096..6ea7b84 100644 +--- a/modules/pam_wheel/pam_wheel.c ++++ b/modules/pam_wheel/pam_wheel.c +@@ -232,7 +232,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) + + /* --- authentication management functions --- */ + +-PAM_EXTERN int ++int + pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -244,14 +244,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + return perform_check(pamh, ctrl, use_group); + } + +-PAM_EXTERN int ++int + pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) + { + return PAM_SUCCESS; + } + +-PAM_EXTERN int ++int + pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +@@ -263,22 +263,6 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + return perform_check(pamh, ctrl, use_group); + } + +-#ifdef PAM_STATIC +- +-/* static module data */ +- +-struct pam_module _pam_wheel_modstruct = { +- "pam_wheel", +- pam_sm_authenticate, +- pam_sm_setcred, +- pam_sm_acct_mgmt, +- NULL, +- NULL, +- NULL +-}; +- +-#endif /* PAM_STATIC */ +- + /* + * Copyright (c) Cristian Gafton , 1996, 1997 + * All rights reserved +diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c +index 2be4351..6778aa8 100644 +--- a/modules/pam_xauth/pam_xauth.c ++++ b/modules/pam_xauth/pam_xauth.c +@@ -798,16 +798,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, + + return PAM_SUCCESS; + } +- +-/* static module data */ +-#ifdef PAM_STATIC +-struct pam_module _pam_xauth_modstruct = { +- "pam_xauth", +- NULL, +- NULL, +- NULL, +- pam_sm_open_session, +- pam_sm_close_session, +- NULL +-}; +-#endif +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 76d9640..fcec3d8 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -29,7 +29,6 @@ + ./libpam/pam_prelude.c + ./libpam/pam_session.c + ./libpam/pam_start.c +-./libpam/pam_static.c + ./libpam/pam_strerror.c + ./libpam/pam_syslog.c + ./libpam/pam_vprompt.c +diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c +index 3000055..7092716 100644 +--- a/tests/tst-dlopen.c ++++ b/tests/tst-dlopen.c +@@ -19,9 +19,6 @@ + /* Simple program to see if dlopen() would succeed. */ + int main(int argc, char **argv) + { +-#ifdef PAM_STATIC +- return 77; +-#else + int i; + struct stat st; + char buf[PATH_MAX]; +@@ -43,5 +40,4 @@ int main(int argc, char **argv) + } + } + return 0; +-#endif + } +-- +1.8.5.6 + diff --git a/0003-fix-nis-checks.patch b/0003-fix-nis-checks.patch new file mode 100644 index 0000000..6f842a6 --- /dev/null +++ b/0003-fix-nis-checks.patch @@ -0,0 +1,70 @@ +diff --git a/configure.ac b/configure.ac +index d5cc644..534194d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -447,22 +447,26 @@ AC_SUBST(LIBDB) + AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"]) + + AC_ARG_ENABLE([nis], +- AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix and pam_access])) ++ AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix])) + + AS_IF([test "x$enable_nis" != "xno"], [ +- CFLAGS=$old_CFLAGS +- LIBS=$old_LIBS ++ old_CFLAGS=$CFLAGS ++ old_LIBS=$LIBS + + dnl if there's libtirpc available, prefer that over the system + dnl implementation. +- PKG_CHECK_MODULES([libtirpc], [libtirpc], [ +- CFLAGS="$CFLAGS $libtirpc_CFLAGS" +- LIBS="$LIBS $libtirpc_LIBS" ++ PKG_CHECK_MODULES([TIRPC], [libtirpc], [ ++ CFLAGS="$CFLAGS $TIRPC_CFLAGS" ++ LIBS="$LIBS $TIRPC_LIBS" + ], [:;]) + +- AC_SEARCH_LIBS([yp_get_default_domain], [nsl]) ++ PKG_CHECK_MODULES([NSL], [libnsl], [], ++ [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])]) ++ CFLAGS="$CFLAGS $NSL_CFLAGS" ++ LIBS="$LIBS $NSL_LIBS" + + AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) ++ AC_CHECK_FUNCS([getrpcport rpcb_getaddr]) + AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h]) + AC_CHECK_DECLS([getrpcport], , , [ + #if HAVE_RPC_RPC_H +@@ -470,9 +474,6 @@ AS_IF([test "x$enable_nis" != "xno"], [ + #endif + ]) + +- NIS_CFLAGS="${CFLAGS%${old_CFLAGS}}" +- NIS_LIBS="${LIBS%${old_LIBS}}" +- + CFLAGS="$old_CFLAGS" + LIBS="$old_LIBS" + ]) +diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am +index ab0d55a..56df178 100644 +--- a/modules/pam_unix/Makefile.am ++++ b/modules/pam_unix/Makefile.am +@@ -19,7 +19,7 @@ secureconfdir = $(SCONFIGDIR) + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ + -DUPDATE_HELPER=\"$(sbindir)/unix_update\" \ +- $(NIS_CFLAGS) ++ @TIRPC_CFLAGS@ @NSL_CFLAGS@ + + if HAVE_LIBSELINUX + AM_CFLAGS += -D"WITH_SELINUX" +@@ -30,7 +30,7 @@ if HAVE_VERSIONING + pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ +- @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) ++ @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ + + securelib_LTLIBRARIES = pam_unix.la + diff --git a/pam.changes b/pam.changes index d447c3b..086ff99 100644 --- a/pam.changes +++ b/pam.changes @@ -2,6 +2,8 @@ Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de - Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch ------------------------------------------------------------------- Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de diff --git a/pam.spec b/pam.spec index 0e4b3e5..6e9e939 100644 --- a/pam.spec +++ b/pam.spec @@ -55,6 +55,8 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +Patch5: 0002-Remove-enable-static-modules-option-and-support-from.patch +Patch6: 0003-fix-nis-checks.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -106,6 +108,8 @@ building both PAM-aware applications and modules for use with PAM. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 %build autoreconf -fiv -- 2.51.1 From bde5d076f95275978863a7497778e27e101810c0fa69893c4067640da621a46f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 29 Mar 2016 12:25:43 +0000 Subject: [PATCH 091/226] - Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch - readd PAM_EXTERN for external PAM modules OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=155 --- ...atic-modules-option-and-support-from.patch | 10 +++---- ...-needed-anymore-but-don-t-remove-it-.patch | 28 +++++++++++++++++++ pam.changes | 6 ++++ pam.spec | 2 ++ 4 files changed, 41 insertions(+), 5 deletions(-) create mode 100644 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch diff --git a/0002-Remove-enable-static-modules-option-and-support-from.patch b/0002-Remove-enable-static-modules-option-and-support-from.patch index 247f2ce..0c4202f 100644 --- a/0002-Remove-enable-static-modules-option-and-support-from.patch +++ b/0002-Remove-enable-static-modules-option-and-support-from.patch @@ -1,7 +1,7 @@ -From dfffaec4953f1271963b1a3a9761289c757bf347 Mon Sep 17 00:00:00 2001 +From a684595c0bbd88df71285f43fb27630e3829121e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk -Date: Wed, 23 Mar 2016 11:25:53 +0100 -Subject: [PATCH] Remove "--enable-static-modules" option and support from +Date: Tue, 29 Mar 2016 14:14:03 +0200 +Subject: [PATCH 1/2] Remove "--enable-static-modules" option and support from Linux-PAM. It was never official supported and was broken since years. * configure.ac: Remove --enable-static-modules option. @@ -144,7 +144,7 @@ Subject: [PATCH] Remove "--enable-static-modules" option and support from delete mode 100644 modules/pam_unix/pam_unix_static.h diff --git a/configure.ac b/configure.ac -index f33b959..d5cc644 100644 +index a20c502..534194d 100644 --- a/configure.ac +++ b/configure.ac @@ -61,23 +61,8 @@ dnl This should be called before any macros that run the C compiler. @@ -2883,7 +2883,7 @@ index 863f038..ab49064 100644 - /* end of module definition */ diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am -index 56ed591..ab0d55a 100644 +index 88e6125..56df178 100644 --- a/modules/pam_unix/Makefile.am +++ b/modules/pam_unix/Makefile.am @@ -34,8 +34,7 @@ pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ diff --git a/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch b/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch new file mode 100644 index 0000000..89cd195 --- /dev/null +++ b/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch @@ -0,0 +1,28 @@ +From 6b12a20c527cb6ced5b8911ea0f1dcdfc6e6f30c Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Tue, 29 Mar 2016 14:17:34 +0200 +Subject: [PATCH 2/2] PAM_EXTERN isn't needed anymore, but don't remove it to + not break lot of external code using it. + +* libpam/include/security/pam_modules.h: Readd PAM_EXTERN for compatibility +--- + libpam/include/security/pam_modules.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h +index 37568e9..ec65e3e 100644 +--- a/libpam/include/security/pam_modules.h ++++ b/libpam/include/security/pam_modules.h +@@ -75,6 +75,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, + + #define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */ + ++/* PAM_EXTERN isn't needed anymore, but don't remove it to not break ++ lot of external code using it. */ ++#define PAM_EXTERN extern + + /* take care of any compatibility issues */ + #include +-- +1.8.5.6 + diff --git a/pam.changes b/pam.changes index 086ff99..e93a6aa 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + ------------------------------------------------------------------- Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 6e9e939..bc338e7 100644 --- a/pam.spec +++ b/pam.spec @@ -57,6 +57,7 @@ Patch3: encryption_method_nis.diff Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch Patch5: 0002-Remove-enable-static-modules-option-and-support-from.patch Patch6: 0003-fix-nis-checks.patch +Patch7: 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -110,6 +111,7 @@ building both PAM-aware applications and modules for use with PAM. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build autoreconf -fiv -- 2.51.1 From ab595f81a941afa7f7a338807acdc0ac1b7ced34aeec325aa25eb59a592ac8f7 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 1 Apr 2016 08:39:02 +0000 Subject: [PATCH 092/226] - Fix typo in common-account.pamd [bnc#959439] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=156 --- common-account.pamd | 2 +- pam.changes | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/common-account.pamd b/common-account.pamd index d1ba7b5..11ec329 100644 --- a/common-account.pamd +++ b/common-account.pamd @@ -1,5 +1,5 @@ # -# /etc/pam.d/common-account - authorization settings common to all services +# /etc/pam.d/common-account - account settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define diff --git a/pam.changes b/pam.changes index e93a6aa..e8b1596 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + ------------------------------------------------------------------- Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de -- 2.51.1 From 1b4d87cddf6627801679b9f846aaaaa764988dc1f4bf22b82218ea1a5c565120 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 1 Apr 2016 08:47:23 +0000 Subject: [PATCH 093/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=157 --- common-account.pamd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-account.pamd b/common-account.pamd index 11ec329..e2b3274 100644 --- a/common-account.pamd +++ b/common-account.pamd @@ -2,7 +2,7 @@ # /etc/pam.d/common-account - account settings common to all services # # This file is included from other service-specific PAM config files, -# and should contain a list of the authorization modules that define +# and should contain a list of the account modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired. # -- 2.51.1 From dff8159e4f909e86ec82c694fe4675df7434c669f90225084d133d96060c8110 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 1 Apr 2016 13:33:36 +0000 Subject: [PATCH 094/226] - Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch - Replace IPv4 only functions OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=158 --- ...ions-if-we-compile-and-link-against-.patch | 155 ++++++++++++++++++ pam.changes | 6 + pam.spec | 5 +- 3 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch diff --git a/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch b/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch new file mode 100644 index 0000000..1e0e5af --- /dev/null +++ b/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch @@ -0,0 +1,155 @@ +From 549aef483c9f1852e1fbefabc4ebbbe72e00c243 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Fri, 1 Apr 2016 15:28:09 +0200 +Subject: [PATCH] Use TI-RPC functions if we compile and link against libtirpc. + The old SunRPC functions don't work with IPv6. + +* configure.ac: Set and restore CPPFLAGS +* modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with + rpcb_getaddr if available. +--- + configure.ac | 4 +++ + modules/pam_unix/pam_unix_passwd.c | 73 +++++++++++++++++++++++++++++++++++++- + 2 files changed, 76 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 534194d..20f6ba3 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -451,18 +451,21 @@ AC_ARG_ENABLE([nis], + + AS_IF([test "x$enable_nis" != "xno"], [ + old_CFLAGS=$CFLAGS ++ old_CPPFLAGS=$CPPFLAGS + old_LIBS=$LIBS + + dnl if there's libtirpc available, prefer that over the system + dnl implementation. + PKG_CHECK_MODULES([TIRPC], [libtirpc], [ + CFLAGS="$CFLAGS $TIRPC_CFLAGS" ++ CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS" + LIBS="$LIBS $TIRPC_LIBS" + ], [:;]) + + PKG_CHECK_MODULES([NSL], [libnsl], [], + [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])]) + CFLAGS="$CFLAGS $NSL_CFLAGS" ++ CPPFLAGS="$CPPFLAGS $NSL_CFLAGS" + LIBS="$LIBS $NSL_LIBS" + + AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) +@@ -475,6 +478,7 @@ AS_IF([test "x$enable_nis" != "xno"], [ + ]) + + CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + LIBS="$old_LIBS" + ]) + +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index e3d3209..fa29327 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -92,7 +92,7 @@ + + # include "yppasswd.h" + +-# if !HAVE_DECL_GETRPCPORT ++# if !HAVE_DECL_GETRPCPORT &&!HAVE_RPCB_GETADDR + extern int getrpcport(const char *host, unsigned long prognum, + unsigned long versnum, unsigned int proto); + # endif /* GNU libc 2.1 */ +@@ -114,11 +114,48 @@ extern int getrpcport(const char *host, unsigned long prognum, + #define MAX_PASSWD_TRIES 3 + + #ifdef HAVE_NIS ++#ifdef HAVE_RPCB_GETADDR ++static unsigned short ++__taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf) ++{ ++ unsigned short port = 0; ++ struct __rpc_sockinfo si; ++ struct sockaddr_in *sin; ++ struct sockaddr_in6 *sin6; ++ if (!__rpc_nconf2sockinfo(nconf, &si)) ++ return 0; ++ ++ switch (si.si_af) ++ { ++ case AF_INET: ++ sin = nbuf->buf; ++ port = sin->sin_port; ++ break; ++ case AF_INET6: ++ sin6 = nbuf->buf; ++ port = sin6->sin6_port; ++ break; ++ default: ++ break; ++ } ++ ++ return htons (port); ++} ++#endif ++ + static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) + { + char *master; + char *domainname; + int port, err; ++#if defined(HAVE_RPCB_GETADDR) ++ struct netconfig *nconf; ++ struct netbuf svcaddr; ++ char addrbuf[INET6_ADDRSTRLEN]; ++ void *handle; ++ int found; ++#endif ++ + + #ifdef HAVE_YP_GET_DEFAULT_DOMAIN + if ((err = yp_get_default_domain(&domainname)) != 0) { +@@ -146,7 +183,41 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) + yperr_string(err)); + return NULL; + } ++#ifdef HAVE_RPCB_GETADDR ++ svcaddr.len = 0; ++ svcaddr.maxlen = sizeof (addrbuf); ++ svcaddr.buf = addrbuf; ++ port = 0; ++ found = 0; ++ ++ handle = setnetconfig(); ++ while ((nconf = getnetconfig(handle)) != NULL) { ++ if (!strcmp(nconf->nc_proto, "udp")) { ++ if (rpcb_getaddr(YPPASSWDPROG, YPPASSWDPROC_UPDATE, ++ nconf, &svcaddr, master)) { ++ port = __taddr2port (nconf, &svcaddr); ++ endnetconfig (handle); ++ found=1; ++ break; ++ } ++ ++ if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) { ++ clnt_pcreateerror (master); ++ pam_syslog (pamh, LOG_ERR, ++ "rpcb_getaddr (%s) failed!", master); ++ return NULL; ++ } ++ } ++ } ++ ++ if (!found) { ++ pam_syslog (pamh, LOG_ERR, ++ "Cannot find suitable transport for protocol 'udp'"); ++ return NULL; ++ } ++#else + port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); ++#endif + if (port == 0) { + pam_syslog(pamh, LOG_WARNING, + "yppasswdd not running on NIS master host"); +-- +1.8.5.6 + diff --git a/pam.changes b/pam.changes index e8b1596..23c3bc1 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + ------------------------------------------------------------------- Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index bc338e7..36037e2 100644 --- a/pam.spec +++ b/pam.spec @@ -25,7 +25,8 @@ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex -#BuildRequires: pkgconfig(libtirpc) +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif @@ -58,6 +59,7 @@ Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch Patch5: 0002-Remove-enable-static-modules-option-and-support-from.patch Patch6: 0003-fix-nis-checks.patch Patch7: 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch +Patch8: 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -112,6 +114,7 @@ building both PAM-aware applications and modules for use with PAM. %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build autoreconf -fiv -- 2.51.1 From 8722ee21ea0871143ad214338c218e76f7bbd241e84ab043160fa0ae2beded1b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 2 May 2016 08:45:43 +0000 Subject: [PATCH 095/226] - Remove obsolete README.pam_tally [bsc#977973] - Update Linux-PAM to version 1.3.0 - Rediff encryption_method_nis.diff - Add /sbin/unix2_chkpwd (moved from pam-modules) - Remove (since accepted upstream): - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch - 0002-Remove-enable-static-modules-option-and-support-from.patch - 0003-fix-nis-checks.patch - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=159 --- ...encies-from-pam_access-they-were-nev.patch | 71 - ...atic-modules-option-and-support-from.patch | 3256 ----------------- 0003-fix-nis-checks.patch | 70 - ...-needed-anymore-but-don-t-remove-it-.patch | 28 - ...ions-if-we-compile-and-link-against-.patch | 155 - Linux-PAM-1.2.1-docs.tar.bz2 | 3 - Linux-PAM-1.2.1.tar.bz2 | 3 - Linux-PAM-1.3.0-docs.tar.bz2 | 3 + Linux-PAM-1.3.0.tar.bz2 | 3 + encryption_method_nis.diff | 32 +- pam.changes | 26 + pam.spec | 43 +- unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 ++ 14 files changed, 483 insertions(+), 3626 deletions(-) delete mode 100644 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch delete mode 100644 0002-Remove-enable-static-modules-option-and-support-from.patch delete mode 100644 0003-fix-nis-checks.patch delete mode 100644 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch delete mode 100644 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch delete mode 100644 Linux-PAM-1.2.1-docs.tar.bz2 delete mode 100644 Linux-PAM-1.2.1.tar.bz2 create mode 100644 Linux-PAM-1.3.0-docs.tar.bz2 create mode 100644 Linux-PAM-1.3.0.tar.bz2 create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch b/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch deleted file mode 100644 index a472871..0000000 --- a/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +++ /dev/null @@ -1,71 +0,0 @@ -From a64de52d1621ac3d3dd03f66742b48bef0101043 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Wed, 23 Mar 2016 11:16:55 +0100 -Subject: [PATCH] Remove YP dependencies from pam_access, they were never used - and such not needed. - -* modules/pam_access/Makefile.am: Remove NIS_CFLAGS and NIS_LIBS -* modules/pam_access/pam_access.c: Remove yp_get_default_domain case, - it will never be used. ---- - modules/pam_access/Makefile.am | 4 ++-- - modules/pam_access/pam_access.c | 8 -------- - 2 files changed, 2 insertions(+), 10 deletions(-) - -diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am -index 0527674..6c0f738 100644 ---- a/modules/pam_access/Makefile.am -+++ b/modules/pam_access/Makefile.am -@@ -15,14 +15,14 @@ securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" $(NIS_CFLAGS) -+ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - - securelib_LTLIBRARIES = pam_access.la --pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la $(NIS_LIBS) -+pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la - - secureconf_DATA = access.conf - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index b32a966..d4c847a 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -44,9 +44,6 @@ - #include - #include - #include --#ifdef HAVE_RPCSVC_YPCLNT_H --#include --#endif - #ifdef HAVE_LIBAUDIT - #include - #endif -@@ -470,8 +467,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, - { - int retval; - char *mydomain = NULL; -- --#if defined(HAVE_GETDOMAINNAME) - char domainname_res[256]; - - if (getdomainname (domainname_res, sizeof (domainname_res)) == 0) -@@ -481,9 +476,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, - mydomain = domainname_res; - } - } --#elif defined(HAVE_YP_GET_DEFAULT_DOMAIN) -- yp_get_default_domain(&mydomain); --#endif - - #ifdef HAVE_INNETGR - retval = innetgr (netgroup, machine, user, mydomain); --- -1.8.5.6 - diff --git a/0002-Remove-enable-static-modules-option-and-support-from.patch b/0002-Remove-enable-static-modules-option-and-support-from.patch deleted file mode 100644 index 0c4202f..0000000 --- a/0002-Remove-enable-static-modules-option-and-support-from.patch +++ /dev/null @@ -1,3256 +0,0 @@ -From a684595c0bbd88df71285f43fb27630e3829121e Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Tue, 29 Mar 2016 14:14:03 +0200 -Subject: [PATCH 1/2] Remove "--enable-static-modules" option and support from - Linux-PAM. It was never official supported and was broken since years. - -* configure.ac: Remove --enable-static-modules option. -* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. -* doc/man/pam_sm_authenticate.3.xml: Likewise. -* doc/man/pam_sm_chauthtok.3.xml: Likewise. -* doc/man/pam_sm_close_session.3.xml: Likewise. -* doc/man/pam_sm_open_session.3.xml: Likewise. -* doc/man/pam_sm_setcred.3.xml: Likewise. -* libpam/Makefile.am: Remove STATIC_MODULES cases. -* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. -* libpam/pam_dynamic.c: Likewise. -* libpam/pam_handlers.c: Likewise. -* libpam/pam_private.h: Likewise. -* libpam/pam_static.c: Remove file. -* libpam/pam_static_modules.h: Remove header file. -* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. -* modules/pam_cracklib/pam_cracklib.c: Likewise. -* modules/pam_debug/pam_debug.c: Likewise. -* modules/pam_deny/pam_deny.c: Likewise. -* modules/pam_echo/pam_echo.c: Likewise. -* modules/pam_env/pam_env.c: Likewise. -* modules/pam_exec/pam_exec.c: Likewise. -* modules/pam_faildelay/pam_faildelay.c: Likewise. -* modules/pam_filter/pam_filter.c: Likewise. -* modules/pam_ftp/pam_ftp.c: Likewise. -* modules/pam_group/pam_group.c: Likewise. -* modules/pam_issue/pam_issue.c: Likewise. -* modules/pam_keyinit/pam_keyinit.c: Likewise. -* modules/pam_lastlog/pam_lastlog.c: Likewise. -* modules/pam_limits/pam_limits.c: Likewise. -* modules/pam_listfile/pam_listfile.c: Likewise. -* modules/pam_localuser/pam_localuser.c: Likewise. -* modules/pam_loginuid/pam_loginuid.c: Likewise. -* modules/pam_mail/pam_mail.c: Likewise. -* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. -* modules/pam_motd/pam_motd.c: Likewise. -* modules/pam_namespace/pam_namespace.c: Likewise. -* modules/pam_nologin/pam_nologin.c: Likewise. -* modules/pam_permit/pam_permit.c: Likewise. -* modules/pam_pwhistory/pam_pwhistory.c: Likewise. -* modules/pam_rhosts/pam_rhosts.c: Likewise. -* modules/pam_rootok/pam_rootok.c: Likewise. -* modules/pam_securetty/pam_securetty.c: Likewise. -* modules/pam_selinux/pam_selinux.c: Likewise. -* modules/pam_sepermit/pam_sepermit.c: Likewise. -* modules/pam_shells/pam_shells.c: Likewise. -* modules/pam_stress/pam_stress.c: Likewise. -* modules/pam_succeed_if/pam_succeed_if.c: Likewise. -* modules/pam_tally/pam_tally.c: Likewise. -* modules/pam_tally2/pam_tally2.c: Likewise. -* modules/pam_time/pam_time.c: Likewise. -* modules/pam_timestamp/pam_timestamp.c: Likewise. -* modules/pam_tty_audit/pam_tty_audit.c: Likewise. -* modules/pam_umask/pam_umask.c: Likewise. -* modules/pam_userdb/pam_userdb.c: Likewise. -* modules/pam_warn/pam_warn.c: Likewise. -* modules/pam_wheel/pam_wheel.c: Likewise. -* modules/pam_xauth/pam_xauth.c: Likewise. -* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. -* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. -* modules/pam_unix/pam_unix_auth.c: Likewise. -* modules/pam_unix/pam_unix_passwd.c: Likewise. -* modules/pam_unix/pam_unix_sess.c: Likewise. -* modules/pam_unix/pam_unix_static.c: Removed. -* modules/pam_unix/pam_unix_static.h: Removed. -* po/POTFILES.in: Remove removed files. -* tests/tst-dlopen.c: Remove PAM_STATIC part. ---- - configure.ac | 19 +--- - doc/man/pam_sm_acct_mgmt.3.xml | 2 +- - doc/man/pam_sm_authenticate.3.xml | 2 +- - doc/man/pam_sm_chauthtok.3.xml | 2 +- - doc/man/pam_sm_close_session.3.xml | 2 +- - doc/man/pam_sm_open_session.3.xml | 2 +- - doc/man/pam_sm_setcred.3.xml | 2 +- - libpam/Makefile.am | 9 +- - libpam/include/security/pam_modules.h | 78 +++-------------- - libpam/pam_dynamic.c | 3 - - libpam/pam_handlers.c | 53 +----------- - libpam/pam_private.h | 12 --- - libpam/pam_static.c | 127 --------------------------- - libpam/pam_static_modules.h | 148 -------------------------------- - modules/pam_access/pam_access.c | 27 ++---- - modules/pam_cracklib/pam_cracklib.c | 17 +--- - modules/pam_debug/pam_debug.c | 22 ----- - modules/pam_deny/pam_deny.c | 25 ++---- - modules/pam_echo/pam_echo.c | 15 ---- - modules/pam_env/pam_env.c | 28 ++---- - modules/pam_exec/pam_exec.c | 24 ++---- - modules/pam_faildelay/pam_faildelay.c | 19 ---- - modules/pam_filter/pam_filter.c | 40 +++------ - modules/pam_ftp/pam_ftp.c | 21 +---- - modules/pam_group/pam_group.c | 19 +--- - modules/pam_issue/pam_issue.c | 20 +---- - modules/pam_keyinit/pam_keyinit.c | 16 ---- - modules/pam_lastlog/pam_lastlog.c | 26 ++---- - modules/pam_limits/pam_limits.c | 19 +--- - modules/pam_listfile/pam_listfile.c | 30 ++----- - modules/pam_localuser/pam_localuser.c | 28 ++---- - modules/pam_loginuid/pam_loginuid.c | 19 +--- - modules/pam_mail/pam_mail.c | 21 +---- - modules/pam_mkhomedir/pam_mkhomedir.c | 18 +--- - modules/pam_motd/pam_motd.c | 20 +---- - modules/pam_namespace/pam_namespace.c | 19 +--- - modules/pam_nologin/pam_nologin.c | 23 +---- - modules/pam_permit/pam_permit.c | 28 ++---- - modules/pam_pwhistory/pam_pwhistory.c | 15 +--- - modules/pam_rhosts/pam_rhosts.c | 19 +--- - modules/pam_rootok/pam_rootok.c | 24 +----- - modules/pam_securetty/pam_securetty.c | 22 +---- - modules/pam_selinux/pam_selinux.c | 8 +- - modules/pam_sepermit/pam_sepermit.c | 20 +---- - modules/pam_shells/pam_shells.c | 19 ---- - modules/pam_stress/pam_stress.c | 22 ----- - modules/pam_succeed_if/pam_succeed_if.c | 25 ++---- - modules/pam_tally/pam_tally.c | 33 +------ - modules/pam_tally2/pam_tally2.c | 33 +------ - modules/pam_time/pam_time.c | 17 +--- - modules/pam_timestamp/pam_timestamp.c | 23 +---- - modules/pam_tty_audit/pam_tty_audit.c | 13 --- - modules/pam_umask/pam_umask.c | 20 +---- - modules/pam_unix/Makefile.am | 6 +- - modules/pam_unix/pam_unix_acct.c | 6 +- - modules/pam_unix/pam_unix_auth.c | 6 +- - modules/pam_unix/pam_unix_passwd.c | 6 +- - modules/pam_unix/pam_unix_sess.c | 6 +- - modules/pam_unix/pam_unix_static.c | 23 ----- - modules/pam_unix/pam_unix_static.h | 6 -- - modules/pam_userdb/pam_userdb.c | 23 +---- - modules/pam_warn/pam_warn.c | 25 +----- - modules/pam_wheel/pam_wheel.c | 22 +---- - modules/pam_xauth/pam_xauth.c | 13 --- - po/POTFILES.in | 1 - - tests/tst-dlopen.c | 4 - - 66 files changed, 152 insertions(+), 1313 deletions(-) - delete mode 100644 libpam/pam_static.c - delete mode 100644 libpam/pam_static_modules.h - delete mode 100644 modules/pam_unix/pam_unix_static.c - delete mode 100644 modules/pam_unix/pam_unix_static.h - -diff --git a/configure.ac b/configure.ac -index a20c502..534194d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -61,23 +61,8 @@ dnl This should be called before any macros that run the C compiler. - AC_USE_SYSTEM_EXTENSIONS - - LT_INIT([disable-static]) -- --dnl --dnl check if we should link everything static into libpam --dnl --AC_ARG_ENABLE(static-modules,AS_HELP_STRING([--enable-static-modules], -- [do not make the modules dynamically loadable]), -- STATIC_MODULES=$enableval,STATIC_MODULES=no) --if test "$STATIC_MODULES" != "no" ; then -- CFLAGS="$CFLAGS -DPAM_STATIC" -- AC_ENABLE_STATIC([yes]) -- AC_ENABLE_SHARED([no]) --else --# per default don't build static libraries -- AC_ENABLE_STATIC([no]) -- AC_ENABLE_SHARED([yes]) --fi --AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) -+AC_ENABLE_STATIC([no]) -+AC_ENABLE_SHARED([yes]) - - dnl Checks for programs. - AC_PROG_CC -diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml -index 35aa28a..ff99867 100644 ---- a/doc/man/pam_sm_acct_mgmt.3.xml -+++ b/doc/man/pam_sm_acct_mgmt.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_ACCOUNT - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_acct_mgmt -+ int pam_sm_acct_mgmt - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml -index 9121aed..4299726 100644 ---- a/doc/man/pam_sm_authenticate.3.xml -+++ b/doc/man/pam_sm_authenticate.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_AUTH - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_authenticate -+ int pam_sm_authenticate - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml -index d6d3093..d8f36d6 100644 ---- a/doc/man/pam_sm_chauthtok.3.xml -+++ b/doc/man/pam_sm_chauthtok.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_PASSWORD - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_chauthtok -+ int pam_sm_chauthtok - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml -index f2e6718..db579ff 100644 ---- a/doc/man/pam_sm_close_session.3.xml -+++ b/doc/man/pam_sm_close_session.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_SESSION - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_close_session -+ int pam_sm_close_session - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml -index 0851c34..0c9ec77 100644 ---- a/doc/man/pam_sm_open_session.3.xml -+++ b/doc/man/pam_sm_open_session.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_SESSION - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_open_session -+ int pam_sm_open_session - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml -index e557000..5cfe899 100644 ---- a/doc/man/pam_sm_setcred.3.xml -+++ b/doc/man/pam_sm_setcred.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_AUTH - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_setcred -+ int pam_sm_setcred - pam_handle_t *pamh - int flags - int argc -diff --git a/libpam/Makefile.am b/libpam/Makefile.am -index ac2a1fb..04a8df0 100644 ---- a/libpam/Makefile.am -+++ b/libpam/Makefile.am -@@ -18,16 +18,11 @@ include_HEADERS = include/security/_pam_compat.h \ - include/security/pam_ext.h include/security/pam_modutil.h - - noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ -- pam_modutil_private.h pam_static_modules.h -+ pam_modutil_private.h - - libpam_la_LDFLAGS = -no-undefined -version-info 84:1:84 - libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ - --if STATIC_MODULES -- libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \ -- @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil -- AM_CFLAGS += $(NIS_CFLAGS) --endif - if HAVE_VERSIONING - libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map - endif -@@ -38,7 +33,7 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ - pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ - pam_handlers.c pam_item.c \ - pam_misc.c pam_password.c pam_prelude.c \ -- pam_session.c pam_start.c pam_static.c pam_strerror.c \ -+ pam_session.c pam_start.c pam_strerror.c \ - pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ - pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ - pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ -diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h -index 5c516c4..37568e9 100644 ---- a/libpam/include/security/pam_modules.h -+++ b/libpam/include/security/pam_modules.h -@@ -30,80 +30,26 @@ pam_get_data(const pam_handle_t *pamh, const char *module_data_name, - extern int PAM_NONNULL((1,2)) - pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt); - --#ifdef PAM_STATIC -- --#define PAM_EXTERN static -- --struct pam_module { -- const char *name; /* Name of the module */ -- -- /* These are function pointers to the module's key functions. */ -- -- int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); --}; -- --#else /* !PAM_STATIC */ -- --#define PAM_EXTERN extern -- --#endif /* PAM_STATIC */ -- --/* Lots of files include pam_modules.h that don't need these -- * declared. However, when they are declared static, they -- * need to be defined later. So we have to protect C files -- * that include these without wanting these functions defined.. */ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC) -- - /* Authentication API's */ --PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, -- int argc, const char **argv); --PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH)) -- || !defined(PAM_STATIC)*/ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC) -+int pam_sm_authenticate(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); -+int pam_sm_setcred(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* Account Management API's */ --PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) -- || !defined(PAM_STATIC)*/ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC) -+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* Session Management API's */ --PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -+int pam_sm_open_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION)) -- || !defined(PAM_STATIC)*/ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC) -+int pam_sm_close_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* Password Management API's */ --PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) -- || !defined(PAM_STATIC)*/ -+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* The following two flags are for use across the Linux-PAM/module - * interface only. The Application is not permitted to use these -diff --git a/libpam/pam_dynamic.c b/libpam/pam_dynamic.c -index e1155e5..50bfd79 100644 ---- a/libpam/pam_dynamic.c -+++ b/libpam/pam_dynamic.c -@@ -33,8 +33,6 @@ - - #include "pam_private.h" - --#ifndef PAM_STATIC -- - #ifdef PAM_SHL - # include - #elif defined(PAM_DYLD) -@@ -139,4 +137,3 @@ _pam_dlerror (void) - #endif - } - --#endif -diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c -index bc3fd9d..91cccad 100644 ---- a/libpam/pam_handlers.c -+++ b/libpam/pam_handlers.c -@@ -665,9 +665,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) - { - int x = 0; - int success; --#ifndef PAM_STATIC - char *mod_full_isa_path=NULL, *isa=NULL; --#endif - struct loaded_module *mod; - - D(("_pam_load_module: loading module `%s'", mod_path)); -@@ -701,27 +699,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) - /* Be pessimistic... */ - success = PAM_ABORT; - --#ifdef PAM_STATIC -- /* Only load static function if function was not found dynamically. -- * This code should work even if no dynamic loading is available. */ -- if (success != PAM_SUCCESS) { -- D(("_pam_load_module: open static handler %s", mod_path)); -- mod->dl_handle = _pam_open_static_handler(pamh, mod_path); -- if (mod->dl_handle == NULL) { -- D(("_pam_load_module: unable to find static handler %s", -- mod_path)); -- if (handler_type != PAM_HT_SILENT_MODULE) -- pam_syslog(pamh, LOG_ERR, -- "unable to open static handler %s", mod_path); -- /* Didn't find module in dynamic or static..will mark bad */ -- } else { -- D(("static module added successfully")); -- success = PAM_SUCCESS; -- mod->type = PAM_MT_STATIC_MOD; -- pamh->handlers.modules_used++; -- } -- } --#else - D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); - mod->dl_handle = _pam_dlopen(mod_path); - D(("_pam_load_module: _pam_dlopen'ed")); -@@ -758,7 +735,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) - mod->type = PAM_MT_DYNAMIC_MOD; - pamh->handlers.modules_used++; - } --#endif - - if (success != PAM_SUCCESS) { /* add a malformed module */ - mod->dl_handle = NULL; -@@ -869,16 +845,8 @@ int _pam_add_handler(pam_handle_t *pamh - } - - /* are the modules reliable? */ -- if ( --#ifdef PAM_STATIC -- mod_type != PAM_MT_STATIC_MOD -- && --#else -- mod_type != PAM_MT_DYNAMIC_MOD -- && --#endif -- mod_type != PAM_MT_FAULTY_MOD -- ) { -+ if (mod_type != PAM_MT_DYNAMIC_MOD && -+ mod_type != PAM_MT_FAULTY_MOD) { - D(("_pam_add_handlers: illegal module library type; %d", mod_type)); - pam_syslog(pamh, LOG_ERR, - "internal error: module library type not known: %s;%d", -@@ -888,30 +856,15 @@ int _pam_add_handler(pam_handle_t *pamh - - /* now identify this module's functions - for non-faulty modules */ - --#ifdef PAM_STATIC -- if ((mod_type == PAM_MT_STATIC_MOD) && -- (func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) { -- pam_syslog(pamh, LOG_ERR, "unable to resolve static symbol: %s", sym); -- } --#else - if ((mod_type == PAM_MT_DYNAMIC_MOD) && - !(func = _pam_dlsym(mod->dl_handle, sym)) ) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym); - } --#endif - if (sym2) { --#ifdef PAM_STATIC -- if ((mod_type == PAM_MT_STATIC_MOD) && -- (func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2)) -- == NULL) { -- pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); -- } --#else - if ((mod_type == PAM_MT_DYNAMIC_MOD) && - !(func2 = _pam_dlsym(mod->dl_handle, sym2)) ) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); - } --#endif - } - - /* here func (and perhaps func2) point to the appropriate functions */ -@@ -994,11 +947,9 @@ int _pam_free_handlers(pam_handle_t *pamh) - while (pamh->handlers.modules_used) { - D(("_pam_free_handlers: dlclose(%s)", mod->name)); - free(mod->name); --#ifndef PAM_STATIC - if (mod->type == PAM_MT_DYNAMIC_MOD) { - _pam_dlclose(mod->dl_handle); - } --#endif - mod++; - pamh->handlers.modules_used--; - } -diff --git a/libpam/pam_private.h b/libpam/pam_private.h -index 1138277..7ff9f75 100644 ---- a/libpam/pam_private.h -+++ b/libpam/pam_private.h -@@ -241,22 +241,10 @@ void _pam_await_timer(pam_handle_t *pamh, int status); - typedef void (*voidfunc(void))(void); - typedef int (*servicefn)(pam_handle_t *, int, int, char **); - --#ifdef PAM_STATIC --/* The next two in ../modules/_pam_static/pam_static.c */ -- --/* Return pointer to data structure used to define a static module */ --struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, -- const char *path); -- --/* Return pointer to function requested from static module */ -- --voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname); --#else - void *_pam_dlopen (const char *mod_path); - servicefn _pam_dlsym (void *handle, const char *symbol); - void _pam_dlclose (void *handle); - const char *_pam_dlerror (void); --#endif - - /* For now we just use a stack and linear search for module data. */ - /* If it becomes apparent that there is a lot of data, it should */ -diff --git a/libpam/pam_static.c b/libpam/pam_static.c -deleted file mode 100644 -index 511026d..0000000 ---- a/libpam/pam_static.c -+++ /dev/null -@@ -1,127 +0,0 @@ --/* -- * pam_static.c -- static module loading helper functions -- * -- * created by Michael K. Johnson, johnsonm@redhat.com -- */ -- --/* This whole file is only used for PAM_STATIC */ -- --#ifdef PAM_STATIC -- --#include --#include --#include -- --#include "pam_private.h" -- --#include "pam_static_modules.h" -- --/* -- * and now for the functions -- */ -- --/* Return pointer to data structure used to define a static module */ --struct pam_module * --_pam_open_static_handler (pam_handle_t *pamh, const char *path) --{ -- int i; -- const char *clpath = path; -- char *lpath, *end; -- -- if (strchr(clpath, '/')) { -- /* ignore path and leading "/" */ -- clpath = strrchr(path, '/') + 1; -- } -- /* create copy to muck with (must free before return) */ -- lpath = _pam_strdup(clpath); -- /* chop .so off copy if it exists (or other extension on other -- platform...) */ -- end = strstr(lpath, ".so"); -- if (end) { -- *end = '\0'; -- } -- -- /* now go find the module */ -- for (i = 0; static_modules[i] != NULL; i++) { -- D(("%s=?%s\n", lpath, static_modules[i]->name)); -- if (static_modules[i]->name && -- ! strcmp(static_modules[i]->name, lpath)) { -- break; -- } -- } -- -- if (static_modules[i] == NULL) { -- pam_syslog (pamh, LOG_ERR, "no static module named %s", lpath); -- } -- -- free(lpath); -- return (static_modules[i]); --} -- --/* Return pointer to function requested from static module -- * Can't just return void *, because ANSI C disallows casting a -- * pointer to a function to a void *... -- * This definition means: -- * _pam_get_static_sym is a function taking two arguments and -- * returning a pointer to a function which takes no arguments -- * and returns void... */ --voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname) { -- -- if (! strcmp(symname, "pam_sm_authenticate")) { -- return ((voidfunc *)mod->pam_sm_authenticate); -- } else if (! strcmp(symname, "pam_sm_setcred")) { -- return ((voidfunc *)mod->pam_sm_setcred); -- } else if (! strcmp(symname, "pam_sm_acct_mgmt")) { -- return ((voidfunc *)mod->pam_sm_acct_mgmt); -- } else if (! strcmp(symname, "pam_sm_open_session")) { -- return ((voidfunc *)mod->pam_sm_open_session); -- } else if (! strcmp(symname, "pam_sm_close_session")) { -- return ((voidfunc *)mod->pam_sm_close_session); -- } else if (! strcmp(symname, "pam_sm_chauthtok")) { -- return ((voidfunc *)mod->pam_sm_chauthtok); -- } -- /* getting to this point is an error */ -- return ((voidfunc *)NULL); --} -- --#else /* ! PAM_STATIC */ -- --typedef int blarg; -- --#endif /* ! PAM_STATIC */ -- --/* -- * Copyright (C) 1995 by Red Hat Software, Michael K. Johnson -- * All rights reserved -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, and the entire permission notice in its entirety, -- * including the disclaimer of warranties. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. The name of the author may not be used to endorse or promote -- * products derived from this software without specific prior -- * written permission. -- * -- * ALTERNATIVELY, this product may be distributed under the terms of -- * the GNU Public License, in which case the provisions of the GPL are -- * required INSTEAD OF the above restrictions. (This clause is -- * necessary due to a potential bad interaction between the GPL and -- * the restrictions contained in a BSD-style copyright.) -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -diff --git a/libpam/pam_static_modules.h b/libpam/pam_static_modules.h -deleted file mode 100644 -index 698989b..0000000 ---- a/libpam/pam_static_modules.h -+++ /dev/null -@@ -1,148 +0,0 @@ --/* -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, and the entire permission notice in its entirety, -- * including the disclaimer of warranties. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. The name of the author may not be used to endorse or promote -- * products derived from this software without specific prior -- * written permission. -- * -- * ALTERNATIVELY, this product may be distributed under the terms of -- * the GNU Public License, in which case the provisions of the GPL are -- * required INSTEAD OF the above restrictions. (This clause is -- * necessary due to a potential bad interaction between the GPL and -- * the restrictions contained in a BSD-style copyright.) -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- --/* Pointers to static module data. */ -- --extern struct pam_module _pam_access_modstruct; --extern struct pam_module _pam_cracklib_modstruct; --extern struct pam_module _pam_debug_modstruct; --extern struct pam_module _pam_deny_modstruct; --extern struct pam_module _pam_echo_modstruct; --extern struct pam_module _pam_env_modstruct; --extern struct pam_module _pam_exec_modstruct; --extern struct pam_module _pam_faildelay_modstruct; --extern struct pam_module _pam_filter_modstruct; --extern struct pam_module _pam_ftp_modstruct; --extern struct pam_module _pam_group_modstruct; --extern struct pam_module _pam_issue_modstruct; --#ifdef HAVE_KEY_MANAGEMENT --extern struct pam_module _pam_keyinit_modstruct; --#endif --extern struct pam_module _pam_lastlog_modstruct; --extern struct pam_module _pam_limits_modstruct; --extern struct pam_module _pam_listfile_modstruct; --extern struct pam_module _pam_localuser_modstruct; --extern struct pam_module _pam_loginuid_modstruct; --extern struct pam_module _pam_mail_modstruct; --extern struct pam_module _pam_mkhomedir_modstruct; --extern struct pam_module _pam_motd_modstruct; --#ifdef HAVE_UNSHARE --extern struct pam_module _pam_namespace_modstruct; --#endif --extern struct pam_module _pam_nologin_modstruct; --extern struct pam_module _pam_permit_modstruct; --extern struct pam_module _pam_pwhistory_modstruct; --extern struct pam_module _pam_rhosts_modstruct; --extern struct pam_module _pam_rootok_modstruct; --extern struct pam_module _pam_securetty_modstruct; --#ifdef WITH_SELINUX --extern struct pam_module _pam_selinux_modstruct; --extern struct pam_module _pam_sepermit_modstruct; --#endif --extern struct pam_module _pam_shells_modstruct; --extern struct pam_module _pam_stress_modstruct; --extern struct pam_module _pam_succeed_if_modstruct; --extern struct pam_module _pam_tally_modstruct; --extern struct pam_module _pam_tally2_modstruct; --extern struct pam_module _pam_time_modstruct; --extern struct pam_module _pam_timestamp_modstruct; --#ifdef HAVE_AUDIT_TTY_STATUS --extern struct pam_module _pam_tty_audit_modstruct; --#endif --extern struct pam_module _pam_umask_modstruct; --extern struct pam_module _pam_unix_modstruct; --extern struct pam_module _pam_userdb_modstruct; --extern struct pam_module _pam_warn_modstruct; --extern struct pam_module _pam_wheel_modstruct; --extern struct pam_module _pam_xauth_modstruct; -- --/* and here is a structure that connects libpam to the above static -- modules. */ -- --static struct pam_module *static_modules[] = { -- &_pam_access_modstruct, --#ifdef HAVE_LIBCRACK -- &_pam_cracklib_modstruct, --#endif -- &_pam_debug_modstruct, -- &_pam_deny_modstruct, -- &_pam_echo_modstruct, -- &_pam_env_modstruct, -- &_pam_exec_modstruct, -- &_pam_faildelay_modstruct, -- &_pam_filter_modstruct, -- &_pam_ftp_modstruct, -- &_pam_group_modstruct, -- &_pam_issue_modstruct, --#ifdef HAVE_KEY_MANAGEMENT -- &_pam_keyinit_modstruct, --#endif -- &_pam_lastlog_modstruct, -- &_pam_limits_modstruct, -- &_pam_listfile_modstruct, -- &_pam_localuser_modstruct, -- &_pam_loginuid_modstruct, -- &_pam_mail_modstruct, -- &_pam_mkhomedir_modstruct, -- &_pam_motd_modstruct, --#ifdef HAVE_UNSHARE -- &_pam_namespace_modstruct, --#endif -- &_pam_nologin_modstruct, -- &_pam_permit_modstruct, -- &_pam_pwhistory_modstruct, -- &_pam_rhosts_modstruct, -- &_pam_rootok_modstruct, -- &_pam_securetty_modstruct, --#ifdef WITH_SELINUX -- &_pam_selinux_modstruct, -- &_pam_sepermit_modstruct, --#endif -- &_pam_shells_modstruct, -- &_pam_stress_modstruct, -- &_pam_succeed_if_modstruct, -- &_pam_tally_modstruct, -- &_pam_tally2_modstruct, -- &_pam_time_modstruct, -- &_pam_timestamp_modstruct, --#ifdef HAVE_AUDIT_TTY_STATUS -- &_pam_tty_audit_modstruct, --#endif -- &_pam_umask_modstruct, -- &_pam_unix_modstruct, -- &_pam_userdb_modstruct, -- &_pam_warn_modstruct, -- &_pam_wheel_modstruct, -- &_pam_xauth_modstruct, -- NULL --}; -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index d4c847a..3ac1ad0 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -792,7 +792,7 @@ network_netmask_match (pam_handle_t *pamh, - - /* --- public PAM management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -904,35 +904,35 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - } - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate (pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -940,18 +940,3 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_access_modstruct = { -- "pam_access", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c -index 5eefd0b..1654931 100644 ---- a/modules/pam_cracklib/pam_cracklib.c -+++ b/modules/pam_cracklib/pam_cracklib.c -@@ -728,8 +728,8 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, - /* The Main Thing (by Cristian Gafton, CEO at this module :-) - * (stolen from http://home.netscape.com) - */ --PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -- int argc, const char **argv) -+int -+pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - unsigned int ctrl; - struct cracklib_options options; -@@ -858,19 +858,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - - - --#ifdef PAM_STATIC --/* static module data */ --struct pam_module _pam_cracklib_modstruct = { -- "pam_cracklib", -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- pam_sm_chauthtok --}; --#endif -- - /* - * Copyright (c) Cristian Gafton , 1996. - * All rights reserved -diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c -index a65d1bf..9b68d38 100644 ---- a/modules/pam_debug/pam_debug.c -+++ b/modules/pam_debug/pam_debug.c -@@ -75,7 +75,6 @@ static int parse_args(int retval, const char *event, - return retval; - } - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -103,7 +102,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return retval; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -112,7 +110,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN - int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -121,7 +118,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - - /* --- password management --- */ - --PAM_EXTERN - int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -134,14 +130,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, - - /* --- session management --- */ - --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv); - } - --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -149,19 +143,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_debug_modstruct = { -- "pam_debug", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c -index 544c5bd..155a1f5 100644 ---- a/modules/pam_deny/pam_deny.c -+++ b/modules/pam_deny/pam_deny.c -@@ -25,14 +25,14 @@ - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_AUTH_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -41,7 +41,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -50,7 +50,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- password management --- */ - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -59,14 +59,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- session management --- */ - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SESSION_ERR; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -74,16 +74,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - } - - /* end of module definition */ -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_deny_modstruct = { -- "pam_deny", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c -index d0879fb..860ff0a 100644 ---- a/modules/pam_echo/pam_echo.c -+++ b/modules/pam_echo/pam_echo.c -@@ -262,18 +262,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, - return PAM_IGNORE; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_echo_modstruct = { -- "pam_echo", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index 1bfdf08..0b8002f 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -768,7 +768,7 @@ static void _clean_var(VAR *var) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -839,7 +839,7 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) - return retval; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -847,7 +847,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SERVICE_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -855,7 +855,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, - return handle_env (pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -863,7 +863,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - return handle_env (pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -871,7 +871,7 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -879,20 +879,4 @@ pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SERVICE_ERR; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_env_modstruct = { -- "pam_env", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c -index 17ba6ca..0ab6548 100644 ---- a/modules/pam_exec/pam_exec.c -+++ b/modules/pam_exec/pam_exec.c -@@ -467,14 +467,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - return PAM_SYSTEM_ERR; /* will never be reached. */ - } - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("auth", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -483,7 +483,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* password updating functions */ - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -492,35 +492,23 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, - return call_exec ("password", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("account", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("open_session", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("close_session", pamh, argc, argv); - } -- --#ifdef PAM_STATIC --struct pam_module _pam_exec_modstruct = { -- "pam_exec", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; --#endif -diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c -index 072b7dd..7ea8f83 100644 ---- a/modules/pam_faildelay/pam_faildelay.c -+++ b/modules/pam_faildelay/pam_faildelay.c -@@ -152,7 +152,6 @@ search_key (const char *filename) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -204,28 +203,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return i; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_faildelay_modstruct = { -- "pam_faildelay", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c -index 9935d99..6e6a0cf 100644 ---- a/modules/pam_filter/pam_filter.c -+++ b/modules/pam_filter/pam_filter.c -@@ -663,23 +663,23 @@ static int need_a_filter(pam_handle_t *pamh - - /* ------------------ authentication ----------------- */ - --PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh -- , int flags, int argc, const char **argv) -+int pam_sm_authenticate(pam_handle_t *pamh, -+ int flags, int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "authenticate", FILTER_RUN1); - } - --PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_setcred(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv, "setcred", FILTER_RUN2); - } - - /* --------------- account management ---------------- */ - --PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, -- const char **argv) -+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, -+ const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "setcred", FILTER_RUN1|FILTER_RUN2 ); -@@ -687,15 +687,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, - - /* --------------- session management ---------------- */ - --PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_open_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "open_session", FILTER_RUN1); - } - --PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_close_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "close_session", FILTER_RUN2); -@@ -704,8 +704,8 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags - /* --------- updating authentication tokens --------- */ - - --PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - int runN; - -@@ -720,19 +720,3 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags - - return need_a_filter(pamh, flags, argc, argv, "chauthtok", runN); - } -- --#ifdef PAM_STATIC -- --/* ------------ stuff for static modules ------------ */ -- --struct pam_module _pam_filter_modstruct = { -- "pam_filter", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c -index 221d8f8..6b6cf2a 100644 ---- a/modules/pam_ftp/pam_ftp.c -+++ b/modules/pam_ftp/pam_ftp.c -@@ -111,7 +111,7 @@ static int lookup(const char *name, const char *list, const char **_user) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -210,28 +210,11 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - } - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_ftp_modstruct = { -- "pam_ftp", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c -index be5f20f..da8237f 100644 ---- a/modules/pam_group/pam_group.c -+++ b/modules/pam_group/pam_group.c -@@ -739,14 +739,14 @@ static int check_account(pam_handle_t *pamh, const char *service, - - /* --- public authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -817,18 +817,3 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_group_modstruct = { -- "pam_group", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL --}; --#endif -diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c -index 060baad..5b5ee41 100644 ---- a/modules/pam_issue/pam_issue.c -+++ b/modules/pam_issue/pam_issue.c -@@ -42,7 +42,7 @@ static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt); - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -120,7 +120,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -291,20 +291,4 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_issue_modstruct = { -- "pam_issue", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c -index f82eead..5dd7b06 100644 ---- a/modules/pam_keyinit/pam_keyinit.c -+++ b/modules/pam_keyinit/pam_keyinit.c -@@ -165,7 +165,6 @@ static void kill_keyrings(pam_handle_t *pamh) - /* - * open a PAM session by making sure there's a session keyring - */ --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -238,7 +237,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - /* - * close a PAM session by revoking the session keyring if requested - */ --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -253,17 +251,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_keyinit_modstruct = { -- "pam_keyinit", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c -index 76a33e4..1e2f08d 100644 ---- a/modules/pam_lastlog/pam_lastlog.c -+++ b/modules/pam_lastlog/pam_lastlog.c -@@ -566,7 +566,7 @@ cleanup: - } - - /* --- authentication (locking out inactive users) functions --- */ --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -636,14 +636,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - - /* --- session management functions --- */ - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -702,7 +702,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, - return retval; - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -719,20 +719,4 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_lastlog_modstruct = { -- "pam_lastlog", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index eabc856..d63c683 100644 ---- a/modules/pam_limits/pam_limits.c -+++ b/modules/pam_limits/pam_limits.c -@@ -1002,7 +1002,7 @@ static int setup_limits(pam_handle_t *pamh, - } - - /* now the session stuff */ --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -1096,7 +1096,7 @@ out: - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -1104,21 +1104,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_limits_modstruct = { -- "pam_limits", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -- - /* - * Copyright (c) Cristian Gafton, 1996-1997, - * All rights reserved. -diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c -index 2af2afd..c236406 100644 ---- a/modules/pam_listfile/pam_listfile.c -+++ b/modules/pam_listfile/pam_listfile.c -@@ -53,7 +53,7 @@ - - #define LESSER(a, b) ((a) < (b) ? (a) : (b)) - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -370,55 +370,37 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - } - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_listfile_modstruct = { -- "pam_listfile", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif /* PAM_STATIC */ -- --/* end of module definition */ -diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c -index aa43bc4..e32ea6d 100644 ---- a/modules/pam_localuser/pam_localuser.c -+++ b/modules/pam_localuser/pam_localuser.c -@@ -55,7 +55,7 @@ - - #define MODULE_NAME "pam_localuser" - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -123,52 +123,36 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return ret; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_localuser_modstruct = { -- "pam_localuser", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c -index 9a1589e..96bfd98 100644 ---- a/modules/pam_loginuid/pam_loginuid.c -+++ b/modules/pam_loginuid/pam_loginuid.c -@@ -247,34 +247,21 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, - * - * This is here for vsftpd which doesn't seem to run the session stack - */ --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return _pam_loginuid(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return _pam_loginuid(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_loginuid_modstruct = { -- "pam_loginuid", -- NULL, -- NULL, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c -index f5ba173..0022f6d 100644 ---- a/modules/pam_mail/pam_mail.c -+++ b/modules/pam_mail/pam_mail.c -@@ -338,7 +338,7 @@ static int _do_mail(pam_handle_t *, int, int, const char **, int); - - /* --- authentication functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -346,7 +346,6 @@ pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - } - - /* Checking mail as part of authentication */ --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -357,7 +356,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, - - /* --- session management functions --- */ - --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc - ,const char **argv) - { -@@ -365,7 +363,6 @@ int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc - } - - /* Checking mail as part of the session management */ --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -475,20 +472,4 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, - return retval; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_mail_modstruct = { -- "pam_mail", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c -index c922089..daed63a 100644 ---- a/modules/pam_mkhomedir/pam_mkhomedir.c -+++ b/modules/pam_mkhomedir/pam_mkhomedir.c -@@ -183,7 +183,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -227,25 +227,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, - } - - /* Ignore */ --PAM_EXTERN - int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ --struct pam_module _pam_mkhomedir_modstruct = --{ -- "pam_mkhomedir", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index ff9b169..11c7b56 100644 ---- a/modules/pam_motd/pam_motd.c -+++ b/modules/pam_motd/pam_motd.c -@@ -39,7 +39,7 @@ - - /* --- session management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -48,7 +48,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - - static char default_motd[] = DEFAULT_MOTD; - --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -110,21 +109,4 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - return retval; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_motd_modstruct = { -- "pam_motd", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c -index 92883f5..d02ea09 100644 ---- a/modules/pam_namespace/pam_namespace.c -+++ b/modules/pam_namespace/pam_namespace.c -@@ -2008,7 +2008,7 @@ static int get_user_data(struct instance_data *idata) - /* - * Entry point from pam_open_session call. - */ --PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - int i, retval; -@@ -2104,7 +2104,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - /* - * Entry point from pam_close_session call. - */ --PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - int i, retval; -@@ -2183,18 +2183,3 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - - return PAM_SUCCESS; - } -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_namespace_modstruct = { -- "pam_namespace", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c -index f047c32..9fd91fd 100644 ---- a/modules/pam_nologin/pam_nologin.c -+++ b/modules/pam_nologin/pam_nologin.c -@@ -135,7 +135,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -146,7 +146,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, &opts); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc, const char **argv) - { -@@ -159,7 +159,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management function --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -170,21 +170,4 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, &opts); - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_nologin_modstruct = { -- "pam_nologin", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif /* PAM_STATIC */ -- - /* end of module definition */ -diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c -index e4539b0..c773087 100644 ---- a/modules/pam_permit/pam_permit.c -+++ b/modules/pam_permit/pam_permit.c -@@ -30,7 +30,7 @@ - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -56,7 +56,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -65,7 +65,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -74,7 +74,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- password management --- */ - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -83,14 +83,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- session management --- */ - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -98,19 +98,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_permit_modstruct = { -- "pam_permit", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c -index 654edd3..0c07dc1 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.c -+++ b/modules/pam_pwhistory/pam_pwhistory.c -@@ -106,7 +106,7 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) - /* This module saves the current crypted password in /etc/security/opasswd - and then compares the new password with all entries in this file. */ - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - { - struct passwd *pwd; -@@ -235,16 +235,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - return PAM_SUCCESS; - } - -- --#ifdef PAM_STATIC --/* static module data */ --struct pam_module _pam_pwhistory_modstruct = { -- "pam_pwhistory", -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c -index bc9e76f..d6e7030 100644 ---- a/modules/pam_rhosts/pam_rhosts.c -+++ b/modules/pam_rhosts/pam_rhosts.c -@@ -43,7 +43,6 @@ - #include - #include - --PAM_EXTERN - int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -130,26 +129,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, - } - - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_rhosts_modstruct = { -- "pam_rhosts", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c -index 88bed0c..17baabe 100644 ---- a/modules/pam_rootok/pam_rootok.c -+++ b/modules/pam_rootok/pam_rootok.c -@@ -135,7 +135,7 @@ check_for_root (pam_handle_t *pamh, int ctrl) - - /* --- management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -146,14 +146,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return check_for_root (pamh, ctrl); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -164,7 +164,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - return check_for_root (pamh, ctrl); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -175,20 +175,4 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, - return check_for_root (pamh, ctrl); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_rootok_modstruct = { -- "pam_rootok", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- pam_sm_chauthtok, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c -index 0474130..e279efa 100644 ---- a/modules/pam_securetty/pam_securetty.c -+++ b/modules/pam_securetty/pam_securetty.c -@@ -235,7 +235,6 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, - - /* --- authentication management functions --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, - const char **argv) - { -@@ -247,7 +246,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, - return securetty_perform_check(pamh, ctrl, __FUNCTION__); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -256,7 +255,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -269,21 +268,4 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - return securetty_perform_check(pamh, ctrl, __FUNCTION__); - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_securetty_modstruct = { -- "pam_securetty", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif /* PAM_STATIC */ -- - /* end of module definition */ -diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c -index b2a75e0..6daba1e 100644 ---- a/modules/pam_selinux/pam_selinux.c -+++ b/modules/pam_selinux/pam_selinux.c -@@ -757,7 +757,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, - return set_context(pamh, data, debug, verbose); - } - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -765,14 +765,14 @@ pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_AUTH_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -813,7 +813,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - create_context(pamh, argc, argv, debug, verbose); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c -index 8af1266..0b90a39 100644 ---- a/modules/pam_sepermit/pam_sepermit.c -+++ b/modules/pam_sepermit/pam_sepermit.c -@@ -363,7 +363,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, - return -1; - } - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -430,31 +430,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return rv; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_sepermit_modstruct = { -- "pam_sepermit", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL --}; --#endif -diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c -index 68bd607..c8acb9e 100644 ---- a/modules/pam_shells/pam_shells.c -+++ b/modules/pam_shells/pam_shells.c -@@ -104,14 +104,12 @@ static int perform_check(pam_handle_t *pamh) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return perform_check(pamh); - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -120,27 +118,10 @@ int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions (only) --- */ - --PAM_EXTERN - int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return perform_check(pamh); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_shells_modstruct = { -- "pam_shells", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif /* PAM_STATIC */ -- - /* end of module definition */ -diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c -index c1695d7..44c3a30 100644 ---- a/modules/pam_stress/pam_stress.c -+++ b/modules/pam_stress/pam_stress.c -@@ -213,7 +213,6 @@ wipe_up (pam_handle_t *pamh UNUSED, void *data, int error UNUSED) - free(data); - } - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -281,7 +280,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, - return retval; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -299,7 +297,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, - - /* account management functions */ - --PAM_EXTERN - int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -334,7 +331,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -362,7 +358,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -390,7 +385,6 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN - int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -552,19 +546,3 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - return retval; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_stress_modstruct = { -- "pam_stress", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c -index aa828fc..c39b1cb 100644 ---- a/modules/pam_succeed_if/pam_succeed_if.c -+++ b/modules/pam_succeed_if/pam_succeed_if.c -@@ -400,7 +400,7 @@ evaluate(pam_handle_t *pamh, int debug, - return PAM_SERVICE_ERR; - } - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -544,46 +544,33 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return ret; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_succeed_if_modstruct = { -- "pam_succeed_if", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c -index c712885..66a515c 100644 ---- a/modules/pam_tally/pam_tally.c -+++ b/modules/pam_tally/pam_tally.c -@@ -615,7 +615,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) - - #ifdef PAM_SM_AUTH - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -649,7 +649,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, - return rvcheck != PAM_SUCCESS ? rvcheck : rvbump; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -694,7 +694,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, - - /* To reset failcount of user on successfull login */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -733,33 +733,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - - /*-----------------------------------------------------------------------*/ - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_tally_modstruct = { -- MODULE_NAME, --#ifdef PAM_SM_AUTH -- pam_sm_authenticate, -- pam_sm_setcred, --#else -- NULL, -- NULL, --#endif --#ifdef PAM_SM_ACCOUNT -- pam_sm_acct_mgmt, --#else -- NULL, --#endif -- NULL, -- NULL, -- NULL, --}; -- --#endif /* #ifdef PAM_STATIC */ -- --/*-----------------------------------------------------------------------*/ -- - #else /* #ifndef MAIN */ - - static const char *cline_filename = DEFAULT_LOGFILE; -diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c -index 9187cbf..9f3bebe 100644 ---- a/modules/pam_tally2/pam_tally2.c -+++ b/modules/pam_tally2/pam_tally2.c -@@ -737,7 +737,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_ - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -770,7 +770,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return rv; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -810,7 +810,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - - /* To reset failcount of user on successfull login */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -846,33 +846,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - - /*-----------------------------------------------------------------------*/ - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_tally2_modstruct = { -- MODULE_NAME, --#ifdef PAM_SM_AUTH -- pam_sm_authenticate, -- pam_sm_setcred, --#else -- NULL, -- NULL, --#endif --#ifdef PAM_SM_ACCOUNT -- pam_sm_acct_mgmt, --#else -- NULL, --#endif -- NULL, -- NULL, -- NULL, --}; -- --#endif /* #ifdef PAM_STATIC */ -- --/*-----------------------------------------------------------------------*/ -- - #else /* #ifndef MAIN */ - - static const char *cline_filename = DEFAULT_LOGFILE; -diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c -index c94737c..75d0864 100644 ---- a/modules/pam_time/pam_time.c -+++ b/modules/pam_time/pam_time.c -@@ -588,7 +588,7 @@ check_account(pam_handle_t *pamh, const char *service, - - /* --- public account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -663,18 +663,3 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_time_modstruct = { -- "pam_time", -- NULL, -- NULL, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL --}; --#endif -diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c -index 1bf0e84..b18efdf 100644 ---- a/modules/pam_timestamp/pam_timestamp.c -+++ b/modules/pam_timestamp/pam_timestamp.c -@@ -357,7 +357,7 @@ verbose_success(pam_handle_t *pamh, long diff) - pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); - } - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - struct stat st; -@@ -547,13 +547,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) - return PAM_AUTH_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) - { - char path[BUFLEN], subdir[BUFLEN], *text, *p; -@@ -670,27 +670,12 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC --/* static module data */ -- --struct pam_module _pam_timestamp_modstruct = { -- "pam_timestamp", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -- -- - #else /* PAM_TIMESTAMP_MAIN */ - - #define USAGE "Usage: %s [[-k] | [-d]] [target user]\n" -diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c -index 6003f4e..bce3ab7 100644 ---- a/modules/pam_tty_audit/pam_tty_audit.c -+++ b/modules/pam_tty_audit/pam_tty_audit.c -@@ -360,16 +360,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, - } - return PAM_SUCCESS; - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_tty_audit_modstruct = { -- "pam_tty_audit", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c -index 863f038..ab49064 100644 ---- a/modules/pam_umask/pam_umask.c -+++ b/modules/pam_umask/pam_umask.c -@@ -249,7 +249,7 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options, - } - - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -297,27 +297,11 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - return retval; - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_umask_modstruct = { -- "pam_umask", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am -index 88e6125..56df178 100644 ---- a/modules/pam_unix/Makefile.am -+++ b/modules/pam_unix/Makefile.am -@@ -34,8 +34,7 @@ pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ - - securelib_LTLIBRARIES = pam_unix.la - --noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ -- pam_unix_static.h -+noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h - - sbin_PROGRAMS = unix_chkpwd unix_update - -@@ -44,9 +43,6 @@ noinst_PROGRAMS = bigcrypt - pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ - pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ - passverify.c yppasswd_xdr.c md5_good.c md5_broken.c --if STATIC_MODULES --pam_unix_la_SOURCES += pam_unix_static.c --endif - - bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c - bigcrypt_CFLAGS = $(AM_CFLAGS) -diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c -index f8b39c9..17a0890 100644 ---- a/modules/pam_unix/pam_unix_acct.c -+++ b/modules/pam_unix/pam_unix_acct.c -@@ -53,11 +53,7 @@ - - /* indicate that the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_ACCOUNT --#endif -+#define PAM_SM_ACCOUNT - - #include - #include -diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c -index 9a547b3..9f66c5d 100644 ---- a/modules/pam_unix/pam_unix_auth.c -+++ b/modules/pam_unix/pam_unix_auth.c -@@ -50,11 +50,7 @@ - - /* indicate the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_AUTH --#endif -+#define PAM_SM_AUTH - - #define _PAM_EXTERN_FUNCTIONS - #include -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index c2e5de5..e3d3209 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -64,11 +64,7 @@ - - /* indicate the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_PASSWORD --#endif -+#define PAM_SM_PASSWORD - - #include - #include -diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c -index 5d00181..dbc6298 100644 ---- a/modules/pam_unix/pam_unix_sess.c -+++ b/modules/pam_unix/pam_unix_sess.c -@@ -49,11 +49,7 @@ - - /* indicate the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_SESSION --#endif -+#define PAM_SM_SESSION - - #include - #include -diff --git a/modules/pam_unix/pam_unix_static.c b/modules/pam_unix/pam_unix_static.c -deleted file mode 100644 -index 160268c..0000000 ---- a/modules/pam_unix/pam_unix_static.c -+++ /dev/null -@@ -1,23 +0,0 @@ --#include "config.h" -- --#ifdef PAM_STATIC -- --#define static extern --#define PAM_SM_ACCOUNT --#define PAM_SM_AUTH --#define PAM_SM_PASSWORD --#define PAM_SM_SESSION --#include "pam_unix_static.h" --#include -- --struct pam_module _pam_unix_modstruct = { -- "pam_unix", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -diff --git a/modules/pam_unix/pam_unix_static.h b/modules/pam_unix/pam_unix_static.h -deleted file mode 100644 -index 39b05ef..0000000 ---- a/modules/pam_unix/pam_unix_static.h -+++ /dev/null -@@ -1,6 +0,0 @@ --#define pam_sm_acct_mgmt _pam_unix_sm_acct_mgmt --#define pam_sm_authenticate _pam_unix_sm_authenticate --#define pam_sm_setcred _pam_unix_sm_setcred --#define pam_sm_chauthtok _pam_unix_sm_chauthtok --#define pam_sm_open_session _pam_unix_sm_open_session --#define pam_sm_close_session _pam_unix_sm_close_session -diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c -index 8df1a40..09ab8d3 100644 ---- a/modules/pam_userdb/pam_userdb.c -+++ b/modules/pam_userdb/pam_userdb.c -@@ -334,7 +334,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -423,14 +423,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -475,23 +475,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - return PAM_SUCCESS; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_userdb_modstruct = { -- "pam_userdb", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* - * Copyright (c) Cristian Gafton , 1999 - * All rights reserved -diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c -index a26c48d..1d196ad 100644 ---- a/modules/pam_warn/pam_warn.c -+++ b/modules/pam_warn/pam_warn.c -@@ -54,7 +54,6 @@ static void log_items(pam_handle_t *pamh, const char *function, int flags) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -62,7 +61,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -72,7 +70,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, - - /* password updating functions */ - --PAM_EXTERN - int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -80,7 +77,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -88,7 +85,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -96,7 +93,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -104,20 +101,4 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_warn_modstruct = { -- "pam_warn", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c -index d7d8096..6ea7b84 100644 ---- a/modules/pam_wheel/pam_wheel.c -+++ b/modules/pam_wheel/pam_wheel.c -@@ -232,7 +232,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -244,14 +244,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, ctrl, use_group); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -263,22 +263,6 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, ctrl, use_group); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_wheel_modstruct = { -- "pam_wheel", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL --}; -- --#endif /* PAM_STATIC */ -- - /* - * Copyright (c) Cristian Gafton , 1996, 1997 - * All rights reserved -diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c -index 2be4351..6778aa8 100644 ---- a/modules/pam_xauth/pam_xauth.c -+++ b/modules/pam_xauth/pam_xauth.c -@@ -798,16 +798,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, - - return PAM_SUCCESS; - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_xauth_modstruct = { -- "pam_xauth", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/po/POTFILES.in b/po/POTFILES.in -index 76d9640..fcec3d8 100644 ---- a/po/POTFILES.in -+++ b/po/POTFILES.in -@@ -29,7 +29,6 @@ - ./libpam/pam_prelude.c - ./libpam/pam_session.c - ./libpam/pam_start.c --./libpam/pam_static.c - ./libpam/pam_strerror.c - ./libpam/pam_syslog.c - ./libpam/pam_vprompt.c -diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c -index 3000055..7092716 100644 ---- a/tests/tst-dlopen.c -+++ b/tests/tst-dlopen.c -@@ -19,9 +19,6 @@ - /* Simple program to see if dlopen() would succeed. */ - int main(int argc, char **argv) - { --#ifdef PAM_STATIC -- return 77; --#else - int i; - struct stat st; - char buf[PATH_MAX]; -@@ -43,5 +40,4 @@ int main(int argc, char **argv) - } - } - return 0; --#endif - } --- -1.8.5.6 - diff --git a/0003-fix-nis-checks.patch b/0003-fix-nis-checks.patch deleted file mode 100644 index 6f842a6..0000000 --- a/0003-fix-nis-checks.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index d5cc644..534194d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -447,22 +447,26 @@ AC_SUBST(LIBDB) - AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"]) - - AC_ARG_ENABLE([nis], -- AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix and pam_access])) -+ AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix])) - - AS_IF([test "x$enable_nis" != "xno"], [ -- CFLAGS=$old_CFLAGS -- LIBS=$old_LIBS -+ old_CFLAGS=$CFLAGS -+ old_LIBS=$LIBS - - dnl if there's libtirpc available, prefer that over the system - dnl implementation. -- PKG_CHECK_MODULES([libtirpc], [libtirpc], [ -- CFLAGS="$CFLAGS $libtirpc_CFLAGS" -- LIBS="$LIBS $libtirpc_LIBS" -+ PKG_CHECK_MODULES([TIRPC], [libtirpc], [ -+ CFLAGS="$CFLAGS $TIRPC_CFLAGS" -+ LIBS="$LIBS $TIRPC_LIBS" - ], [:;]) - -- AC_SEARCH_LIBS([yp_get_default_domain], [nsl]) -+ PKG_CHECK_MODULES([NSL], [libnsl], [], -+ [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])]) -+ CFLAGS="$CFLAGS $NSL_CFLAGS" -+ LIBS="$LIBS $NSL_LIBS" - - AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) -+ AC_CHECK_FUNCS([getrpcport rpcb_getaddr]) - AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h]) - AC_CHECK_DECLS([getrpcport], , , [ - #if HAVE_RPC_RPC_H -@@ -470,9 +474,6 @@ AS_IF([test "x$enable_nis" != "xno"], [ - #endif - ]) - -- NIS_CFLAGS="${CFLAGS%${old_CFLAGS}}" -- NIS_LIBS="${LIBS%${old_LIBS}}" -- - CFLAGS="$old_CFLAGS" - LIBS="$old_LIBS" - ]) -diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am -index ab0d55a..56df178 100644 ---- a/modules/pam_unix/Makefile.am -+++ b/modules/pam_unix/Makefile.am -@@ -19,7 +19,7 @@ secureconfdir = $(SCONFIGDIR) - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ - -DUPDATE_HELPER=\"$(sbindir)/unix_update\" \ -- $(NIS_CFLAGS) -+ @TIRPC_CFLAGS@ @NSL_CFLAGS@ - - if HAVE_LIBSELINUX - AM_CFLAGS += -D"WITH_SELINUX" -@@ -30,7 +30,7 @@ if HAVE_VERSIONING - pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -- @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) -+ @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ - - securelib_LTLIBRARIES = pam_unix.la - diff --git a/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch b/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch deleted file mode 100644 index 89cd195..0000000 --- a/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6b12a20c527cb6ced5b8911ea0f1dcdfc6e6f30c Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Tue, 29 Mar 2016 14:17:34 +0200 -Subject: [PATCH 2/2] PAM_EXTERN isn't needed anymore, but don't remove it to - not break lot of external code using it. - -* libpam/include/security/pam_modules.h: Readd PAM_EXTERN for compatibility ---- - libpam/include/security/pam_modules.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h -index 37568e9..ec65e3e 100644 ---- a/libpam/include/security/pam_modules.h -+++ b/libpam/include/security/pam_modules.h -@@ -75,6 +75,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - - #define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */ - -+/* PAM_EXTERN isn't needed anymore, but don't remove it to not break -+ lot of external code using it. */ -+#define PAM_EXTERN extern - - /* take care of any compatibility issues */ - #include --- -1.8.5.6 - diff --git a/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch b/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch deleted file mode 100644 index 1e0e5af..0000000 --- a/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 549aef483c9f1852e1fbefabc4ebbbe72e00c243 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Fri, 1 Apr 2016 15:28:09 +0200 -Subject: [PATCH] Use TI-RPC functions if we compile and link against libtirpc. - The old SunRPC functions don't work with IPv6. - -* configure.ac: Set and restore CPPFLAGS -* modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with - rpcb_getaddr if available. ---- - configure.ac | 4 +++ - modules/pam_unix/pam_unix_passwd.c | 73 +++++++++++++++++++++++++++++++++++++- - 2 files changed, 76 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 534194d..20f6ba3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -451,18 +451,21 @@ AC_ARG_ENABLE([nis], - - AS_IF([test "x$enable_nis" != "xno"], [ - old_CFLAGS=$CFLAGS -+ old_CPPFLAGS=$CPPFLAGS - old_LIBS=$LIBS - - dnl if there's libtirpc available, prefer that over the system - dnl implementation. - PKG_CHECK_MODULES([TIRPC], [libtirpc], [ - CFLAGS="$CFLAGS $TIRPC_CFLAGS" -+ CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS" - LIBS="$LIBS $TIRPC_LIBS" - ], [:;]) - - PKG_CHECK_MODULES([NSL], [libnsl], [], - [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])]) - CFLAGS="$CFLAGS $NSL_CFLAGS" -+ CPPFLAGS="$CPPFLAGS $NSL_CFLAGS" - LIBS="$LIBS $NSL_LIBS" - - AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) -@@ -475,6 +478,7 @@ AS_IF([test "x$enable_nis" != "xno"], [ - ]) - - CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - LIBS="$old_LIBS" - ]) - -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index e3d3209..fa29327 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -92,7 +92,7 @@ - - # include "yppasswd.h" - --# if !HAVE_DECL_GETRPCPORT -+# if !HAVE_DECL_GETRPCPORT &&!HAVE_RPCB_GETADDR - extern int getrpcport(const char *host, unsigned long prognum, - unsigned long versnum, unsigned int proto); - # endif /* GNU libc 2.1 */ -@@ -114,11 +114,48 @@ extern int getrpcport(const char *host, unsigned long prognum, - #define MAX_PASSWD_TRIES 3 - - #ifdef HAVE_NIS -+#ifdef HAVE_RPCB_GETADDR -+static unsigned short -+__taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf) -+{ -+ unsigned short port = 0; -+ struct __rpc_sockinfo si; -+ struct sockaddr_in *sin; -+ struct sockaddr_in6 *sin6; -+ if (!__rpc_nconf2sockinfo(nconf, &si)) -+ return 0; -+ -+ switch (si.si_af) -+ { -+ case AF_INET: -+ sin = nbuf->buf; -+ port = sin->sin_port; -+ break; -+ case AF_INET6: -+ sin6 = nbuf->buf; -+ port = sin6->sin6_port; -+ break; -+ default: -+ break; -+ } -+ -+ return htons (port); -+} -+#endif -+ - static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) - { - char *master; - char *domainname; - int port, err; -+#if defined(HAVE_RPCB_GETADDR) -+ struct netconfig *nconf; -+ struct netbuf svcaddr; -+ char addrbuf[INET6_ADDRSTRLEN]; -+ void *handle; -+ int found; -+#endif -+ - - #ifdef HAVE_YP_GET_DEFAULT_DOMAIN - if ((err = yp_get_default_domain(&domainname)) != 0) { -@@ -146,7 +183,41 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) - yperr_string(err)); - return NULL; - } -+#ifdef HAVE_RPCB_GETADDR -+ svcaddr.len = 0; -+ svcaddr.maxlen = sizeof (addrbuf); -+ svcaddr.buf = addrbuf; -+ port = 0; -+ found = 0; -+ -+ handle = setnetconfig(); -+ while ((nconf = getnetconfig(handle)) != NULL) { -+ if (!strcmp(nconf->nc_proto, "udp")) { -+ if (rpcb_getaddr(YPPASSWDPROG, YPPASSWDPROC_UPDATE, -+ nconf, &svcaddr, master)) { -+ port = __taddr2port (nconf, &svcaddr); -+ endnetconfig (handle); -+ found=1; -+ break; -+ } -+ -+ if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) { -+ clnt_pcreateerror (master); -+ pam_syslog (pamh, LOG_ERR, -+ "rpcb_getaddr (%s) failed!", master); -+ return NULL; -+ } -+ } -+ } -+ -+ if (!found) { -+ pam_syslog (pamh, LOG_ERR, -+ "Cannot find suitable transport for protocol 'udp'"); -+ return NULL; -+ } -+#else - port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); -+#endif - if (port == 0) { - pam_syslog(pamh, LOG_WARNING, - "yppasswdd not running on NIS master host"); --- -1.8.5.6 - diff --git a/Linux-PAM-1.2.1-docs.tar.bz2 b/Linux-PAM-1.2.1-docs.tar.bz2 deleted file mode 100644 index 32e575a..0000000 --- a/Linux-PAM-1.2.1-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1f8860544d935f744546a4bb15167e3e42736c4e37756534117bdfaa822e6b25 -size 491551 diff --git a/Linux-PAM-1.2.1.tar.bz2 b/Linux-PAM-1.2.1.tar.bz2 deleted file mode 100644 index 92da79f..0000000 --- a/Linux-PAM-1.2.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 -size 1279523 diff --git a/Linux-PAM-1.3.0-docs.tar.bz2 b/Linux-PAM-1.3.0-docs.tar.bz2 new file mode 100644 index 0000000..7baca1f --- /dev/null +++ b/Linux-PAM-1.3.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8610b48703f036f6755c1d2bd8bcdeaddd9d99a1631f2d7668ec69b444d972a0 +size 492805 diff --git a/Linux-PAM-1.3.0.tar.bz2 b/Linux-PAM-1.3.0.tar.bz2 new file mode 100644 index 0000000..8ad625a --- /dev/null +++ b/Linux-PAM-1.3.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:241aed1ef522f66ed672719ecf2205ec513fd0075ed80cda8e086a5b1a01d1bb +size 1302820 diff --git a/encryption_method_nis.diff b/encryption_method_nis.diff index 55980bf..f812786 100644 --- a/encryption_method_nis.diff +++ b/encryption_method_nis.diff @@ -1,8 +1,6 @@ -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index 0cfc0f4..2239206 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +--- modules/pam_unix/pam_unix_passwd.c ++++ modules/pam_unix/pam_unix_passwd.c 2016/04/11 13:49:32 +@@ -840,6 +840,29 @@ * rebuild the password database file. */ @@ -32,13 +30,11 @@ index 0cfc0f4..2239206 100644 /* * First we encrypt the new password. */ -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index 19d72e6..dafa9f0 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -37,8 +37,8 @@ - #define SELINUX_ENABLED 0 - #endif +--- modules/pam_unix/support.c ++++ modules/pam_unix/support.c 2016/04/11 13:49:32 +@@ -31,8 +31,8 @@ + #include "support.h" + #include "passverify.h" -static char * -search_key (const char *key, const char *filename) @@ -47,7 +43,7 @@ index 19d72e6..dafa9f0 100644 { FILE *fp; char *buf = NULL; -@@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, +@@ -153,7 +153,7 @@ } /* preset encryption method with value from /etc/login.defs */ @@ -56,7 +52,7 @@ index 19d72e6..dafa9f0 100644 if (val) { for (j = 0; j < UNIX_CTRLS_; ++j) { if (unix_args[j].token && unix_args[j].is_hash_algo -@@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, +@@ -171,7 +171,7 @@ /* read number of rounds for crypt algo */ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { @@ -65,11 +61,9 @@ index 19d72e6..dafa9f0 100644 if (val) { *rounds = strtol(val, NULL, 10); -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index 6f5b2eb..a35a8a8 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh +--- modules/pam_unix/support.h ++++ modules/pam_unix/support.h 2016/04/11 13:49:32 +@@ -174,4 +174,5 @@ extern int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft); diff --git a/pam.changes b/pam.changes index 23c3bc1..0ee5084 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + ------------------------------------------------------------------- Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 36037e2..67e8d11 100644 --- a/pam.spec +++ b/pam.spec @@ -30,11 +30,11 @@ BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.84.1 +%define libpam_so_version 0.84.2 %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version: 1.2.1 +Version: 1.3.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause @@ -52,14 +52,11 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf +Source10: unix2_chkpwd.c +Source11: unix2_chkpwd.8 Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff -Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch -Patch5: 0002-Remove-enable-static-modules-option-and-support-from.patch -Patch6: 0003-fix-nis-checks.patch -Patch7: 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch -Patch8: 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -109,12 +106,7 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%patch3 -p0 %build autoreconf -fiv @@ -128,7 +120,8 @@ export CFLAGS="%optflags -DNDEBUG" --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security -make %{?_smp_mflags}; +make %{?_smp_mflags} +%__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/.libs/ -lpam %check make %{?_smp_mflags} check @@ -181,12 +174,6 @@ for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do ln -f $RPM_BUILD_ROOT/%{_lib}/security/pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/$x.so done # -# pam_tally is deprecated since ages -# -rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so -rm -f $RPM_BUILD_ROOT/sbin/pam_tally -rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* -# # Install READMEs of PAM modules # DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam @@ -198,18 +185,30 @@ mkdir -p $DOC/modules done ) # -# Install misc docu and md5.config +# pam_tally is deprecated since ages +# +rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so +rm -f $RPM_BUILD_ROOT/sbin/pam_tally +rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* +rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/pam/modules/README.pam_tally +# +# Install misc docu # install -m 644 NEWS COPYING $DOC +# Install unix2_chkpwd +install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/ +install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ # Create filelist with translatins %{find_lang} Linux-PAM %verifyscript %verify_permissions -e /sbin/unix_chkpwd +%verify_permissions -e /sbin/unix2_chkpwd %post /sbin/ldconfig %set_permissions /sbin/unix_chkpwd +%set_permissions /sbin/unix2_chkpwd %postun -p /sbin/ldconfig @@ -234,6 +233,7 @@ install -m 644 NEWS COPYING $DOC %config(noreplace) %{_sysconfdir}/security/namespace.init %doc %{_defaultdocdir}/pam/NEWS %doc %{_defaultdocdir}/pam/COPYING +%doc %{_mandir}/man5/environment.5* %doc %{_mandir}/man5/*.conf.5* %doc %{_mandir}/man5/pam.d.5* %doc %{_mandir}/man8/* @@ -299,6 +299,7 @@ install -m 644 NEWS COPYING $DOC /sbin/pam_tally2 /sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %attr(0700,root,root) /sbin/unix_update %files doc diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From dbd8f09b66f0470a5cc7d9adf84532b87353469a700ea25da9133ed321222fdf Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 2 May 2016 08:46:48 +0000 Subject: [PATCH 096/226] - Link pam_unix against libtirpc and external libnsl to enable IPv6 support. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=160 --- pam.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pam.changes b/pam.changes index 0ee5084..a246f81 100644 --- a/pam.changes +++ b/pam.changes @@ -8,6 +8,8 @@ Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de - Update Linux-PAM to version 1.3.0 - Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. ------------------------------------------------------------------- Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de -- 2.51.1 From 7bd1cebe625da057734cbe11a7527f4ceb302210d8adb040929f5b0198301aeb Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 2 May 2016 09:28:49 +0000 Subject: [PATCH 097/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=161 --- pam.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pam.spec b/pam.spec index 67e8d11..61e6838 100644 --- a/pam.spec +++ b/pam.spec @@ -25,8 +25,10 @@ BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex +%if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libnsl) BuildRequires: pkgconfig(libtirpc) +%endif %if %{enable_selinux} BuildRequires: libselinux-devel %endif -- 2.51.1 From fe6ab534dc028a68c02dcea22d80e4ce1561ddc33022c97b24e427d739c24a82 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 28 Jul 2016 12:29:55 +0000 Subject: [PATCH 098/226] - Add doc directory to filelist. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=163 --- pam.changes | 5 +++++ pam.spec | 2 ++ 2 files changed, 7 insertions(+) diff --git a/pam.changes b/pam.changes index a246f81..c0799d4 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + ------------------------------------------------------------------- Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 61e6838..030ce24 100644 --- a/pam.spec +++ b/pam.spec @@ -219,6 +219,7 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ %dir %{_sysconfdir}/pam.d %dir %{_sysconfdir}/security %dir %{_sysconfdir}/security/limits.d +%dir %{_defaultdocdir}/pam %config(noreplace) %{_sysconfdir}/pam.d/other %config(noreplace) %{_sysconfdir}/pam.d/common-* %config(noreplace) %{_sysconfdir}/securetty @@ -306,6 +307,7 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ %files doc %defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam %doc %{_defaultdocdir}/pam/html %doc %{_defaultdocdir}/pam/modules %doc %{_defaultdocdir}/pam/pdf -- 2.51.1 From 731ae6c394c830cdbc840868c736dd39ec4bf3fa8dde2976db7a6d82e42528c4 Mon Sep 17 00:00:00 2001 From: Wolfgang Engel Date: Tue, 30 Aug 2016 14:33:48 +0000 Subject: [PATCH 099/226] Accepting request 416170 from home:develop7:branches:Linux-PAM pam-limit-nproc.patch: increased process limit to help Chrome/Chromuim users with really lots of tabs. New limit gets closer to UserTasksMax parameter in logind.conf Not sure why it is even there given the presence of logind, but let's deal with it gradually, one step at a time. OBS-URL: https://build.opensuse.org/request/show/416170 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=165 --- pam-limit-nproc.patch | 4 ++-- pam.changes | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch index 20448f5..e571d77 100644 --- a/pam-limit-nproc.patch +++ b/pam-limit-nproc.patch @@ -7,8 +7,8 @@ Index: Linux-PAM-1.1.8/modules/pam_limits/limits.conf #@student - maxlogins 4 +# harden against fork-bombs -+* hard nproc 1700 -+* soft nproc 1200 ++* hard nproc 4000 ++* soft nproc 3500 +root hard nproc 3000 +root soft nproc 1850 + diff --git a/pam.changes b/pam.changes index c0799d4..fa9c5ed 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + ------------------------------------------------------------------- Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de -- 2.51.1 From c31c12f1922680bb7cd0fc711b93d111926f16a0225ecdd99a735deda46c3604 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 15 Dec 2016 09:44:44 +0000 Subject: [PATCH 100/226] Accepting request 444873 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/444873 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=167 --- pam-limit-nproc.patch | 14 +++++++------- pam.changes | 7 +++++++ pam.spec | 2 +- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch index e571d77..2553e5c 100644 --- a/pam-limit-nproc.patch +++ b/pam-limit-nproc.patch @@ -1,15 +1,15 @@ -Index: Linux-PAM-1.1.8/modules/pam_limits/limits.conf +Index: Linux-PAM-1.3.0/modules/pam_limits/limits.conf =================================================================== ---- Linux-PAM-1.1.8.orig/modules/pam_limits/limits.conf -+++ Linux-PAM-1.1.8/modules/pam_limits/limits.conf +--- Linux-PAM-1.3.0.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.0/modules/pam_limits/limits.conf @@ -47,4 +47,10 @@ #ftp hard nproc 0 #@student - maxlogins 4 +# harden against fork-bombs -+* hard nproc 4000 -+* soft nproc 3500 -+root hard nproc 3000 -+root soft nproc 1850 ++* hard nproc 16384 ++* soft nproc 4096 ++# root hard nproc 3000 ++# root soft nproc 1850 + # End of file diff --git a/pam.changes b/pam.changes index fa9c5ed..76468b9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + ------------------------------------------------------------------- Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info diff --git a/pam.spec b/pam.spec index 030ce24..bae6ae5 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed -- 2.51.1 From acb196a31679f3b47e79a8f43d1002d84089a575aa3c11f965bbc60d1d402b25 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 3 Mar 2017 19:50:43 +0000 Subject: [PATCH 101/226] Accepting request 476771 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/476771 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=169 --- pam-hostnames-in-access_conf.patch | 156 +++++++++++++++++++++++++++++ pam.changes | 6 ++ pam.spec | 4 +- 3 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 pam-hostnames-in-access_conf.patch diff --git a/pam-hostnames-in-access_conf.patch b/pam-hostnames-in-access_conf.patch new file mode 100644 index 0000000..7650754 --- /dev/null +++ b/pam-hostnames-in-access_conf.patch @@ -0,0 +1,156 @@ +Index: modules/pam_access/pam_access.c +=================================================================== +--- modules/pam_access/pam_access.c.orig ++++ modules/pam_access/pam_access.c +@@ -692,10 +692,10 @@ string_match (pam_handle_t *pamh, const + return (NO); + } + +- + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok +- * represents either a single ip (v4,v6) address or a network/netmask ++ * represents either a hostname, a single ip (v4,v6) address ++ * or a network/netmask + */ + static int + network_netmask_match (pam_handle_t *pamh, +@@ -704,10 +704,14 @@ network_netmask_match (pam_handle_t *pam + char *netmask_ptr; + char netmask_string[MAXHOSTNAMELEN + 1]; + int addr_type; ++ struct addrinfo *ai; ++ struct sockaddr_storage tok_addr; ++ struct addrinfo hint; + + if (item->debug) +- pam_syslog (pamh, LOG_DEBUG, ++ pam_syslog (pamh, LOG_DEBUG, + "network_netmask_match: tok=%s, item=%s", tok, string); ++ + /* OK, check if tok is of type addr/mask */ + if ((netmask_ptr = strchr(tok, '/')) != NULL) + { +@@ -717,7 +721,7 @@ network_netmask_match (pam_handle_t *pam + *netmask_ptr = 0; + netmask_ptr++; + +- if (isipaddr(tok, &addr_type, NULL) == NO) ++ if (isipaddr(tok, &addr_type, &tok_addr) == NO) + { /* no netaddr */ + return NO; + } +@@ -739,19 +743,47 @@ network_netmask_match (pam_handle_t *pam + netmask_ptr = number_to_netmask(netmask, addr_type, + netmask_string, MAXHOSTNAMELEN); + } +- } ++ ++ /* ++ * Although isipaddr() has already converted the IP address, ++ * we call getaddrinfo here to properly construct an addrinfo list ++ */ ++ memset (&hint, '\0', sizeof (hint)); ++ hint.ai_flags = 0; ++ hint.ai_family = AF_UNSPEC; ++ ++ ai = NULL; /* just to be on the safe side */ ++ ++ /* The following should not fail ... */ ++ if (getaddrinfo (tok, NULL, &hint, &ai) != 0) ++ { ++ return NO; ++ } ++ } + else +- /* NO, then check if it is only an addr */ +- if (isipaddr(tok, NULL, NULL) != YES) ++ { ++ /* ++ * It is either an IP address or a hostname. ++ * Let getaddrinfo sort everything out ++ */ ++ memset (&hint, '\0', sizeof (hint)); ++ hint.ai_flags = 0; ++ hint.ai_family = AF_UNSPEC; ++ ++ ai = NULL; /* just to be on the safe side */ ++ ++ if (getaddrinfo (string, NULL, &hint, &ai) != 0) + { ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string); ++ + return NO; + } ++ netmask_ptr = NULL; ++ } + + if (isipaddr(string, NULL, NULL) != YES) + { + /* Assume network/netmask with a name of a host. */ +- struct addrinfo hint; +- + memset (&hint, '\0', sizeof (hint)); + hint.ai_flags = AI_CANONNAME; + hint.ai_family = AF_UNSPEC; +@@ -764,27 +796,52 @@ network_netmask_match (pam_handle_t *pam + else + { + struct addrinfo *runp = item->res; ++ struct addrinfo *runp1; + + while (runp != NULL) + { + char buf[INET6_ADDRSTRLEN]; + +- inet_ntop (runp->ai_family, +- runp->ai_family == AF_INET +- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr +- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, +- buf, sizeof (buf)); ++ (void) getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST); + +- if (are_addresses_equal(buf, tok, netmask_ptr)) ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) + { +- return YES; ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ if (runp->ai_family != runp1->ai_family) ++ continue; ++ ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } + } + runp = runp->ai_next; + } + } + } + else +- return (are_addresses_equal(string, tok, netmask_ptr)); ++ { ++ struct addrinfo *runp1; ++ ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } ++ } ++ ++ freeaddrinfo(ai); + + return NO; + } diff --git a/pam.changes b/pam.changes index 76468b9..5f454d8 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + ------------------------------------------------------------------- Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com diff --git a/pam.spec b/pam.spec index bae6ae5..4daf31d 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -59,6 +59,7 @@ Source11: unix2_chkpwd.8 Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff +Patch4: pam-hostnames-in-access_conf.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -109,6 +110,7 @@ building both PAM-aware applications and modules for use with PAM. %patch0 -p1 %patch2 -p1 %patch3 -p0 +%patch4 -p0 %build autoreconf -fiv -- 2.51.1 From 0e07293a0f180820386604f97c1549f4c90b87ee7bef616378b09ac8f6f8d180 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 6 Nov 2017 15:05:24 +0000 Subject: [PATCH 102/226] Accepting request 534911 from home:Andreas_Schwab:Factory - Prerequire group(shadow), user(root) OBS-URL: https://build.opensuse.org/request/show/534911 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=171 --- pam.changes | 5 +++++ pam.spec | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index 5f454d8..12fd874 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + ------------------------------------------------------------------- Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com diff --git a/pam.spec b/pam.spec index 4daf31d..8f068b6 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -42,6 +42,10 @@ Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause Group: System/Libraries PreReq: permissions +%if 0%{?suse_version} >= 1330 +Requires(pre): group(shadow) +Requires(pre): user(root) +%endif #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ Source: Linux-PAM-%{version}.tar.bz2 -- 2.51.1 From bd76b462a69d3c6dff4531f9e35fa3aed4a5e8e0b964ee3a62621aa9f07dc02f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 6 Mar 2018 12:55:08 +0000 Subject: [PATCH 103/226] Accepting request 580113 from home:favogt:licensetag Use %license (boo#1082318). Please forward to SLE, if possible OBS-URL: https://build.opensuse.org/request/show/580113 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=173 --- pam.changes | 5 +++++ pam.spec | 10 +++------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/pam.changes b/pam.changes index 12fd874..de03490 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + ------------------------------------------------------------------- Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de diff --git a/pam.spec b/pam.spec index 8f068b6..c3e44c9 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -199,10 +199,6 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so rm -f $RPM_BUILD_ROOT/sbin/pam_tally rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/pam/modules/README.pam_tally -# -# Install misc docu -# -install -m 644 NEWS COPYING $DOC # Install unix2_chkpwd install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ @@ -240,8 +236,8 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ %config(noreplace) %{_sysconfdir}/security/time.conf %config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_sysconfdir}/security/namespace.init -%doc %{_defaultdocdir}/pam/NEWS -%doc %{_defaultdocdir}/pam/COPYING +%doc NEWS +%license COPYING %doc %{_mandir}/man5/environment.5* %doc %{_mandir}/man5/*.conf.5* %doc %{_mandir}/man5/pam.d.5* -- 2.51.1 From 74bd51166bf09bb1a8c56ac0bfed2ea1823c59d76fcdfaf871730f73bb946f5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Wed, 2 May 2018 14:44:06 +0000 Subject: [PATCH 104/226] Accepting request 603146 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/603146 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=175 --- pam-fix-config-order-in-manpage.patch | 31 +++++++++++++++++++++++++++ pam.changes | 6 ++++++ pam.spec | 4 +++- 3 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 pam-fix-config-order-in-manpage.patch diff --git a/pam-fix-config-order-in-manpage.patch b/pam-fix-config-order-in-manpage.patch new file mode 100644 index 0000000..0698b82 --- /dev/null +++ b/pam-fix-config-order-in-manpage.patch @@ -0,0 +1,31 @@ +Index: Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8.xml +=================================================================== +--- Linux-PAM-1.3.0.orig/modules/pam_umask/pam_umask.8.xml ++++ Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8.xml +@@ -48,22 +48,22 @@ + + + +- umask= argument ++ umask= entry in the user's GECOS field + + + + +- umask= entry in the user's GECOS field ++ umask= argument + + + + +- UMASK= entry from /etc/default/login ++ UMASK= entry from /etc/login.defs + + + + +- UMASK entry from /etc/login.defs ++ UMASK= entry from /etc/default/login + + + diff --git a/pam.changes b/pam.changes index de03490..3052e55 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + ------------------------------------------------------------------- Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com diff --git a/pam.spec b/pam.spec index c3e44c9..7c4aa16 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -64,6 +64,7 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff Patch4: pam-hostnames-in-access_conf.patch +Patch5: pam-fix-config-order-in-manpage.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -115,6 +116,7 @@ building both PAM-aware applications and modules for use with PAM. %patch2 -p1 %patch3 -p0 %patch4 -p0 +%patch5 -p1 %build autoreconf -fiv -- 2.51.1 From 126fde1f546ba98b8d779a738c7609332d9f8e086dbb285f78c179ff13ddb4df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Thu, 3 May 2018 07:51:52 +0000 Subject: [PATCH 105/226] Accepting request 603562 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/603562 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=176 --- pam-fix-config-order-in-manpage.patch | 40 +++++++++++++++++++++++++++ pam.changes | 6 ++++ 2 files changed, 46 insertions(+) diff --git a/pam-fix-config-order-in-manpage.patch b/pam-fix-config-order-in-manpage.patch index 0698b82..acd4eca 100644 --- a/pam-fix-config-order-in-manpage.patch +++ b/pam-fix-config-order-in-manpage.patch @@ -29,3 +29,43 @@ Index: Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8.xml +Index: Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8 +=================================================================== +--- Linux-PAM-1.3.0.orig/modules/pam_umask/pam_umask.8 ++++ Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8 +@@ -46,7 +46,7 @@ The PAM module tries to get the umask va + .sp -1 + .IP \(bu 2.3 + .\} +-umask= argument ++umask= entry in the user\*(Aqs GECOS field + .RE + .sp + .RS 4 +@@ -57,7 +57,7 @@ umask= argument + .sp -1 + .IP \(bu 2.3 + .\} +-umask= entry in the user\*(Aqs GECOS field ++umask= argument + .RE + .sp + .RS 4 +@@ -68,7 +68,7 @@ umask= entry in the user\*(Aqs GECOS fie + .sp -1 + .IP \(bu 2.3 + .\} +-UMASK= entry from /etc/default/login ++UMASK= entry from /etc/login\&.defs + .RE + .sp + .RS 4 +@@ -79,7 +79,7 @@ UMASK= entry from /etc/default/login + .sp -1 + .IP \(bu 2.3 + .\} +-UMASK entry from /etc/login\&.defs ++UMASK= entry from /etc/default/login + .RE + .PP + The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. diff --git a/pam.changes b/pam.changes index 3052e55..7c42d96 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + ------------------------------------------------------------------- Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com -- 2.51.1 From eacf67827e9af21ef25c854b8f42193a18ed022e2911e87df2ad1931ef3814d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 13 Jul 2018 15:28:53 +0000 Subject: [PATCH 106/226] Accepting request 622479 from home:sbrabec:branches:Linux-PAM - Install empty directory /etc/security/namespace.d for pam_namespace.so iscript. OBS-URL: https://build.opensuse.org/request/show/622479 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=178 --- pam.changes | 6 ++++++ pam.spec | 7 +++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/pam.changes b/pam.changes index 7c42d96..08a1b06 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + ------------------------------------------------------------------- Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com diff --git a/pam.spec b/pam.spec index 7c4aa16..5be47e2 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -39,7 +39,7 @@ BuildRequires: libselinux-devel Version: 1.3.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications -License: GPL-2.0+ or BSD-3-Clause +License: GPL-2.0-or-later OR BSD-3-Clause Group: System/Libraries PreReq: permissions %if 0%{?suse_version} >= 1330 @@ -164,6 +164,8 @@ echo "hvc7" >> $RPM_BUILD_ROOT/etc/securetty echo "sclp_line0" >> $RPM_BUILD_ROOT/etc/securetty echo "ttysclp0" >> $RPM_BUILD_ROOT/etc/securetty %endif +# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript +install -d $RPM_BUILD_ROOT%{_sysconfdir}/security/namespace.d # install other.pamd and common-*.pamd install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/common-auth @@ -238,6 +240,7 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ %config(noreplace) %{_sysconfdir}/security/time.conf %config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_sysconfdir}/security/namespace.init +%dir %{_sysconfdir}/security/namespace.d %doc NEWS %license COPYING %doc %{_mandir}/man5/environment.5* -- 2.51.1 From d323a04890683a6efd99e2af7710f839bfb2622eee0efb7f61eb2ef0ba8ac220 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 24 Aug 2018 14:25:24 +0000 Subject: [PATCH 107/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=180 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 5be47e2..4b7eeb4 100644 --- a/pam.spec +++ b/pam.spec @@ -301,7 +301,7 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ /%{_lib}/security/pam_unix_auth.so /%{_lib}/security/pam_unix_passwd.so /%{_lib}/security/pam_unix_session.so -#/%{_lib}/security/pam_userdb.so +/%{_lib}/security/pam_userdb.so /%{_lib}/security/pam_warn.so /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so -- 2.51.1 From 0aad24ee3cfdec4a0f2df8e9762aafa0311a864f8cd4b1e89d3705ed462ee628 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 24 Aug 2018 14:29:54 +0000 Subject: [PATCH 108/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=181 --- pam.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/pam.spec b/pam.spec index 4b7eeb4..745d11a 100644 --- a/pam.spec +++ b/pam.spec @@ -26,6 +26,7 @@ BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex %if 0%{?suse_version} > 1320 +BuildRequires: libdb-4_8-devel BuildRequires: pkgconfig(libnsl) BuildRequires: pkgconfig(libtirpc) %endif -- 2.51.1 From a5f3c5b6d5e71dc744d644dc57f9d513acb21ff06b004d36ba22ed4d6e03636d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 24 Aug 2018 14:33:21 +0000 Subject: [PATCH 109/226] Accepting request 631383 from home:psimons:branches:Linux-PAM Add libdb as build-time dependency to enable pam_userdb module. This module is useful for implementing virtual user support for vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] OBS-URL: https://build.opensuse.org/request/show/631383 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=182 --- pam.changes | 7 +++++++ pam.spec | 1 + 2 files changed, 8 insertions(+) diff --git a/pam.changes b/pam.changes index 08a1b06..2c59cb3 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + ------------------------------------------------------------------- Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com diff --git a/pam.spec b/pam.spec index 745d11a..eba743f 100644 --- a/pam.spec +++ b/pam.spec @@ -67,6 +67,7 @@ Patch3: encryption_method_nis.diff Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-fix-config-order-in-manpage.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: libdb-4_8-devel # Remove with next version update: BuildRequires: autoconf BuildRequires: automake -- 2.51.1 From 93d4e897d1268b82df012522f0aeae614c06aa857a54760e19870b89388ebda0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 22 Oct 2018 12:46:59 +0000 Subject: [PATCH 110/226] Accepting request 643661 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/643661 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=184 --- Linux-PAM-1.3.0-docs.tar.bz2 | 3 -- Linux-PAM-1.3.0.tar.bz2 | 3 -- Linux-PAM-1.3.1-docs.tar.xz | 3 ++ Linux-PAM-1.3.1.tar.xz | 3 ++ pam-fix-config-order-in-manpage.patch | 71 --------------------------- pam-limit-nproc.patch | 14 ++---- pam.changes | 22 +++++++++ pam.spec | 9 ++-- 8 files changed, 37 insertions(+), 91 deletions(-) delete mode 100644 Linux-PAM-1.3.0-docs.tar.bz2 delete mode 100644 Linux-PAM-1.3.0.tar.bz2 create mode 100644 Linux-PAM-1.3.1-docs.tar.xz create mode 100644 Linux-PAM-1.3.1.tar.xz delete mode 100644 pam-fix-config-order-in-manpage.patch diff --git a/Linux-PAM-1.3.0-docs.tar.bz2 b/Linux-PAM-1.3.0-docs.tar.bz2 deleted file mode 100644 index 7baca1f..0000000 --- a/Linux-PAM-1.3.0-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8610b48703f036f6755c1d2bd8bcdeaddd9d99a1631f2d7668ec69b444d972a0 -size 492805 diff --git a/Linux-PAM-1.3.0.tar.bz2 b/Linux-PAM-1.3.0.tar.bz2 deleted file mode 100644 index 8ad625a..0000000 --- a/Linux-PAM-1.3.0.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:241aed1ef522f66ed672719ecf2205ec513fd0075ed80cda8e086a5b1a01d1bb -size 1302820 diff --git a/Linux-PAM-1.3.1-docs.tar.xz b/Linux-PAM-1.3.1-docs.tar.xz new file mode 100644 index 0000000..6317d16 --- /dev/null +++ b/Linux-PAM-1.3.1-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3bb80257cc61f23956d8df43ea31cadeeb3b4cdb69d46006a70b377c139e37ca +size 459552 diff --git a/Linux-PAM-1.3.1.tar.xz b/Linux-PAM-1.3.1.tar.xz new file mode 100644 index 0000000..506f7a9 --- /dev/null +++ b/Linux-PAM-1.3.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eff47a4ecd833fbf18de9686632a70ee8d0794b79aecb217ebd0ce11db4cd0db +size 912332 diff --git a/pam-fix-config-order-in-manpage.patch b/pam-fix-config-order-in-manpage.patch deleted file mode 100644 index acd4eca..0000000 --- a/pam-fix-config-order-in-manpage.patch +++ /dev/null @@ -1,71 +0,0 @@ -Index: Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8.xml -=================================================================== ---- Linux-PAM-1.3.0.orig/modules/pam_umask/pam_umask.8.xml -+++ Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8.xml -@@ -48,22 +48,22 @@ - - - -- umask= argument -+ umask= entry in the user's GECOS field - - - - -- umask= entry in the user's GECOS field -+ umask= argument - - - - -- UMASK= entry from /etc/default/login -+ UMASK= entry from /etc/login.defs - - - - -- UMASK entry from /etc/login.defs -+ UMASK= entry from /etc/default/login - - - -Index: Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8 -=================================================================== ---- Linux-PAM-1.3.0.orig/modules/pam_umask/pam_umask.8 -+++ Linux-PAM-1.3.0/modules/pam_umask/pam_umask.8 -@@ -46,7 +46,7 @@ The PAM module tries to get the umask va - .sp -1 - .IP \(bu 2.3 - .\} --umask= argument -+umask= entry in the user\*(Aqs GECOS field - .RE - .sp - .RS 4 -@@ -57,7 +57,7 @@ umask= argument - .sp -1 - .IP \(bu 2.3 - .\} --umask= entry in the user\*(Aqs GECOS field -+umask= argument - .RE - .sp - .RS 4 -@@ -68,7 +68,7 @@ umask= entry in the user\*(Aqs GECOS fie - .sp -1 - .IP \(bu 2.3 - .\} --UMASK= entry from /etc/default/login -+UMASK= entry from /etc/login\&.defs - .RE - .sp - .RS 4 -@@ -79,7 +79,7 @@ UMASK= entry from /etc/default/login - .sp -1 - .IP \(bu 2.3 - .\} --UMASK entry from /etc/login\&.defs -+UMASK= entry from /etc/default/login - .RE - .PP - The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch index 2553e5c..db06758 100644 --- a/pam-limit-nproc.patch +++ b/pam-limit-nproc.patch @@ -1,15 +1,11 @@ -Index: Linux-PAM-1.3.0/modules/pam_limits/limits.conf +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf =================================================================== ---- Linux-PAM-1.3.0.orig/modules/pam_limits/limits.conf -+++ Linux-PAM-1.3.0/modules/pam_limits/limits.conf -@@ -47,4 +47,10 @@ +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ #ftp hard nproc 0 #@student - maxlogins 4 -+# harden against fork-bombs -+* hard nproc 16384 -+* soft nproc 4096 -+# root hard nproc 3000 -+# root soft nproc 1850 ++# No limits for nproc, use systemd configuration instead + # End of file diff --git a/pam.changes b/pam.changes index 2c59cb3..eb7f846 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + ------------------------------------------------------------------- Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com diff --git a/pam.spec b/pam.spec index eba743f..a0098c4 100644 --- a/pam.spec +++ b/pam.spec @@ -27,6 +27,7 @@ BuildRequires: cracklib-devel BuildRequires: flex %if 0%{?suse_version} > 1320 BuildRequires: libdb-4_8-devel +BuildRequires: xz BuildRequires: pkgconfig(libnsl) BuildRequires: pkgconfig(libtirpc) %endif @@ -37,7 +38,7 @@ BuildRequires: libselinux-devel %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version: 1.3.0 +Version: 1.3.1 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -49,8 +50,8 @@ Requires(pre): user(root) %endif #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ -Source: Linux-PAM-%{version}.tar.bz2 -Source1: Linux-PAM-%{version}-docs.tar.bz2 +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}-docs.tar.xz Source2: securetty Source3: other.pamd Source4: common-auth.pamd @@ -65,7 +66,6 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-fix-config-order-in-manpage.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libdb-4_8-devel # Remove with next version update: @@ -118,7 +118,6 @@ building both PAM-aware applications and modules for use with PAM. %patch2 -p1 %patch3 -p0 %patch4 -p0 -%patch5 -p1 %build autoreconf -fiv -- 2.51.1 From c0c76f0a22d46c7879e9c1746005cdb7d97c79109cc8315bef8fb154612869d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 16 Nov 2018 17:08:18 +0000 Subject: [PATCH 111/226] Accepting request 649542 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/649542 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=186 --- pam.changes | 10 ++++++++++ pam.spec | 2 ++ use-correct-IP-address.patch | 34 ++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 use-correct-IP-address.patch diff --git a/pam.changes b/pam.changes index eb7f846..9a0ed17 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch] + ------------------------------------------------------------------- Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com diff --git a/pam.spec b/pam.spec index a0098c4..47d4ba2 100644 --- a/pam.spec +++ b/pam.spec @@ -66,6 +66,7 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff Patch4: pam-hostnames-in-access_conf.patch +Patch5: use-correct-IP-address.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libdb-4_8-devel # Remove with next version update: @@ -118,6 +119,7 @@ building both PAM-aware applications and modules for use with PAM. %patch2 -p1 %patch3 -p0 %patch4 -p0 +%patch5 -p1 %build autoreconf -fiv diff --git a/use-correct-IP-address.patch b/use-correct-IP-address.patch new file mode 100644 index 0000000..105a16c --- /dev/null +++ b/use-correct-IP-address.patch @@ -0,0 +1,34 @@ +Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c ++++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c +@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam + + if (item->debug) + pam_syslog (pamh, LOG_DEBUG, +- "network_netmask_match: tok=%s, item=%s", tok, string); ++ "network_netmask_match: tok=%s, string=%s", tok, string); + + /* OK, check if tok is of type addr/mask */ + if ((netmask_ptr = strchr(tok, '/')) != NULL) +@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam + + /* check netmask */ + if (isipaddr(netmask_ptr, NULL, NULL) == NO) +- { /* netmask as integre value */ ++ { /* netmask as integer value */ + char *endptr = NULL; + netmask = strtol(netmask_ptr, &endptr, 0); + if ((endptr == netmask_ptr) || (*endptr != '\0')) +@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam + + ai = NULL; /* just to be on the safe side */ + +- if (getaddrinfo (string, NULL, &hint, &ai) != 0) ++ if (getaddrinfo (tok, NULL, &hint, &ai) != 0) + { +- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string); ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); + + return NO; + } -- 2.51.1 From 4415fd969ceac9cd48f80389669cb33f5535d09bc5e2ca9e0ba8c35277a9bfa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 23 Nov 2018 07:09:55 +0000 Subject: [PATCH 112/226] Accepting request 651022 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/651022 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=187 --- pam.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index 9a0ed17..baceee0 100644 --- a/pam.changes +++ b/pam.changes @@ -6,7 +6,7 @@ Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com the incoming IP address was used rather than the IP address from access.conf, effectively comparing the incoming address with itself. (Also fixed a small typo while I was at it) - {bsc#1115640, use-correct-IP-address.patch] + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] ------------------------------------------------------------------- Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com -- 2.51.1 From bf578882d8d624a9a1da0a0f1a5e040b04ba1ec9a1a61f7d96507b5b318dc1eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 6 May 2019 07:09:44 +0000 Subject: [PATCH 113/226] Accepting request 700497 from home:sbrabec:branches:util-linux-2.33.1 Depends on https://build.opensuse.org/request/show/700494! - Add virtual symbols for login.defs compatibility (bsc#1121197). - Add login.defs safety check pam-login_defs-check.sh (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700497 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=189 --- pam-login_defs-check.sh | 46 +++++++++++++++++++++++++++++++++++++++++ pam.changes | 7 +++++++ pam.spec | 12 +++++++++-- 3 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 pam-login_defs-check.sh diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..80ce8fd --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3e1ae01b1e928c53c828f64ab412be6267eb1018 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes index baceee0..c84e094 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + ------------------------------------------------------------------- Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com diff --git a/pam.spec b/pam.spec index 47d4ba2..7fec94b 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -48,6 +48,11 @@ PreReq: permissions Requires(pre): group(shadow) Requires(pre): user(root) %endif +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +# Recent symbol includes variable from encryption_method_nis.diff. +Requires: login_defs-support-for-pam >= 1.3.1 #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ Source: Linux-PAM-%{version}.tar.xz @@ -62,6 +67,7 @@ Source8: etc.environment Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 +Source12: pam-login_defs-check.sh Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff @@ -115,6 +121,7 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 +cp -a %{S:12} . %patch0 -p1 %patch2 -p1 %patch3 -p0 @@ -122,6 +129,7 @@ building both PAM-aware applications and modules for use with PAM. %patch5 -p1 %build +bash ./pam-login_defs-check.sh autoreconf -fiv export CFLAGS="%optflags -DNDEBUG" %configure \ -- 2.51.1 From 78441ed37bd6f5f265c397b5d3ce344d423bd125e9975f9ac59e8383195258ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 19 Aug 2019 12:43:33 +0000 Subject: [PATCH 114/226] Accepting request 724569 from home:kukuk:branches:Linux-PAM - encryption_method_nis.diff: obsolete, NIS clients shouldn't require DES anymore. - etc.environment: removed, the sources contain the same - Update to version 1.3.1+git20190807.e31dd6c: * pam_tty_audit: Manual page clarification about password logging * pam_get_authtok_verify: Avoid duplicate password verification * Mention that ./autogen.sh is needeed to be run if you check out the sources from git * pam_unix: Correct MAXPASS define name in the previous two commits. * Restrict password length when changing password * Trim password at PAM_MAX_RESP_SIZE chars * pam_succeed_if: Request user data only when needed * pam_tally2: Remove unnecessary fsync() * Fixed a grammer mistake * Fix documentation for pam_wheel * Fix a typo in the documentation * pam_lastlog: Improve silent option documentation * pam_lastlog: Respect PAM_SILENT flag * Fix regressions from the last commits. * Replace strndupa with strncpy * build: ignore pam_lastlog when logwtmp is not available. * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. * pam_motd: Cleanup the code and avoid unnecessary logging * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. * Move the duplicated search_key function to pam_modutil. * pam_unix: Use pam_syslog instead of helper_log_err. * pam_unix: Report unusable hashes found by checksalt to syslog. * Revert "pam_unix: Add crypt_default method, if supported." * pam_unix: Add crypt_default method, if supported. * Revert part of the commit 4da9febc OBS-URL: https://build.opensuse.org/request/show/724569 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=191 --- Linux-PAM-1.3.1.tar.xz | 3 - _service | 14 ++++ _servicedata | 6 ++ encryption_method_nis.diff | 71 ------------------- etc.environment | 5 -- linux-pam-1.3.1+git20190807.e31dd6c.tar.xz | 3 + ...man-pages-1.3.1+git20190807.e31dd6c.tar.xz | 3 + pam-login_defs-check.sh | 2 +- pam.changes | 49 +++++++++++++ pam.spec | 23 +++--- 10 files changed, 86 insertions(+), 93 deletions(-) delete mode 100644 Linux-PAM-1.3.1.tar.xz create mode 100644 _service create mode 100644 _servicedata delete mode 100644 encryption_method_nis.diff delete mode 100644 etc.environment create mode 100644 linux-pam-1.3.1+git20190807.e31dd6c.tar.xz create mode 100644 linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz diff --git a/Linux-PAM-1.3.1.tar.xz b/Linux-PAM-1.3.1.tar.xz deleted file mode 100644 index 506f7a9..0000000 --- a/Linux-PAM-1.3.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eff47a4ecd833fbf18de9686632a70ee8d0794b79aecb217ebd0ce11db4cd0db -size 912332 diff --git a/_service b/_service new file mode 100644 index 0000000..b7a310b --- /dev/null +++ b/_service @@ -0,0 +1,14 @@ + + + 1.3.1 + 1.3.1+git%cd.%h + git://github.com/linux-pam/linux-pam.git + git + enable + + + xz + *.tar + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..bf2e116 --- /dev/null +++ b/_servicedata @@ -0,0 +1,6 @@ + + + git://github.com/linux-pam/linux-pam.git + e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15 + + \ No newline at end of file diff --git a/encryption_method_nis.diff b/encryption_method_nis.diff deleted file mode 100644 index f812786..0000000 --- a/encryption_method_nis.diff +++ /dev/null @@ -1,71 +0,0 @@ ---- modules/pam_unix/pam_unix_passwd.c -+++ modules/pam_unix/pam_unix_passwd.c 2016/04/11 13:49:32 -@@ -840,6 +840,29 @@ - * rebuild the password database file. - */ - -+ -+ /* if it is a NIS account, check for special hash algo */ -+ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1)) { -+ /* preset encryption method with value from /etc/login.defs */ -+ int j; -+ char *val = _unix_search_key ("ENCRYPT_METHOD_NIS", LOGIN_DEFS); -+ if (val) { -+ for (j = 0; j < UNIX_CTRLS_; ++j) { -+ if (unix_args[j].token && unix_args[j].is_hash_algo -+ && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { -+ break; -+ } -+ } -+ if (j >= UNIX_CTRLS_) { -+ pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD_NIS value [%s]", val); -+ } else { -+ ctrl &= unix_args[j].mask; /* for turning things off */ -+ ctrl |= unix_args[j].flag; /* for turning things on */ -+ } -+ free (val); -+ } -+ } -+ - /* - * First we encrypt the new password. - */ ---- modules/pam_unix/support.c -+++ modules/pam_unix/support.c 2016/04/11 13:49:32 -@@ -31,8 +31,8 @@ - #include "support.h" - #include "passverify.h" - --static char * --search_key (const char *key, const char *filename) -+char * -+_unix_search_key (const char *key, const char *filename) - { - FILE *fp; - char *buf = NULL; -@@ -153,7 +153,7 @@ - } - - /* preset encryption method with value from /etc/login.defs */ -- val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); -+ val = _unix_search_key ("ENCRYPT_METHOD", LOGIN_DEFS); - if (val) { - for (j = 0; j < UNIX_CTRLS_; ++j) { - if (unix_args[j].token && unix_args[j].is_hash_algo -@@ -171,7 +171,7 @@ - - /* read number of rounds for crypt algo */ - if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { -- val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); -+ val=_unix_search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); - - if (val) { - *rounds = strtol(val, NULL, 10); ---- modules/pam_unix/support.h -+++ modules/pam_unix/support.h 2016/04/11 13:49:32 -@@ -174,4 +174,5 @@ - - extern int _unix_run_verify_binary(pam_handle_t *pamh, - unsigned int ctrl, const char *user, int *daysleft); -+extern char *_unix_search_key(const char *key, const char *filename); - #endif /* _PAM_UNIX_SUPPORT_H */ diff --git a/etc.environment b/etc.environment deleted file mode 100644 index 09697f5..0000000 --- a/etc.environment +++ /dev/null @@ -1,5 +0,0 @@ -# -# This file is parsed by pam_env module -# -# Syntax: simple "KEY=VAL" pairs on seperate lines -# diff --git a/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz b/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz new file mode 100644 index 0000000..71e65e1 --- /dev/null +++ b/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5203477a4c8ea91e038e08f18efeb3836aa7b395de8b518f405eb3f43ea7fdbf +size 530264 diff --git a/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz b/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz new file mode 100644 index 0000000..6e424fe --- /dev/null +++ b/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:89397d7cb52e6a331b766d6219c6aaf3e3cc57c384ef8223f10c1f0ff4217bac +size 64012 diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh index 80ce8fd..d1f9e38 100644 --- a/pam-login_defs-check.sh +++ b/pam-login_defs-check.sh @@ -12,7 +12,7 @@ grep -rh LOGIN_DEFS . | sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' | LC_ALL=C sort -u >pam-login_defs-vars.lst -if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3e1ae01b1e928c53c828f64ab412be6267eb1018 ; then +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/pam.changes b/pam.changes index c84e094..0e5b788 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + ------------------------------------------------------------------- Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com diff --git a/pam.spec b/pam.spec index 7fec94b..e512b97 100644 --- a/pam.spec +++ b/pam.spec @@ -38,7 +38,7 @@ BuildRequires: libselinux-devel %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version: 1.3.1 +Version: 1.3.1+git20190807.e31dd6c Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -55,22 +55,21 @@ Requires(pre): user(root) Requires: login_defs-support-for-pam >= 1.3.1 #DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ -Source: Linux-PAM-%{version}.tar.xz -Source1: Linux-PAM-%{version}-docs.tar.xz -Source2: securetty +Source: linux-pam-%{version}.tar.xz +Source1: Linux-PAM-1.3.1-docs.tar.xz +Source2: linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz Source3: other.pamd Source4: common-auth.pamd Source5: common-account.pamd Source6: common-password.pamd Source7: common-session.pamd -Source8: etc.environment +Source8: securetty Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch -Patch3: encryption_method_nis.diff Patch4: pam-hostnames-in-access_conf.patch Patch5: use-correct-IP-address.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -120,17 +119,17 @@ building both PAM-aware applications and modules for use with PAM. %prep -%setup -q -n Linux-PAM-%{version} -b 1 +%setup -q -n linux-pam-%{version} -b 1 -a 2 +cp -av ../Linux-PAM-1.3.1/* . cp -a %{S:12} . %patch0 -p1 %patch2 -p1 -%patch3 -p0 %patch4 -p0 %patch5 -p1 %build bash ./pam-login_defs-check.sh -autoreconf -fiv +./autogen.sh export CFLAGS="%optflags -DNDEBUG" %configure \ --sbindir=/sbin \ @@ -142,7 +141,7 @@ export CFLAGS="%optflags -DNDEBUG" --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security make %{?_smp_mflags} -%__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/.libs/ -lpam +%__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/linux-pam-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/linux-pam-%{version}/libpam/.libs/ -lpam %check make %{?_smp_mflags} check @@ -157,10 +156,8 @@ make DESTDIR=$RPM_BUILD_ROOT install /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib} # Install documentation make -C doc install DESTDIR=$RPM_BUILD_ROOT -# install /etc/environment -install -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc/environment # install securetty -install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/etc +install -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc %ifarch s390 s390x echo "ttyS0" >> $RPM_BUILD_ROOT/etc/securetty echo "ttyS1" >> $RPM_BUILD_ROOT/etc/securetty -- 2.51.1 From 8952f5370e91d787a2c1fbaac28fdac90fd21b4d02309323de75b5fbd39a6109 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 21 Aug 2019 11:20:26 +0000 Subject: [PATCH 115/226] Accepting request 725009 from home:kukuk:etc Add /usr/etc/pam.d directory and read from it. OBS-URL: https://build.opensuse.org/request/show/725009 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=192 --- pam.changes | 5 ++ pam.spec | 180 ++++++++++++++++++++---------------------- usr-etc-support.patch | 81 +++++++++++++++++++ 3 files changed, 172 insertions(+), 94 deletions(-) create mode 100644 usr-etc-support.patch diff --git a/pam.changes b/pam.changes index 0e5b788..75cef9f 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + ------------------------------------------------------------------- Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index e512b97..2ea747a 100644 --- a/pam.spec +++ b/pam.spec @@ -18,43 +18,17 @@ # %define enable_selinux 1 - -Name: pam -Url: http://www.linux-pam.org/ -BuildRequires: audit-devel -BuildRequires: bison -BuildRequires: cracklib-devel -BuildRequires: flex -%if 0%{?suse_version} > 1320 -BuildRequires: libdb-4_8-devel -BuildRequires: xz -BuildRequires: pkgconfig(libnsl) -BuildRequires: pkgconfig(libtirpc) -%endif -%if %{enable_selinux} -BuildRequires: libselinux-devel -%endif %define libpam_so_version 0.84.2 %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 +Name: pam # Version: 1.3.1+git20190807.e31dd6c Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause Group: System/Libraries -PreReq: permissions -%if 0%{?suse_version} >= 1330 -Requires(pre): group(shadow) -Requires(pre): user(root) -%endif -# All login.defs variables require support from shadow side. -# Upgrade this symbol version only if new variables appear! -# Verify by shadow-login_defs-check.sh from shadow source package. -# Recent symbol includes variable from encryption_method_nis.diff. -Requires: login_defs-support-for-pam >= 1.3.1 - -#DL-URL: https://fedorahosted.org/releases/l/i/linux-pam/ +URL: http://www.linux-pam.org/ Source: linux-pam-%{version}.tar.xz Source1: Linux-PAM-1.3.1-docs.tar.xz Source2: linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz @@ -72,20 +46,40 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: use-correct-IP-address.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: libdb-4_8-devel +Patch6: usr-etc-support.patch +BuildRequires: audit-devel # Remove with next version update: BuildRequires: autoconf BuildRequires: automake +BuildRequires: bison +BuildRequires: cracklib-devel +BuildRequires: flex +BuildRequires: libdb-4_8-devel BuildRequires: libtool +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Requires: login_defs-support-for-pam >= 1.3.1 +Requires(post): permissions +%if 0%{?suse_version} > 1320 +BuildRequires: libdb-4_8-devel +BuildRequires: xz +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{enable_selinux} +BuildRequires: libselinux-devel +%endif +%if 0%{?suse_version} >= 1330 +Requires(pre): group(shadow) +Requires(pre): user(root) +%endif %description PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. - - %package doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML @@ -100,8 +94,6 @@ having to recompile programs that do authentication. This package contains the documentation. - - %package devel Summary: Include Files and Libraries for PAM-Development Group: Development/Libraries/C and C++ @@ -116,24 +108,23 @@ having to recompile programs which do authentication. This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. - - %prep %setup -q -n linux-pam-%{version} -b 1 -a 2 -cp -av ../Linux-PAM-1.3.1/* . -cp -a %{S:12} . +cp -av ../Linux-PAM-1.3.1/* . +cp -a %{SOURCE12} . %patch0 -p1 %patch2 -p1 -%patch4 -p0 +%patch4 %patch5 -p1 +%patch6 %build bash ./pam-login_defs-check.sh ./autogen.sh -export CFLAGS="%optflags -DNDEBUG" +export CFLAGS="%{optflags} -DNDEBUG" %configure \ --sbindir=/sbin \ - --includedir=%_includedir/security \ + --includedir=%{_includedir}/security \ --docdir=%{_docdir}/pam \ --htmldir=%{_docdir}/pam/html \ --pdfdir=%{_docdir}/pam/pdf \ @@ -141,62 +132,63 @@ export CFLAGS="%optflags -DNDEBUG" --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security make %{?_smp_mflags} -%__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/linux-pam-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/linux-pam-%{version}/libpam/.libs/ -lpam +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/linux-pam-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/linux-pam-%{version}/libpam/.libs/ -lpam %check make %{?_smp_mflags} check %install -mkdir -p $RPM_BUILD_ROOT/etc/pam.d -mkdir -p $RPM_BUILD_ROOT/usr/include/security -mkdir -p $RPM_BUILD_ROOT/%{_lib}/security -mkdir -p $RPM_BUILD_ROOT/sbin -mkdir -p -m 755 $RPM_BUILD_ROOT%{_libdir} -make DESTDIR=$RPM_BUILD_ROOT install -/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib} +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +mkdir -p %{buildroot}%{_prefix}%{_sysconfdir}/pam.d +mkdir -p %{buildroot}%{_includedir}/security +mkdir -p %{buildroot}/%{_lib}/security +mkdir -p %{buildroot}/sbin +mkdir -p -m 755 %{buildroot}%{_libdir} +%make_install +/sbin/ldconfig -n %{buildroot}/%{_lib} # Install documentation -make -C doc install DESTDIR=$RPM_BUILD_ROOT +make -C doc install DESTDIR=%{buildroot} # install securetty -install -m 644 %{SOURCE8} $RPM_BUILD_ROOT/etc +install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir} %ifarch s390 s390x -echo "ttyS0" >> $RPM_BUILD_ROOT/etc/securetty -echo "ttyS1" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc0" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc1" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc2" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc3" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc4" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc5" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc6" >> $RPM_BUILD_ROOT/etc/securetty -echo "hvc7" >> $RPM_BUILD_ROOT/etc/securetty -echo "sclp_line0" >> $RPM_BUILD_ROOT/etc/securetty -echo "ttysclp0" >> $RPM_BUILD_ROOT/etc/securetty +echo "ttyS0" >> %{buildroot}%{_sysconfdir}/securetty +echo "ttyS1" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc0" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc1" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc2" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc3" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc4" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc5" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc6" >> %{buildroot}%{_sysconfdir}/securetty +echo "hvc7" >> %{buildroot}%{_sysconfdir}/securetty +echo "sclp_line0" >> %{buildroot}%{_sysconfdir}/securetty +echo "ttysclp0" >> %{buildroot}%{_sysconfdir}/securetty %endif # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript -install -d $RPM_BUILD_ROOT%{_sysconfdir}/security/namespace.d +install -d %{buildroot}%{_sysconfdir}/security/namespace.d # install other.pamd and common-*.pamd -install -m 644 %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/other -install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/common-auth -install -m 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/common-account -install -m 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/common-password -install -m 644 %{SOURCE7} $RPM_BUILD_ROOT/etc/pam.d/common-session -rm $RPM_BUILD_ROOT/%{_lib}/libpam.so -ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam.so -rm $RPM_BUILD_ROOT/%{_lib}/libpamc.so -ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpamc.so -rm $RPM_BUILD_ROOT/%{_lib}/libpam_misc.so -ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} $RPM_BUILD_ROOT%{_libdir}/libpam_misc.so +install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/other +install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pam.d/common-session +rm %{buildroot}/%{_lib}/libpam.so +ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} %{buildroot}%{_libdir}/libpam.so +rm %{buildroot}/%{_lib}/libpamc.so +ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} %{buildroot}%{_libdir}/libpamc.so +rm %{buildroot}/%{_lib}/libpam_misc.so +ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} %{buildroot}%{_libdir}/libpam_misc.so # # Remove crap # -rm -rf $RPM_BUILD_ROOT/%{_lib}/*.la $RPM_BUILD_ROOT/%{_lib}/security/*.la +find %{buildroot} -type f -name "*.la" -delete -print for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f $RPM_BUILD_ROOT/%{_lib}/security/pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/$x.so + ln -f %{buildroot}/%{_lib}/security/pam_unix.so %{buildroot}/%{_lib}/security/$x.so done # # Install READMEs of PAM modules # -DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam +DOC=%{buildroot}%{_defaultdocdir}/pam mkdir -p $DOC/modules ( cd modules; @@ -207,15 +199,15 @@ mkdir -p $DOC/modules # # pam_tally is deprecated since ages # -rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so -rm -f $RPM_BUILD_ROOT/sbin/pam_tally -rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* -rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/pam/modules/README.pam_tally +rm -f %{buildroot}/%{_lib}/security/pam_tally.so +rm -f %{buildroot}/sbin/pam_tally +rm -f %{buildroot}%{_mandir}/man8/pam_tally.8* +rm -f %{buildroot}%{_defaultdocdir}/pam/modules/README.pam_tally # Install unix2_chkpwd -install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/ -install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ +install -m 755 $RPM_BUILD_DIR/unix2_chkpwd %{buildroot}/sbin/ +install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 %{buildroot}%{_mandir}/man8/ # Create filelist with translatins -%{find_lang} Linux-PAM +%find_lang Linux-PAM %verifyscript %verify_permissions -e /sbin/unix_chkpwd @@ -229,8 +221,8 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ %postun -p /sbin/ldconfig %files -f Linux-PAM.lang -%defattr(-,root,root) %dir %{_sysconfdir}/pam.d +%dir %{_prefix}%{_sysconfdir}/pam.d %dir %{_sysconfdir}/security %dir %{_sysconfdir}/security/limits.d %dir %{_defaultdocdir}/pam @@ -248,13 +240,13 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ %config(noreplace) %{_sysconfdir}/security/time.conf %config(noreplace) %{_sysconfdir}/security/namespace.conf %config(noreplace) %{_sysconfdir}/security/namespace.init -%dir %{_sysconfdir}/security/namespace.d +%dir %{_sysconfdir}/security/namespace.d %doc NEWS %license COPYING -%doc %{_mandir}/man5/environment.5* -%doc %{_mandir}/man5/*.conf.5* -%doc %{_mandir}/man5/pam.d.5* -%doc %{_mandir}/man8/* +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man8/* /%{_lib}/libpam.so.0 /%{_lib}/libpam.so.%{libpam_so_version} /%{_lib}/libpamc.so.0 @@ -330,9 +322,9 @@ install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ %files devel %defattr(644,root,root,755) -%dir /usr/include/security -%doc %{_mandir}/man3/pam* -%doc %{_mandir}/man3/misc_conv.3* +%dir %{_includedir}/security +%{_mandir}/man3/pam* +%{_mandir}/man3/misc_conv.3%{?ext_man} %{_includedir}/security/*.h %{_libdir}/libpam.so %{_libdir}/libpamc.so diff --git a/usr-etc-support.patch b/usr-etc-support.patch new file mode 100644 index 0000000..631b095 --- /dev/null +++ b/usr-etc-support.patch @@ -0,0 +1,81 @@ +--- doc/man/pam.8.xml ++++ doc/man/pam.8.xml 2019/08/16 13:37:44 +@@ -53,11 +53,13 @@ + + + Vendor-supplied PAM configuration files might be installed in +- the system directory /usr/lib/pam.d/ instead ++ the system directory /usr/lib/pam.d/ or ++ /usr/etc/pam.d/ instead + of the machine configuration directory /etc/pam.d/. + If no machine configuration file is found, the vendor-supplied file + is used. All files in /etc/pam.d/ override +- files with the same name in /usr/lib/pam.d/. ++ files with the same name in /usr/lib/pam.d/, ++ which override files with the same name in /usr/etc/pam.d/. + + + From the point of view of the system administrator, for whom this +@@ -157,6 +159,16 @@ + + + ++ /usr/etc/pam.d ++ ++ ++ the Linux-PAM vendor configuration ++ directory. Files in /etc/pam.d and ++ /usr/lib/pam.d override files with the same ++ name in this directory. ++ ++ ++ + + + +--- libpam/pam_handlers.c ++++ libpam/pam_handlers.c 2019/08/16 13:35:31 +@@ -329,6 +329,21 @@ + *file = f; + return PAM_SUCCESS; + } ++ ++ /* System Configuration /usr/etc/pam.d/ */ ++ _pam_drop(p); ++ if (asprintf (&p, PAM_CONFIG_DIST2_DF, service) < 0) { ++ pam_syslog(pamh, LOG_CRIT, "asprintf failed"); ++ return PAM_BUF_ERR; ++ } ++ D(("opening %s", p)); ++ f = fopen(p, "r"); ++ if (f != NULL) { ++ *path = p; ++ *file = f; ++ return PAM_SUCCESS; ++ } ++ + _pam_drop(p); + + return PAM_ABORT; +@@ -447,7 +462,8 @@ + + /* Is there a PAM_CONFIG_D directory? */ + if ((stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) || +- (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) { ++ (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) || ++ (stat(PAM_CONFIG_DIST2_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) { + char *path = NULL; + int read_something=0; + +--- libpam/pam_private.h ++++ libpam/pam_private.h 2019/08/16 13:33:04 +@@ -29,6 +29,9 @@ + #define PAM_CONFIG_DF "/etc/pam.d/%s" + #define PAM_CONFIG_DIST_D "/usr/lib/pam.d" + #define PAM_CONFIG_DIST_DF "/usr/lib/pam.d/%s" ++#define PAM_CONFIG_DIST2_D "/usr/etc/pam.d" ++#define PAM_CONFIG_DIST2_DF "/usr/etc/pam.d/%s" ++ + + #define PAM_DEFAULT_SERVICE "other" /* lower case */ + -- 2.51.1 From 9b6fc55e330c5759478cca7249f219b8faf92fd1f4869c7d99d6e24c06ab44e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 23 Aug 2019 12:39:21 +0000 Subject: [PATCH 116/226] Accepting request 725419 from home:jengelh:branches:Linux-PAM - Replace old $RPM_* shell vars by macros. - Avoid unnecessary invocation of subshells. - Shorten recipe for constructing securetty contents on s390. OBS-URL: https://build.opensuse.org/request/show/725419 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=193 --- pam.changes | 7 +++++++ pam.spec | 36 +++++++++++++----------------------- 2 files changed, 20 insertions(+), 23 deletions(-) diff --git a/pam.changes b/pam.changes index 75cef9f..e52b4d2 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + ------------------------------------------------------------------- Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 2ea747a..b22d1dd 100644 --- a/pam.spec +++ b/pam.spec @@ -95,7 +95,7 @@ having to recompile programs that do authentication. This package contains the documentation. %package devel -Summary: Include Files and Libraries for PAM-Development +Summary: Include Files and Libraries for PAM Development Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: pam = %{version} @@ -132,7 +132,7 @@ export CFLAGS="%{optflags} -DNDEBUG" --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security make %{?_smp_mflags} -gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/linux-pam-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/linux-pam-%{version}/libpam/.libs/ -lpam +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam %check make %{?_smp_mflags} check @@ -147,22 +147,13 @@ mkdir -p -m 755 %{buildroot}%{_libdir} %make_install /sbin/ldconfig -n %{buildroot}/%{_lib} # Install documentation -make -C doc install DESTDIR=%{buildroot} +%make_install -C doc # install securetty install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir} %ifarch s390 s390x -echo "ttyS0" >> %{buildroot}%{_sysconfdir}/securetty -echo "ttyS1" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc0" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc1" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc2" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc3" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc4" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc5" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc6" >> %{buildroot}%{_sysconfdir}/securetty -echo "hvc7" >> %{buildroot}%{_sysconfdir}/securetty -echo "sclp_line0" >> %{buildroot}%{_sysconfdir}/securetty -echo "ttysclp0" >> %{buildroot}%{_sysconfdir}/securetty +for i in ttyS0 ttyS1 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 sclp_line0 ttysclp0; do + echo "$i" >>%{buildroot}/%{_sysconfdir}/securetty +done %endif # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript install -d %{buildroot}%{_sysconfdir}/security/namespace.d @@ -190,12 +181,11 @@ done # DOC=%{buildroot}%{_defaultdocdir}/pam mkdir -p $DOC/modules -( - cd modules; - for i in pam_*/README ; do - cp -fpv ${i} $DOC/modules/README.`dirname ${i}` - done -) +pushd modules +for i in pam_*/README; do + cp -fpv "$i" "$DOC/modules/README.${i%/*}" +done +popd # # pam_tally is deprecated since ages # @@ -204,8 +194,8 @@ rm -f %{buildroot}/sbin/pam_tally rm -f %{buildroot}%{_mandir}/man8/pam_tally.8* rm -f %{buildroot}%{_defaultdocdir}/pam/modules/README.pam_tally # Install unix2_chkpwd -install -m 755 $RPM_BUILD_DIR/unix2_chkpwd %{buildroot}/sbin/ -install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 %{buildroot}%{_mandir}/man8/ +install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/ +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ # Create filelist with translatins %find_lang Linux-PAM -- 2.51.1 From 2a42ae9f1f071d7623c96bc939927023328b05ec8b3a1513f9a4c0632183e661 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 25 Sep 2019 10:16:25 +0000 Subject: [PATCH 117/226] Accepting request 733118 from home:kukuk:etc - Update to version 1.3.1+git20190923.ea78d67: * Fixed missing quotes in configure script * Add support for a vendor directory and libeconf (#136) * pam_lastlog: document the 'unlimited' option * pam_lastlog: prevent crash due to reduced 'fsize' limit * pam_unix_sess.c add uid for opening session * Fix the man page for "pam_fail_delay()" * Fix a typo * Update a function comment - drop usr-etc-support.patch (accepted upstream) - Add migration support from /etc to /usr/etc during upgrade - Update to version 1.3.1+git20190902.9de67ee: * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd - Update to version 1.3.1+git20190826.1b087ed: * libpam/pam_modutil_sanitize.c: optimize the way to close fds OBS-URL: https://build.opensuse.org/request/show/733118 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=195 --- _servicedata | 2 +- libeconf.patch | 74 +++++++++++++++++ linux-pam-1.3.1+git20190807.e31dd6c.tar.xz | 3 - linux-pam-1.3.1+git20190923.ea78d67.tar.xz | 3 + ...man-pages-1.3.1+git20190807.e31dd6c.tar.xz | 3 - pam.changes | 31 +++++++ pam.spec | 51 ++++++++---- usr-etc-support.patch | 81 ------------------- 8 files changed, 145 insertions(+), 103 deletions(-) create mode 100644 libeconf.patch delete mode 100644 linux-pam-1.3.1+git20190807.e31dd6c.tar.xz create mode 100644 linux-pam-1.3.1+git20190923.ea78d67.tar.xz delete mode 100644 linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz delete mode 100644 usr-etc-support.patch diff --git a/_servicedata b/_servicedata index bf2e116..ea102f1 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ git://github.com/linux-pam/linux-pam.git - e31dd6c7d0faa7a06d3ebd50a0b6957b9f822d15 + ea78d6764353c5510b235846452e6810d009b78e \ No newline at end of file diff --git a/libeconf.patch b/libeconf.patch new file mode 100644 index 0000000..e2e943b --- /dev/null +++ b/libeconf.patch @@ -0,0 +1,74 @@ +diff --git a/libpam/Makefile.am b/libpam/Makefile.am +index 875031e..9f27c16 100644 +--- a/libpam/Makefile.am ++++ b/libpam/Makefile.am +@@ -3,7 +3,8 @@ + # + + AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ +- -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) -DPAM_VERSION=\"$(VERSION)\" ++ -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) \ ++ -DPAM_VERSION=\"$(VERSION)\" @ECONF_CFLAGS@ + if HAVE_LIBSELINUX + AM_CFLAGS += -D"WITH_SELINUX" + endif +@@ -21,7 +22,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ + pam_modutil_private.h + + libpam_la_LDFLAGS = -no-undefined -version-info 84:2:84 +-libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ ++libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ @ECONF_LIBS@ + + if HAVE_VERSIONING + libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map +diff --git a/libpam/pam_modutil_searchkey.c b/libpam/pam_modutil_searchkey.c +index 338b44f..8e4061f 100644 +--- a/libpam/pam_modutil_searchkey.c ++++ b/libpam/pam_modutil_searchkey.c +@@ -13,9 +13,34 @@ + #include + #include + #include ++#ifdef USE_ECONF ++#include ++#endif + + #define BUF_SIZE 8192 + ++#ifdef USE_ECONF ++#define LOGIN_DEFS "/etc/login.defs" ++ ++static char * ++econf_search_key (const char *name, const char *suffix, const char *key) ++{ ++ econf_file *key_file = NULL; ++ char *val; ++ ++ if (econf_readDirs (&key_file, "/usr/etc", "/etc", name, suffix, " \t", "#")) ++ return NULL; ++ ++ if (econf_getStringValue (key_file, NULL, key, &val)) ++ return NULL; ++ ++ econf_free (key_file); ++ ++ return val; ++} ++ ++#endif ++ + /* lookup a value for key in login.defs file or similar key value format */ + char * + pam_modutil_search_key(pam_handle_t *pamh UNUSED, +@@ -27,6 +52,11 @@ pam_modutil_search_key(pam_handle_t *pamh UNUSED, + size_t buflen = 0; + char *retval = NULL; + ++#ifdef USE_ECONF ++ if (strcmp (file_name, LOGIN_DEFS) == 0) ++ return econf_search_key ("login", ".defs", key); ++#endif ++ + fp = fopen(file_name, "r"); + if (NULL == fp) + return NULL; diff --git a/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz b/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz deleted file mode 100644 index 71e65e1..0000000 --- a/linux-pam-1.3.1+git20190807.e31dd6c.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5203477a4c8ea91e038e08f18efeb3836aa7b395de8b518f405eb3f43ea7fdbf -size 530264 diff --git a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz new file mode 100644 index 0000000..bb14cc8 --- /dev/null +++ b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f +size 970564 diff --git a/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz b/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz deleted file mode 100644 index 6e424fe..0000000 --- a/linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:89397d7cb52e6a331b766d6219c6aaf3e3cc57c384ef8223f10c1f0ff4217bac -size 64012 diff --git a/pam.changes b/pam.changes index e52b4d2..36d5586 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + ------------------------------------------------------------------- Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt diff --git a/pam.spec b/pam.spec index b22d1dd..2b53dfe 100644 --- a/pam.spec +++ b/pam.spec @@ -16,6 +16,11 @@ # +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} + %define config_noreplace 1 +%endif + # %define enable_selinux 1 %define libpam_so_version 0.84.2 @@ -23,7 +28,7 @@ %define libpamc_so_version 0.82.1 Name: pam # -Version: 1.3.1+git20190807.e31dd6c +Version: 1.3.1+git20190923.ea78d67 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -31,7 +36,6 @@ Group: System/Libraries URL: http://www.linux-pam.org/ Source: linux-pam-%{version}.tar.xz Source1: Linux-PAM-1.3.1-docs.tar.xz -Source2: linux-pam-man-pages-1.3.1+git20190807.e31dd6c.tar.xz Source3: other.pamd Source4: common-auth.pamd Source5: common-account.pamd @@ -46,7 +50,6 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: use-correct-IP-address.patch -Patch6: usr-etc-support.patch BuildRequires: audit-devel # Remove with next version update: BuildRequires: autoconf @@ -64,6 +67,7 @@ Requires(post): permissions %if 0%{?suse_version} > 1320 BuildRequires: libdb-4_8-devel BuildRequires: xz +BuildRequires: pkgconfig(libeconf) BuildRequires: pkgconfig(libnsl) BuildRequires: pkgconfig(libtirpc) %endif @@ -109,14 +113,13 @@ This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. %prep -%setup -q -n linux-pam-%{version} -b 1 -a 2 +%setup -q -n linux-pam-%{version} -b 1 cp -av ../Linux-PAM-1.3.1/* . cp -a %{SOURCE12} . %patch0 -p1 %patch2 -p1 %patch4 %patch5 -p1 -%patch6 %build bash ./pam-login_defs-check.sh @@ -130,7 +133,8 @@ export CFLAGS="%{optflags} -DNDEBUG" --pdfdir=%{_docdir}/pam/pdf \ --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ - --enable-securedir=/%{_lib}/security + --enable-securedir=/%{_lib}/security \ + --enable-vendordir=%{_distconfdir} make %{?_smp_mflags} gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam @@ -139,7 +143,7 @@ make %{?_smp_mflags} check %install mkdir -p %{buildroot}%{_sysconfdir}/pam.d -mkdir -p %{buildroot}%{_prefix}%{_sysconfdir}/pam.d +mkdir -p %{buildroot}%{_distconfdir}/pam.d mkdir -p %{buildroot}%{_includedir}/security mkdir -p %{buildroot}/%{_lib}/security mkdir -p %{buildroot}/sbin @@ -149,20 +153,20 @@ mkdir -p -m 755 %{buildroot}%{_libdir} # Install documentation %make_install -C doc # install securetty -install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir} +install -m 644 %{SOURCE8} %{buildroot}%{_distconfdir} %ifarch s390 s390x for i in ttyS0 ttyS1 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 sclp_line0 ttysclp0; do - echo "$i" >>%{buildroot}/%{_sysconfdir}/securetty + echo "$i" >>%{buildroot}/%{_distconfdir}/securetty done %endif # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript install -d %{buildroot}%{_sysconfdir}/security/namespace.d # install other.pamd and common-*.pamd -install -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/other -install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/common-auth -install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/common-account -install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/common-password -install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pam.d/common-session +install -m 644 %{SOURCE3} %{buildroot}%{_distconfdir}/pam.d/other +install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_distconfdir}/pam.d/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_distconfdir}/pam.d/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_distconfdir}/pam.d/common-session rm %{buildroot}/%{_lib}/libpam.so ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} %{buildroot}%{_libdir}/libpam.so rm %{buildroot}/%{_lib}/libpamc.so @@ -210,15 +214,32 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ %postun -p /sbin/ldconfig +%pre +for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do + test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do + test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: +done + %files -f Linux-PAM.lang %dir %{_sysconfdir}/pam.d -%dir %{_prefix}%{_sysconfdir}/pam.d +%dir %{_distconfdir}/pam.d %dir %{_sysconfdir}/security %dir %{_sysconfdir}/security/limits.d %dir %{_defaultdocdir}/pam +%if %{defined config_noreplace} %config(noreplace) %{_sysconfdir}/pam.d/other %config(noreplace) %{_sysconfdir}/pam.d/common-* %config(noreplace) %{_sysconfdir}/securetty +%else +%{_distconfdir}/pam.d/other +%{_distconfdir}/pam.d/common-* +%{_distconfdir}/securetty +%endif %config(noreplace) %{_sysconfdir}/environment %config(noreplace) %{_sysconfdir}/security/access.conf %config(noreplace) %{_sysconfdir}/security/group.conf diff --git a/usr-etc-support.patch b/usr-etc-support.patch deleted file mode 100644 index 631b095..0000000 --- a/usr-etc-support.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- doc/man/pam.8.xml -+++ doc/man/pam.8.xml 2019/08/16 13:37:44 -@@ -53,11 +53,13 @@ - - - Vendor-supplied PAM configuration files might be installed in -- the system directory /usr/lib/pam.d/ instead -+ the system directory /usr/lib/pam.d/ or -+ /usr/etc/pam.d/ instead - of the machine configuration directory /etc/pam.d/. - If no machine configuration file is found, the vendor-supplied file - is used. All files in /etc/pam.d/ override -- files with the same name in /usr/lib/pam.d/. -+ files with the same name in /usr/lib/pam.d/, -+ which override files with the same name in /usr/etc/pam.d/. - - - From the point of view of the system administrator, for whom this -@@ -157,6 +159,16 @@ - - - -+ /usr/etc/pam.d -+ -+ -+ the Linux-PAM vendor configuration -+ directory. Files in /etc/pam.d and -+ /usr/lib/pam.d override files with the same -+ name in this directory. -+ -+ -+ - - - ---- libpam/pam_handlers.c -+++ libpam/pam_handlers.c 2019/08/16 13:35:31 -@@ -329,6 +329,21 @@ - *file = f; - return PAM_SUCCESS; - } -+ -+ /* System Configuration /usr/etc/pam.d/ */ -+ _pam_drop(p); -+ if (asprintf (&p, PAM_CONFIG_DIST2_DF, service) < 0) { -+ pam_syslog(pamh, LOG_CRIT, "asprintf failed"); -+ return PAM_BUF_ERR; -+ } -+ D(("opening %s", p)); -+ f = fopen(p, "r"); -+ if (f != NULL) { -+ *path = p; -+ *file = f; -+ return PAM_SUCCESS; -+ } -+ - _pam_drop(p); - - return PAM_ABORT; -@@ -447,7 +462,8 @@ - - /* Is there a PAM_CONFIG_D directory? */ - if ((stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) || -- (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) { -+ (stat(PAM_CONFIG_DIST_D, &test_d) == 0 && S_ISDIR(test_d.st_mode)) || -+ (stat(PAM_CONFIG_DIST2_D, &test_d) == 0 && S_ISDIR(test_d.st_mode))) { - char *path = NULL; - int read_something=0; - ---- libpam/pam_private.h -+++ libpam/pam_private.h 2019/08/16 13:33:04 -@@ -29,6 +29,9 @@ - #define PAM_CONFIG_DF "/etc/pam.d/%s" - #define PAM_CONFIG_DIST_D "/usr/lib/pam.d" - #define PAM_CONFIG_DIST_DF "/usr/lib/pam.d/%s" -+#define PAM_CONFIG_DIST2_D "/usr/etc/pam.d" -+#define PAM_CONFIG_DIST2_DF "/usr/etc/pam.d/%s" -+ - - #define PAM_DEFAULT_SERVICE "other" /* lower case */ - -- 2.51.1 From 00eb197f1c10fa6ab4bb6dcc7c0ee1ae0a1aa0fc9fc62c7775db9ae68a380305 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 25 Sep 2019 10:24:12 +0000 Subject: [PATCH 118/226] Accepting request 733123 from home:kukuk:etc OBS-URL: https://build.opensuse.org/request/show/733123 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=196 --- libeconf.patch | 74 -------------------------------------------------- 1 file changed, 74 deletions(-) delete mode 100644 libeconf.patch diff --git a/libeconf.patch b/libeconf.patch deleted file mode 100644 index e2e943b..0000000 --- a/libeconf.patch +++ /dev/null @@ -1,74 +0,0 @@ -diff --git a/libpam/Makefile.am b/libpam/Makefile.am -index 875031e..9f27c16 100644 ---- a/libpam/Makefile.am -+++ b/libpam/Makefile.am -@@ -3,7 +3,8 @@ - # - - AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ -- -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) -DPAM_VERSION=\"$(VERSION)\" -+ -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) \ -+ -DPAM_VERSION=\"$(VERSION)\" @ECONF_CFLAGS@ - if HAVE_LIBSELINUX - AM_CFLAGS += -D"WITH_SELINUX" - endif -@@ -21,7 +22,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h - - libpam_la_LDFLAGS = -no-undefined -version-info 84:2:84 --libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ -+libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ @ECONF_LIBS@ - - if HAVE_VERSIONING - libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map -diff --git a/libpam/pam_modutil_searchkey.c b/libpam/pam_modutil_searchkey.c -index 338b44f..8e4061f 100644 ---- a/libpam/pam_modutil_searchkey.c -+++ b/libpam/pam_modutil_searchkey.c -@@ -13,9 +13,34 @@ - #include - #include - #include -+#ifdef USE_ECONF -+#include -+#endif - - #define BUF_SIZE 8192 - -+#ifdef USE_ECONF -+#define LOGIN_DEFS "/etc/login.defs" -+ -+static char * -+econf_search_key (const char *name, const char *suffix, const char *key) -+{ -+ econf_file *key_file = NULL; -+ char *val; -+ -+ if (econf_readDirs (&key_file, "/usr/etc", "/etc", name, suffix, " \t", "#")) -+ return NULL; -+ -+ if (econf_getStringValue (key_file, NULL, key, &val)) -+ return NULL; -+ -+ econf_free (key_file); -+ -+ return val; -+} -+ -+#endif -+ - /* lookup a value for key in login.defs file or similar key value format */ - char * - pam_modutil_search_key(pam_handle_t *pamh UNUSED, -@@ -27,6 +52,11 @@ pam_modutil_search_key(pam_handle_t *pamh UNUSED, - size_t buflen = 0; - char *retval = NULL; - -+#ifdef USE_ECONF -+ if (strcmp (file_name, LOGIN_DEFS) == 0) -+ return econf_search_key ("login", ".defs", key); -+#endif -+ - fp = fopen(file_name, "r"); - if (NULL == fp) - return NULL; -- 2.51.1 From cf68a1d155754bf8ed7d0637288181ff78185153c5ce263529814f725f253eab Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 27 Feb 2020 14:49:37 +0000 Subject: [PATCH 119/226] Accepting request 779951 from home:kukuk:container - Recommend login.defs only (no hard requirement) OBS-URL: https://build.opensuse.org/request/show/779951 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=198 --- pam.changes | 5 +++++ pam.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pam.changes b/pam.changes index 36d5586..e12d9b1 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + ------------------------------------------------------------------- Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com diff --git a/pam.spec b/pam.spec index 2b53dfe..5e2a682 100644 --- a/pam.spec +++ b/pam.spec @@ -1,7 +1,7 @@ # # spec file for package pam # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -62,7 +62,7 @@ BuildRequires: libtool # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! # Verify by shadow-login_defs-check.sh from shadow source package. -Requires: login_defs-support-for-pam >= 1.3.1 +Recommends: login_defs-support-for-pam >= 1.3.1 Requires(post): permissions %if 0%{?suse_version} > 1320 BuildRequires: libdb-4_8-devel -- 2.51.1 From 5d430d6c0922444599579f06d66274b22ee98c5683f6613c1f69b051114f4c08 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Thu, 12 Mar 2020 17:33:26 +0000 Subject: [PATCH 120/226] Accepting request 784373 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/784373 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=200 --- pam.changes | 8 ++++++++ pam.spec | 5 +---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/pam.changes b/pam.changes index e12d9b1..1ad203b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + [bsc#1164562, bsc#1166510, pam.spec] + ------------------------------------------------------------------- Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 5e2a682..d731051 100644 --- a/pam.spec +++ b/pam.spec @@ -57,16 +57,14 @@ BuildRequires: automake BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex -BuildRequires: libdb-4_8-devel BuildRequires: libtool # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! # Verify by shadow-login_defs-check.sh from shadow source package. Recommends: login_defs-support-for-pam >= 1.3.1 Requires(post): permissions -%if 0%{?suse_version} > 1320 -BuildRequires: libdb-4_8-devel BuildRequires: xz +%if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) BuildRequires: pkgconfig(libnsl) BuildRequires: pkgconfig(libtirpc) @@ -312,7 +310,6 @@ done /%{_lib}/security/pam_unix_auth.so /%{_lib}/security/pam_unix_passwd.so /%{_lib}/security/pam_unix_session.so -/%{_lib}/security/pam_userdb.so /%{_lib}/security/pam_warn.so /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so -- 2.51.1 From 646605de549766cd949275460fd816fc8f92ca6caad8f17c5c852e3ae5590541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 13 Mar 2020 10:05:34 +0000 Subject: [PATCH 121/226] Accepting request 784596 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/784596 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=201 --- pam.changes | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index 1ad203b..e83089e 100644 --- a/pam.changes +++ b/pam.changes @@ -4,7 +4,8 @@ Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers - Removed pam_userdb from this package and moved to pam-modules. This removed the requirement for libdb. Also made "xz" required for all releases. - [bsc#1164562, bsc#1166510, pam.spec] + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] ------------------------------------------------------------------- Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de -- 2.51.1 From 43d953ce3449a24bb8bce4db0308ec01600ff6754d4fce395d3e818e202fd0d7 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sat, 21 Mar 2020 15:44:00 +0000 Subject: [PATCH 122/226] Accepting request 786905 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/786905 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=203 --- pam.changes | 7 +++++++ pam.spec | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/pam.changes b/pam.changes index e83089e..6e57095 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + ------------------------------------------------------------------- Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index d731051..cf3ec93 100644 --- a/pam.spec +++ b/pam.spec @@ -82,6 +82,21 @@ PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. +%package extra +Summary: PAM module to authenticate against a separate database +Group: System/Libraries%description +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains useful extra modules eg pam_userdb which is +used to verify a username/password pair against values stored in +a Berkeley DB database. + %package doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML @@ -320,6 +335,11 @@ done %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %attr(0700,root,root) /sbin/unix_update +%files extra +%defattr(-,root,root,755) +%attr(755,root,root) /%{_lib}/security/pam_userdb.so +%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz + %files doc %defattr(644,root,root,755) %dir %{_defaultdocdir}/pam -- 2.51.1 From eb2d7193a4d9f05ba213ab42d410915332aba5319464d9d65c6056b872a323c9 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 26 Mar 2020 10:22:45 +0000 Subject: [PATCH 123/226] Accepting request 788262 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/788262 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=204 --- pam.changes | 9 +++++++++ pam.spec | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/pam.changes b/pam.changes index 6e57095..7bae81b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + ------------------------------------------------------------------- Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index cf3ec93..693f6d2 100644 --- a/pam.spec +++ b/pam.spec @@ -239,11 +239,11 @@ for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/comm done %files -f Linux-PAM.lang +%exclude %{_defaultdocdir}/pam %dir %{_sysconfdir}/pam.d %dir %{_distconfdir}/pam.d %dir %{_sysconfdir}/security %dir %{_sysconfdir}/security/limits.d -%dir %{_defaultdocdir}/pam %if %{defined config_noreplace} %config(noreplace) %{_sysconfdir}/pam.d/other %config(noreplace) %{_sysconfdir}/pam.d/common-* @@ -270,7 +270,54 @@ done %{_mandir}/man5/environment.5%{?ext_man} %{_mandir}/man5/*.conf.5%{?ext_man} %{_mandir}/man5/pam.d.5%{?ext_man} -%{_mandir}/man8/* +%{_mandir}/man8/mkhomedir_helper.8.gz +%{_mandir}/man8/pam.8.gz +%{_mandir}/man8/PAM.8.gz +%{_mandir}/man8/pam_access.8.gz +%{_mandir}/man8/pam_cracklib.8.gz +%{_mandir}/man8/pam_debug.8.gz +%{_mandir}/man8/pam_deny.8.gz +%{_mandir}/man8/pam_echo.8.gz +%{_mandir}/man8/pam_env.8.gz +%{_mandir}/man8/pam_exec.8.gz +%{_mandir}/man8/pam_faildelay.8.gz +%{_mandir}/man8/pam_filter.8.gz +%{_mandir}/man8/pam_ftp.8.gz +%{_mandir}/man8/pam_group.8.gz +%{_mandir}/man8/pam_issue.8.gz +%{_mandir}/man8/pam_keyinit.8.gz +%{_mandir}/man8/pam_lastlog.8.gz +%{_mandir}/man8/pam_limits.8.gz +%{_mandir}/man8/pam_listfile.8.gz +%{_mandir}/man8/pam_localuser.8.gz +%{_mandir}/man8/pam_loginuid.8.gz +%{_mandir}/man8/pam_mail.8.gz +%{_mandir}/man8/pam_mkhomedir.8.gz +%{_mandir}/man8/pam_motd.8.gz +%{_mandir}/man8/pam_namespace.8.gz +%{_mandir}/man8/pam_nologin.8.gz +%{_mandir}/man8/pam_permit.8.gz +%{_mandir}/man8/pam_pwhistory.8.gz +%{_mandir}/man8/pam_rhosts.8.gz +%{_mandir}/man8/pam_rootok.8.gz +%{_mandir}/man8/pam_securetty.8.gz +%{_mandir}/man8/pam_selinux.8.gz +%{_mandir}/man8/pam_sepermit.8.gz +%{_mandir}/man8/pam_shells.8.gz +%{_mandir}/man8/pam_succeed_if.8.gz +%{_mandir}/man8/pam_tally2.8.gz +%{_mandir}/man8/pam_time.8.gz +%{_mandir}/man8/pam_timestamp.8.gz +%{_mandir}/man8/pam_timestamp_check.8.gz +%{_mandir}/man8/pam_tty_audit.8.gz +%{_mandir}/man8/pam_umask.8.gz +%{_mandir}/man8/pam_unix.8.gz +%{_mandir}/man8/pam_warn.8.gz +%{_mandir}/man8/pam_wheel.8.gz +%{_mandir}/man8/pam_xauth.8.gz +%{_mandir}/man8/unix_chkpwd.8.gz +%{_mandir}/man8/unix2_chkpwd.8.gz +%{_mandir}/man8/unix_update.8.gz /%{_lib}/libpam.so.0 /%{_lib}/libpam.so.%{libpam_so_version} /%{_lib}/libpamc.so.0 -- 2.51.1 From 6726b029b03282314304dd54135d3611d9ce6fc84eeec70c43b5fe109461e7d0 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 3 Apr 2020 06:26:25 +0000 Subject: [PATCH 124/226] Accepting request 790925 from home:lnussel:branches:Linux-PAM - own /usr/lib/motd.d/ so other packages can add files there OBS-URL: https://build.opensuse.org/request/show/790925 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=206 --- pam.changes | 5 +++++ pam.spec | 2 ++ 2 files changed, 7 insertions(+) diff --git a/pam.changes b/pam.changes index 7bae81b..58e0c2a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + ------------------------------------------------------------------- Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index 693f6d2..4c676d8 100644 --- a/pam.spec +++ b/pam.spec @@ -186,6 +186,7 @@ rm %{buildroot}/%{_lib}/libpamc.so ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} %{buildroot}%{_libdir}/libpamc.so rm %{buildroot}/%{_lib}/libpam_misc.so ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} %{buildroot}%{_libdir}/libpam_misc.so +mkdir -p %{buildroot}%{_prefix}/lib/motd.d # # Remove crap # @@ -244,6 +245,7 @@ done %dir %{_distconfdir}/pam.d %dir %{_sysconfdir}/security %dir %{_sysconfdir}/security/limits.d +%dir %{_prefix}/lib/motd.d %if %{defined config_noreplace} %config(noreplace) %{_sysconfdir}/pam.d/other %config(noreplace) %{_sysconfdir}/pam.d/common-* -- 2.51.1 From db3a5fbd692fdc96e9e341a58a83cf89da6466cf368e905a06897481da725408 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 12 May 2020 09:30:59 +0000 Subject: [PATCH 125/226] - Update to current Linux-PAM snapshot - Multiple minor bug fixes and documentation improvements - Fixed grammar of messages printed via pam_prompt - Added support for a vendor directory and libeconf - configure: Allowed disabling documentation through --disable-doc - pam_get_authtok_verify: Avoid duplicate password verification - pam_env: Changed the default to not read the user .pam_environment file - pam_group, pam_time: Fixed logical error with multiple ! operators - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session - pam_lastlog: Do not log info about failed login if the session was opened with PAM_SILENT flag - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' limit - pam_motd: Export MOTD_SHOWN=pam after showing MOTD - pam_motd: Support multiple motd paths specified, with filename overrides - pam_namespace: Added a systemd service, which creates the namespaced instance parent directories during boot - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts - pam_shells: Recognize /bin/sh as the default shell - pam_succeed_if: Support lists in group membership checks - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE - pam_umask: Added new 'nousergroups' module argument and allowed specifying the default for usergroups at build-time - pam_unix: Added 'nullresetok' option to allow resetting blank passwords - pam_unix: Report unusable hashes found by checksalt to syslog - pam_unix: Support for (gost-)yescrypt hashing methods - pam_unix: Use bcrypt b-variant when it bcrypt is chosen - pam_usertype: New module to tell if uid is in login.defs ranges - Added new API call pam_start_confdir() for special applications that OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=208 --- Linux-PAM-1.3.1-docs.tar.xz | 3 -- Linux-PAM-1.3.90-docs.tar.xz | 3 ++ Linux-PAM-1.3.90.tar.xz | 3 ++ linux-pam-1.3.1+git20190923.ea78d67.tar.xz | 3 -- pam.changes | 37 ++++++++++++++++++++++ pam.spec | 37 +++++++++++++++------- pam_namespace-systemd.diff | 13 ++++++++ 7 files changed, 82 insertions(+), 17 deletions(-) delete mode 100644 Linux-PAM-1.3.1-docs.tar.xz create mode 100644 Linux-PAM-1.3.90-docs.tar.xz create mode 100644 Linux-PAM-1.3.90.tar.xz delete mode 100644 linux-pam-1.3.1+git20190923.ea78d67.tar.xz create mode 100644 pam_namespace-systemd.diff diff --git a/Linux-PAM-1.3.1-docs.tar.xz b/Linux-PAM-1.3.1-docs.tar.xz deleted file mode 100644 index 6317d16..0000000 --- a/Linux-PAM-1.3.1-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3bb80257cc61f23956d8df43ea31cadeeb3b4cdb69d46006a70b377c139e37ca -size 459552 diff --git a/Linux-PAM-1.3.90-docs.tar.xz b/Linux-PAM-1.3.90-docs.tar.xz new file mode 100644 index 0000000..f1574da --- /dev/null +++ b/Linux-PAM-1.3.90-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3c36209714f41cb58379be9330bf990e28affc0b51d89eab976a8b02ec5a9529 +size 464040 diff --git a/Linux-PAM-1.3.90.tar.xz b/Linux-PAM-1.3.90.tar.xz new file mode 100644 index 0000000..9eb944c --- /dev/null +++ b/Linux-PAM-1.3.90.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b1f6ade473809f6c2b284426cee67f3d2162ce791f7b26c56c2f8928e9be9f8c +size 975768 diff --git a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz b/linux-pam-1.3.1+git20190923.ea78d67.tar.xz deleted file mode 100644 index bb14cc8..0000000 --- a/linux-pam-1.3.1+git20190923.ea78d67.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a56e27836c298e46b09e14d6d3aaa78d1e9e02dee8785818141ea73fa4e4622f -size 970564 diff --git a/pam.changes b/pam.changes index 58e0c2a..2803b39 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,40 @@ +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + ------------------------------------------------------------------- Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel diff --git a/pam.spec b/pam.spec index 4c676d8..fa784bf 100644 --- a/pam.spec +++ b/pam.spec @@ -23,19 +23,19 @@ # %define enable_selinux 1 -%define libpam_so_version 0.84.2 +%define libpam_so_version 0.85.1 %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 Name: pam # -Version: 1.3.1+git20190923.ea78d67 +Version: 1.3.90 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause Group: System/Libraries URL: http://www.linux-pam.org/ -Source: linux-pam-%{version}.tar.xz -Source1: Linux-PAM-1.3.1-docs.tar.xz +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}-docs.tar.xz Source3: other.pamd Source4: common-auth.pamd Source5: common-account.pamd @@ -50,6 +50,7 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: use-correct-IP-address.patch +Patch6: pam_namespace-systemd.diff BuildRequires: audit-devel # Remove with next version update: BuildRequires: autoconf @@ -76,6 +77,8 @@ BuildRequires: libselinux-devel Requires(pre): group(shadow) Requires(pre): user(root) %endif +BuildRequires: autoconf +BuildRequires: automake %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -126,17 +129,17 @@ This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. %prep -%setup -q -n linux-pam-%{version} -b 1 -cp -av ../Linux-PAM-1.3.1/* . +%setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . %patch0 -p1 %patch2 -p1 -%patch4 -%patch5 -p1 +#%patch4 +#%patch5 -p1 +%patch6 -p1 %build bash ./pam-login_defs-check.sh -./autogen.sh +autoreconf -fiv export CFLAGS="%{optflags} -DNDEBUG" %configure \ --sbindir=/sbin \ @@ -258,6 +261,7 @@ done %config(noreplace) %{_sysconfdir}/environment %config(noreplace) %{_sysconfdir}/security/access.conf %config(noreplace) %{_sysconfdir}/security/group.conf +%config(noreplace) %{_sysconfdir}/security/faillock.conf %config(noreplace) %{_sysconfdir}/security/limits.conf %config(noreplace) %{_sysconfdir}/security/pam_env.conf %if %{enable_selinux} @@ -272,9 +276,10 @@ done %{_mandir}/man5/environment.5%{?ext_man} %{_mandir}/man5/*.conf.5%{?ext_man} %{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man8/PAM.8.gz +%{_mandir}/man8/faillock.8.gz %{_mandir}/man8/mkhomedir_helper.8.gz %{_mandir}/man8/pam.8.gz -%{_mandir}/man8/PAM.8.gz %{_mandir}/man8/pam_access.8.gz %{_mandir}/man8/pam_cracklib.8.gz %{_mandir}/man8/pam_debug.8.gz @@ -283,6 +288,7 @@ done %{_mandir}/man8/pam_env.8.gz %{_mandir}/man8/pam_exec.8.gz %{_mandir}/man8/pam_faildelay.8.gz +%{_mandir}/man8/pam_faillock.8.gz %{_mandir}/man8/pam_filter.8.gz %{_mandir}/man8/pam_ftp.8.gz %{_mandir}/man8/pam_group.8.gz @@ -297,6 +303,7 @@ done %{_mandir}/man8/pam_mkhomedir.8.gz %{_mandir}/man8/pam_motd.8.gz %{_mandir}/man8/pam_namespace.8.gz +%{_mandir}/man8/pam_namespace_helper.8.gz %{_mandir}/man8/pam_nologin.8.gz %{_mandir}/man8/pam_permit.8.gz %{_mandir}/man8/pam_pwhistory.8.gz @@ -305,6 +312,7 @@ done %{_mandir}/man8/pam_securetty.8.gz %{_mandir}/man8/pam_selinux.8.gz %{_mandir}/man8/pam_sepermit.8.gz +%{_mandir}/man8/pam_setquota.8.gz %{_mandir}/man8/pam_shells.8.gz %{_mandir}/man8/pam_succeed_if.8.gz %{_mandir}/man8/pam_tally2.8.gz @@ -314,11 +322,12 @@ done %{_mandir}/man8/pam_tty_audit.8.gz %{_mandir}/man8/pam_umask.8.gz %{_mandir}/man8/pam_unix.8.gz +%{_mandir}/man8/pam_usertype.8.gz %{_mandir}/man8/pam_warn.8.gz %{_mandir}/man8/pam_wheel.8.gz %{_mandir}/man8/pam_xauth.8.gz -%{_mandir}/man8/unix_chkpwd.8.gz %{_mandir}/man8/unix2_chkpwd.8.gz +%{_mandir}/man8/unix_chkpwd.8.gz %{_mandir}/man8/unix_update.8.gz /%{_lib}/libpam.so.0 /%{_lib}/libpam.so.%{libpam_so_version} @@ -335,6 +344,7 @@ done /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so /%{_lib}/security/pam_faildelay.so +/%{_lib}/security/pam_faillock.so /%{_lib}/security/pam_filter.so %dir /%{_lib}/security/pam_filter /%{_lib}/security//pam_filter/upperLOWER @@ -361,6 +371,7 @@ done /%{_lib}/security/pam_selinux.so /%{_lib}/security/pam_sepermit.so %endif +/%{_lib}/security/pam_setquota.so /%{_lib}/security/pam_shells.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so @@ -374,15 +385,19 @@ done /%{_lib}/security/pam_unix_auth.so /%{_lib}/security/pam_unix_passwd.so /%{_lib}/security/pam_unix_session.so +/%{_lib}/security/pam_usertype.so /%{_lib}/security/pam_warn.so /%{_lib}/security/pam_wheel.so /%{_lib}/security/pam_xauth.so +/sbin/faillock /sbin/mkhomedir_helper +/sbin/pam_namespace_helper /sbin/pam_tally2 /sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %attr(0700,root,root) /sbin/unix_update +%{_unitdir}/pam_namespace.service %files extra %defattr(-,root,root,755) diff --git a/pam_namespace-systemd.diff b/pam_namespace-systemd.diff new file mode 100644 index 0000000..33c6a39 --- /dev/null +++ b/pam_namespace-systemd.diff @@ -0,0 +1,13 @@ +diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +index eacd5201..21e1b33a 100644 +--- a/modules/pam_namespace/Makefile.am ++++ b/modules/pam_namespace/Makefile.am +@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS) + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + namespaceddir = $(SCONFIGDIR)/namespace.d +-servicedir = $(prefix)/lib/systemd ++servicedir = $(prefix)/lib/systemd/system + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) -- 2.51.1 From 868d149bc4d88a20bcb1aca5fd8ab9151ff9c179d5708bd5149f1e590b613d0d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 12 May 2020 11:32:07 +0000 Subject: [PATCH 126/226] - Update to current Linux-PAM snapshot - Obsoletes pam_namespace-systemd.diff OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=209 --- Linux-PAM-1.3.90-docs.tar.xz | 3 --- Linux-PAM-1.3.90.tar.xz | 3 --- Linux-PAM-1.3.91-docs.tar.xz | 3 +++ Linux-PAM-1.3.91.tar.xz | 3 +++ pam.changes | 6 ++++++ pam.spec | 10 +--------- pam_namespace-systemd.diff | 13 ------------- 7 files changed, 13 insertions(+), 28 deletions(-) delete mode 100644 Linux-PAM-1.3.90-docs.tar.xz delete mode 100644 Linux-PAM-1.3.90.tar.xz create mode 100644 Linux-PAM-1.3.91-docs.tar.xz create mode 100644 Linux-PAM-1.3.91.tar.xz delete mode 100644 pam_namespace-systemd.diff diff --git a/Linux-PAM-1.3.90-docs.tar.xz b/Linux-PAM-1.3.90-docs.tar.xz deleted file mode 100644 index f1574da..0000000 --- a/Linux-PAM-1.3.90-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3c36209714f41cb58379be9330bf990e28affc0b51d89eab976a8b02ec5a9529 -size 464040 diff --git a/Linux-PAM-1.3.90.tar.xz b/Linux-PAM-1.3.90.tar.xz deleted file mode 100644 index 9eb944c..0000000 --- a/Linux-PAM-1.3.90.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b1f6ade473809f6c2b284426cee67f3d2162ce791f7b26c56c2f8928e9be9f8c -size 975768 diff --git a/Linux-PAM-1.3.91-docs.tar.xz b/Linux-PAM-1.3.91-docs.tar.xz new file mode 100644 index 0000000..550647a --- /dev/null +++ b/Linux-PAM-1.3.91-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:45c03e0c2b34263fbb0038c3045650dbc1d2a0e520e8c0283c3baef9d95bd7f0 +size 464208 diff --git a/Linux-PAM-1.3.91.tar.xz b/Linux-PAM-1.3.91.tar.xz new file mode 100644 index 0000000..8785288 --- /dev/null +++ b/Linux-PAM-1.3.91.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fa94b9495c0a7346a442528e6db1f8768fb224085f378eb40f1c08ec36f39fcc +size 976108 diff --git a/pam.changes b/pam.changes index 2803b39..ea7632d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + ------------------------------------------------------------------- Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index fa784bf..e59f5eb 100644 --- a/pam.spec +++ b/pam.spec @@ -28,7 +28,7 @@ %define libpamc_so_version 0.82.1 Name: pam # -Version: 1.3.90 +Version: 1.3.91 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -50,11 +50,7 @@ Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: use-correct-IP-address.patch -Patch6: pam_namespace-systemd.diff BuildRequires: audit-devel -# Remove with next version update: -BuildRequires: autoconf -BuildRequires: automake BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex @@ -77,8 +73,6 @@ BuildRequires: libselinux-devel Requires(pre): group(shadow) Requires(pre): user(root) %endif -BuildRequires: autoconf -BuildRequires: automake %description PAM (Pluggable Authentication Modules) is a system security tool that @@ -135,11 +129,9 @@ cp -a %{SOURCE12} . %patch2 -p1 #%patch4 #%patch5 -p1 -%patch6 -p1 %build bash ./pam-login_defs-check.sh -autoreconf -fiv export CFLAGS="%{optflags} -DNDEBUG" %configure \ --sbindir=/sbin \ diff --git a/pam_namespace-systemd.diff b/pam_namespace-systemd.diff deleted file mode 100644 index 33c6a39..0000000 --- a/pam_namespace-systemd.diff +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am -index eacd5201..21e1b33a 100644 ---- a/modules/pam_namespace/Makefile.am -+++ b/modules/pam_namespace/Makefile.am -@@ -18,7 +18,7 @@ TESTS = $(dist_check_SCRIPTS) - securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - namespaceddir = $(SCONFIGDIR)/namespace.d --servicedir = $(prefix)/lib/systemd -+servicedir = $(prefix)/lib/systemd/system - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) -- 2.51.1 From a3260b7eb86f880c587d27b6505f0f1b1d6d5770d2147dd6d5f48038848e980d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 12 May 2020 12:09:42 +0000 Subject: [PATCH 127/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=210 --- Linux-PAM-1.3.91-docs.tar.xz | 4 ++-- Linux-PAM-1.3.91.tar.xz | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Linux-PAM-1.3.91-docs.tar.xz b/Linux-PAM-1.3.91-docs.tar.xz index 550647a..f4919b6 100644 --- a/Linux-PAM-1.3.91-docs.tar.xz +++ b/Linux-PAM-1.3.91-docs.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:45c03e0c2b34263fbb0038c3045650dbc1d2a0e520e8c0283c3baef9d95bd7f0 -size 464208 +oid sha256:3bf5336ef11158dd52d22c7919eb24ac7e381a60d8937179a87f09f77e74fe99 +size 464136 diff --git a/Linux-PAM-1.3.91.tar.xz b/Linux-PAM-1.3.91.tar.xz index 8785288..c3fa0da 100644 --- a/Linux-PAM-1.3.91.tar.xz +++ b/Linux-PAM-1.3.91.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:fa94b9495c0a7346a442528e6db1f8768fb224085f378eb40f1c08ec36f39fcc -size 976108 +oid sha256:426895651da97d3c0f139ddcd878067962eb0809ddc17e1138081249c51ac2b8 +size 975112 -- 2.51.1 From d205252584149ed261672066f076566dadad741ca78e9b4c0226018342c4a2eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Tue, 12 May 2020 12:19:16 +0000 Subject: [PATCH 128/226] Accepting request 802957 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/802957 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=211 --- pam-hostnames-in-access_conf.patch | 58 +++++++++++++++--------------- pam.changes | 8 +++++ pam.spec | 4 +-- use-correct-IP-address.patch | 34 ------------------ 4 files changed, 39 insertions(+), 65 deletions(-) delete mode 100644 use-correct-IP-address.patch diff --git a/pam-hostnames-in-access_conf.patch b/pam-hostnames-in-access_conf.patch index 7650754..3f2c1f9 100644 --- a/pam-hostnames-in-access_conf.patch +++ b/pam-hostnames-in-access_conf.patch @@ -1,8 +1,8 @@ -Index: modules/pam_access/pam_access.c +Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c =================================================================== ---- modules/pam_access/pam_access.c.orig -+++ modules/pam_access/pam_access.c -@@ -692,10 +692,10 @@ string_match (pam_handle_t *pamh, const +--- Linux-PAM-1.3.91.orig/modules/pam_access/pam_access.c ++++ Linux-PAM-1.3.91/modules/pam_access/pam_access.c +@@ -699,10 +699,10 @@ string_match (pam_handle_t *pamh, const return (NO); } @@ -15,7 +15,7 @@ Index: modules/pam_access/pam_access.c */ static int network_netmask_match (pam_handle_t *pamh, -@@ -704,10 +704,14 @@ network_netmask_match (pam_handle_t *pam +@@ -711,10 +711,14 @@ network_netmask_match (pam_handle_t *pam char *netmask_ptr; char netmask_string[MAXHOSTNAMELEN + 1]; int addr_type; @@ -31,7 +31,7 @@ Index: modules/pam_access/pam_access.c /* OK, check if tok is of type addr/mask */ if ((netmask_ptr = strchr(tok, '/')) != NULL) { -@@ -717,7 +721,7 @@ network_netmask_match (pam_handle_t *pam +@@ -724,7 +728,7 @@ network_netmask_match (pam_handle_t *pam *netmask_ptr = 0; netmask_ptr++; @@ -40,7 +40,7 @@ Index: modules/pam_access/pam_access.c { /* no netaddr */ return NO; } -@@ -739,19 +743,47 @@ network_netmask_match (pam_handle_t *pam +@@ -748,19 +752,47 @@ network_netmask_match (pam_handle_t *pam netmask_ptr = number_to_netmask(netmask, addr_type, netmask_string, MAXHOSTNAMELEN); } @@ -93,7 +93,7 @@ Index: modules/pam_access/pam_access.c memset (&hint, '\0', sizeof (hint)); hint.ai_flags = AI_CANONNAME; hint.ai_family = AF_UNSPEC; -@@ -764,27 +796,52 @@ network_netmask_match (pam_handle_t *pam +@@ -773,29 +805,54 @@ network_netmask_match (pam_handle_t *pam else { struct addrinfo *runp = item->res; @@ -103,29 +103,31 @@ Index: modules/pam_access/pam_access.c { char buf[INET6_ADDRSTRLEN]; + DIAG_PUSH_IGNORE_CAST_ALIGN; - inet_ntop (runp->ai_family, - runp->ai_family == AF_INET - ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr - : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, - buf, sizeof (buf)); + (void) getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST); + DIAG_POP_IGNORE_CAST_ALIGN; - if (are_addresses_equal(buf, tok, netmask_ptr)) + for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) { - return YES; -+ char buf1[INET6_ADDRSTRLEN]; ++ char buf1[INET6_ADDRSTRLEN]; + -+ if (runp->ai_family != runp1->ai_family) -+ continue; ++ if (runp->ai_family != runp1->ai_family) ++ continue; + -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); + -+ if (are_addresses_equal (buf, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } } runp = runp->ai_next; } @@ -134,20 +136,20 @@ Index: modules/pam_access/pam_access.c else - return (are_addresses_equal(string, tok, netmask_ptr)); + { -+ struct addrinfo *runp1; ++ struct addrinfo *runp1; + -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) -+ { -+ char buf1[INET6_ADDRSTRLEN]; ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; + -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); + -+ if (are_addresses_equal(string, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } -+ } ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } + } + + freeaddrinfo(ai); diff --git a/pam.changes b/pam.changes index ea7632d..c0268c9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + ------------------------------------------------------------------- Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index e59f5eb..e3037f9 100644 --- a/pam.spec +++ b/pam.spec @@ -49,7 +49,6 @@ Source12: pam-login_defs-check.sh Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch -Patch5: use-correct-IP-address.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -127,8 +126,7 @@ building both PAM-aware applications and modules for use with PAM. cp -a %{SOURCE12} . %patch0 -p1 %patch2 -p1 -#%patch4 -#%patch5 -p1 +%patch4 -p1 %build bash ./pam-login_defs-check.sh diff --git a/use-correct-IP-address.patch b/use-correct-IP-address.patch deleted file mode 100644 index 105a16c..0000000 --- a/use-correct-IP-address.patch +++ /dev/null @@ -1,34 +0,0 @@ -Index: Linux-PAM-1.3.1/modules/pam_access/pam_access.c -=================================================================== ---- Linux-PAM-1.3.1.orig/modules/pam_access/pam_access.c -+++ Linux-PAM-1.3.1/modules/pam_access/pam_access.c -@@ -716,7 +716,7 @@ network_netmask_match (pam_handle_t *pam - - if (item->debug) - pam_syslog (pamh, LOG_DEBUG, -- "network_netmask_match: tok=%s, item=%s", tok, string); -+ "network_netmask_match: tok=%s, string=%s", tok, string); - - /* OK, check if tok is of type addr/mask */ - if ((netmask_ptr = strchr(tok, '/')) != NULL) -@@ -734,7 +734,7 @@ network_netmask_match (pam_handle_t *pam - - /* check netmask */ - if (isipaddr(netmask_ptr, NULL, NULL) == NO) -- { /* netmask as integre value */ -+ { /* netmask as integer value */ - char *endptr = NULL; - netmask = strtol(netmask_ptr, &endptr, 0); - if ((endptr == netmask_ptr) || (*endptr != '\0')) -@@ -778,9 +778,9 @@ network_netmask_match (pam_handle_t *pam - - ai = NULL; /* just to be on the safe side */ - -- if (getaddrinfo (string, NULL, &hint, &ai) != 0) -+ if (getaddrinfo (tok, NULL, &hint, &ai) != 0) - { -- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string); -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); - - return NO; - } -- 2.51.1 From a9deb79ba930296dbf4dfea870534890993c462001097df2acd25c01245d283c Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 12 May 2020 12:36:23 +0000 Subject: [PATCH 129/226] - Add pam_faillock OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=212 --- pam.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/pam.changes b/pam.changes index c0268c9..3cfc512 100644 --- a/pam.changes +++ b/pam.changes @@ -16,6 +16,7 @@ Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk - Update to current Linux-PAM snapshot + - Add pam_faillock - Multiple minor bug fixes and documentation improvements - Fixed grammar of messages printed via pam_prompt - Added support for a vendor directory and libeconf -- 2.51.1 From 00f1294879e27e3a8f86ef04bcb799d2c6832f4da79766a2dd2099b2f797eca0 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 27 May 2020 09:48:06 +0000 Subject: [PATCH 130/226] - Update to current Linux-PAM snapshot - pam_tally* and pam_cracklib got deprecated - Disable pam_faillock and pam_setquota until they are whitelisted OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=213 --- Linux-PAM-1.3.91-docs.tar.xz | 3 - Linux-PAM-1.3.91.tar.xz | 3 - Linux-PAM-1.3.92-docs.tar.xz | 3 + Linux-PAM-1.3.92.tar.xz | 3 + baselibs.conf | 2 + pam.changes | 7 ++ pam.spec | 177 +++++++++++++++++++---------------- 7 files changed, 110 insertions(+), 88 deletions(-) delete mode 100644 Linux-PAM-1.3.91-docs.tar.xz delete mode 100644 Linux-PAM-1.3.91.tar.xz create mode 100644 Linux-PAM-1.3.92-docs.tar.xz create mode 100644 Linux-PAM-1.3.92.tar.xz diff --git a/Linux-PAM-1.3.91-docs.tar.xz b/Linux-PAM-1.3.91-docs.tar.xz deleted file mode 100644 index f4919b6..0000000 --- a/Linux-PAM-1.3.91-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:3bf5336ef11158dd52d22c7919eb24ac7e381a60d8937179a87f09f77e74fe99 -size 464136 diff --git a/Linux-PAM-1.3.91.tar.xz b/Linux-PAM-1.3.91.tar.xz deleted file mode 100644 index c3fa0da..0000000 --- a/Linux-PAM-1.3.91.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:426895651da97d3c0f139ddcd878067962eb0809ddc17e1138081249c51ac2b8 -size 975112 diff --git a/Linux-PAM-1.3.92-docs.tar.xz b/Linux-PAM-1.3.92-docs.tar.xz new file mode 100644 index 0000000..cef9c1b --- /dev/null +++ b/Linux-PAM-1.3.92-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:58af8e875cdcaffcf5bc2ca2d228dcb2f1589e73448391f2de562dfed186cf8a +size 464148 diff --git a/Linux-PAM-1.3.92.tar.xz b/Linux-PAM-1.3.92.tar.xz new file mode 100644 index 0000000..bfd8bbf --- /dev/null +++ b/Linux-PAM-1.3.92.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:12bb1b2128fa4cffdd3ba5950e2f985602db35f2ff984129709e84b8f5e6225b +size 982628 diff --git a/baselibs.conf b/baselibs.conf index 4cd0578..aa1a812 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,2 +1,4 @@ pam +pam-extra +pam-deprecated pam-devel diff --git a/pam.changes b/pam.changes index 3cfc512..ecbc36b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + ------------------------------------------------------------------- Tue May 12 11:44:19 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index e3037f9..82bb5fd 100644 --- a/pam.spec +++ b/pam.spec @@ -16,19 +16,18 @@ # -%if ! %{defined _distconfdir} - %define _distconfdir %{_sysconfdir} - %define config_noreplace 1 -%endif - # %define enable_selinux 1 %define libpam_so_version 0.85.1 %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} + %define config_noreplace 1 +%endif Name: pam # -Version: 1.3.91 +Version: 1.3.92 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -54,12 +53,12 @@ BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex BuildRequires: libtool +BuildRequires: xz +Requires(post): permissions # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! # Verify by shadow-login_defs-check.sh from shadow source package. Recommends: login_defs-support-for-pam >= 1.3.1 -Requires(post): permissions -BuildRequires: xz %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) BuildRequires: pkgconfig(libnsl) @@ -80,7 +79,7 @@ having to recompile programs that do authentication. %package extra Summary: PAM module to authenticate against a separate database -Group: System/Libraries%description +Group: System/Libraries BuildRequires: libdb-4_8-devel BuildRequires: pam-devel @@ -121,6 +120,21 @@ having to recompile programs which do authentication. This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. +%package deprecated +Summary: Deprecated PAM Modules +Group: System/Libraries +Provides: pam:/%{_lib}/security/pam_cracklib.so +Provides: pam:/%{_lib}/security/pam_tally2.so + +%description deprecated +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains deprecated extra modules like pam_cracklib and +pam_tally2, which are no longer supported upstream and will be completly +removed with one of the next releases. + %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . @@ -140,12 +154,13 @@ export CFLAGS="%{optflags} -DNDEBUG" --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security \ - --enable-vendordir=%{_distconfdir} + --enable-vendordir=%{_distconfdir} \ + --enable-tally2 --enable-cracklib make %{?_smp_mflags} -gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/linux-pam-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/linux-pam-%{version}/libpam/.libs/ -lpam +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam %check -make %{?_smp_mflags} check +%make_build check %install mkdir -p %{buildroot}%{_sysconfdir}/pam.d @@ -197,13 +212,9 @@ for i in pam_*/README; do cp -fpv "$i" "$DOC/modules/README.${i%/*}" done popd -# -# pam_tally is deprecated since ages -# -rm -f %{buildroot}/%{_lib}/security/pam_tally.so -rm -f %{buildroot}/sbin/pam_tally -rm -f %{buildroot}%{_mandir}/man8/pam_tally.8* -rm -f %{buildroot}%{_defaultdocdir}/pam/modules/README.pam_tally +# XXX Remove until whitelisted +rm %{buildroot}/%{_lib}/security/pam_setquota.so +rm %{buildroot}/%{_lib}/security/pam_faillock.so # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ @@ -220,16 +231,15 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ %set_permissions /sbin/unix2_chkpwd %postun -p /sbin/ldconfig - %pre for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done %posttrans # Migration to /usr/etc. for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: done %files -f Linux-PAM.lang @@ -266,59 +276,57 @@ done %{_mandir}/man5/environment.5%{?ext_man} %{_mandir}/man5/*.conf.5%{?ext_man} %{_mandir}/man5/pam.d.5%{?ext_man} -%{_mandir}/man8/PAM.8.gz -%{_mandir}/man8/faillock.8.gz -%{_mandir}/man8/mkhomedir_helper.8.gz -%{_mandir}/man8/pam.8.gz -%{_mandir}/man8/pam_access.8.gz -%{_mandir}/man8/pam_cracklib.8.gz -%{_mandir}/man8/pam_debug.8.gz -%{_mandir}/man8/pam_deny.8.gz -%{_mandir}/man8/pam_echo.8.gz -%{_mandir}/man8/pam_env.8.gz -%{_mandir}/man8/pam_exec.8.gz -%{_mandir}/man8/pam_faildelay.8.gz -%{_mandir}/man8/pam_faillock.8.gz -%{_mandir}/man8/pam_filter.8.gz -%{_mandir}/man8/pam_ftp.8.gz -%{_mandir}/man8/pam_group.8.gz -%{_mandir}/man8/pam_issue.8.gz -%{_mandir}/man8/pam_keyinit.8.gz -%{_mandir}/man8/pam_lastlog.8.gz -%{_mandir}/man8/pam_limits.8.gz -%{_mandir}/man8/pam_listfile.8.gz -%{_mandir}/man8/pam_localuser.8.gz -%{_mandir}/man8/pam_loginuid.8.gz -%{_mandir}/man8/pam_mail.8.gz -%{_mandir}/man8/pam_mkhomedir.8.gz -%{_mandir}/man8/pam_motd.8.gz -%{_mandir}/man8/pam_namespace.8.gz -%{_mandir}/man8/pam_namespace_helper.8.gz -%{_mandir}/man8/pam_nologin.8.gz -%{_mandir}/man8/pam_permit.8.gz -%{_mandir}/man8/pam_pwhistory.8.gz -%{_mandir}/man8/pam_rhosts.8.gz -%{_mandir}/man8/pam_rootok.8.gz -%{_mandir}/man8/pam_securetty.8.gz -%{_mandir}/man8/pam_selinux.8.gz -%{_mandir}/man8/pam_sepermit.8.gz -%{_mandir}/man8/pam_setquota.8.gz -%{_mandir}/man8/pam_shells.8.gz -%{_mandir}/man8/pam_succeed_if.8.gz -%{_mandir}/man8/pam_tally2.8.gz -%{_mandir}/man8/pam_time.8.gz -%{_mandir}/man8/pam_timestamp.8.gz -%{_mandir}/man8/pam_timestamp_check.8.gz -%{_mandir}/man8/pam_tty_audit.8.gz -%{_mandir}/man8/pam_umask.8.gz -%{_mandir}/man8/pam_unix.8.gz -%{_mandir}/man8/pam_usertype.8.gz -%{_mandir}/man8/pam_warn.8.gz -%{_mandir}/man8/pam_wheel.8.gz -%{_mandir}/man8/pam_xauth.8.gz -%{_mandir}/man8/unix2_chkpwd.8.gz -%{_mandir}/man8/unix_chkpwd.8.gz -%{_mandir}/man8/unix_update.8.gz +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_lastlog.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} /%{_lib}/libpam.so.0 /%{_lib}/libpam.so.%{libpam_so_version} /%{_lib}/libpamc.so.0 @@ -327,14 +335,13 @@ done /%{_lib}/libpam_misc.so.%{libpam_misc_so_version} %dir /%{_lib}/security /%{_lib}/security/pam_access.so -/%{_lib}/security/pam_cracklib.so /%{_lib}/security/pam_debug.so /%{_lib}/security/pam_deny.so /%{_lib}/security/pam_echo.so /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so /%{_lib}/security/pam_faildelay.so -/%{_lib}/security/pam_faillock.so +#/%{_lib}/security/pam_faillock.so /%{_lib}/security/pam_filter.so %dir /%{_lib}/security/pam_filter /%{_lib}/security//pam_filter/upperLOWER @@ -361,11 +368,10 @@ done /%{_lib}/security/pam_selinux.so /%{_lib}/security/pam_sepermit.so %endif -/%{_lib}/security/pam_setquota.so +#/%{_lib}/security/pam_setquota.so /%{_lib}/security/pam_shells.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so -/%{_lib}/security/pam_tally2.so /%{_lib}/security/pam_time.so /%{_lib}/security/pam_timestamp.so /%{_lib}/security/pam_tty_audit.so @@ -382,7 +388,6 @@ done /sbin/faillock /sbin/mkhomedir_helper /sbin/pam_namespace_helper -/sbin/pam_tally2 /sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd @@ -391,8 +396,16 @@ done %files extra %defattr(-,root,root,755) -%attr(755,root,root) /%{_lib}/security/pam_userdb.so -%attr(644,root,root) %doc %{_mandir}/man8/pam_userdb.8.gz +/%{_lib}/security/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} + +%files deprecated +%defattr(-,root,root,755) +/%{_lib}/security/pam_cracklib.so +/%{_lib}/security/pam_tally2.so +/sbin/pam_tally2 +%{_mandir}/man8/pam_cracklib.8%{?ext_man} +%{_mandir}/man8/pam_tally2.8%{?ext_man} %files doc %defattr(644,root,root,755) -- 2.51.1 From 3c370e0e45c414bd29000da4f438d4beec3ab0938c0b35ac3b5497e49cbe01d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 8 Jun 2020 06:48:10 +0000 Subject: [PATCH 131/226] Accepting request 811145 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/811145 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=214 --- pam-check-user-home-dir.patch | 72 +++++++++++++++++++++++++++++++++++ pam.changes | 8 ++++ pam.spec | 5 ++- 3 files changed, 83 insertions(+), 2 deletions(-) create mode 100644 pam-check-user-home-dir.patch diff --git a/pam-check-user-home-dir.patch b/pam-check-user-home-dir.patch new file mode 100644 index 0000000..e3a98e7 --- /dev/null +++ b/pam-check-user-home-dir.patch @@ -0,0 +1,72 @@ +From 27ded8954a1235bb65ffc9c730ae5a50b1dfed61 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Josef=20M=C3=B6llers?= +Date: Fri, 29 May 2020 14:35:43 +0000 +Subject: [PATCH] pam_setquota: skip mountpoints equal to the user's $HOME +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Matthias Gerstner found the following issue: + + +So this pam_setquota module iterates over all mounted file systems using +`setmntent()` and `getmntent()`. It tries to find the longest match of +a file system mounted on /home/$USER or above (except when the +fs=/some/path parameter is passed to the pam module). + +The thing is that /home/$USER is owned by the unprivileged user. And +there exist tools like fusermount from libfuse which is by default +installed setuid-root for everybody. fusermount allows to mount a FUSE +file system using an arbitrary "source device name" as the unprivileged +user. + +Thus considering the following use case: + +1) there is only the root file system (/) or a file system is mounted on + /home, but not on /home/$USER. +2) the attacker mounts a fake FUSE file system over its own home directory: + + ``` + user $ export _FUSE_COMMFD=0 + user $ fusermount $HOME -ononempty,fsname=/dev/sda1 + ``` + + This will result in a mount entry in /proc/mounts looking like this: + + ``` + /dev/sda1 on /home/$USER type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100) + ``` +3) when the attacker now logs in with pam_setquota configured then + pam_setquota will identify /dev/sda1 and the file system where + to apply the user's quota on. + +As a result an unprivileged user has full control over onto which block +device the quota is applied. + + +If the user's $HOME is on a separate partition, setting a quota on the +user's $HOME does not really make sense, so this patch skips mountpoints +equal to the user's $HOME, preventing the above mentioned bug as +a side-effect (or vice-versa). + +Reported-by: Matthias Gerstner +Co-authored-by: Tomáš Mráz +Co-authored-by: Dmitry V. Levin +Resolves: https://github.com/linux-pam/linux-pam/pull/230 +--- + modules/pam_setquota/pam_setquota.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c +index 9c05862a..01b05e38 100644 +--- a/modules/pam_setquota/pam_setquota.c ++++ b/modules/pam_setquota/pam_setquota.c +@@ -275,7 +275,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, + */ + if ((mnt_len > match_size || (mnt_len == 0 && mnt->mnt_dir[0] == '/')) && + (s = pam_str_skip_prefix_len(pwd->pw_dir, mnt->mnt_dir, mnt_len)) != NULL && +- (s[0] == '\0' || s[0] == '/')) { ++ s[0] == '/') { + free(mntdevice); + if ((mntdevice = strdup(mnt->mnt_fsname)) == NULL) { + pam_syslog(pamh, LOG_CRIT, "Memory allocation error"); diff --git a/pam.changes b/pam.changes index ecbc36b..8085123 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + ------------------------------------------------------------------- Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 82bb5fd..e95797a 100644 --- a/pam.spec +++ b/pam.spec @@ -48,6 +48,7 @@ Source12: pam-login_defs-check.sh Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch +Patch5: pam-check-user-home-dir.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -141,6 +142,7 @@ cp -a %{SOURCE12} . %patch0 -p1 %patch2 -p1 %patch4 -p1 +%patch5 -p1 %build bash ./pam-login_defs-check.sh @@ -213,7 +215,6 @@ for i in pam_*/README; do done popd # XXX Remove until whitelisted -rm %{buildroot}/%{_lib}/security/pam_setquota.so rm %{buildroot}/%{_lib}/security/pam_faillock.so # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/ @@ -368,7 +369,7 @@ done /%{_lib}/security/pam_selinux.so /%{_lib}/security/pam_sepermit.so %endif -#/%{_lib}/security/pam_setquota.so +/%{_lib}/security/pam_setquota.so /%{_lib}/security/pam_shells.so /%{_lib}/security/pam_stress.so /%{_lib}/security/pam_succeed_if.so -- 2.51.1 From 5a8acbff55b6e4fe76f555b94c07e9e6745c353f35c7d67fa0613da7a1784214 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 8 Jun 2020 08:00:42 +0000 Subject: [PATCH 132/226] - common-password: remove pam_cracklib, as that is deprecated. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=215 --- common-password.pamd | 3 +-- pam.changes | 5 +++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/common-password.pamd b/common-password.pamd index 1baf490..83e9109 100644 --- a/common-password.pamd +++ b/common-password.pamd @@ -8,5 +8,4 @@ # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # -password requisite pam_cracklib.so -password required pam_unix.so use_authtok nullok try_first_pass +password required pam_unix.so nullok diff --git a/pam.changes b/pam.changes index 8085123..8b5264c 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + ------------------------------------------------------------------- Thu May 28 12:36:33 UTC 2020 - Josef Möllers -- 2.51.1 From 8c2c16298451d536df2d81e8609c1846c3176811a228ad66e96c2cea975173b3 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 8 Jun 2020 13:50:31 +0000 Subject: [PATCH 133/226] - Update to final 1.4.0 release - includes pam-check-user-home-dir.patch - obsoletes fix-man-links.dif OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=216 --- Linux-PAM-1.3.92-docs.tar.xz | 3 -- Linux-PAM-1.3.92.tar.xz | 3 -- Linux-PAM-1.4.0-docs.tar.xz | 3 ++ Linux-PAM-1.4.0.tar.xz | 3 ++ fix-man-links.dif | 56 --------------------------- pam-check-user-home-dir.patch | 72 ----------------------------------- pam.changes | 7 ++++ pam.spec | 6 +-- 8 files changed, 14 insertions(+), 139 deletions(-) delete mode 100644 Linux-PAM-1.3.92-docs.tar.xz delete mode 100644 Linux-PAM-1.3.92.tar.xz create mode 100644 Linux-PAM-1.4.0-docs.tar.xz create mode 100644 Linux-PAM-1.4.0.tar.xz delete mode 100644 fix-man-links.dif delete mode 100644 pam-check-user-home-dir.patch diff --git a/Linux-PAM-1.3.92-docs.tar.xz b/Linux-PAM-1.3.92-docs.tar.xz deleted file mode 100644 index cef9c1b..0000000 --- a/Linux-PAM-1.3.92-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:58af8e875cdcaffcf5bc2ca2d228dcb2f1589e73448391f2de562dfed186cf8a -size 464148 diff --git a/Linux-PAM-1.3.92.tar.xz b/Linux-PAM-1.3.92.tar.xz deleted file mode 100644 index bfd8bbf..0000000 --- a/Linux-PAM-1.3.92.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:12bb1b2128fa4cffdd3ba5950e2f985602db35f2ff984129709e84b8f5e6225b -size 982628 diff --git a/Linux-PAM-1.4.0-docs.tar.xz b/Linux-PAM-1.4.0-docs.tar.xz new file mode 100644 index 0000000..273819e --- /dev/null +++ b/Linux-PAM-1.4.0-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:351764a0643052564a4b840320744c7e402112a2a57d2ac04511a6d22dc52e04 +size 477712 diff --git a/Linux-PAM-1.4.0.tar.xz b/Linux-PAM-1.4.0.tar.xz new file mode 100644 index 0000000..fedf45f --- /dev/null +++ b/Linux-PAM-1.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034 +size 988908 diff --git a/fix-man-links.dif b/fix-man-links.dif deleted file mode 100644 index 04fe917..0000000 --- a/fix-man-links.dif +++ /dev/null @@ -1,56 +0,0 @@ -Index: Linux-PAM-1.1.8/doc/man/pam.8 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam.8 -+++ Linux-PAM-1.1.8/doc/man/pam.8 -@@ -1 +1 @@ --.so PAM.8 -+.so man8/PAM.8 -Index: Linux-PAM-1.1.8/doc/man/pam.d.5 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam.d.5 -+++ Linux-PAM-1.1.8/doc/man/pam.d.5 -@@ -1 +1 @@ --.so pam.conf.5 -+.so man5/pam.conf.5 -Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_noverify.3 -+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_noverify.3 -@@ -1 +1 @@ --.so pam_get_authtok.3 -+.so man3/pam_get_authtok.3 -Index: Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_get_authtok_verify.3 -+++ Linux-PAM-1.1.8/doc/man/pam_get_authtok_verify.3 -@@ -1 +1 @@ --.so pam_get_authtok.3 -+.so man3/pam_get_authtok.3 -Index: Linux-PAM-1.1.8/doc/man/pam_verror.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_verror.3 -+++ Linux-PAM-1.1.8/doc/man/pam_verror.3 -@@ -1 +1 @@ --.so pam_error.3 -+.so man3/pam_error.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vinfo.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vinfo.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vinfo.3 -@@ -1 +1 @@ --.so pam_info.3 -+.so man3/pam_info.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vprompt.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vprompt.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vprompt.3 -@@ -1 +1 @@ --.so pam_prompt.3 -+.so man3/pam_prompt.3 -Index: Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 -=================================================================== ---- Linux-PAM-1.1.8.orig/doc/man/pam_vsyslog.3 -+++ Linux-PAM-1.1.8/doc/man/pam_vsyslog.3 -@@ -1 +1 @@ --.so pam_syslog.3 -+.so man3/pam_syslog.3 diff --git a/pam-check-user-home-dir.patch b/pam-check-user-home-dir.patch deleted file mode 100644 index e3a98e7..0000000 --- a/pam-check-user-home-dir.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 27ded8954a1235bb65ffc9c730ae5a50b1dfed61 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Josef=20M=C3=B6llers?= -Date: Fri, 29 May 2020 14:35:43 +0000 -Subject: [PATCH] pam_setquota: skip mountpoints equal to the user's $HOME -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Matthias Gerstner found the following issue: - - -So this pam_setquota module iterates over all mounted file systems using -`setmntent()` and `getmntent()`. It tries to find the longest match of -a file system mounted on /home/$USER or above (except when the -fs=/some/path parameter is passed to the pam module). - -The thing is that /home/$USER is owned by the unprivileged user. And -there exist tools like fusermount from libfuse which is by default -installed setuid-root for everybody. fusermount allows to mount a FUSE -file system using an arbitrary "source device name" as the unprivileged -user. - -Thus considering the following use case: - -1) there is only the root file system (/) or a file system is mounted on - /home, but not on /home/$USER. -2) the attacker mounts a fake FUSE file system over its own home directory: - - ``` - user $ export _FUSE_COMMFD=0 - user $ fusermount $HOME -ononempty,fsname=/dev/sda1 - ``` - - This will result in a mount entry in /proc/mounts looking like this: - - ``` - /dev/sda1 on /home/$USER type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100) - ``` -3) when the attacker now logs in with pam_setquota configured then - pam_setquota will identify /dev/sda1 and the file system where - to apply the user's quota on. - -As a result an unprivileged user has full control over onto which block -device the quota is applied. - - -If the user's $HOME is on a separate partition, setting a quota on the -user's $HOME does not really make sense, so this patch skips mountpoints -equal to the user's $HOME, preventing the above mentioned bug as -a side-effect (or vice-versa). - -Reported-by: Matthias Gerstner -Co-authored-by: Tomáš Mráz -Co-authored-by: Dmitry V. Levin -Resolves: https://github.com/linux-pam/linux-pam/pull/230 ---- - modules/pam_setquota/pam_setquota.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c -index 9c05862a..01b05e38 100644 ---- a/modules/pam_setquota/pam_setquota.c -+++ b/modules/pam_setquota/pam_setquota.c -@@ -275,7 +275,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - */ - if ((mnt_len > match_size || (mnt_len == 0 && mnt->mnt_dir[0] == '/')) && - (s = pam_str_skip_prefix_len(pwd->pw_dir, mnt->mnt_dir, mnt_len)) != NULL && -- (s[0] == '\0' || s[0] == '/')) { -+ s[0] == '/') { - free(mntdevice); - if ((mntdevice = strdup(mnt->mnt_fsname)) == NULL) { - pam_syslog(pamh, LOG_CRIT, "Memory allocation error"); diff --git a/pam.changes b/pam.changes index 8b5264c..f2c199e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + ------------------------------------------------------------------- Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index e95797a..cff51f0 100644 --- a/pam.spec +++ b/pam.spec @@ -27,7 +27,7 @@ %endif Name: pam # -Version: 1.3.92 +Version: 1.4.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -45,10 +45,8 @@ Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh -Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-check-user-home-dir.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -139,10 +137,8 @@ removed with one of the next releases. %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . -%patch0 -p1 %patch2 -p1 %patch4 -p1 -%patch5 -p1 %build bash ./pam-login_defs-check.sh -- 2.51.1 From 7ecc0544d0c6ae20ca94608552d51350a36932d7ae071196d8400fd97e3231d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 22 Jun 2020 13:29:55 +0000 Subject: [PATCH 134/226] Accepting request 815713 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/815713 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=218 --- pam.changes | 6 ++++++ pam.spec | 1 + 2 files changed, 7 insertions(+) diff --git a/pam.changes b/pam.changes index f2c199e..d5e2e36 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + ------------------------------------------------------------------- Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index cff51f0..f5d9e2e 100644 --- a/pam.spec +++ b/pam.spec @@ -53,6 +53,7 @@ BuildRequires: cracklib-devel BuildRequires: flex BuildRequires: libtool BuildRequires: xz +Requires: group(wheel) Requires(post): permissions # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! -- 2.51.1 From daeda00e6c80636049f511cce3e65964a9e9c9aba53dae782f933582a1e74338 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 29 Jun 2020 14:11:14 +0000 Subject: [PATCH 135/226] Accepting request 817074 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/817074 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=219 --- pam.changes | 8 ++++++++ pam.spec | 1 - 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index d5e2e36..6a13b9b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + ------------------------------------------------------------------- Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index f5d9e2e..cff51f0 100644 --- a/pam.spec +++ b/pam.spec @@ -53,7 +53,6 @@ BuildRequires: cracklib-devel BuildRequires: flex BuildRequires: libtool BuildRequires: xz -Requires: group(wheel) Requires(post): permissions # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! -- 2.51.1 From ca72e1f704f4c62b22a824196bc9e8469d484ae715241daa18a4e74bec024df5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Thu, 8 Oct 2020 08:51:25 +0000 Subject: [PATCH 136/226] Accepting request 840140 from home:sbrabec:branches:util-linux-multibuild - pam-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). OBS-URL: https://build.opensuse.org/request/show/840140 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=220 --- pam-login_defs-check.sh | 4 ++-- pam.changes | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh index d1f9e38..b559d79 100644 --- a/pam-login_defs-check.sh +++ b/pam-login_defs-check.sh @@ -9,10 +9,10 @@ set -o errexit echo -n "Checking login.defs variables in pam... " >&2 grep -rh LOGIN_DEFS . | - sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' | + sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | LC_ALL=C sort -u >pam-login_defs-vars.lst -if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3c6e0020c31609690b69ef391654df930b74151d ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/pam.changes b/pam.changes index 6a13b9b..a7a0279 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + ------------------------------------------------------------------- Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers -- 2.51.1 From 51190216f3a0b7e06e8826ed46a770ea83ad660b399599f861c9bf64ec289fe7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Thu, 8 Oct 2020 09:10:15 +0000 Subject: [PATCH 137/226] Accepting request 840209 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/840209 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=221 --- pam-xauth_ownership.patch | 106 ++++++++++++++++++++++++++++++++++++++ pam.changes | 8 +++ pam.spec | 2 + 3 files changed, 116 insertions(+) create mode 100644 pam-xauth_ownership.patch diff --git a/pam-xauth_ownership.patch b/pam-xauth_ownership.patch new file mode 100644 index 0000000..737af6f --- /dev/null +++ b/pam-xauth_ownership.patch @@ -0,0 +1,106 @@ +Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c +=================================================================== +--- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c ++++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c +@@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh, + char *cookiefile = NULL, *xauthority = NULL, + *cookie = NULL, *display = NULL, *tmp = NULL, + *xauthlocalhostname = NULL; +- const char *user, *xauth = NULL; ++ const char *user, *xauth = NULL, *login_name; + struct passwd *tpwd, *rpwd; + int fd, i, debug = 0; + int retval = PAM_SUCCESS; +- uid_t systemuser = 499, targetuser = 0; ++ uid_t systemuser = 499, targetuser = 0, uid; ++ gid_t gid; ++ struct stat st; + + /* Parse arguments. We don't understand many, so no sense in breaking + * this into a separate function. */ +@@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh, + retval = PAM_SESSION_ERR; + goto cleanup; + } +- rpwd = pam_modutil_getpwuid(pamh, getuid()); ++ ++ login_name = pam_modutil_getlogin(pamh); ++ if (login_name == NULL) { ++ login_name = ""; ++ } ++ if (*login_name) ++ rpwd = pam_modutil_getpwnam(pamh, login_name); ++ else ++ rpwd = pam_modutil_getpwuid(pamh, getuid()); ++ + if (rpwd == NULL) { + pam_syslog(pamh, LOG_ERR, + "error determining invoking user's name"); +@@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh, + cookiefile); + } + ++ /* Get owner and group of the cookiefile */ ++ uid = getuid(); ++ gid = getgid(); ++ if (stat(cookiefile, &st) == 0) { ++ uid = st.st_uid; ++ gid = st.st_gid; ++ } ++ + /* Read the user's .Xauthority file. Because the current UID is + * the original user's UID, this will only fail if something has + * gone wrong, or we have no cookies. */ + if (debug) { + pam_syslog(pamh, LOG_DEBUG, +- "running \"%s %s %s %s %s\" as %lu/%lu", +- xauth, "-f", cookiefile, "nlist", display, +- (unsigned long) getuid(), (unsigned long) getgid()); ++ "running \"%s %s %s %s %s %s\" as %lu/%lu", ++ xauth, "-i", "-f", cookiefile, "nlist", display, ++ (unsigned long) uid, (unsigned long) gid); + } + if (run_coprocess(pamh, NULL, &cookie, +- getuid(), getgid(), +- xauth, "-f", cookiefile, "nlist", display, ++ uid, gid, ++ xauth, "-i", "-f", cookiefile, "nlist", display, + NULL) == 0) { + #ifdef WITH_SELINUX + security_context_t context = NULL; +@@ -583,12 +602,12 @@ pam_sm_open_session (pam_handle_t *pamh, + cookiefile, + "nlist", + t, +- (unsigned long) getuid(), +- (unsigned long) getgid()); ++ (unsigned long) uid, ++ (unsigned long) gid); + } + run_coprocess(pamh, NULL, &cookie, +- getuid(), getgid(), +- xauth, "-f", cookiefile, ++ uid, gid, ++ xauth, "-i", "-f", cookiefile, + "nlist", t, NULL); + } + free(t); +@@ -673,13 +692,17 @@ pam_sm_open_session (pam_handle_t *pamh, + goto cleanup; + } + ++ if (debug) { ++ pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'", ++ xauthority); ++ } + /* Set the new variable in the environment. */ + if (pam_putenv (pamh, xauthority) != PAM_SUCCESS) + pam_syslog(pamh, LOG_ERR, + "can't set environment variable '%s'", + xauthority); + putenv (xauthority); /* The environment owns this string now. */ +- xauthority = NULL; /* Don't free environment variables. */ ++ /* Don't free environment variables nor set them to NULL. */ + + /* set $DISPLAY in pam handle to make su - work */ + { diff --git a/pam.changes b/pam.changes index a7a0279..f8ad70f 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + ------------------------------------------------------------------- Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec diff --git a/pam.spec b/pam.spec index cff51f0..6fc5819 100644 --- a/pam.spec +++ b/pam.spec @@ -47,6 +47,7 @@ Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch +Patch5: pam-xauth_ownership.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -139,6 +140,7 @@ removed with one of the next releases. cp -a %{SOURCE12} . %patch2 -p1 %patch4 -p1 +%patch5 -p1 %build bash ./pam-login_defs-check.sh -- 2.51.1 From 9d79541e95b60796224323f8850fe2d8e673ac1d45e3872995df5927dce39915 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Mon, 19 Oct 2020 07:48:15 +0000 Subject: [PATCH 138/226] Revert: https://bugzilla.opensuse.org/show_bug.cgi?id=1177858 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=104 --- pam-login_defs-check.sh | 4 +- pam-xauth_ownership.patch | 106 -------------------------------------- pam.changes | 28 ---------- pam.spec | 2 - 4 files changed, 2 insertions(+), 138 deletions(-) delete mode 100644 pam-xauth_ownership.patch diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh index b559d79..d1f9e38 100644 --- a/pam-login_defs-check.sh +++ b/pam-login_defs-check.sh @@ -9,10 +9,10 @@ set -o errexit echo -n "Checking login.defs variables in pam... " >&2 grep -rh LOGIN_DEFS . | - sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' | LC_ALL=C sort -u >pam-login_defs-vars.lst -if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3c6e0020c31609690b69ef391654df930b74151d ; then +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/pam-xauth_ownership.patch b/pam-xauth_ownership.patch deleted file mode 100644 index 737af6f..0000000 --- a/pam-xauth_ownership.patch +++ /dev/null @@ -1,106 +0,0 @@ -Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c -+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -@@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh, - char *cookiefile = NULL, *xauthority = NULL, - *cookie = NULL, *display = NULL, *tmp = NULL, - *xauthlocalhostname = NULL; -- const char *user, *xauth = NULL; -+ const char *user, *xauth = NULL, *login_name; - struct passwd *tpwd, *rpwd; - int fd, i, debug = 0; - int retval = PAM_SUCCESS; -- uid_t systemuser = 499, targetuser = 0; -+ uid_t systemuser = 499, targetuser = 0, uid; -+ gid_t gid; -+ struct stat st; - - /* Parse arguments. We don't understand many, so no sense in breaking - * this into a separate function. */ -@@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh, - retval = PAM_SESSION_ERR; - goto cleanup; - } -- rpwd = pam_modutil_getpwuid(pamh, getuid()); -+ -+ login_name = pam_modutil_getlogin(pamh); -+ if (login_name == NULL) { -+ login_name = ""; -+ } -+ if (*login_name) -+ rpwd = pam_modutil_getpwnam(pamh, login_name); -+ else -+ rpwd = pam_modutil_getpwuid(pamh, getuid()); -+ - if (rpwd == NULL) { - pam_syslog(pamh, LOG_ERR, - "error determining invoking user's name"); -@@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh, - cookiefile); - } - -+ /* Get owner and group of the cookiefile */ -+ uid = getuid(); -+ gid = getgid(); -+ if (stat(cookiefile, &st) == 0) { -+ uid = st.st_uid; -+ gid = st.st_gid; -+ } -+ - /* Read the user's .Xauthority file. Because the current UID is - * the original user's UID, this will only fail if something has - * gone wrong, or we have no cookies. */ - if (debug) { - pam_syslog(pamh, LOG_DEBUG, -- "running \"%s %s %s %s %s\" as %lu/%lu", -- xauth, "-f", cookiefile, "nlist", display, -- (unsigned long) getuid(), (unsigned long) getgid()); -+ "running \"%s %s %s %s %s %s\" as %lu/%lu", -+ xauth, "-i", "-f", cookiefile, "nlist", display, -+ (unsigned long) uid, (unsigned long) gid); - } - if (run_coprocess(pamh, NULL, &cookie, -- getuid(), getgid(), -- xauth, "-f", cookiefile, "nlist", display, -+ uid, gid, -+ xauth, "-i", "-f", cookiefile, "nlist", display, - NULL) == 0) { - #ifdef WITH_SELINUX - security_context_t context = NULL; -@@ -583,12 +602,12 @@ pam_sm_open_session (pam_handle_t *pamh, - cookiefile, - "nlist", - t, -- (unsigned long) getuid(), -- (unsigned long) getgid()); -+ (unsigned long) uid, -+ (unsigned long) gid); - } - run_coprocess(pamh, NULL, &cookie, -- getuid(), getgid(), -- xauth, "-f", cookiefile, -+ uid, gid, -+ xauth, "-i", "-f", cookiefile, - "nlist", t, NULL); - } - free(t); -@@ -673,13 +692,17 @@ pam_sm_open_session (pam_handle_t *pamh, - goto cleanup; - } - -+ if (debug) { -+ pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'", -+ xauthority); -+ } - /* Set the new variable in the environment. */ - if (pam_putenv (pamh, xauthority) != PAM_SUCCESS) - pam_syslog(pamh, LOG_ERR, - "can't set environment variable '%s'", - xauthority); - putenv (xauthority); /* The environment owns this string now. */ -- xauthority = NULL; /* Don't free environment variables. */ -+ /* Don't free environment variables nor set them to NULL. */ - - /* set $DISPLAY in pam handle to make su - work */ - { diff --git a/pam.changes b/pam.changes index f8ad70f..f2c199e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,31 +1,3 @@ -------------------------------------------------------------------- -Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers - -- /usr/bin/xauth chokes on the old user's $HOME being on an NFS - file system. Run /usr/bin/xauth using the old user's uid/gid - Patch courtesy of Dr. Werner Fink. - [bsc#1174593, pam-xauth_ownership.patch] - -------------------------------------------------------------------- -Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec - -- pam-login_defs-check.sh: Fix the regexp to get a real variable - list (boo#1164274). - -------------------------------------------------------------------- -Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers - -- Revert the previous change [SR#815713]. - The group is not necessary for PAM functionality but used only - during testing. The test system should therefore create this group. - [bsc#1171016, pam.spec] - -------------------------------------------------------------------- -Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers - -- Add requirement for group "wheel" to spec file. - [bsc#1171016, pam.spec] - ------------------------------------------------------------------- Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 6fc5819..cff51f0 100644 --- a/pam.spec +++ b/pam.spec @@ -47,7 +47,6 @@ Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-xauth_ownership.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -140,7 +139,6 @@ removed with one of the next releases. cp -a %{SOURCE12} . %patch2 -p1 %patch4 -p1 -%patch5 -p1 %build bash ./pam-login_defs-check.sh -- 2.51.1 From f65a31291f411e4566decea9ddc27c24de423b38007417b692c2baba76a800cf Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 10 Nov 2020 12:23:49 +0000 Subject: [PATCH 139/226] - Enable pam_faillock [bnc#1171562] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=224 --- pam.changes | 5 +++++ pam.spec | 4 +--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index f8ad70f..dd0bef9 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + ------------------------------------------------------------------- Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index 6fc5819..cfaf920 100644 --- a/pam.spec +++ b/pam.spec @@ -212,8 +212,6 @@ for i in pam_*/README; do cp -fpv "$i" "$DOC/modules/README.${i%/*}" done popd -# XXX Remove until whitelisted -rm %{buildroot}/%{_lib}/security/pam_faillock.so # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ @@ -340,7 +338,7 @@ done /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so /%{_lib}/security/pam_faildelay.so -#/%{_lib}/security/pam_faillock.so +/%{_lib}/security/pam_faillock.so /%{_lib}/security/pam_filter.so %dir /%{_lib}/security/pam_filter /%{_lib}/security//pam_filter/upperLOWER -- 2.51.1 From e0f485fa5cca21ba72520a42ad3fed507a62136c466cfd3f946c080808b3faa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 16 Nov 2020 14:19:30 +0000 Subject: [PATCH 140/226] Accepting request 848315 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/848315 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=225 --- pam-bsc1178727-initialize-daysleft.patch | 13 +++++++++++++ pam.changes | 9 +++++++++ pam.spec | 2 ++ 3 files changed, 24 insertions(+) create mode 100644 pam-bsc1178727-initialize-daysleft.patch diff --git a/pam-bsc1178727-initialize-daysleft.patch b/pam-bsc1178727-initialize-daysleft.patch new file mode 100644 index 0000000..fa3a9b4 --- /dev/null +++ b/pam-bsc1178727-initialize-daysleft.patch @@ -0,0 +1,13 @@ +Index: Linux-PAM-1.4.0/modules/pam_unix/pam_unix_acct.c +=================================================================== +--- Linux-PAM-1.4.0.orig/modules/pam_unix/pam_unix_acct.c ++++ Linux-PAM-1.4.0/modules/pam_unix/pam_unix_acct.c +@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int + unsigned long long ctrl; + const void *void_uname; + const char *uname; +- int retval, daysleft; ++ int retval, daysleft = -1; + char buf[256]; + + D(("called.")); diff --git a/pam.changes b/pam.changes index dd0bef9..c8fc046 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + ------------------------------------------------------------------- Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index cfaf920..bc077a8 100644 --- a/pam.spec +++ b/pam.spec @@ -48,6 +48,7 @@ Source12: pam-login_defs-check.sh Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-xauth_ownership.patch +Patch6: pam-bsc1178727-initialize-daysleft.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -141,6 +142,7 @@ cp -a %{SOURCE12} . %patch2 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %build bash ./pam-login_defs-check.sh -- 2.51.1 From 828510602201c464ef76cdcd21c619edd57d4c7f3899614f449bb4793601d793 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Tue, 17 Nov 2020 11:09:48 +0000 Subject: [PATCH 141/226] https://bugzilla.opensuse.org/show_bug.cgi?id=1177858 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=106 --- pam-login_defs-check.sh | 4 +- pam-xauth_ownership.patch | 106 -------------------------------------- pam.changes | 33 ------------ pam.spec | 6 +-- 4 files changed, 5 insertions(+), 144 deletions(-) delete mode 100644 pam-xauth_ownership.patch diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh index b559d79..d1f9e38 100644 --- a/pam-login_defs-check.sh +++ b/pam-login_defs-check.sh @@ -9,10 +9,10 @@ set -o errexit echo -n "Checking login.defs variables in pam... " >&2 grep -rh LOGIN_DEFS . | - sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' | LC_ALL=C sort -u >pam-login_defs-vars.lst -if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3c6e0020c31609690b69ef391654df930b74151d ; then +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/pam-xauth_ownership.patch b/pam-xauth_ownership.patch deleted file mode 100644 index 737af6f..0000000 --- a/pam-xauth_ownership.patch +++ /dev/null @@ -1,106 +0,0 @@ -Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c -+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -@@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh, - char *cookiefile = NULL, *xauthority = NULL, - *cookie = NULL, *display = NULL, *tmp = NULL, - *xauthlocalhostname = NULL; -- const char *user, *xauth = NULL; -+ const char *user, *xauth = NULL, *login_name; - struct passwd *tpwd, *rpwd; - int fd, i, debug = 0; - int retval = PAM_SUCCESS; -- uid_t systemuser = 499, targetuser = 0; -+ uid_t systemuser = 499, targetuser = 0, uid; -+ gid_t gid; -+ struct stat st; - - /* Parse arguments. We don't understand many, so no sense in breaking - * this into a separate function. */ -@@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh, - retval = PAM_SESSION_ERR; - goto cleanup; - } -- rpwd = pam_modutil_getpwuid(pamh, getuid()); -+ -+ login_name = pam_modutil_getlogin(pamh); -+ if (login_name == NULL) { -+ login_name = ""; -+ } -+ if (*login_name) -+ rpwd = pam_modutil_getpwnam(pamh, login_name); -+ else -+ rpwd = pam_modutil_getpwuid(pamh, getuid()); -+ - if (rpwd == NULL) { - pam_syslog(pamh, LOG_ERR, - "error determining invoking user's name"); -@@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh, - cookiefile); - } - -+ /* Get owner and group of the cookiefile */ -+ uid = getuid(); -+ gid = getgid(); -+ if (stat(cookiefile, &st) == 0) { -+ uid = st.st_uid; -+ gid = st.st_gid; -+ } -+ - /* Read the user's .Xauthority file. Because the current UID is - * the original user's UID, this will only fail if something has - * gone wrong, or we have no cookies. */ - if (debug) { - pam_syslog(pamh, LOG_DEBUG, -- "running \"%s %s %s %s %s\" as %lu/%lu", -- xauth, "-f", cookiefile, "nlist", display, -- (unsigned long) getuid(), (unsigned long) getgid()); -+ "running \"%s %s %s %s %s %s\" as %lu/%lu", -+ xauth, "-i", "-f", cookiefile, "nlist", display, -+ (unsigned long) uid, (unsigned long) gid); - } - if (run_coprocess(pamh, NULL, &cookie, -- getuid(), getgid(), -- xauth, "-f", cookiefile, "nlist", display, -+ uid, gid, -+ xauth, "-i", "-f", cookiefile, "nlist", display, - NULL) == 0) { - #ifdef WITH_SELINUX - security_context_t context = NULL; -@@ -583,12 +602,12 @@ pam_sm_open_session (pam_handle_t *pamh, - cookiefile, - "nlist", - t, -- (unsigned long) getuid(), -- (unsigned long) getgid()); -+ (unsigned long) uid, -+ (unsigned long) gid); - } - run_coprocess(pamh, NULL, &cookie, -- getuid(), getgid(), -- xauth, "-f", cookiefile, -+ uid, gid, -+ xauth, "-i", "-f", cookiefile, - "nlist", t, NULL); - } - free(t); -@@ -673,13 +692,17 @@ pam_sm_open_session (pam_handle_t *pamh, - goto cleanup; - } - -+ if (debug) { -+ pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'", -+ xauthority); -+ } - /* Set the new variable in the environment. */ - if (pam_putenv (pamh, xauthority) != PAM_SUCCESS) - pam_syslog(pamh, LOG_ERR, - "can't set environment variable '%s'", - xauthority); - putenv (xauthority); /* The environment owns this string now. */ -- xauthority = NULL; /* Don't free environment variables. */ -+ /* Don't free environment variables nor set them to NULL. */ - - /* set $DISPLAY in pam handle to make su - work */ - { diff --git a/pam.changes b/pam.changes index dd0bef9..f2c199e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,36 +1,3 @@ -------------------------------------------------------------------- -Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk - -- Enable pam_faillock [bnc#1171562] - -------------------------------------------------------------------- -Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers - -- /usr/bin/xauth chokes on the old user's $HOME being on an NFS - file system. Run /usr/bin/xauth using the old user's uid/gid - Patch courtesy of Dr. Werner Fink. - [bsc#1174593, pam-xauth_ownership.patch] - -------------------------------------------------------------------- -Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec - -- pam-login_defs-check.sh: Fix the regexp to get a real variable - list (boo#1164274). - -------------------------------------------------------------------- -Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers - -- Revert the previous change [SR#815713]. - The group is not necessary for PAM functionality but used only - during testing. The test system should therefore create this group. - [bsc#1171016, pam.spec] - -------------------------------------------------------------------- -Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers - -- Add requirement for group "wheel" to spec file. - [bsc#1171016, pam.spec] - ------------------------------------------------------------------- Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index cfaf920..cff51f0 100644 --- a/pam.spec +++ b/pam.spec @@ -47,7 +47,6 @@ Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-xauth_ownership.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -140,7 +139,6 @@ removed with one of the next releases. cp -a %{SOURCE12} . %patch2 -p1 %patch4 -p1 -%patch5 -p1 %build bash ./pam-login_defs-check.sh @@ -212,6 +210,8 @@ for i in pam_*/README; do cp -fpv "$i" "$DOC/modules/README.${i%/*}" done popd +# XXX Remove until whitelisted +rm %{buildroot}/%{_lib}/security/pam_faillock.so # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ @@ -338,7 +338,7 @@ done /%{_lib}/security/pam_env.so /%{_lib}/security/pam_exec.so /%{_lib}/security/pam_faildelay.so -/%{_lib}/security/pam_faillock.so +#/%{_lib}/security/pam_faillock.so /%{_lib}/security/pam_filter.so %dir /%{_lib}/security/pam_filter /%{_lib}/security//pam_filter/upperLOWER -- 2.51.1 From 94ef2ca6a9c927394b4e723b59bd4e0f7ccc4f61535c33ac888744f1afaea23c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Thu, 19 Nov 2020 11:13:17 +0000 Subject: [PATCH 142/226] Accepting request 849367 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/849367 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=226 --- ...1177858-dont-free-environment-string.patch | 26 +++++ pam-pam_cracklib-add-usersubstr.patch | 99 +++++++++++++++++++ pam.changes | 17 ++++ pam.spec | 4 + 4 files changed, 146 insertions(+) create mode 100644 pam-bsc1177858-dont-free-environment-string.patch create mode 100644 pam-pam_cracklib-add-usersubstr.patch diff --git a/pam-bsc1177858-dont-free-environment-string.patch b/pam-bsc1177858-dont-free-environment-string.patch new file mode 100644 index 0000000..9a9670b --- /dev/null +++ b/pam-bsc1177858-dont-free-environment-string.patch @@ -0,0 +1,26 @@ +Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c +=================================================================== +--- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c ++++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c +@@ -701,8 +701,9 @@ pam_sm_open_session (pam_handle_t *pamh, + pam_syslog(pamh, LOG_ERR, + "can't set environment variable '%s'", + xauthority); +- putenv (xauthority); /* The environment owns this string now. */ +- /* Don't free environment variables nor set them to NULL. */ ++ if (putenv (xauthority) == 0) /* The environment owns this string now. */ ++ xauthority = NULL; ++ /* Don't free environment variables. */ + + /* set $DISPLAY in pam handle to make su - work */ + { +@@ -765,7 +766,8 @@ cleanup: + unsetenv (XAUTHENV); + free(cookiefile); + free(cookie); +- free(xauthority); ++ if (xauthority != NULL) /* If it hasn't been successfully passed to putenv() ... */ ++ free(xauthority); + return retval; + } + diff --git a/pam-pam_cracklib-add-usersubstr.patch b/pam-pam_cracklib-add-usersubstr.patch new file mode 100644 index 0000000..977af32 --- /dev/null +++ b/pam-pam_cracklib-add-usersubstr.patch @@ -0,0 +1,99 @@ +Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c +=================================================================== +--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.c ++++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c +@@ -88,6 +88,7 @@ struct cracklib_options { + int reject_user; + int gecos_check; + int enforce_for_root; ++ int user_substr; + const char *cracklib_dictpath; + }; + +@@ -100,6 +101,7 @@ struct cracklib_options { + #define CO_LOW_CREDIT 1 + #define CO_OTH_CREDIT 1 + #define CO_MIN_WORD_LENGTH 4 ++#define CO_MIN_WORD_LENGTH 4 + + static int + _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt, +@@ -185,6 +187,10 @@ _pam_parse (pam_handle_t *pamh, struct c + if (!*(opt->cracklib_dictpath)) { + opt->cracklib_dictpath = CRACKLIB_DICTS; + } ++ } else if ((str = pam_str_skip_prefix(*argv, "usersubstr=")) != NULL) { ++ opt->user_substr = strtol(str, &ep, 10); ++ if (ep == str) ++ opt->user_substr = 0; + } else { + pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); + } +@@ -525,13 +531,54 @@ static int wordcheck(const char *new, ch + return 0; + } + +-static int usercheck(struct cracklib_options *opt, const char *new, ++/* ++ * RETURNS: True if the password is unacceptable, else false ++ */ ++static int usersubstr(pam_handle_t *pamh, int len, const char *new, char *user) ++{ ++ int i, userlen; ++ int bad = 0; // Assume it's OK unless proven otherwise ++ char *subuser = calloc(len+1, sizeof(char)); ++ ++ if (subuser == NULL) { ++ return 1; ++ } ++ ++ userlen = strlen(user); ++ ++ if (len >= CO_MIN_WORD_LENGTH && ++ userlen > len) { ++ for(i = 0; !bad && (i <= userlen - len); i++) { ++ strncpy(subuser, user+i, len+1); ++ subuser[len] = '\0'; ++ bad = wordcheck(new, subuser); ++ } ++ } else { ++ // if we already tested substrings, there's no need to test ++ // the whole username; all substrings would've been found :) ++ if (!bad) ++ bad = wordcheck(new, user); ++ } ++ ++ free(subuser); ++ ++ return bad; ++} ++ ++/* ++ * RETURNS: True if the password is unacceptable, else false ++ */ ++static int usercheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new, + char *user) + { +- if (!opt->reject_user) +- return 0; ++ int bad = 0; ++ ++ if (opt->reject_user) ++ bad = wordcheck(new, user); ++ if (!bad && opt->user_substr != 0) ++ bad = usersubstr(pamh, opt->user_substr, new, user); + +- return wordcheck(new, user); ++ return bad; + } + + static char * str_lower(char *string) +@@ -646,7 +693,7 @@ static const char *password_check(pam_ha + if (!msg && sequence(opt, new)) + msg = _("contains too long of a monotonic character sequence"); + +- if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user))) ++ if (!msg && (usercheck(pamh, opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user))) + msg = _("contains the user name in some form"); + + free(usermono); diff --git a/pam.changes b/pam.changes index c8fc046..f6714bd 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + ------------------------------------------------------------------- Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index bc077a8..35da088 100644 --- a/pam.spec +++ b/pam.spec @@ -49,6 +49,8 @@ Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-xauth_ownership.patch Patch6: pam-bsc1178727-initialize-daysleft.patch +Patch8: pam-bsc1177858-dont-free-environment-string.patch +Patch9: pam-pam_cracklib-add-usersubstr.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -143,6 +145,8 @@ cp -a %{SOURCE12} . %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch8 -p1 +%patch9 -p1 %build bash ./pam-login_defs-check.sh -- 2.51.1 From 6c6194062905a9498a5a2f4268283e23d6e5a569e62fe4bcc98e40172c20ccfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Thu, 19 Nov 2020 13:56:42 +0000 Subject: [PATCH 143/226] Accepting request 849441 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/849441 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=227 --- pam-pam_cracklib-add-usersubstr.patch | 158 ++++++++++++++++++++------ 1 file changed, 122 insertions(+), 36 deletions(-) diff --git a/pam-pam_cracklib-add-usersubstr.patch b/pam-pam_cracklib-add-usersubstr.patch index 977af32..b3f55b1 100644 --- a/pam-pam_cracklib-add-usersubstr.patch +++ b/pam-pam_cracklib-add-usersubstr.patch @@ -1,3 +1,107 @@ +Index: Linux-PAM-1.4.0/doc/sag/Linux-PAM_SAG.txt +=================================================================== +--- Linux-PAM-1.4.0.orig/doc/sag/Linux-PAM_SAG.txt ++++ Linux-PAM-1.4.0/doc/sag/Linux-PAM_SAG.txt +@@ -1003,6 +1003,14 @@ reject_username + Check whether the name of the user in straight or reversed form is + contained in the new password. If it is found the new password is rejected. + ++usersubstr=N ++ ++ Reject passwords which contain any substring of N or more consecutive ++ characters of the user's name straight or in reverse order. ++ N must be at least 4 for this to be applicable. ++ Also, usernames shorter than N are not checked. ++ If such a substring is found, the password is rejected. ++ + gecoscheck + + Check whether the words from the GECOS field (usually full name of the +Index: Linux-PAM-1.4.0/doc/sag/html/sag-pam_cracklib.html +=================================================================== +--- Linux-PAM-1.4.0.orig/doc/sag/html/sag-pam_cracklib.html ++++ Linux-PAM-1.4.0/doc/sag/html/sag-pam_cracklib.html +@@ -198,6 +198,15 @@ + form is contained in the new password. If it is found the + new password is rejected. +

++ usersubstr=N ++

++ Reject passwords which contain any substring of N or more ++ consecutive characters of the user's name straight or in ++ reverse order. ++ N must be at least 4 for this to be applicable. ++ Also, usernames shorter than N are not checked. ++ If such a substring is found, the password is rejected. ++

+ gecoscheck +

+ Check whether the words from the GECOS field (usually full name +Index: Linux-PAM-1.4.0/modules/pam_cracklib/README +=================================================================== +--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/README ++++ Linux-PAM-1.4.0/modules/pam_cracklib/README +@@ -179,6 +179,14 @@ reject_username + Check whether the name of the user in straight or reversed form is + contained in the new password. If it is found the new password is rejected. + ++usersubstr=N ++ ++ Reject passwords which contain any substring of N or more consecutive ++ characters of the user's name straight or in reverse order. ++ N must be at least 4 for this to be applicable. ++ Also, usernames shorter than N are not checked. ++ If such a substring is found, the password is rejected. ++ + gecoscheck + + Check whether the words from the GECOS field (usually full name of the +Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8 +=================================================================== +--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.8 ++++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8 +@@ -232,6 +232,15 @@ Reject passwords which contain more than + Check whether the name of the user in straight or reversed form is contained in the new password\&. If it is found the new password is rejected\&. + .RE + .PP ++\fBusersubstr=\fR\fB\fIN\fR\fR ++.RS 4 ++Reject passwords which contain any substring of N or more consecutive characters of the user\*(Aqs name straight or in ++reverse order\&. ++N must be at least 4 for this to be applicable\&. ++Also, usernames shorter than N are not checked\&. ++If such a substring is found, the password is rejected\&. ++.RE ++.PP + \fBgecoscheck\fR + .RS 4 + Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&. +Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8.xml +=================================================================== +--- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.8.xml ++++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8.xml +@@ -396,6 +396,21 @@ + + + ++ ++ ++ ++ ++ ++ ++ Reject passwords which contain any substring of N or more ++ consecutive characters of the user's name straight or in ++ reverse order. N must be at least 4 for this to be applicable. ++ Also, usernames shorter than N are not checked. ++ If such a substring is found, the password is rejected. ++ ++ ++ ++ + + + Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c =================================================================== --- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.c @@ -10,15 +114,7 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c const char *cracklib_dictpath; }; -@@ -100,6 +101,7 @@ struct cracklib_options { - #define CO_LOW_CREDIT 1 - #define CO_OTH_CREDIT 1 - #define CO_MIN_WORD_LENGTH 4 -+#define CO_MIN_WORD_LENGTH 4 - - static int - _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt, -@@ -185,6 +187,10 @@ _pam_parse (pam_handle_t *pamh, struct c +@@ -185,6 +186,10 @@ _pam_parse (pam_handle_t *pamh, struct c if (!*(opt->cracklib_dictpath)) { opt->cracklib_dictpath = CRACKLIB_DICTS; } @@ -29,38 +125,37 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c } else { pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); } -@@ -525,13 +531,54 @@ static int wordcheck(const char *new, ch +@@ -525,13 +530,54 @@ static int wordcheck(const char *new, ch return 0; } --static int usercheck(struct cracklib_options *opt, const char *new, +/* + * RETURNS: True if the password is unacceptable, else false + */ -+static int usersubstr(pam_handle_t *pamh, int len, const char *new, char *user) ++static int usersubstr(int len, const char *new, char *user) +{ + int i, userlen; -+ int bad = 0; // Assume it's OK unless proven otherwise ++ int bad = 0; // Assume it's OK unless proven otherwise + char *subuser = calloc(len+1, sizeof(char)); + + if (subuser == NULL) { -+ return 1; ++ return 1; + } + + userlen = strlen(user); + + if (len >= CO_MIN_WORD_LENGTH && -+ userlen > len) { -+ for(i = 0; !bad && (i <= userlen - len); i++) { -+ strncpy(subuser, user+i, len+1); -+ subuser[len] = '\0'; -+ bad = wordcheck(new, subuser); -+ } ++ userlen > len) { ++ for(i = 0; !bad && (i <= userlen - len); i++) { ++ strncpy(subuser, user+i, len+1); ++ subuser[len] = '\0'; ++ bad = wordcheck(new, subuser); ++ } + } else { -+ // if we already tested substrings, there's no need to test -+ // the whole username; all substrings would've been found :) -+ if (!bad) -+ bad = wordcheck(new, user); ++ // if we already tested substrings, there's no need to test ++ // the whole username; all substrings would've been found :) ++ if (!bad) ++ bad = wordcheck(new, user); + } + + free(subuser); @@ -71,7 +166,7 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c +/* + * RETURNS: True if the password is unacceptable, else false + */ -+static int usercheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new, + static int usercheck(struct cracklib_options *opt, const char *new, char *user) { - if (!opt->reject_user) @@ -79,21 +174,12 @@ Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c + int bad = 0; + + if (opt->reject_user) -+ bad = wordcheck(new, user); ++ bad = wordcheck(new, user); + if (!bad && opt->user_substr != 0) -+ bad = usersubstr(pamh, opt->user_substr, new, user); ++ bad = usersubstr(opt->user_substr, new, user); - return wordcheck(new, user); + return bad; } static char * str_lower(char *string) -@@ -646,7 +693,7 @@ static const char *password_check(pam_ha - if (!msg && sequence(opt, new)) - msg = _("contains too long of a monotonic character sequence"); - -- if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user))) -+ if (!msg && (usercheck(pamh, opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user))) - msg = _("contains the user name in some form"); - - free(usermono); -- 2.51.1 From c4daf63ae58f8378218ebb9a84606e6ac74e76e054f32b807fe182aa590ab578 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 19 Nov 2020 15:52:27 +0000 Subject: [PATCH 144/226] - Update to 1.5.0 - obsoletes pam-bsc1178727-initialize-daysleft.patch - Multiple minor bug fixes, portability fixes, and documentation improvements. - Extended libpam API with pam_modutil_check_user_in_passwd function. - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. - pam_motd: read motd files with target user credentials skipping unreadable ones. - pam_pwhistory: added a SELinux helper executable. - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. - pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. - libpam: pam_modutil_drop_priv() now correctly sets the target user's supplementary groups, allowing pam_motd to filter messages accordingly - Refresh pam-xauth_ownership.patch - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=228 --- Linux-PAM-1.4.0-docs.tar.xz | 3 - Linux-PAM-1.4.0.tar.xz | 3 - Linux-PAM-1.5.0-docs.tar.xz | 3 + Linux-PAM-1.5.0.tar.xz | 3 + pam-bsc1178727-initialize-daysleft.patch | 13 - pam-pam_cracklib-add-usersubstr.patch | 104 -- pam-xauth_ownership.patch | 19 +- pam.changes | 20 + pam.spec | 13 +- pam_cracklib-removal.patch | 1740 ++++++++++++++++++++++ pam_tally2-removal.patch | 1332 +++++++++++++++++ 11 files changed, 3115 insertions(+), 138 deletions(-) delete mode 100644 Linux-PAM-1.4.0-docs.tar.xz delete mode 100644 Linux-PAM-1.4.0.tar.xz create mode 100644 Linux-PAM-1.5.0-docs.tar.xz create mode 100644 Linux-PAM-1.5.0.tar.xz delete mode 100644 pam-bsc1178727-initialize-daysleft.patch create mode 100644 pam_cracklib-removal.patch create mode 100644 pam_tally2-removal.patch diff --git a/Linux-PAM-1.4.0-docs.tar.xz b/Linux-PAM-1.4.0-docs.tar.xz deleted file mode 100644 index 273819e..0000000 --- a/Linux-PAM-1.4.0-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:351764a0643052564a4b840320744c7e402112a2a57d2ac04511a6d22dc52e04 -size 477712 diff --git a/Linux-PAM-1.4.0.tar.xz b/Linux-PAM-1.4.0.tar.xz deleted file mode 100644 index fedf45f..0000000 --- a/Linux-PAM-1.4.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:cd6d928c51e64139be3bdb38692c68183a509b83d4f2c221024ccd4bcddfd034 -size 988908 diff --git a/Linux-PAM-1.5.0-docs.tar.xz b/Linux-PAM-1.5.0-docs.tar.xz new file mode 100644 index 0000000..f465fd7 --- /dev/null +++ b/Linux-PAM-1.5.0-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:75fefd2a601c76d5e289aa8c36234ec2ac398395f4a48caf5ef638c1131019a9 +size 441644 diff --git a/Linux-PAM-1.5.0.tar.xz b/Linux-PAM-1.5.0.tar.xz new file mode 100644 index 0000000..d5f6b23 --- /dev/null +++ b/Linux-PAM-1.5.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:02d39854b508fae9dc713f7733bbcdadbe17b50de965aedddd65bcb6cc7852c8 +size 972228 diff --git a/pam-bsc1178727-initialize-daysleft.patch b/pam-bsc1178727-initialize-daysleft.patch deleted file mode 100644 index fa3a9b4..0000000 --- a/pam-bsc1178727-initialize-daysleft.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: Linux-PAM-1.4.0/modules/pam_unix/pam_unix_acct.c -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_unix/pam_unix_acct.c -+++ Linux-PAM-1.4.0/modules/pam_unix/pam_unix_acct.c -@@ -189,7 +189,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int - unsigned long long ctrl; - const void *void_uname; - const char *uname; -- int retval, daysleft; -+ int retval, daysleft = -1; - char buf[256]; - - D(("called.")); diff --git a/pam-pam_cracklib-add-usersubstr.patch b/pam-pam_cracklib-add-usersubstr.patch index b3f55b1..8478271 100644 --- a/pam-pam_cracklib-add-usersubstr.patch +++ b/pam-pam_cracklib-add-usersubstr.patch @@ -1,107 +1,3 @@ -Index: Linux-PAM-1.4.0/doc/sag/Linux-PAM_SAG.txt -=================================================================== ---- Linux-PAM-1.4.0.orig/doc/sag/Linux-PAM_SAG.txt -+++ Linux-PAM-1.4.0/doc/sag/Linux-PAM_SAG.txt -@@ -1003,6 +1003,14 @@ reject_username - Check whether the name of the user in straight or reversed form is - contained in the new password. If it is found the new password is rejected. - -+usersubstr=N -+ -+ Reject passwords which contain any substring of N or more consecutive -+ characters of the user's name straight or in reverse order. -+ N must be at least 4 for this to be applicable. -+ Also, usernames shorter than N are not checked. -+ If such a substring is found, the password is rejected. -+ - gecoscheck - - Check whether the words from the GECOS field (usually full name of the -Index: Linux-PAM-1.4.0/doc/sag/html/sag-pam_cracklib.html -=================================================================== ---- Linux-PAM-1.4.0.orig/doc/sag/html/sag-pam_cracklib.html -+++ Linux-PAM-1.4.0/doc/sag/html/sag-pam_cracklib.html -@@ -198,6 +198,15 @@ - form is contained in the new password. If it is found the - new password is rejected. -

-+ usersubstr=N -+

-+ Reject passwords which contain any substring of N or more -+ consecutive characters of the user's name straight or in -+ reverse order. -+ N must be at least 4 for this to be applicable. -+ Also, usernames shorter than N are not checked. -+ If such a substring is found, the password is rejected. -+

- gecoscheck -

- Check whether the words from the GECOS field (usually full name -Index: Linux-PAM-1.4.0/modules/pam_cracklib/README -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_cracklib/README -+++ Linux-PAM-1.4.0/modules/pam_cracklib/README -@@ -179,6 +179,14 @@ reject_username - Check whether the name of the user in straight or reversed form is - contained in the new password. If it is found the new password is rejected. - -+usersubstr=N -+ -+ Reject passwords which contain any substring of N or more consecutive -+ characters of the user's name straight or in reverse order. -+ N must be at least 4 for this to be applicable. -+ Also, usernames shorter than N are not checked. -+ If such a substring is found, the password is rejected. -+ - gecoscheck - - Check whether the words from the GECOS field (usually full name of the -Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8 -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.8 -+++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8 -@@ -232,6 +232,15 @@ Reject passwords which contain more than - Check whether the name of the user in straight or reversed form is contained in the new password\&. If it is found the new password is rejected\&. - .RE - .PP -+\fBusersubstr=\fR\fB\fIN\fR\fR -+.RS 4 -+Reject passwords which contain any substring of N or more consecutive characters of the user\*(Aqs name straight or in -+reverse order\&. -+N must be at least 4 for this to be applicable\&. -+Also, usernames shorter than N are not checked\&. -+If such a substring is found, the password is rejected\&. -+.RE -+.PP - \fBgecoscheck\fR - .RS 4 - Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&. -Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8.xml -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.8.xml -+++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.8.xml -@@ -396,6 +396,21 @@ - - - -+ -+ -+ -+ -+ -+ -+ Reject passwords which contain any substring of N or more -+ consecutive characters of the user's name straight or in -+ reverse order. N must be at least 4 for this to be applicable. -+ Also, usernames shorter than N are not checked. -+ If such a substring is found, the password is rejected. -+ -+ -+ -+ - - - Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c =================================================================== --- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.c diff --git a/pam-xauth_ownership.patch b/pam-xauth_ownership.patch index 737af6f..9fed067 100644 --- a/pam-xauth_ownership.patch +++ b/pam-xauth_ownership.patch @@ -1,8 +1,7 @@ -Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c -+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -@@ -355,11 +355,13 @@ pam_sm_open_session (pam_handle_t *pamh, +diff -urN Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c +--- Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c 2020-11-10 16:46:13.000000000 +0100 ++++ Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c 2020-11-19 11:50:54.176925556 +0100 +@@ -355,11 +355,13 @@ char *cookiefile = NULL, *xauthority = NULL, *cookie = NULL, *display = NULL, *tmp = NULL, *xauthlocalhostname = NULL; @@ -18,7 +17,7 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c /* Parse arguments. We don't understand many, so no sense in breaking * this into a separate function. */ -@@ -429,7 +431,16 @@ pam_sm_open_session (pam_handle_t *pamh, +@@ -429,7 +431,16 @@ retval = PAM_SESSION_ERR; goto cleanup; } @@ -36,7 +35,7 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c if (rpwd == NULL) { pam_syslog(pamh, LOG_ERR, "error determining invoking user's name"); -@@ -518,18 +529,26 @@ pam_sm_open_session (pam_handle_t *pamh, +@@ -518,18 +529,26 @@ cookiefile); } @@ -67,8 +66,8 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c + xauth, "-i", "-f", cookiefile, "nlist", display, NULL) == 0) { #ifdef WITH_SELINUX - security_context_t context = NULL; -@@ -583,12 +602,12 @@ pam_sm_open_session (pam_handle_t *pamh, + char *context_raw = NULL; +@@ -583,12 +602,12 @@ cookiefile, "nlist", t, @@ -85,7 +84,7 @@ Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c "nlist", t, NULL); } free(t); -@@ -673,13 +692,17 @@ pam_sm_open_session (pam_handle_t *pamh, +@@ -673,13 +692,17 @@ goto cleanup; } diff --git a/pam.changes b/pam.changes index f6714bd..c43791d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + ------------------------------------------------------------------- Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index 35da088..0585c87 100644 --- a/pam.spec +++ b/pam.spec @@ -27,7 +27,7 @@ %endif Name: pam # -Version: 1.4.0 +Version: 1.5.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -48,7 +48,8 @@ Source12: pam-login_defs-check.sh Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-xauth_ownership.patch -Patch6: pam-bsc1178727-initialize-daysleft.patch +Patch6: pam_cracklib-removal.patch +Patch7: pam_tally2-removal.patch Patch8: pam-bsc1177858-dont-free-environment-string.patch Patch9: pam-pam_cracklib-add-usersubstr.patch BuildRequires: audit-devel @@ -144,7 +145,8 @@ cp -a %{SOURCE12} . %patch2 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 +%patch6 -R -p1 +%patch7 -R -p1 %patch8 -p1 %patch9 -p1 @@ -316,6 +318,7 @@ done %{_mandir}/man8/pam_sepermit.8%{?ext_man} %{_mandir}/man8/pam_setquota.8%{?ext_man} %{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} %{_mandir}/man8/pam_succeed_if.8%{?ext_man} %{_mandir}/man8/pam_time.8%{?ext_man} %{_mandir}/man8/pam_timestamp.8%{?ext_man} @@ -327,6 +330,7 @@ done %{_mandir}/man8/pam_warn.8%{?ext_man} %{_mandir}/man8/pam_wheel.8%{?ext_man} %{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} %{_mandir}/man8/unix2_chkpwd.8%{?ext_man} %{_mandir}/man8/unix_chkpwd.8%{?ext_man} %{_mandir}/man8/unix_update.8%{?ext_man} @@ -392,6 +396,7 @@ done /sbin/mkhomedir_helper /sbin/pam_namespace_helper /sbin/pam_timestamp_check +/sbin/pwhistory_helper %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %attr(0700,root,root) /sbin/unix_update @@ -407,8 +412,6 @@ done /%{_lib}/security/pam_cracklib.so /%{_lib}/security/pam_tally2.so /sbin/pam_tally2 -%{_mandir}/man8/pam_cracklib.8%{?ext_man} -%{_mandir}/man8/pam_tally2.8%{?ext_man} %files doc %defattr(644,root,root,755) diff --git a/pam_cracklib-removal.patch b/pam_cracklib-removal.patch new file mode 100644 index 0000000..22dbdcb --- /dev/null +++ b/pam_cracklib-removal.patch @@ -0,0 +1,1740 @@ +From d702ff714c309069111899fd07c09e31c414c166 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Thu, 29 Oct 2020 08:00:00 +0000 +Subject: [PATCH] Remove deprecated pam_cracklib module + +* ci/install-dependencies.sh: Remove libcrack2-dev. +* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove +--enable-cracklib=check. +* conf/pam.conf: Remove references to pam_cracklib.so. +* configure.ac: Remove --enable-cracklib option. +(AC_SUBST): Remove LIBCRACK. +(AM_CONDITIONAL): Remove COND_BUILD_PAM_CRACKLIB. +(AC_CONFIG_FILES): Remove modules/pam_cracklib/Makefile. +* doc/sag/pam_cracklib.xml: Remove. +* doc/sag/Linux-PAM_SAG.xml: Do not include pam_cracklib.xml. +* modules/Makefile.am (MAYBE_PAM_CRACKLIB): Remove. +(SUBDIRS): Remove MAYBE_PAM_CRACKLIB. +* modules/pam_cracklib/Makefile.am: Remove. +* modules/pam_cracklib/README.xml: Likewise. +* modules/pam_cracklib/pam_cracklib.8.xml: Likewise. +* modules/pam_cracklib/pam_cracklib.c: Likewise. +* modules/pam_cracklib/tst-pam_cracklib: Likewise. +* xtests/tst-pam_cracklib1.c: Likewise. +* xtests/tst-pam_cracklib1.pamd: Likewise. +* xtests/tst-pam_cracklib2.c: Likewise. +* xtests/tst-pam_cracklib2.pamd: Likewise. +* modules/pam_pwhistory/pam_pwhistory.8.xml: Replace pam_cracklib +in examples with pam_passwdqc. +* modules/pam_unix/pam_unix.8.xml: Likewise. +* po/POTFILES.in: Remove ./modules/pam_cracklib/pam_cracklib.c. +* xtests/.gitignore: Remove tst-pam_cracklib1 and tst-pam_cracklib2. +* xtests/Makefile.am (EXTRA_DIST): Remove tst-pam_cracklib1.pamd +and tst-pam_cracklib2.pamd. +(XTESTS): Remove tst-pam_cracklib1 and tst-pam_cracklib2. +* NEWS: Document this change. +--- + NEWS | 2 + + ci/install-dependencies.sh | 1 - + ci/run-build-and-tests.sh | 2 +- + conf/pam.conf | 5 - + configure.ac | 25 +- + doc/sag/Linux-PAM_SAG.xml | 2 - + doc/sag/pam_cracklib.xml | 34 - + modules/Makefile.am | 5 - + modules/pam_cracklib/Makefile.am | 33 - + modules/pam_cracklib/README.xml | 41 - + modules/pam_cracklib/pam_cracklib.8.xml | 592 -------------- + modules/pam_cracklib/pam_cracklib.c | 899 ---------------------- + modules/pam_cracklib/tst-pam_cracklib | 2 - + modules/pam_pwhistory/pam_pwhistory.8.xml | 6 +- + modules/pam_unix/pam_unix.8.xml | 6 +- + po/POTFILES.in | 1 - + xtests/.gitignore | 2 - + xtests/Makefile.am | 2 - + xtests/tst-pam_cracklib1.c | 135 ---- + xtests/tst-pam_cracklib1.pamd | 2 - + xtests/tst-pam_cracklib2.c | 143 ---- + xtests/tst-pam_cracklib2.pamd | 2 - + 22 files changed, 10 insertions(+), 1932 deletions(-) + delete mode 100644 doc/sag/pam_cracklib.xml + delete mode 100644 modules/pam_cracklib/Makefile.am + delete mode 100644 modules/pam_cracklib/README.xml + delete mode 100644 modules/pam_cracklib/pam_cracklib.8.xml + delete mode 100644 modules/pam_cracklib/pam_cracklib.c + delete mode 100755 modules/pam_cracklib/tst-pam_cracklib + delete mode 100644 xtests/tst-pam_cracklib1.c + delete mode 100644 xtests/tst-pam_cracklib1.pamd + delete mode 100644 xtests/tst-pam_cracklib2.c + delete mode 100644 xtests/tst-pam_cracklib2.pamd + +diff --git a/configure.ac b/configure.ac +index 59327a75..4397124d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -334,28 +334,6 @@ case "$ac_cv_search_dlopen" in + esac + AC_SUBST(LIBDL) + +-AC_ARG_ENABLE([cracklib], +- [AS_HELP_STRING([--enable-cracklib], +- [build deprecated pam_cracklib module])], +- [], [enable_cracklib=no]) +-LIBCRACK="" +-case "$enable_cracklib" in +- no) ;; +- yes|check) +- dnl Check for cracklib +- AC_CHECK_HEADERS([crack.h], +- [AC_CHECK_LIB([crack], [FascistCheck], +- [LIBCRACK="-lcrack"])]) +- if test -z "$LIBCRACK"; then +- if test "$enable_cracklib" = yes; then +- AC_MSG_FAILURE([failed to find cracklib]) +- fi +- fi +- ;; +- *) AC_MSG_ERROR([bad value $enable_cracklib for --enable-cracklib option]) ;; +-esac +-AC_SUBST(LIBCRACK) +- + dnl Look for Linux Auditing library - see documentation + AC_ARG_ENABLE([audit], + AS_HELP_STRING([--disable-audit],[do not enable audit support]), +@@ -662,7 +640,6 @@ case "$enable_unix" in + *) AC_MSG_ERROR([bad value $enable_unix for --enable-unix option]) ;; + esac + +-AM_CONDITIONAL([COND_BUILD_PAM_CRACKLIB], [test -n "$LIBCRACK"]) + AM_CONDITIONAL([COND_BUILD_PAM_KEYINIT], [test "$have_key_syscalls" = 1]) + AM_CONDITIONAL([COND_BUILD_PAM_LASTLOG], [test "$ac_cv_func_logwtmp" = yes]) + AM_CONDITIONAL([COND_BUILD_PAM_NAMESPACE], [test "$ac_cv_func_unshare" = yes]) +@@ -682,7 +659,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile + po/Makefile.in \ + Make.xml.rules \ + modules/Makefile \ +- modules/pam_access/Makefile modules/pam_cracklib/Makefile \ ++ modules/pam_access/Makefile \ + modules/pam_debug/Makefile modules/pam_deny/Makefile \ + modules/pam_echo/Makefile modules/pam_env/Makefile \ + modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \ +diff --git a/modules/Makefile.am b/modules/Makefile.am +index 641108dd..aa03e319 100644 +--- a/modules/Makefile.am ++++ b/modules/Makefile.am +@@ -2,10 +2,6 @@ + # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk + # + +-if COND_BUILD_PAM_CRACKLIB +- MAYBE_PAM_CRACKLIB = pam_cracklib +-endif +- + if COND_BUILD_PAM_KEYINIT + MAYBE_PAM_KEYINIT = pam_keyinit + endif +@@ -56,7 +52,6 @@ endif + + SUBDIRS := \ + pam_access \ +- $(MAYBE_PAM_CRACKLIB) \ + pam_debug \ + pam_deny \ + pam_echo \ +diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am +deleted file mode 100644 +index e11c42d7..00000000 +--- a/modules/pam_cracklib/Makefile.am ++++ /dev/null +@@ -1,33 +0,0 @@ +-# +-# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk +-# +- +-CLEANFILES = *~ +-MAINTAINERCLEANFILES = $(MANS) README +- +-EXTRA_DIST = $(XMLS) +- +-#if HAVE_DOC +-#dist_man_MANS = pam_cracklib.8 +-#endif +-XMLS = README.xml pam_cracklib.8.xml +-dist_check_SCRIPTS = tst-pam_cracklib +-TESTS = $(dist_check_SCRIPTS) +- +-securelibdir = $(SECUREDIR) +-secureconfdir = $(SCONFIGDIR) +- +-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- $(WARN_CFLAGS) +-AM_LDFLAGS = -no-undefined -avoid-version -module +-if HAVE_VERSIONING +- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +-endif +-pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \ +- @LIBCRACK@ @LIBCRYPT@ +-securelib_LTLIBRARIES = pam_cracklib.la +- +-if ENABLE_REGENERATE_MAN +-dist_noinst_DATA = README +--include $(top_srcdir)/Make.xml.rules +-endif +diff --git a/modules/pam_cracklib/README.xml b/modules/pam_cracklib/README.xml +deleted file mode 100644 +index c4a7b54c..00000000 +--- a/modules/pam_cracklib/README.xml ++++ /dev/null +@@ -1,41 +0,0 @@ +- +- +---> +-]> +- +-

+- +- +- +- +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_cracklib.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_cracklib-name"]/*)'/> +- +- +- +- +-
+- +-
+- +-
+- +-
+- +-
+- +-
+- +-
+- +-
+- +-
+diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml +deleted file mode 100644 +index 75e44e2d..00000000 +--- a/modules/pam_cracklib/pam_cracklib.8.xml ++++ /dev/null +@@ -1,592 +0,0 @@ +- +- +- +- +- +- +- pam_cracklib +- 8 +- Linux-PAM Manual +- +- +- +- pam_cracklib +- PAM module to check the password against dictionary words +- +- +- +- +- pam_cracklib.so +- +- ... +- +- +- +- +- +- +- DESCRIPTION +- +- +- This module can be plugged into the password stack of +- a given application to provide some plug-in strength-checking for passwords. +- +- +- +- The action of this module is to prompt the user for a password and +- check its strength against a system dictionary and a set of rules for +- identifying poor choices. +- +- +- +- The first action is to prompt for a single password, check its +- strength and then, if it is considered strong, prompt for the password +- a second time (to verify that it was typed correctly on the first +- occasion). All being well, the password is passed on to subsequent +- modules to be installed as the new authentication token. +- +- +- +- The strength checks works in the following manner: at first the +- Cracklib routine is called to check if the password +- is part of a dictionary; if this is not the case an additional set of +- strength checks is done. These checks are: +- +- +- +- +- Palindrome +- +- +- Is the new password a palindrome? +- +- +- +- +- Case Change Only +- +- +- Is the new password the old one with only a change of case? +- +- +- +- +- Similar +- +- +- Is the new password too much like the old one? +- This is primarily controlled by one argument, +- which is a number of character changes +- (inserts, removals, or replacements) between the old and new +- password that are enough to accept the new password. +- This defaults to 5 changes. +- +- +- +- +- Simple +- +- +- Is the new password too small? +- This is controlled by 6 arguments , +- , +- , , +- , and . See the section +- on the arguments for the details of how these work and there defaults. +- +- +- +- +- Rotated +- +- +- Is the new password a rotated version of the old password? +- +- +- +- +- Same consecutive characters +- +- +- Optional check for same consecutive characters. +- +- +- +- +- Too long monotonic character sequence +- +- +- Optional check for too long monotonic character sequence. +- +- +- +- +- Contains user name +- +- +- Optional check whether the password contains the user's name +- in some form. +- +- +- +- +- +- This module with no arguments will work well for standard unix +- password encryption. With md5 encryption, passwords can be longer +- than 8 characters and the default settings for this module can make it +- hard for the user to choose a satisfactory new password. Notably, the +- requirement that the new password contain no more than 1/2 of the +- characters in the old password becomes a non-trivial constraint. For +- example, an old password of the form "the quick brown fox jumped over +- the lazy dogs" would be difficult to change... In addition, the +- default action is to allow passwords as small as 5 characters in +- length. For a md5 systems it can be a good idea to increase the +- required minimum size of a password. One can then allow more credit +- for different kinds of characters but accept that the new password may +- share most of these characters with the old password. +- +- +- +- +- +- +- OPTIONS +- +- +- +- +- +- +- +- +- +- This option makes the module write information to +- +- syslog3 +- +- indicating the behavior of the module (this option does +- not write password information to the log file). +- +- +- +- +- +- +- +- +- +- +- The default action is for the module to use the +- following prompts when requesting passwords: +- "New UNIX password: " and "Retype UNIX password: ". +- The example word UNIX can +- be replaced with this option, by default it is empty. +- +- +- +- +- +- +- +- +- +- +- Prompt user at most N times +- before returning with error. The default is +- 1. +- +- +- +- +- +- +- +- +- +- +- This argument will change the default of +- 5 for the number of character +- changes in the new password that differentiate it +- from the old password. +- +- +- +- +- +- +- +- +- +- +- The minimum acceptable size for the new password (plus +- one if credits are not disabled which is the default). +- In addition to the number of characters in the new password, +- credit (of +1 in length) is given for each different kind +- of character (other, +- upper, lower and +- digit). The default for this parameter +- is 9 which is good for a old style UNIX +- password all of the same type of character but may be too low +- to exploit the added security of a md5 system. Note that +- there is a pair of length limits in +- Cracklib itself, a "way too short" limit +- of 4 which is hard coded in and a defined limit (6) that will +- be checked without reference to . +- If you want to allow passwords as short as 5 characters you +- should not use this module. +- +- +- +- +- +- +- +- +- +- +- (N >= 0) This is the maximum credit for having digits in +- the new password. If you have less than or +- N +- digits, each digit will count +1 towards meeting the current +- value. The default for +- is 1 which is the recommended +- value for less than 10. +- +- +- (N < 0) This is the minimum number of digits that must +- be met for a new password. +- +- +- +- +- +- +- +- +- +- +- (N >= 0) This is the maximum credit for having upper +- case letters in the new password. If you have less than +- or N upper case letters each +- letter will count +1 towards meeting the current +- value. The default for +- is 1 which +- is the recommended value for less +- than 10. +- +- +- (N < 0) This is the minimum number of upper +- case letters that must be met for a new password. +- +- +- +- +- +- +- +- +- +- +- (N >= 0) This is the maximum credit for having +- lower case letters in the new password. If you have +- less than or N lower case +- letters, each letter will count +1 towards meeting the +- current value. The default for +- is 1 which is the recommended +- value for less than 10. +- +- +- (N < 0) This is the minimum number of lower +- case letters that must be met for a new password. +- +- +- +- +- +- +- +- +- +- +- (N >= 0) This is the maximum credit for having other +- characters in the new password. If you have less than or +- N other characters, each +- character will count +1 towards meeting the current +- value. The default for +- is 1 which is the recommended +- value for less than 10. +- +- +- (N < 0) This is the minimum number of other +- characters that must be met for a new password. +- +- +- +- +- +- +- +- +- +- +- The minimum number of required classes of characters for +- the new password. The default number is zero. The four +- classes are digits, upper and lower letters and other +- characters. +- The difference to the check is +- that a specific class if of characters is not required. +- Instead N out of four of the +- classes are required. +- +- +- +- +- +- +- +- +- +- +- Reject passwords which contain more than N same consecutive +- characters. The default is 0 which means that this check +- is disabled. +- +- +- +- +- +- +- +- +- +- +- Reject passwords which contain monotonic character sequences +- longer than N. The default is 0 which means that this check +- is disabled. Examples of such sequence are '12345' or 'fedcb'. +- Note that most such passwords will not pass the simplicity +- check unless the sequence is only a minor part of the password. +- +- +- +- +- +- +- +- +- +- +- Reject passwords which contain more than N consecutive +- characters of the same class. The default is 0 which means +- that this check is disabled. +- +- +- +- +- +- +- +- +- +- +- Check whether the name of the user in straight or reversed +- form is contained in the new password. If it is found the +- new password is rejected. +- +- +- +- +- +- +- +- +- +- +- Check whether the words from the GECOS field (usually full name +- of the user) longer than 3 characters in straight or reversed +- form are contained in the new password. If any such word is +- found the new password is rejected. +- +- +- +- +- +- +- +- +- +- +- The module will return error on failed check also if the user +- changing the password is root. This option is off by default +- which means that just the message about the failed check is +- printed but root can change the password anyway. +- Note that root is not asked for an old password so the checks +- that compare the old and new password are not performed. +- +- +- +- +- +- +- +- +- +- +- This argument is used to force the +- module to not prompt the user for a new password but use +- the one provided by the previously stacked +- password module. +- +- +- +- +- +- +- +- +- +- +- Path to the cracklib dictionaries. +- +- +- +- +- +- +- +- +- +- MODULE TYPES PROVIDED +- +- Only the module type is provided. +- +- +- +- +- RETURN VALUES +- +- +- +- +- PAM_SUCCESS +- +- +- The new password passes all checks. +- +- +- +- +- +- PAM_AUTHTOK_ERR +- +- +- No new password was entered, +- the username could not be determined or the new +- password fails the strength checks. +- +- +- +- +- +- PAM_AUTHTOK_RECOVERY_ERR +- +- +- The old password was not supplied by a previous stacked +- module or got not requested from the user. +- The first error can happen if +- is specified. +- +- +- +- +- +- PAM_SERVICE_ERR +- +- +- A internal error occurred. +- +- +- +- +- +- +- +- +- +- EXAMPLES +- +- For an example of the use of this module, we show how it may be +- stacked with the password component of +- +- pam_unix8 +- +- +-# +-# These lines stack two password type modules. In this example the +-# user is given 3 opportunities to enter a strong password. The +-# "use_authtok" argument ensures that the pam_unix module does not +-# prompt for a password, but instead uses the one provided by +-# pam_cracklib. +-# +-passwd password required pam_cracklib.so retry=3 +-passwd password required pam_unix.so use_authtok +- +- +- +- +- Another example (in the /etc/pam.d/passwd format) +- is for the case that you want to use md5 password encryption: +- +-#%PAM-1.0 +-# +-# These lines allow a md5 systems to support passwords of at least 14 +-# bytes with extra credit of 2 for digits and 2 for others the new +-# password must have at least three bytes that are not present in the +-# old password +-# +-password required pam_cracklib.so \ +- difok=3 minlen=15 dcredit= 2 ocredit=2 +-password required pam_unix.so use_authtok nullok md5 +- +- +- +- +- And here is another example in case you don't want to use credits: +- +-#%PAM-1.0 +-# +-# These lines require the user to select a password with a minimum +-# length of 8 and with at least 1 digit number, 1 upper case letter, +-# and 1 other character +-# +-password required pam_cracklib.so \ +- dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 +-password required pam_unix.so use_authtok nullok md5 +- +- +- +- +- +- +- SEE ALSO +- +- +- pam.conf5 +- , +- +- pam.d5 +- , +- +- pam8 +- +- +- +- +- +- AUTHOR +- +- pam_cracklib was written by Cristian Gafton <gafton@redhat.com> +- +- +- +- +diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c +deleted file mode 100644 +index 01291305..00000000 +--- a/modules/pam_cracklib/pam_cracklib.c ++++ /dev/null +@@ -1,899 +0,0 @@ +-/* +- * pam_cracklib module +- * +- * 0.9. switch to using a distance algorithm in similar() +- * 0.86. added support for setting minimum numbers of digits, uppers, +- * lowers, and others +- * 0.85. added six new options to use this with long passwords. +- * 0.8. tidied output and improved D(()) usage for debugging. +- * 0.7. added support for more obscure checks for new passwd. +- * 0.6. root can reset user passwd to any values (it's only warned) +- * 0.5. supports retries - 'retry=N' argument +- * 0.4. added argument 'type=XXX' for 'New XXX password' prompt +- * 0.3. Added argument 'debug' +- * 0.2. new password is fed to cracklib for verify after typed once +- * 0.1. First release +- * +- * Written by Cristian Gafton 1996/09/10 +- * Long password support by Philip W. Dalrymple 1997/07/18 +- * See the end of the file for Copyright Information +- * +- * Modification for long password systems (>8 chars). The original +- * module had problems when used in a md5 password system in that it +- * allowed too short passwords but required that at least half of the +- * bytes in the new password did not appear in the old one. this +- * action is still the default and the changes should not break any +- * current user. This modification adds 6 new options, one to set the +- * number of bytes in the new password that are not in the old one, +- * the other five to control the length checking, these are all +- * documented (or will be before anyone else sees this code) in the PAM +- * S.A.G. in the section on the cracklib module. +- */ +- +-#include "config.h" +- +-#include +-#ifdef HAVE_LIBXCRYPT +-# include +-#elif defined(HAVE_CRYPT_H) +-# include +-#endif +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#ifdef HAVE_CRACK_H +-#include +-#else +-extern char *FascistCheck(char *pw, const char *dictpath); +-#endif +- +-#ifndef CRACKLIB_DICTS +-#define CRACKLIB_DICTS NULL +-#endif +- +-#ifdef MIN +-#undef MIN +-#endif +-#define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b)) +- +-#include +-#include +-#include +-#include "pam_inline.h" +- +-/* argument parsing */ +-#define PAM_DEBUG_ARG 0x0001 +- +-struct cracklib_options { +- int retry_times; +- int diff_ok; +- int min_length; +- int dig_credit; +- int up_credit; +- int low_credit; +- int oth_credit; +- int min_class; +- int max_repeat; +- int max_sequence; +- int max_class_repeat; +- int reject_user; +- int gecos_check; +- int enforce_for_root; +- const char *cracklib_dictpath; +-}; +- +-#define CO_RETRY_TIMES 1 +-#define CO_DIFF_OK 5 +-#define CO_MIN_LENGTH 9 +-# define CO_MIN_LENGTH_BASE 5 +-#define CO_DIG_CREDIT 1 +-#define CO_UP_CREDIT 1 +-#define CO_LOW_CREDIT 1 +-#define CO_OTH_CREDIT 1 +-#define CO_MIN_WORD_LENGTH 4 +- +-static int +-_pam_parse (pam_handle_t *pamh, struct cracklib_options *opt, +- int argc, const char **argv) +-{ +- int ctrl=0; +- +- /* step through arguments */ +- for (ctrl=0; argc-- > 0; ++argv) { +- const char *str; +- char *ep = NULL; +- +- /* generic options */ +- +- if (!strcmp(*argv,"debug")) +- ctrl |= PAM_DEBUG_ARG; +- else if ((str = pam_str_skip_prefix(*argv, "type=")) != NULL) +- pam_set_item (pamh, PAM_AUTHTOK_TYPE, str); +- else if ((str = pam_str_skip_prefix(*argv, "retry=")) != NULL) { +- opt->retry_times = strtol(str, &ep, 10); +- if (!ep || (opt->retry_times < 1)) +- opt->retry_times = CO_RETRY_TIMES; +- } else if ((str = pam_str_skip_prefix(*argv, "difok=")) != NULL) { +- opt->diff_ok = strtol(str, &ep, 10); +- if (!ep || (opt->diff_ok < 0)) +- opt->diff_ok = CO_DIFF_OK; +- } else if (pam_str_skip_prefix(*argv, "difignore=") != NULL) { +- /* just ignore */ +- } else if ((str = pam_str_skip_prefix(*argv, "minlen=")) != NULL) { +- opt->min_length = strtol(str, &ep, 10); +- if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE)) +- opt->min_length = CO_MIN_LENGTH_BASE; +- } else if ((str = pam_str_skip_prefix(*argv, "dcredit=")) != NULL) { +- opt->dig_credit = strtol(str, &ep, 10); +- if (!ep) +- opt->dig_credit = 0; +- } else if ((str = pam_str_skip_prefix(*argv, "ucredit=")) != NULL) { +- opt->up_credit = strtol(str, &ep, 10); +- if (!ep) +- opt->up_credit = 0; +- } else if ((str = pam_str_skip_prefix(*argv, "lcredit=")) != NULL) { +- opt->low_credit = strtol(str, &ep, 10); +- if (!ep) +- opt->low_credit = 0; +- } else if ((str = pam_str_skip_prefix(*argv, "ocredit=")) != NULL) { +- opt->oth_credit = strtol(str, &ep, 10); +- if (!ep) +- opt->oth_credit = 0; +- } else if ((str = pam_str_skip_prefix(*argv, "minclass=")) != NULL) { +- opt->min_class = strtol(str, &ep, 10); +- if (!ep) +- opt->min_class = 0; +- if (opt->min_class > 4) +- opt->min_class = 4; +- } else if ((str = pam_str_skip_prefix(*argv, "maxrepeat=")) != NULL) { +- opt->max_repeat = strtol(str, &ep, 10); +- if (!ep) +- opt->max_repeat = 0; +- } else if ((str = pam_str_skip_prefix(*argv, "maxsequence=")) != NULL) { +- opt->max_sequence = strtol(str, &ep, 10); +- if (!ep) +- opt->max_sequence = 0; +- } else if ((str = pam_str_skip_prefix(*argv, "maxclassrepeat=")) != NULL) { +- opt->max_class_repeat = strtol(str, &ep, 10); +- if (!ep) +- opt->max_class_repeat = 0; +- } else if (!strcmp(*argv, "reject_username")) { +- opt->reject_user = 1; +- } else if (!strcmp(*argv, "gecoscheck")) { +- opt->gecos_check = 1; +- } else if (!strcmp(*argv, "enforce_for_root")) { +- opt->enforce_for_root = 1; +- } else if (pam_str_skip_prefix(*argv, "authtok_type=") != NULL) { +- /* for pam_get_authtok, ignore */; +- } else if (!strcmp(*argv, "use_authtok")) { +- /* for pam_get_authtok, ignore */; +- } else if (!strcmp(*argv, "use_first_pass")) { +- /* for pam_get_authtok, ignore */; +- } else if (!strcmp(*argv, "try_first_pass")) { +- /* for pam_get_authtok, ignore */; +- } else if ((str = pam_str_skip_prefix(*argv, "dictpath=")) != NULL) { +- opt->cracklib_dictpath = str; +- if (!*(opt->cracklib_dictpath)) { +- opt->cracklib_dictpath = CRACKLIB_DICTS; +- } +- } else { +- pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); +- } +- } +- +- return ctrl; +-} +- +-/* Helper functions */ +- +-/* +- * can't be a palindrome - like `R A D A R' or `M A D A M' +- */ +-static int palindrome(const char *new) +-{ +- int i, j; +- +- i = strlen (new); +- +- for (j = 0;j < i;j++) +- if (new[i - j - 1] != new[j]) +- return 0; +- +- return 1; +-} +- +-/* +- * Calculate how different two strings are in terms of the number of +- * character removals, additions, and changes needed to go from one to +- * the other +- */ +- +-static int distdifferent(const char *old, const char *new, +- size_t i, size_t j) +-{ +- char c, d; +- +- if ((i == 0) || (strlen(old) < i)) { +- c = 0; +- } else { +- c = old[i - 1]; +- } +- if ((j == 0) || (strlen(new) < j)) { +- d = 0; +- } else { +- d = new[j - 1]; +- } +- return (c != d); +-} +- +-static int distcalculate(int **distances, const char *old, const char *new, +- size_t i, size_t j) +-{ +- int tmp = 0; +- +- if (distances[i][j] != -1) { +- return distances[i][j]; +- } +- +- tmp = distcalculate(distances, old, new, i - 1, j - 1); +- tmp = MIN(tmp, distcalculate(distances, old, new, i, j - 1)); +- tmp = MIN(tmp, distcalculate(distances, old, new, i - 1, j)); +- tmp += distdifferent(old, new, i, j); +- +- distances[i][j] = tmp; +- +- return tmp; +-} +- +-static int distance(const char *old, const char *new) +-{ +- int **distances = NULL; +- size_t m, n, i, j, r; +- +- m = strlen(old); +- n = strlen(new); +- distances = malloc(sizeof(int*) * (m + 1)); +- +- for (i = 0; i <= m; i++) { +- distances[i] = malloc(sizeof(int) * (n + 1)); +- for(j = 0; j <= n; j++) { +- distances[i][j] = -1; +- } +- } +- for (i = 0; i <= m; i++) { +- distances[i][0] = i; +- } +- for (j = 0; j <= n; j++) { +- distances[0][j] = j; +- } +- distances[0][0] = 0; +- +- r = distcalculate(distances, old, new, m, n); +- +- for (i = 0; i <= m; i++) { +- memset(distances[i], 0, sizeof(int) * (n + 1)); +- free(distances[i]); +- } +- free(distances); +- +- return r; +-} +- +-static int similar(struct cracklib_options *opt, +- const char *old, const char *new) +-{ +- if (distance(old, new) >= opt->diff_ok) { +- return 0; +- } +- +- if (strlen(new) >= (strlen(old) * 2)) { +- return 0; +- } +- +- /* passwords are too similar */ +- return 1; +-} +- +-/* +- * enough classes of characters +- */ +- +-static int minclass (struct cracklib_options *opt, +- const char *new) +-{ +- int digits = 0; +- int uppers = 0; +- int lowers = 0; +- int others = 0; +- int total_class; +- int i; +- int retval; +- +- D(( "called" )); +- for (i = 0; new[i]; i++) +- { +- if (isdigit (new[i])) +- digits = 1; +- else if (isupper (new[i])) +- uppers = 1; +- else if (islower (new[i])) +- lowers = 1; +- else +- others = 1; +- } +- +- total_class = digits + uppers + lowers + others; +- +- D (("total class: %d\tmin_class: %d", total_class, opt->min_class)); +- +- if (total_class >= opt->min_class) +- retval = 0; +- else +- retval = 1; +- +- return retval; +-} +- +- +-/* +- * a nice mix of characters. +- */ +-static int simple(struct cracklib_options *opt, const char *new) +-{ +- int digits = 0; +- int uppers = 0; +- int lowers = 0; +- int others = 0; +- int size; +- int i; +- enum { NONE, DIGIT, UCASE, LCASE, OTHER } prevclass = NONE; +- int sameclass = 0; +- +- for (i = 0;new[i];i++) { +- if (isdigit (new[i])) { +- digits++; +- if (prevclass != DIGIT) { +- prevclass = DIGIT; +- sameclass = 1; +- } else +- sameclass++; +- } +- else if (isupper (new[i])) { +- uppers++; +- if (prevclass != UCASE) { +- prevclass = UCASE; +- sameclass = 1; +- } else +- sameclass++; +- } +- else if (islower (new[i])) { +- lowers++; +- if (prevclass != LCASE) { +- prevclass = LCASE; +- sameclass = 1; +- } else +- sameclass++; +- } +- else { +- others++; +- if (prevclass != OTHER) { +- prevclass = OTHER; +- sameclass = 1; +- } else +- sameclass++; +- } +- if (opt->max_class_repeat > 0 && sameclass > opt->max_class_repeat) { +- return 1; +- } +- } +- +- /* +- * The scam was this - a password of only one character type +- * must be 8 letters long. Two types, 7, and so on. +- * This is now changed, the base size and the credits or defaults +- * see the docs on the module for info on these parameters, the +- * defaults cause the effect to be the same as before the change +- */ +- +- if ((opt->dig_credit >= 0) && (digits > opt->dig_credit)) +- digits = opt->dig_credit; +- +- if ((opt->up_credit >= 0) && (uppers > opt->up_credit)) +- uppers = opt->up_credit; +- +- if ((opt->low_credit >= 0) && (lowers > opt->low_credit)) +- lowers = opt->low_credit; +- +- if ((opt->oth_credit >= 0) && (others > opt->oth_credit)) +- others = opt->oth_credit; +- +- size = opt->min_length; +- +- if (opt->dig_credit >= 0) +- size -= digits; +- else if (digits < opt->dig_credit * -1) +- return 1; +- +- if (opt->up_credit >= 0) +- size -= uppers; +- else if (uppers < opt->up_credit * -1) +- return 1; +- +- if (opt->low_credit >= 0) +- size -= lowers; +- else if (lowers < opt->low_credit * -1) +- return 1; +- +- if (opt->oth_credit >= 0) +- size -= others; +- else if (others < opt->oth_credit * -1) +- return 1; +- +- if (size <= i) +- return 0; +- +- return 1; +-} +- +-static int consecutive(struct cracklib_options *opt, const char *new) +-{ +- char c; +- int i; +- int same; +- +- if (opt->max_repeat == 0) +- return 0; +- +- for (i = 0; new[i]; i++) { +- if (i > 0 && new[i] == c) { +- ++same; +- if (same > opt->max_repeat) +- return 1; +- } else { +- c = new[i]; +- same = 1; +- } +- } +- return 0; +-} +- +-static int sequence(struct cracklib_options *opt, const char *new) +-{ +- char c; +- int i; +- int sequp = 1; +- int seqdown = 1; +- +- if (opt->max_sequence == 0) +- return 0; +- +- if (new[0] == '\0') +- return 0; +- +- for (i = 1; new[i]; i++) { +- c = new[i-1]; +- if (new[i] == c+1) { +- ++sequp; +- if (sequp > opt->max_sequence) +- return 1; +- seqdown = 1; +- } else if (new[i] == c-1) { +- ++seqdown; +- if (seqdown > opt->max_sequence) +- return 1; +- sequp = 1; +- } else { +- sequp = 1; +- seqdown = 1; +- } +- } +- return 0; +-} +- +-static int wordcheck(const char *new, char *word) +-{ +- char *f, *b; +- +- if (strstr(new, word) != NULL) +- return 1; +- +- /* now reverse the word, we can do that in place +- as it is strdup-ed */ +- f = word; +- b = word+strlen(word)-1; +- while (f < b) { +- char c; +- +- c = *f; +- *f = *b; +- *b = c; +- --b; +- ++f; +- } +- +- if (strstr(new, word) != NULL) +- return 1; +- return 0; +-} +- +-static int usercheck(struct cracklib_options *opt, const char *new, +- char *user) +-{ +- if (!opt->reject_user) +- return 0; +- +- return wordcheck(new, user); +-} +- +-static char * str_lower(char *string) +-{ +- char *cp; +- +- if (!string) +- return NULL; +- +- for (cp = string; *cp; cp++) +- *cp = tolower(*cp); +- return string; +-} +- +-static int gecoscheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new, +- const char *user) +-{ +- struct passwd *pwd; +- char *list; +- char *p; +- char *next; +- +- if (!opt->gecos_check) +- return 0; +- +- if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) { +- return 0; +- } +- +- list = strdup(pwd->pw_gecos); +- +- if (list == NULL || *list == '\0') { +- free(list); +- return 0; +- } +- +- for (p = list;;p = next + 1) { +- next = strchr(p, ' '); +- if (next) +- *next = '\0'; +- +- if (strlen(p) >= CO_MIN_WORD_LENGTH) { +- str_lower(p); +- if (wordcheck(new, p)) { +- free(list); +- return 1; +- } +- } +- +- if (!next) +- break; +- } +- +- free(list); +- return 0; +-} +- +-static const char *password_check(pam_handle_t *pamh, struct cracklib_options *opt, +- const char *old, const char *new, +- const char *user) +-{ +- const char *msg = NULL; +- char *oldmono = NULL, *newmono, *wrapped = NULL; +- char *usermono = NULL; +- +- if (old && strcmp(new, old) == 0) { +- msg = _("is the same as the old one"); +- return msg; +- } +- +- newmono = str_lower(strdup(new)); +- if (!newmono) +- msg = _("memory allocation error"); +- +- usermono = str_lower(strdup(user)); +- if (!usermono) +- msg = _("memory allocation error"); +- +- if (!msg && old) { +- oldmono = str_lower(strdup(old)); +- if (oldmono) +- wrapped = malloc(strlen(oldmono) * 2 + 1); +- if (wrapped) { +- strcpy (wrapped, oldmono); +- strcat (wrapped, oldmono); +- } else { +- msg = _("memory allocation error"); +- } +- } +- +- if (!msg && palindrome(newmono)) +- msg = _("is a palindrome"); +- +- if (!msg && oldmono && strcmp(oldmono, newmono) == 0) +- msg = _("case changes only"); +- +- if (!msg && oldmono && similar(opt, oldmono, newmono)) +- msg = _("is too similar to the old one"); +- +- if (!msg && simple(opt, new)) +- msg = _("is too simple"); +- +- if (!msg && wrapped && strstr(wrapped, newmono)) +- msg = _("is rotated"); +- +- if (!msg && minclass (opt, new)) +- msg = _("not enough character classes"); +- +- if (!msg && consecutive(opt, new)) +- msg = _("contains too many same characters consecutively"); +- +- if (!msg && sequence(opt, new)) +- msg = _("contains too long of a monotonic character sequence"); +- +- if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user))) +- msg = _("contains the user name in some form"); +- +- free(usermono); +- if (newmono) { +- memset(newmono, 0, strlen(newmono)); +- free(newmono); +- } +- if (oldmono) { +- memset(oldmono, 0, strlen(oldmono)); +- free(oldmono); +- } +- if (wrapped) { +- memset(wrapped, 0, strlen(wrapped)); +- free(wrapped); +- } +- +- return msg; +-} +- +- +-static int _pam_unix_approve_pass(pam_handle_t *pamh, +- unsigned int ctrl, +- struct cracklib_options *opt, +- const char *pass_old, +- const char *pass_new) +-{ +- const char *msg = NULL; +- const char *user; +- int retval; +- +- if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh, LOG_DEBUG, "bad authentication token"); +- pam_error(pamh, "%s", pass_new == NULL ? +- _("No password has been supplied.") : +- _("The password has not been changed.")); +- return PAM_AUTHTOK_ERR; +- } +- +- retval = pam_get_user(pamh, &user, NULL); +- if (retval != PAM_SUCCESS) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", +- pam_strerror(pamh, retval)); +- return PAM_AUTHTOK_ERR; +- } +- /* +- * if one wanted to hardwire authentication token strength +- * checking this would be the place +- */ +- msg = password_check(pamh, opt, pass_old, pass_new, user); +- +- if (msg) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh, LOG_NOTICE, +- "new passwd fails strength check: %s", msg); +- pam_error(pamh, _("BAD PASSWORD: %s"), msg); +- return PAM_AUTHTOK_ERR; +- }; +- return PAM_SUCCESS; +- +-} +- +-/* The Main Thing (by Cristian Gafton, CEO at this module :-) +- * (stolen from http://home.netscape.com) +- */ +-int +-pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +-{ +- unsigned int ctrl; +- struct cracklib_options options; +- +- D(("called.")); +- +- memset(&options, 0, sizeof(options)); +- options.retry_times = CO_RETRY_TIMES; +- options.diff_ok = CO_DIFF_OK; +- options.min_length = CO_MIN_LENGTH; +- options.dig_credit = CO_DIG_CREDIT; +- options.up_credit = CO_UP_CREDIT; +- options.low_credit = CO_LOW_CREDIT; +- options.oth_credit = CO_OTH_CREDIT; +- options.cracklib_dictpath = CRACKLIB_DICTS; +- +- ctrl = _pam_parse(pamh, &options, argc, argv); +- +- if (flags & PAM_PRELIM_CHECK) { +- /* Check for passwd dictionary */ +- /* We cannot do that, since the original path is compiled +- into the cracklib library and we don't know it. */ +- return PAM_SUCCESS; +- } else if (flags & PAM_UPDATE_AUTHTOK) { +- int retval; +- const void *oldtoken; +- int tries; +- +- D(("do update")); +- +- +- retval = pam_get_item (pamh, PAM_OLDAUTHTOK, &oldtoken); +- if (retval != PAM_SUCCESS) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh,LOG_ERR,"Can not get old passwd"); +- oldtoken = NULL; +- } +- +- tries = 0; +- while (tries < options.retry_times) { +- const char *crack_msg; +- const char *newtoken = NULL; +- +- +- tries++; +- +- /* Planned modus operandi: +- * Get a passwd. +- * Verify it against cracklib. +- * If okay get it a second time. +- * Check to be the same with the first one. +- * set PAM_AUTHTOK and return +- */ +- +- retval = pam_get_authtok_noverify (pamh, &newtoken, NULL); +- if (retval != PAM_SUCCESS) { +- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s", +- pam_strerror (pamh, retval)); +- continue; +- } else if (newtoken == NULL) { /* user aborted password change, quit */ +- return PAM_AUTHTOK_ERR; +- } +- +- D(("testing password")); +- /* now test this passwd against cracklib */ +- +- D(("against cracklib")); +- if ((crack_msg = FascistCheck (newtoken, options.cracklib_dictpath))) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg); +- pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg); +- if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) +- { +- pam_set_item (pamh, PAM_AUTHTOK, NULL); +- retval = PAM_AUTHTOK_ERR; +- continue; +- } +- } +- +- /* check it for strength too... */ +- D(("for strength")); +- retval = _pam_unix_approve_pass (pamh, ctrl, &options, +- oldtoken, newtoken); +- if (retval != PAM_SUCCESS) { +- if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) +- { +- pam_set_item(pamh, PAM_AUTHTOK, NULL); +- retval = PAM_AUTHTOK_ERR; +- continue; +- } +- } +- +- retval = pam_get_authtok_verify (pamh, &newtoken, NULL); +- if (retval != PAM_SUCCESS) { +- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s", +- pam_strerror (pamh, retval)); +- pam_set_item(pamh, PAM_AUTHTOK, NULL); +- continue; +- } else if (newtoken == NULL) { /* user aborted password change, quit */ +- return PAM_AUTHTOK_ERR; +- } +- +- return PAM_SUCCESS; +- } +- +- D(("returning because maxtries reached")); +- +- pam_set_item (pamh, PAM_AUTHTOK, NULL); +- +- /* if we have only one try, we can use the real reason, +- else say that there were too many tries. */ +- if (options.retry_times > 1) +- return PAM_MAXTRIES; +- else +- return retval; +- +- } else { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh, LOG_NOTICE, "UNKNOWN flags setting %02X",flags); +- return PAM_SERVICE_ERR; +- } +- +- /* Not reached */ +- return PAM_SERVICE_ERR; +-} +- +- +- +-/* +- * Copyright (c) Cristian Gafton , 1996. +- * All rights reserved +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, and the entire permission notice in its entirety, +- * including the disclaimer of warranties. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. The name of the author may not be used to endorse or promote +- * products derived from this software without specific prior +- * written permission. +- * +- * ALTERNATIVELY, this product may be distributed under the terms of +- * the GNU Public License, in which case the provisions of the GPL are +- * required INSTEAD OF the above restrictions. (This clause is +- * necessary due to a potential bad interaction between the GPL and +- * the restrictions contained in a BSD-style copyright.) +- * +- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED +- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * +- * The following copyright was appended for the long password support +- * added with the libpam 0.58 release: +- * +- * Modificaton Copyright (c) Philip W. Dalrymple III +- * 1997. All rights reserved +- * +- * THE MODIFICATION THAT PROVIDES SUPPORT FOR LONG PASSWORD TYPE CHECKING TO +- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED +- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, +- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- */ +diff --git a/modules/pam_cracklib/tst-pam_cracklib b/modules/pam_cracklib/tst-pam_cracklib +deleted file mode 100755 +index 46a7060d..00000000 +--- a/modules/pam_cracklib/tst-pam_cracklib ++++ /dev/null +@@ -1,2 +0,0 @@ +-#!/bin/sh +-../../tests/tst-dlopen .libs/pam_cracklib.so diff --git a/pam_tally2-removal.patch b/pam_tally2-removal.patch new file mode 100644 index 0000000..59fc8dc --- /dev/null +++ b/pam_tally2-removal.patch @@ -0,0 +1,1332 @@ +From 709e37b7e131d35b0ec30d31f858bc6917dd2b2e Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Thu, 29 Oct 2020 08:00:00 +0000 +Subject: [PATCH] Remove deprecated pam_tally and pam_tally2 modules + +* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove +--enable-tally --enable-tally2. +* configure.ac: Remove --enable-tally and --enable-tally2 options. +(AM_CONDITIONAL): Remove COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2. +(AC_CONFIG_FILES): Remove modules/pam_tally/Makefile and +modules/pam_tally2/Makefile. +* doc/sag/pam_tally.xml: Remove. +* doc/sag/pam_tally2.xml: Likewise. +* doc/sag/Linux-PAM_SAG.xml: Do not include pam_tally.xml and +pam_tally2.xml. +* modules/Makefile.am (MAYBE_PAM_TALLY, MAYBE_PAM_TALLY2): Remove. +(SUBDIRS): Remove MAYBE_PAM_TALLY and MAYBE_PAM_TALLY2. +* modules/pam_tally/.gitignore: Remove. +* modules/pam_tally/Makefile.am: Likewise. +* modules/pam_tally/README.xml: Likewise. +* modules/pam_tally/faillog.h: Likewise. +* modules/pam_tally/pam_tally.8.xml: Likewise. +* modules/pam_tally/pam_tally.c: Likewise. +* modules/pam_tally/pam_tally_app.c: Likewise. +* modules/pam_tally/tst-pam_tally: Likewise. +* modules/pam_tally2/.gitignore: Likewise. +* modules/pam_tally2/Makefile.am: Likewise. +* modules/pam_tally2/README.xml: Likewise. +* modules/pam_tally2/pam_tally2.8.xml: Likewise. +* modules/pam_tally2/pam_tally2.c: Likewise. +* modules/pam_tally2/pam_tally2_app.c: Likewise. +* modules/pam_tally2/tallylog.h: Likewise. +* modules/pam_tally2/tst-pam_tally2: Likewise. +* modules/pam_timestamp/pam_timestamp_check.8.xml: Fix typo by replacing +pam_tally with pam_timestamp. +* po/POTFILES.in: Remove ./modules/pam_tally/pam_tally_app.c, +./modules/pam_tally/pam_tally.c, ./modules/pam_tally2/pam_tally2_app.c, +and ./modules/pam_tally2/pam_tally2.c. +* NEWS: Document this change. +--- + NEWS | 1 + + ci/run-build-and-tests.sh | 2 +- + configure.ac | 23 +- + doc/sag/Linux-PAM_SAG.xml | 4 - + doc/sag/pam_tally.xml | 38 - + doc/sag/pam_tally2.xml | 46 - + modules/Makefile.am | 10 - + modules/pam_tally/.gitignore | 1 - + modules/pam_tally/Makefile.am | 41 - + modules/pam_tally/README.xml | 41 - + modules/pam_tally/faillog.h | 55 - + modules/pam_tally/pam_tally.8.xml | 459 -------- + modules/pam_tally/pam_tally.c | 854 -------------- + modules/pam_tally/pam_tally_app.c | 6 - + modules/pam_tally/tst-pam_tally | 2 - + modules/pam_tally2/.gitignore | 1 - + modules/pam_tally2/Makefile.am | 45 - + modules/pam_tally2/README.xml | 46 - + modules/pam_tally2/pam_tally2.8.xml | 450 ------- + modules/pam_tally2/pam_tally2.c | 1036 ----------------- + modules/pam_tally2/pam_tally2_app.c | 6 - + modules/pam_tally2/tallylog.h | 52 - + modules/pam_tally2/tst-pam_tally2 | 2 - + .../pam_timestamp/pam_timestamp_check.8.xml | 2 +- + po/POTFILES.in | 4 - + 25 files changed, 4 insertions(+), 3223 deletions(-) + delete mode 100644 doc/sag/pam_tally.xml + delete mode 100644 doc/sag/pam_tally2.xml + delete mode 100644 modules/pam_tally/.gitignore + delete mode 100644 modules/pam_tally/Makefile.am + delete mode 100644 modules/pam_tally/README.xml + delete mode 100644 modules/pam_tally/faillog.h + delete mode 100644 modules/pam_tally/pam_tally.8.xml + delete mode 100644 modules/pam_tally/pam_tally.c + delete mode 100644 modules/pam_tally/pam_tally_app.c + delete mode 100755 modules/pam_tally/tst-pam_tally + delete mode 100644 modules/pam_tally2/.gitignore + delete mode 100644 modules/pam_tally2/Makefile.am + delete mode 100644 modules/pam_tally2/README.xml + delete mode 100644 modules/pam_tally2/pam_tally2.8.xml + delete mode 100644 modules/pam_tally2/pam_tally2.c + delete mode 100644 modules/pam_tally2/pam_tally2_app.c + delete mode 100644 modules/pam_tally2/tallylog.h + delete mode 100755 modules/pam_tally2/tst-pam_tally2 + +diff --git a/configure.ac b/configure.ac +index 4397124d..ad36a6bc 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -613,24 +613,6 @@ test -n "$opt_kerneloverflowuid" || + opt_kerneloverflowuid=65534 + AC_DEFINE_UNQUOTED(PAM_USERTYPE_OVERFLOW_UID, $opt_kerneloverflowuid, [Kernel overflow uid.]) + +-#AC_ARG_ENABLE([tally], +-# [AS_HELP_STRING([--enable-tally], +-# [build deprecated pam_tally module])], +-# [], [enable_tally=no]) +-#case "$enable_tally" in +-# yes|no) ;; +-# *) AC_MSG_ERROR([bad value $enable_tally for --enable-tally option]) ;; +-#esac +- +-AC_ARG_ENABLE([tally2], +- [AS_HELP_STRING([--enable-tally2], +- [build deprecated pam_tally2 module])], +- [], [enable_tally2=no]) +-case "$enable_tally2" in +- yes|no) ;; +- *) AC_MSG_ERROR([bad value $enable_tally2 for --enable-tally2 option]) ;; +-esac +- + AC_ARG_ENABLE([unix], + [AS_HELP_STRING([--disable-unix], + [do not build pam_unix module])], +@@ -647,8 +629,6 @@ AM_CONDITIONAL([COND_BUILD_PAM_RHOSTS], [test "$ac_cv_func_ruserok_af" = yes -o + AM_CONDITIONAL([COND_BUILD_PAM_SELINUX], [test -n "$LIBSELINUX"]) + AM_CONDITIONAL([COND_BUILD_PAM_SEPERMIT], [test -n "$LIBSELINUX"]) + AM_CONDITIONAL([COND_BUILD_PAM_SETQUOTA], [test "$ac_cv_func_quotactl" = yes]) +-#AM_CONDITIONAL([COND_BUILD_PAM_TALLY], [test "$enable_tally" = yes]) +-AM_CONDITIONAL([COND_BUILD_PAM_TALLY2], [test "$enable_tally2" = yes]) + AM_CONDITIONAL([COND_BUILD_PAM_TTY_AUDIT], [test "$HAVE_AUDIT_TTY_STATUS" = yes]) + AM_CONDITIONAL([COND_BUILD_PAM_UNIX], [test "$enable_unix" = yes]) + AM_CONDITIONAL([COND_BUILD_PAM_USERDB], [test -n "$LIBDB"]) +@@ -678,8 +658,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile + modules/pam_securetty/Makefile modules/pam_selinux/Makefile \ + modules/pam_sepermit/Makefile modules/pam_setquota/Makefile \ + modules/pam_shells/Makefile modules/pam_stress/Makefile \ +- modules/pam_succeed_if/Makefile \ +- modules/pam_tally2/Makefile modules/pam_time/Makefile \ ++ modules/pam_succeed_if/Makefile modules/pam_time/Makefile \ + modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \ + modules/pam_umask/Makefile \ + modules/pam_unix/Makefile modules/pam_userdb/Makefile \ +diff --git a/modules/Makefile.am b/modules/Makefile.am +index aa03e319..8da46410 100644 +--- a/modules/Makefile.am ++++ b/modules/Makefile.am +@@ -30,14 +30,6 @@ if COND_BUILD_PAM_SETQUOTA + MAYBE_PAM_SETQUOTA = pam_setquota + endif + +-#if COND_BUILD_PAM_TALLY +-# MAYBE_PAM_TALLY = pam_tally +-#endif +- +-if COND_BUILD_PAM_TALLY2 +- MAYBE_PAM_TALLY2 = pam_tally2 +-endif +- + if COND_BUILD_PAM_TTY_AUDIT + MAYBE_PAM_TTY_AUDIT = pam_tty_audit + endif +@@ -85,8 +77,6 @@ SUBDIRS := \ + pam_shells \ + pam_stress \ + pam_succeed_if \ +- $(MAYBE_PAM_TALLY) \ +- $(MAYBE_PAM_TALLY2) \ + pam_time \ + pam_timestamp \ + $(MAYBE_PAM_TTY_AUDIT) \ +diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am +deleted file mode 100644 +index 9ca7eabf..00000000 +--- a/modules/pam_tally2/Makefile.am ++++ /dev/null +@@ -1,45 +0,0 @@ +-# +-# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk +-# Copyright (c) 2008 Red Hat, Inc. +-# +- +-CLEANFILES = *~ +-MAINTAINERCLEANFILES = $(MANS) README +- +-EXTRA_DIST = $(XMLS) +- +-#if HAVE_DOC +-#dist_man_MANS = pam_tally2.8 +-#endif +-XMLS = README.xml pam_tally2.8.xml +-dist_check_SCRIPTS = tst-pam_tally2 +-TESTS = $(dist_check_SCRIPTS) +- +-securelibdir = $(SECUREDIR) +-secureconfdir = $(SCONFIGDIR) +- +-noinst_HEADERS = tallylog.h +- +-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- $(WARN_CFLAGS) +- +-pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module +-pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) +-if HAVE_VERSIONING +- pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +-endif +- +-pam_tally2_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ +-pam_tally2_LDFLAGS = @EXE_LDFLAGS@ +-pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) +- +-securelib_LTLIBRARIES = pam_tally2.la +-sbin_PROGRAMS = pam_tally2 +- +-pam_tally2_la_SOURCES = pam_tally2.c +-pam_tally2_SOURCES = pam_tally2_app.c +- +-if ENABLE_REGENERATE_MAN +-dist_noinst_DATA = README +--include $(top_srcdir)/Make.xml.rules +-endif +diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c +deleted file mode 100644 +index bcf3188c..00000000 +--- a/modules/pam_tally2/pam_tally2.c ++++ /dev/null +@@ -1,1036 +0,0 @@ +-/* +- * pam_tally2 module +- * +- * By Tim Baverstock , Multi Media Machine Ltd. +- * 5 March 1997 +- * +- * Stuff stolen from pam_rootok and pam_listfile +- * +- * Changes by Tomas Mraz 5 January 2005, 26 January 2006 +- * Audit option added for Tomas patch by Sebastien Tricaud 13 January 2005 +- * Portions Copyright 2006, Red Hat, Inc. +- * Portions Copyright 1989 - 1993, Julianne Frances Haugh +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. Neither the name of Julianne F. Haugh nor the names of its contributors +- * may be used to endorse or promote products derived from this software +- * without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- */ +- +-#include "config.h" +- +-#if defined(MAIN) && defined(MEMORY_DEBUG) +-# undef exit +-#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#ifdef HAVE_LIBAUDIT +-#include +-#endif +- +-#include +-#include +-#include +-#include +-#include +-#include "tallylog.h" +- +-#ifndef TRUE +-#define TRUE 1L +-#define FALSE 0L +-#endif +- +-#ifndef HAVE_FSEEKO +-#define fseeko fseek +-#endif +- +-#ifndef MAIN +-#include +-#endif +-#include +-#include +-#include "pam_inline.h" +- +-/*---------------------------------------------------------------------*/ +- +-#define DEFAULT_LOGFILE "/var/log/tallylog" +-#define MODULE_NAME "pam_tally2" +- +-#define tally_t uint16_t +-#define TALLY_HI ((tally_t)~0L) +- +-struct tally_options { +- const char *filename; +- tally_t deny; +- long lock_time; +- long unlock_time; +- long root_unlock_time; +- unsigned int ctrl; +-}; +- +-#define PHASE_UNKNOWN 0 +-#define PHASE_AUTH 1 +-#define PHASE_ACCOUNT 2 +-#define PHASE_SESSION 3 +- +-#define OPT_MAGIC_ROOT 01 +-#define OPT_FAIL_ON_ERROR 02 +-#define OPT_DENY_ROOT 04 +-#define OPT_QUIET 040 +-#define OPT_AUDIT 0100 +-#define OPT_NOLOGNOTICE 0400 +-#define OPT_SERIALIZE 01000 +-#define OPT_DEBUG 02000 +- +-#define MAX_LOCK_WAITING_TIME 10 +- +-/*---------------------------------------------------------------------*/ +- +-/* some syslogging */ +- +-#ifdef MAIN +-#define pam_syslog tally_log +-static void +-PAM_FORMAT((printf, 3, 4)) +-tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED, +- const char *fmt, ...) +-{ +- va_list args; +- +- va_start(args, fmt); +- fprintf(stderr, "%s: ", MODULE_NAME); +- vfprintf(stderr, fmt, args); +- fprintf(stderr,"\n"); +- va_end(args); +-} +- +-#define pam_modutil_getpwnam(pamh, user) getpwnam(user) +-#endif +- +-/*---------------------------------------------------------------------*/ +- +-/* --- Support function: parse arguments --- */ +- +-#ifndef MAIN +- +-static void +-log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) +-{ +- if ( phase != PHASE_AUTH ) { +- pam_syslog(pamh, LOG_ERR, +- "option %s allowed in auth phase only", argv); +- } +-} +- +-static int +-tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, +- int phase, int argc, const char **argv) +-{ +- memset(opts, 0, sizeof(*opts)); +- opts->filename = DEFAULT_LOGFILE; +- opts->ctrl = OPT_FAIL_ON_ERROR; +- opts->root_unlock_time = -1; +- +- for ( ; argc-- > 0; ++argv ) { +- const char *str; +- +- if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) { +- const char *from = str; +- if ( *from!='/' ) { +- pam_syslog(pamh, LOG_ERR, +- "filename not /rooted; %s", *argv); +- return PAM_AUTH_ERR; +- } +- opts->filename = from; +- } +- else if ( ! strcmp( *argv, "onerr=fail" ) ) { +- opts->ctrl |= OPT_FAIL_ON_ERROR; +- } +- else if ( ! strcmp( *argv, "onerr=succeed" ) ) { +- opts->ctrl &= ~OPT_FAIL_ON_ERROR; +- } +- else if ( ! strcmp( *argv, "magic_root" ) ) { +- opts->ctrl |= OPT_MAGIC_ROOT; +- } +- else if ( ! strcmp( *argv, "serialize" ) ) { +- opts->ctrl |= OPT_SERIALIZE; +- } +- else if ( ! strcmp( *argv, "debug" ) ) { +- opts->ctrl |= OPT_DEBUG; +- } +- else if ( ! strcmp( *argv, "even_deny_root_account" ) || +- ! strcmp( *argv, "even_deny_root" ) ) { +- log_phase_no_auth(pamh, phase, *argv); +- opts->ctrl |= OPT_DENY_ROOT; +- } +- else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) { +- log_phase_no_auth(pamh, phase, *argv); +- if (sscanf(str, "%hu", &opts->deny) != 1) { +- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); +- return PAM_AUTH_ERR; +- } +- } +- else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) { +- log_phase_no_auth(pamh, phase, *argv); +- if (sscanf(str, "%ld", &opts->lock_time) != 1) { +- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); +- return PAM_AUTH_ERR; +- } +- } +- else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) { +- log_phase_no_auth(pamh, phase, *argv); +- if (sscanf(str, "%ld", &opts->unlock_time) != 1) { +- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); +- return PAM_AUTH_ERR; +- } +- } +- else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) { +- log_phase_no_auth(pamh, phase, *argv); +- if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) { +- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); +- return PAM_AUTH_ERR; +- } +- opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */ +- } +- else if ( ! strcmp( *argv, "quiet" ) || +- ! strcmp ( *argv, "silent")) { +- opts->ctrl |= OPT_QUIET; +- } +- else if ( ! strcmp ( *argv, "no_log_info") ) { +- opts->ctrl |= OPT_NOLOGNOTICE; +- } +- else if ( ! strcmp ( *argv, "audit") ) { +- opts->ctrl |= OPT_AUDIT; +- } +- else { +- pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); +- } +- } +- +- if (opts->root_unlock_time == -1) +- opts->root_unlock_time = opts->unlock_time; +- +- return PAM_SUCCESS; +-} +- +-#endif /* #ifndef MAIN */ +- +-/*---------------------------------------------------------------------*/ +- +-/* --- Support function: get uid (and optionally username) from PAM or +- cline_user --- */ +- +-#ifdef MAIN +-static const char *cline_user=0; /* cline_user is used in the administration prog */ +-#endif +- +-static int +-pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) +-{ +- const char *user = NULL; +- struct passwd *pw; +- +-#ifdef MAIN +- user = cline_user; +- +- if ( !user ) { +- pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); +- return PAM_AUTH_ERR; +- } +-#else +- if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { +- user = NULL; +- } +-#endif +- +- if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { +- opts->ctrl & OPT_AUDIT ? +- pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) : +- pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user"); +- return PAM_USER_UNKNOWN; +- } +- +- if ( uid ) *uid = pw->pw_uid; +- if ( userp ) *userp = user; +- return PAM_SUCCESS; +-} +- +-/*---------------------------------------------------------------------*/ +- +-/* --- Support functions: set/get tally data --- */ +- +-#ifndef MAIN +- +-struct tally_data { +- time_t time; +- int tfile; +-}; +- +-static void +-_cleanup(pam_handle_t *pamh UNUSED, void *void_data, int error_status UNUSED) +-{ +- struct tally_data *data = void_data; +- if (data->tfile != -1) +- close(data->tfile); +- free(data); +-} +- +-static void +-tally_set_data( pam_handle_t *pamh, time_t oldtime, int tfile ) +-{ +- struct tally_data *data; +- +- if ( (data=malloc(sizeof(*data))) != NULL ) { +- data->time = oldtime; +- data->tfile = tfile; +- pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); +- } +-} +- +-static int +-tally_get_data( pam_handle_t *pamh, time_t *oldtime, int *tfile ) +-{ +- int rv; +- const void *void_data; +- const struct tally_data *data; +- +- rv = pam_get_data(pamh, MODULE_NAME, &void_data); +- if ( rv == PAM_SUCCESS && void_data != NULL && oldtime != NULL ) { +- data = void_data; +- *oldtime = data->time; +- *tfile = data->tfile; +- } +- else { +- rv = -1; +- *oldtime = 0; +- } +- return rv; +-} +-#endif /* #ifndef MAIN */ +- +-/*---------------------------------------------------------------------*/ +- +-/* --- Support function: open/create tallyfile and return tally for uid --- */ +- +-/* If on entry tallyfile doesn't exist, creation is attempted. */ +- +-static void +-alarm_handler(int sig UNUSED) +-{ /* we just need to ignore it */ +-} +- +-static int +-get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, +- int *tfile, struct tallylog *tally, unsigned int ctrl) +-{ +- struct stat fileinfo; +- int lstat_ret; +- void *void_tally = tally; +- int preopened = 0; +- +- if (*tfile != -1) { +- preopened = 1; +- goto skip_open; +- } +- +- lstat_ret = lstat(filename, &fileinfo); +- if (lstat_ret) { +- *tfile=open(filename, O_APPEND|O_CREAT, S_IRUSR|S_IWUSR); +- /* Create file, or append-open in pathological case. */ +- if (*tfile == -1) { +-#ifndef MAIN +- if (errno == EACCES) { +- return PAM_IGNORE; /* called with insufficient access rights */ +- } +-#endif +- pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename); +- return PAM_AUTH_ERR; +- } +- lstat_ret = fstat(*tfile, &fileinfo); +- close(*tfile); +- } +- +- *tfile = -1; +- +- if ( lstat_ret ) { +- pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); +- return PAM_AUTH_ERR; +- } +- +- if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) { +- /* If the file is world writable or is not a +- normal file, return error */ +- pam_syslog(pamh, LOG_ALERT, +- "%s is either world writable or not a normal file", +- filename); +- return PAM_AUTH_ERR; +- } +- +- if ((*tfile = open(filename, O_RDWR)) == -1) { +-#ifndef MAIN +- if (errno == EACCES) /* called with insufficient access rights */ +- return PAM_IGNORE; +-#endif +- pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename); +- +- return PAM_AUTH_ERR; +- } +- +-skip_open: +- if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) { +- pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); +- if (!preopened) { +- close(*tfile); +- *tfile = -1; +- } +- return PAM_AUTH_ERR; +- } +- +- if (!preopened && (ctrl & OPT_SERIALIZE)) { +- /* this code is not thread safe as it uses fcntl locks and alarm() +- so never use serialize with multithreaded services */ +- struct sigaction newsa, oldsa; +- unsigned int oldalarm; +- int rv; +- +- memset(&newsa, '\0', sizeof(newsa)); +- newsa.sa_handler = alarm_handler; +- sigaction(SIGALRM, &newsa, &oldsa); +- oldalarm = alarm(MAX_LOCK_WAITING_TIME); +- +- rv = lockf(*tfile, F_LOCK, sizeof(*tally)); +- /* lock failure is not fatal, we attempt to read the tally anyway */ +- +- /* reinstate the eventual old alarm handler */ +- if (rv == -1 && errno == EINTR) { +- if (oldalarm > MAX_LOCK_WAITING_TIME) { +- oldalarm -= MAX_LOCK_WAITING_TIME; +- } else if (oldalarm > 0) { +- oldalarm = 1; +- } +- } +- sigaction(SIGALRM, &oldsa, NULL); +- alarm(oldalarm); +- } +- +- if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { +- memset(tally, 0, sizeof(*tally)); +- } +- +- tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; +- +- return PAM_SUCCESS; +-} +- +-/*---------------------------------------------------------------------*/ +- +-/* --- Support function: update tallyfile with tally!=TALLY_HI --- */ +- +-static int +-set_tally(pam_handle_t *pamh, uid_t uid, +- const char *filename, int *tfile, struct tallylog *tally) +-{ +- void *void_tally = tally; +- if (tally->fail_cnt != TALLY_HI) { +- if (lseek(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET) == (off_t)-1) { +- pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); +- return PAM_AUTH_ERR; +- } +- if (pam_modutil_write(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { +- pam_syslog(pamh, LOG_ALERT, "update (write) failed for %s: %m", filename); +- return PAM_AUTH_ERR; +- } +- } +- +- return PAM_SUCCESS; +-} +- +-/*---------------------------------------------------------------------*/ +- +-/* --- PAM bits --- */ +- +-#ifndef MAIN +- +-#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS)) +- +-/*---------------------------------------------------------------------*/ +- +-static int +-tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, +- const char *user, struct tally_options *opts, +- struct tallylog *tally) +-{ +- int rv = PAM_SUCCESS; +- int loglevel = LOG_DEBUG; +-#ifdef HAVE_LIBAUDIT +- char buf[64]; +- int audit_fd = -1; +- const void *rhost = NULL, *tty = NULL; +-#endif +- +- if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { +- return PAM_SUCCESS; +- } +- /* magic_root skips tally check */ +-#ifdef HAVE_LIBAUDIT +- audit_fd = audit_open(); +- /* If there is an error & audit support is in the kernel report error */ +- if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || +- errno == EAFNOSUPPORT)) +- return PAM_SYSTEM_ERR; +- (void)pam_get_item(pamh, PAM_TTY, &tty); +- (void)pam_get_item(pamh, PAM_RHOST, &rhost); +-#endif +- if (opts->deny != 0 && /* deny==0 means no deny */ +- tally->fail_cnt > opts->deny && /* tally>deny means exceeded */ +- ((opts->ctrl & OPT_DENY_ROOT) || uid)) { /* even_deny stops uid check */ +-#ifdef HAVE_LIBAUDIT +- if (tally->fail_cnt == opts->deny+1) { +- /* First say that max number was hit. */ +- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); +- audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf, +- rhost, NULL, tty, 1); +- } +-#endif +- if (uid) { +- /* Unlock time check */ +- if (opts->unlock_time && oldtime) { +- if (opts->unlock_time + oldtime <= time(NULL)) { +- /* ignore deny check after unlock_time elapsed */ +-#ifdef HAVE_LIBAUDIT +- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); +- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, +- rhost, NULL, tty, 1); +-#endif +- rv = PAM_SUCCESS; +- goto cleanup; +- } +- } +- } else { +- /* Root unlock time check */ +- if (opts->root_unlock_time && oldtime) { +- if (opts->root_unlock_time + oldtime <= time(NULL)) { +- /* ignore deny check after unlock_time elapsed */ +-#ifdef HAVE_LIBAUDIT +- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); +- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, +- rhost, NULL, tty, 1); +-#endif +- rv = PAM_SUCCESS; +- goto cleanup; +- } +- } +- } +- +-#ifdef HAVE_LIBAUDIT +- if (tally->fail_cnt == opts->deny+1) { +- /* First say that max number was hit. */ +- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf, +- rhost, NULL, tty, 1); +- } +-#endif +- +- if (!(opts->ctrl & OPT_QUIET)) { +- pam_info(pamh, _("The account is locked due to %u failed logins."), +- (unsigned int)tally->fail_cnt); +- } +- loglevel = LOG_NOTICE; +- rv = PAM_AUTH_ERR; /* Only unconditional failure */ +- goto cleanup; +- } +- +- /* Lock time check */ +- if (opts->lock_time && oldtime) { +- if (opts->lock_time + oldtime > time(NULL)) { +- /* don't increase fail_cnt or update fail_time when +- lock_time applies */ +- tally->fail_cnt = oldcnt; +- tally->fail_time = oldtime; +- +- if (!(opts->ctrl & OPT_QUIET)) { +- pam_info(pamh, +- _("The account is temporarily locked (%ld seconds left)."), +- (long int) (oldtime+opts->lock_time-time(NULL))); +- } +- if (!(opts->ctrl & OPT_NOLOGNOTICE)) { +- pam_syslog(pamh, LOG_NOTICE, +- "user %s (%lu) has time limit [%lds left]" +- " since last failure.", +- user, (unsigned long)uid, +- (long int) (oldtime+opts->lock_time-time(NULL))); +- } +- rv = PAM_AUTH_ERR; +- goto cleanup; +- } +- } +- +-cleanup: +- if (!(opts->ctrl & OPT_NOLOGNOTICE) && (loglevel != LOG_DEBUG || opts->ctrl & OPT_DEBUG)) { +- pam_syslog(pamh, loglevel, +- "user %s (%lu) tally %hu, deny %hu", +- user, (unsigned long)uid, tally->fail_cnt, opts->deny); +- } +-#ifdef HAVE_LIBAUDIT +- if (audit_fd != -1) { +- close(audit_fd); +- } +-#endif +- return rv; +-} +- +-/* --- tally bump function: bump tally for uid by (signed) inc --- */ +- +-static int +-tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, +- uid_t uid, const char *user, struct tally_options *opts, int *tfile) +-{ +- struct tallylog tally; +- tally_t oldcnt; +- const void *remote_host = NULL; +- int i, rv; +- +- tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ +- +- i = get_tally(pamh, uid, opts->filename, tfile, &tally, opts->ctrl); +- if (i != PAM_SUCCESS) { +- if (*tfile != -1) { +- close(*tfile); +- *tfile = -1; +- } +- RETURN_ERROR(i); +- } +- +- /* to remember old fail time (for locktime) */ +- if (oldtime) { +- *oldtime = (time_t)tally.fail_time; +- } +- +- tally.fail_time = time(NULL); +- +- (void) pam_get_item(pamh, PAM_RHOST, &remote_host); +- if (!remote_host) { +- (void) pam_get_item(pamh, PAM_TTY, &remote_host); +- if (!remote_host) { +- remote_host = "unknown"; +- } +- } +- +- strncpy(tally.fail_line, remote_host, +- sizeof(tally.fail_line)-1); +- tally.fail_line[sizeof(tally.fail_line)-1] = 0; +- +- oldcnt = tally.fail_cnt; +- +- if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) { +- /* magic_root doesn't change tally */ +- tally.fail_cnt += inc; +- +- if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */ +- tally.fail_cnt -= inc; +- pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s", +- (inc<0)?"under":"over",user); +- } +- } +- +- rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally); +- +- i = set_tally(pamh, uid, opts->filename, tfile, &tally); +- if (i != PAM_SUCCESS) { +- if (*tfile != -1) { +- close(*tfile); +- *tfile = -1; +- } +- if (rv == PAM_SUCCESS) +- RETURN_ERROR( i ); +- /* fallthrough */ +- } else if (!(opts->ctrl & OPT_SERIALIZE)) { +- close(*tfile); +- *tfile = -1; +- } +- +- return rv; +-} +- +-static int +-tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_tfile) +-{ +- struct tallylog tally; +- int tfile = old_tfile; +- int i; +- +- /* resets only if not magic root */ +- +- if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { +- return PAM_SUCCESS; +- } +- +- tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ +- +- i=get_tally(pamh, uid, opts->filename, &tfile, &tally, opts->ctrl); +- if (i != PAM_SUCCESS) { +- if (tfile != old_tfile) /* the descriptor is not owned by pam data */ +- close(tfile); +- RETURN_ERROR(i); +- } +- +- memset(&tally, 0, sizeof(tally)); +- +- i=set_tally(pamh, uid, opts->filename, &tfile, &tally); +- if (i != PAM_SUCCESS) { +- if (tfile != old_tfile) /* the descriptor is not owned by pam data */ +- close(tfile); +- RETURN_ERROR(i); +- } +- +- if (tfile != old_tfile) +- close(tfile); +- +- return PAM_SUCCESS; +-} +- +-/*---------------------------------------------------------------------*/ +- +-/* --- authentication management functions (only) --- */ +- +-int +-pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, +- int argc, const char **argv) +-{ +- int +- rv, tfile = -1; +- time_t +- oldtime = 0; +- struct tally_options +- options, *opts = &options; +- uid_t +- uid; +- const char +- *user; +- +- rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); +- if (rv != PAM_SUCCESS) +- RETURN_ERROR(rv); +- +- if (flags & PAM_SILENT) +- opts->ctrl |= OPT_QUIET; +- +- rv = pam_get_uid(pamh, &uid, &user, opts); +- if (rv != PAM_SUCCESS) +- RETURN_ERROR(rv); +- +- rv = tally_bump(1, &oldtime, pamh, uid, user, opts, &tfile); +- +- tally_set_data(pamh, oldtime, tfile); +- +- return rv; +-} +- +-int +-pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, +- int argc, const char **argv) +-{ +- int +- rv, tfile = -1; +- time_t +- oldtime = 0; +- struct tally_options +- options, *opts = &options; +- uid_t +- uid; +- const char +- *user; +- +- rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); +- if ( rv != PAM_SUCCESS ) +- RETURN_ERROR( rv ); +- +- rv = pam_get_uid(pamh, &uid, &user, opts); +- if ( rv != PAM_SUCCESS ) +- RETURN_ERROR( rv ); +- +- if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) +- /* no data found */ +- return PAM_SUCCESS; +- +- rv = tally_reset(pamh, uid, opts, tfile); +- +- pam_set_data(pamh, MODULE_NAME, NULL, NULL); +- +- return rv; +-} +- +-/*---------------------------------------------------------------------*/ +- +-/* --- authentication management functions (only) --- */ +- +-/* To reset failcount of user on successful login */ +- +-int +-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, +- int argc, const char **argv) +-{ +- int +- rv, tfile = -1; +- time_t +- oldtime = 0; +- struct tally_options +- options, *opts = &options; +- uid_t +- uid; +- const char +- *user; +- +- rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); +- if ( rv != PAM_SUCCESS ) +- RETURN_ERROR( rv ); +- +- rv = pam_get_uid(pamh, &uid, &user, opts); +- if ( rv != PAM_SUCCESS ) +- RETURN_ERROR( rv ); +- +- if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) +- /* no data found */ +- return PAM_SUCCESS; +- +- rv = tally_reset(pamh, uid, opts, tfile); +- +- pam_set_data(pamh, MODULE_NAME, NULL, NULL); +- +- return rv; +-} +- +-/*-----------------------------------------------------------------------*/ +- +-#else /* #ifndef MAIN */ +- +-static const char *cline_filename = DEFAULT_LOGFILE; +-static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */ +-static int cline_quiet = 0; +- +-/* +- * Not going to link with pamlib just for these.. :) +- */ +- +-static const char * +-pam_errors( int i ) +-{ +- switch (i) { +- case PAM_AUTH_ERR: return _("Authentication error"); +- case PAM_SERVICE_ERR: return _("Service error"); +- case PAM_USER_UNKNOWN: return _("Unknown user"); +- default: return _("Unknown error"); +- } +-} +- +-static int +-getopts( char **argv ) +-{ +- const char *pname = *argv; +- for ( ; *argv ; (void)(*argv && ++argv) ) { +- const char *str; +- if ( !strcmp (*argv,"--file") ) cline_filename=*++argv; +- else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv; +- else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL) +- cline_filename = str; +- else if ( !strcmp (*argv,"--user") ) cline_user=*++argv; +- else if ( !strcmp (*argv,"-u") ) cline_user=*++argv; +- else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL) +- cline_user = str; +- else if ( !strcmp (*argv,"--reset") ) cline_reset=0; +- else if ( !strcmp (*argv,"-r") ) cline_reset=0; +- else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) { +- if (sscanf(str, "%hu", &cline_reset) != 1) +- fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0); +- } +- else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1; +- else { +- fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv); +- return FALSE; +- } +- } +- return TRUE; +-} +- +-static void +-print_one(const struct tallylog *tally, uid_t uid) +-{ +- static int once; +- const char *cp = "[UNKNOWN]"; +- time_t fail_time; +- struct tm *tm; +- struct passwd *pwent; +- const char *username = "[NONAME]"; +- char ptime[80]; +- +- pwent = getpwuid(uid); +- fail_time = tally->fail_time; +- if ((tm = localtime(&fail_time)) != NULL) { +- strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm); +- cp = ptime; +- } +- if (pwent) { +- username = pwent->pw_name; +- } +- if (!once) { +- printf (_("Login Failures Latest failure From\n")); +- once++; +- } +- printf ("%-15.15s %5hu ", username, tally->fail_cnt); +- if (tally->fail_time) { +- printf ("%-17.17s %s", cp, tally->fail_line); +- } +- putchar ('\n'); +-} +- +-int +-main( int argc UNUSED, char **argv ) +-{ +- struct tallylog tally; +- +- if ( ! getopts( argv+1 ) ) { +- printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n" +- " [-u username] [--user username]\n" +- " [-r] [--reset[=n]] [--quiet]\n"), +- *argv); +- exit(2); +- } +- +- umask(077); +- +- /* +- * Major difference between individual user and all users: +- * --user just handles one user, just like PAM. +- * without --user it handles all users, sniffing cline_filename for nonzeros +- */ +- +- if ( cline_user ) { +- uid_t uid; +- int tfile = -1; +- struct tally_options opts; +- int i; +- +- memset(&opts, 0, sizeof(opts)); +- opts.ctrl = OPT_AUDIT; +- i=pam_get_uid(NULL, &uid, NULL, &opts); +- if ( i != PAM_SUCCESS ) { +- fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); +- exit(1); +- } +- +- if (cline_reset == 0) { +- struct stat st; +- +- if (stat(cline_filename, &st) && errno == ENOENT) { +- if (!cline_quiet) { +- memset(&tally, 0, sizeof(tally)); +- print_one(&tally, uid); +- } +- return 0; /* no file => nothing to reset */ +- } +- } +- +- i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0); +- if ( i != PAM_SUCCESS ) { +- if (tfile != -1) +- close(tfile); +- fprintf(stderr, "%s: %s\n", *argv, pam_errors(i)); +- exit(1); +- } +- +- if ( !cline_quiet ) +- print_one(&tally, uid); +- +- if (cline_reset != TALLY_HI) { +-#ifdef HAVE_LIBAUDIT +- char buf[64]; +- int audit_fd = audit_open(); +- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); +- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, +- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); +- if (audit_fd >=0) +- close(audit_fd); +-#endif +- if (cline_reset == 0) { +- memset(&tally, 0, sizeof(tally)); +- } else { +- tally.fail_cnt = cline_reset; +- } +- i=set_tally(NULL, uid, cline_filename, &tfile, &tally); +- close(tfile); +- if (i != PAM_SUCCESS) { +- fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); +- exit(1); +- } +- } else { +- close(tfile); +- } +- } +- else /* !cline_user (ie, operate on all users) */ { +- FILE *tfile=fopen(cline_filename, "r"); +- uid_t uid=0; +- if (!tfile && cline_reset != 0) { +- perror(*argv); +- exit(1); +- } +- +- for ( ; tfile && !feof(tfile); uid++ ) { +- if ( !fread(&tally, sizeof(tally), 1, tfile) +- || !tally.fail_cnt ) { +- continue; +- } +- print_one(&tally, uid); +- } +- if (tfile) +- fclose(tfile); +- if ( cline_reset!=0 && cline_reset!=TALLY_HI ) { +- fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv); +- } +- else if ( !cline_reset ) { +-#ifdef HAVE_LIBAUDIT +- char buf[64]; +- int audit_fd = audit_open(); +- snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); +- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, +- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); +- if (audit_fd >=0) +- close(audit_fd); +-#endif +- tfile=fopen(cline_filename, "w"); +- if ( !tfile ) perror(*argv), exit(0); +- fclose(tfile); +- } +- } +- return 0; +-} +- +- +-#endif /* #ifndef MAIN */ +diff --git a/modules/pam_tally2/pam_tally2_app.c b/modules/pam_tally2/pam_tally2_app.c +deleted file mode 100644 +index b72e9bfd..00000000 +--- a/modules/pam_tally2/pam_tally2_app.c ++++ /dev/null +@@ -1,6 +0,0 @@ +-/* +- # This seemed like such a good idea at the time. :) +- */ +- +-#define MAIN +-#include "pam_tally2.c" +diff --git a/modules/pam_tally2/tallylog.h b/modules/pam_tally2/tallylog.h +deleted file mode 100644 +index 596b1dac..00000000 +--- a/modules/pam_tally2/tallylog.h ++++ /dev/null +@@ -1,52 +0,0 @@ +-/* +- * Copyright 2006, Red Hat, Inc. +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. Neither the name of Red Hat, Inc. nor the names of its contributors +- * may be used to endorse or promote products derived from this software +- * without specific prior written permission. +- * +- * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- */ +- +-/* +- * tallylog.h - login failure data file format +- * +- * The new login failure file is not compatible with the old faillog(8) format +- * Each record in the file represents a separate UID and the file +- * is indexed in that fashion. +- */ +- +- +-#ifndef _TALLYLOG_H +-#define _TALLYLOG_H +- +-#include +- +-struct tallylog { +- char fail_line[52]; /* rhost or tty of last failure */ +- uint16_t reserved; /* reserved for future use */ +- uint16_t fail_cnt; /* failures since last success */ +- uint64_t fail_time; /* time of last failure */ +-}; +-/* 64 bytes / entry */ +- +-#endif +diff --git a/modules/pam_tally2/tst-pam_tally2 b/modules/pam_tally2/tst-pam_tally2 +deleted file mode 100755 +index 83c71f41..00000000 +--- a/modules/pam_tally2/tst-pam_tally2 ++++ /dev/null +@@ -1,2 +0,0 @@ +-#!/bin/sh +-../../tests/tst-dlopen .libs/pam_tally2.so -- 2.51.1 From 34431add7d3e0ac2ab0b6b3923970d65a8fb0778de2a4b3c0ff9586853c30d2f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 27 Nov 2020 09:37:31 +0000 Subject: [PATCH 145/226] - Update to 1.5.1 - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user doesn't exist and root password is blank [bsc#1179166] - pam_faillock: added nodelay option to not set pam_fail_delay - pam_wheel: use pam_modutil_user_in_group to check for the group membership with getgrouplist where it is available OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=229 --- Linux-PAM-1.5.0-docs.tar.xz | 3 --- Linux-PAM-1.5.0.tar.xz | 3 --- Linux-PAM-1.5.1-docs.tar.xz | 3 +++ Linux-PAM-1.5.1.tar.xz | 3 +++ _service | 14 -------------- _servicedata | 6 ------ pam.changes | 10 ++++++++++ pam.spec | 2 +- 8 files changed, 17 insertions(+), 27 deletions(-) delete mode 100644 Linux-PAM-1.5.0-docs.tar.xz delete mode 100644 Linux-PAM-1.5.0.tar.xz create mode 100644 Linux-PAM-1.5.1-docs.tar.xz create mode 100644 Linux-PAM-1.5.1.tar.xz delete mode 100644 _service delete mode 100644 _servicedata diff --git a/Linux-PAM-1.5.0-docs.tar.xz b/Linux-PAM-1.5.0-docs.tar.xz deleted file mode 100644 index f465fd7..0000000 --- a/Linux-PAM-1.5.0-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:75fefd2a601c76d5e289aa8c36234ec2ac398395f4a48caf5ef638c1131019a9 -size 441644 diff --git a/Linux-PAM-1.5.0.tar.xz b/Linux-PAM-1.5.0.tar.xz deleted file mode 100644 index d5f6b23..0000000 --- a/Linux-PAM-1.5.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:02d39854b508fae9dc713f7733bbcdadbe17b50de965aedddd65bcb6cc7852c8 -size 972228 diff --git a/Linux-PAM-1.5.1-docs.tar.xz b/Linux-PAM-1.5.1-docs.tar.xz new file mode 100644 index 0000000..e006f6a --- /dev/null +++ b/Linux-PAM-1.5.1-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d0fc4ef466d0050f46b0ccd2f73373c60c47454da55f6fb2fd04b0701c73c134 +size 441632 diff --git a/Linux-PAM-1.5.1.tar.xz b/Linux-PAM-1.5.1.tar.xz new file mode 100644 index 0000000..684a247 --- /dev/null +++ b/Linux-PAM-1.5.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc +size 972964 diff --git a/_service b/_service deleted file mode 100644 index b7a310b..0000000 --- a/_service +++ /dev/null @@ -1,14 +0,0 @@ - - - 1.3.1 - 1.3.1+git%cd.%h - git://github.com/linux-pam/linux-pam.git - git - enable - - - xz - *.tar - - - diff --git a/_servicedata b/_servicedata deleted file mode 100644 index ea102f1..0000000 --- a/_servicedata +++ /dev/null @@ -1,6 +0,0 @@ - - - git://github.com/linux-pam/linux-pam.git - ea78d6764353c5510b235846452e6810d009b78e - - \ No newline at end of file diff --git a/pam.changes b/pam.changes index c43791d..df51e0b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + ------------------------------------------------------------------- Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 0585c87..18554c4 100644 --- a/pam.spec +++ b/pam.spec @@ -27,7 +27,7 @@ %endif Name: pam # -Version: 1.5.0 +Version: 1.5.1 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause -- 2.51.1 From 070ad9f4c260dd99d9b996785c2f4ae598f0c19969f32c17891af63751852099 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 3 Dec 2020 13:58:29 +0000 Subject: [PATCH 146/226] Accepting request 851800 from home:lnussel:usrmove - add macros.pam to abstract directory for pam modules - prepare usrmerge (boo#1029961, pam-usrmerge.diff) OBS-URL: https://build.opensuse.org/request/show/851800 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=230 --- pam-usrmerge.diff | 16 ++++ pam.changes | 10 +++ pam.spec | 184 ++++++++++++++++++++++++++-------------------- 3 files changed, 130 insertions(+), 80 deletions(-) create mode 100644 pam-usrmerge.diff diff --git a/pam-usrmerge.diff b/pam-usrmerge.diff new file mode 100644 index 0000000..6b8c150 --- /dev/null +++ b/pam-usrmerge.diff @@ -0,0 +1,16 @@ +Index: Linux-PAM-1.4.0/libpam/pam_handlers.c +=================================================================== +--- Linux-PAM-1.4.0.orig/libpam/pam_handlers.c ++++ Linux-PAM-1.4.0/libpam/pam_handlers.c +@@ -801,6 +801,11 @@ int _pam_add_handler(pam_handle_t *pamh + } else if (asprintf(&mod_full_path, "%s%s", + DEFAULT_MODULE_PATH, mod_path) >= 0) { + mod = _pam_load_module(pamh, mod_full_path, handler_type); ++ /* for usrmerge transition, the the path in / also */ ++ if (mod == NULL && !strncmp(DEFAULT_MODULE_PATH, "/usr/", 5) && ++ access(mod_full_path+4, F_OK)) { ++ mod = _pam_load_module(pamh, mod_full_path+4, handler_type); ++ } + _pam_drop(mod_full_path); + } else { + pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); diff --git a/pam.changes b/pam.changes index df51e0b..65ca43d 100644 --- a/pam.changes +++ b/pam.changes @@ -8,6 +8,11 @@ Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk - pam_wheel: use pam_modutil_user_in_group to check for the group membership with getgrouplist where it is available +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + ------------------------------------------------------------------- Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk @@ -59,6 +64,11 @@ Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk - Enable pam_faillock [bnc#1171562] +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + ------------------------------------------------------------------- Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers diff --git a/pam.spec b/pam.spec index 18554c4..444f8c5 100644 --- a/pam.spec +++ b/pam.spec @@ -16,6 +16,19 @@ # +%if !0%{?usrmerged} +%define libdir /%{_lib} +%define sbindir /sbin +%define pamdir /%{_lib}/security +%else +%define libdir %{_libdir} +%define sbindir %{_sbindir} +# moving this to /usr needs fixing +# several packages short of +# https://github.com/linux-pam/linux-pam/issues/256 +%define pamdir %{_libdir}/security +%endif + # %define enable_selinux 1 %define libpam_so_version 0.85.1 @@ -58,6 +71,9 @@ BuildRequires: cracklib-devel BuildRequires: flex BuildRequires: libtool BuildRequires: xz +# this is only needed in the transition phase to make sure modules +# are also loaded from /lib/security as fallback +Patch99: pam-usrmerge.diff Requires(post): permissions # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! @@ -154,14 +170,16 @@ cp -a %{SOURCE12} . bash ./pam-login_defs-check.sh export CFLAGS="%{optflags} -DNDEBUG" %configure \ - --sbindir=/sbin \ --includedir=%{_includedir}/security \ --docdir=%{_docdir}/pam \ --htmldir=%{_docdir}/pam/html \ --pdfdir=%{_docdir}/pam/pdf \ - --libdir=/%{_lib} \ - --enable-isadir=../../%{_lib}/security \ - --enable-securedir=/%{_lib}/security \ +%if !0%{?usrmerged} + --sbindir=/sbin \ + --libdir=/%{_lib} \ +%endif + --enable-isadir=../..%{pamdir} \ + --enable-securedir=%{pamdir} \ --enable-vendordir=%{_distconfdir} \ --enable-tally2 --enable-cracklib make %{?_smp_mflags} @@ -174,11 +192,11 @@ gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} mkdir -p %{buildroot}%{_sysconfdir}/pam.d mkdir -p %{buildroot}%{_distconfdir}/pam.d mkdir -p %{buildroot}%{_includedir}/security -mkdir -p %{buildroot}/%{_lib}/security +mkdir -p %{buildroot}%{pamdir} mkdir -p %{buildroot}/sbin mkdir -p -m 755 %{buildroot}%{_libdir} %make_install -/sbin/ldconfig -n %{buildroot}/%{_lib} +/sbin/ldconfig -n %{buildroot}%{libdir} # Install documentation %make_install -C doc # install securetty @@ -196,19 +214,21 @@ install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/common-auth install -m 644 %{SOURCE5} %{buildroot}%{_distconfdir}/pam.d/common-account install -m 644 %{SOURCE6} %{buildroot}%{_distconfdir}/pam.d/common-password install -m 644 %{SOURCE7} %{buildroot}%{_distconfdir}/pam.d/common-session +%if !0%{?usrmerged} rm %{buildroot}/%{_lib}/libpam.so ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} %{buildroot}%{_libdir}/libpam.so rm %{buildroot}/%{_lib}/libpamc.so ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} %{buildroot}%{_libdir}/libpamc.so rm %{buildroot}/%{_lib}/libpam_misc.so ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} %{buildroot}%{_libdir}/libpam_misc.so +%endif mkdir -p %{buildroot}%{_prefix}/lib/motd.d # # Remove crap # find %{buildroot} -type f -name "*.la" -delete -print for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f %{buildroot}/%{_lib}/security/pam_unix.so %{buildroot}/%{_lib}/security/$x.so + ln -f %{buildroot}%{pamdir}/pam_unix.so %{buildroot}%{pamdir}/$x.so done # # Install READMEs of PAM modules @@ -221,19 +241,22 @@ for i in pam_*/README; do done popd # Install unix2_chkpwd -install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}/sbin/ +install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{sbindir} install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# rpm macros +mkdir -p %{buildroot}/usr/lib/rpm/macros.d +echo "%%_pamdir %pamdir" > %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.pam # Create filelist with translatins %find_lang Linux-PAM %verifyscript -%verify_permissions -e /sbin/unix_chkpwd -%verify_permissions -e /sbin/unix2_chkpwd +%verify_permissions -e %{sbindir}/unix_chkpwd +%verify_permissions -e %{sbindir}/unix2_chkpwd %post /sbin/ldconfig -%set_permissions /sbin/unix_chkpwd -%set_permissions /sbin/unix2_chkpwd +%set_permissions %{sbindir}/unix_chkpwd +%set_permissions %{sbindir}/unix2_chkpwd %postun -p /sbin/ldconfig %pre @@ -334,84 +357,84 @@ done %{_mandir}/man8/unix2_chkpwd.8%{?ext_man} %{_mandir}/man8/unix_chkpwd.8%{?ext_man} %{_mandir}/man8/unix_update.8%{?ext_man} -/%{_lib}/libpam.so.0 -/%{_lib}/libpam.so.%{libpam_so_version} -/%{_lib}/libpamc.so.0 -/%{_lib}/libpamc.so.%{libpamc_so_version} -/%{_lib}/libpam_misc.so.0 -/%{_lib}/libpam_misc.so.%{libpam_misc_so_version} -%dir /%{_lib}/security -/%{_lib}/security/pam_access.so -/%{_lib}/security/pam_debug.so -/%{_lib}/security/pam_deny.so -/%{_lib}/security/pam_echo.so -/%{_lib}/security/pam_env.so -/%{_lib}/security/pam_exec.so -/%{_lib}/security/pam_faildelay.so -/%{_lib}/security/pam_faillock.so -/%{_lib}/security/pam_filter.so -%dir /%{_lib}/security/pam_filter -/%{_lib}/security//pam_filter/upperLOWER -/%{_lib}/security/pam_ftp.so -/%{_lib}/security/pam_group.so -/%{_lib}/security/pam_issue.so -/%{_lib}/security/pam_keyinit.so -/%{_lib}/security/pam_lastlog.so -/%{_lib}/security/pam_limits.so -/%{_lib}/security/pam_listfile.so -/%{_lib}/security/pam_localuser.so -/%{_lib}/security/pam_loginuid.so -/%{_lib}/security/pam_mail.so -/%{_lib}/security/pam_mkhomedir.so -/%{_lib}/security/pam_motd.so -/%{_lib}/security/pam_namespace.so -/%{_lib}/security/pam_nologin.so -/%{_lib}/security/pam_permit.so -/%{_lib}/security/pam_pwhistory.so -/%{_lib}/security/pam_rhosts.so -/%{_lib}/security/pam_rootok.so -/%{_lib}/security/pam_securetty.so +%{libdir}/libpam.so.0 +%{libdir}/libpam.so.%{libpam_so_version} +%{libdir}/libpamc.so.0 +%{libdir}/libpamc.so.%{libpamc_so_version} +%{libdir}/libpam_misc.so.0 +%{libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{pamdir} +%{pamdir}/pam_access.so +%{pamdir}/pam_debug.so +%{pamdir}/pam_deny.so +%{pamdir}/pam_echo.so +%{pamdir}/pam_env.so +%{pamdir}/pam_exec.so +%{pamdir}/pam_faildelay.so +%{pamdir}/pam_faillock.so +%{pamdir}/pam_filter.so +%dir %{pamdir}/pam_filter +%{pamdir}//pam_filter/upperLOWER +%{pamdir}/pam_ftp.so +%{pamdir}/pam_group.so +%{pamdir}/pam_issue.so +%{pamdir}/pam_keyinit.so +%{pamdir}/pam_lastlog.so +%{pamdir}/pam_limits.so +%{pamdir}/pam_listfile.so +%{pamdir}/pam_localuser.so +%{pamdir}/pam_loginuid.so +%{pamdir}/pam_mail.so +%{pamdir}/pam_mkhomedir.so +%{pamdir}/pam_motd.so +%{pamdir}/pam_namespace.so +%{pamdir}/pam_nologin.so +%{pamdir}/pam_permit.so +%{pamdir}/pam_pwhistory.so +%{pamdir}/pam_rhosts.so +%{pamdir}/pam_rootok.so +%{pamdir}/pam_securetty.so %if %{enable_selinux} -/%{_lib}/security/pam_selinux.so -/%{_lib}/security/pam_sepermit.so +%{pamdir}/pam_selinux.so +%{pamdir}/pam_sepermit.so %endif -/%{_lib}/security/pam_setquota.so -/%{_lib}/security/pam_shells.so -/%{_lib}/security/pam_stress.so -/%{_lib}/security/pam_succeed_if.so -/%{_lib}/security/pam_time.so -/%{_lib}/security/pam_timestamp.so -/%{_lib}/security/pam_tty_audit.so -/%{_lib}/security/pam_umask.so -/%{_lib}/security/pam_unix.so -/%{_lib}/security/pam_unix_acct.so -/%{_lib}/security/pam_unix_auth.so -/%{_lib}/security/pam_unix_passwd.so -/%{_lib}/security/pam_unix_session.so -/%{_lib}/security/pam_usertype.so -/%{_lib}/security/pam_warn.so -/%{_lib}/security/pam_wheel.so -/%{_lib}/security/pam_xauth.so -/sbin/faillock -/sbin/mkhomedir_helper -/sbin/pam_namespace_helper -/sbin/pam_timestamp_check -/sbin/pwhistory_helper -%verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd -%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd -%attr(0700,root,root) /sbin/unix_update +%{pamdir}/pam_setquota.so +%{pamdir}/pam_shells.so +%{pamdir}/pam_stress.so +%{pamdir}/pam_succeed_if.so +%{pamdir}/pam_time.so +%{pamdir}/pam_timestamp.so +%{pamdir}/pam_tty_audit.so +%{pamdir}/pam_umask.so +%{pamdir}/pam_unix.so +%{pamdir}/pam_unix_acct.so +%{pamdir}/pam_unix_auth.so +%{pamdir}/pam_unix_passwd.so +%{pamdir}/pam_unix_session.so +%{pamdir}/pam_usertype.so +%{pamdir}/pam_warn.so +%{pamdir}/pam_wheel.so +%{pamdir}/pam_xauth.so +%{sbindir}/faillock +%{sbindir}/mkhomedir_helper +%{sbindir}/pam_namespace_helper +%{sbindir}/pam_timestamp_check +%{sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{sbindir}/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) %{sbindir}/unix2_chkpwd +%attr(0700,root,root) %{sbindir}/unix_update %{_unitdir}/pam_namespace.service %files extra %defattr(-,root,root,755) -/%{_lib}/security/pam_userdb.so +%{pamdir}/pam_userdb.so %{_mandir}/man8/pam_userdb.8%{?ext_man} %files deprecated %defattr(-,root,root,755) -/%{_lib}/security/pam_cracklib.so -/%{_lib}/security/pam_tally2.so -/sbin/pam_tally2 +%{pamdir}/pam_cracklib.so +%{pamdir}/pam_tally2.so +%{sbindir}/pam_tally2 %files doc %defattr(644,root,root,755) @@ -430,5 +453,6 @@ done %{_libdir}/libpam.so %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so +%{_prefix}/lib/rpm/macros.d/macros.pam %changelog -- 2.51.1 From 9f34df244a9c6bb33beeee8f6500661edddb0aa87defee2402d9b57f7f85bea6 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 17 Dec 2020 08:06:56 +0000 Subject: [PATCH 147/226] Accepting request 854846 from home:lnussel:usrmove Actually apply patch OBS-URL: https://build.opensuse.org/request/show/854846 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=231 --- pam.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pam.spec b/pam.spec index 444f8c5..98cf650 100644 --- a/pam.spec +++ b/pam.spec @@ -165,6 +165,9 @@ cp -a %{SOURCE12} . %patch7 -R -p1 %patch8 -p1 %patch9 -p1 +%if 0%{?usrmerged} +%patch99 -p1 +%endif %build bash ./pam-login_defs-check.sh -- 2.51.1 From 5e8c266a795236a83e0746fb3df61ca5757a4caf1efd8b406abc324ea1369d6d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 16 Feb 2021 10:28:19 +0000 Subject: [PATCH 148/226] Accepting request 872794 from home:kukuk:etc - Split out pam_unix module and build without NIS support - Fix split provides and BuildRequires - standalone pam_unix with NIS support OBS-URL: https://build.opensuse.org/request/show/872794 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=232 --- Makefile-pam_unix-nis.diff | 21 ++++++++ baselibs.conf | 2 + pam.changes | 5 ++ pam.spec | 28 +++++++--- pam_unix-nis.changes | 9 ++++ pam_unix-nis.spec | 105 +++++++++++++++++++++++++++++++++++++ 6 files changed, 163 insertions(+), 7 deletions(-) create mode 100644 Makefile-pam_unix-nis.diff create mode 100644 pam_unix-nis.changes create mode 100644 pam_unix-nis.spec diff --git a/Makefile-pam_unix-nis.diff b/Makefile-pam_unix-nis.diff new file mode 100644 index 0000000..a3967c8 --- /dev/null +++ b/Makefile-pam_unix-nis.diff @@ -0,0 +1,21 @@ +diff -urN Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in Linux-PAM-1.5.1/modules/pam_unix/Makefile.in +--- Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in 2020-11-25 17:57:14.000000000 +0100 ++++ Linux-PAM-1.5.1/modules/pam_unix/Makefile.in 2021-02-12 14:33:38.159412343 +0100 +@@ -155,7 +155,7 @@ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } + LTLIBRARIES = $(securelib_LTLIBRARIES) +-pam_unix_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la ++pam_unix_la_DEPENDENCIES = + am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ + pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ + yppasswd_xdr.lo md5_good.lo md5_broken.lo +@@ -654,7 +654,7 @@ + + pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ + $(am__append_1) +-pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ ++pam_unix_la_LIBADD = -lpam \ + @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ + + securelib_LTLIBRARIES = pam_unix.la diff --git a/baselibs.conf b/baselibs.conf index aa1a812..cda4eab 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -2,3 +2,5 @@ pam pam-extra pam-deprecated pam-devel +pam_unix +pam_unix-nis diff --git a/pam.changes b/pam.changes index 65ca43d..a16e612 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + ------------------------------------------------------------------- Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 98cf650..52a9852 100644 --- a/pam.spec +++ b/pam.spec @@ -81,12 +81,12 @@ Requires(post): permissions Recommends: login_defs-support-for-pam >= 1.3.1 %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) -BuildRequires: pkgconfig(libnsl) -BuildRequires: pkgconfig(libtirpc) %endif %if %{enable_selinux} BuildRequires: libselinux-devel %endif +Requires: pam_unix.so +Suggests: pam_unix %if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) Requires(pre): user(root) @@ -97,6 +97,17 @@ PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. +%package -n pam_unix +Summary: PAM module for standard UNIX authentication +Group: System/Libraries +Provides: pam_unix.so +Conflicts: pam_unix-nis + +%description -n pam_unix +This package contains the pam_unix module, which does the standard +UNIX authentication against the passwd and shadow database. This +module does not contain NIS support. + %package extra Summary: PAM module to authenticate against a separate database Group: System/Libraries @@ -409,11 +420,6 @@ done %{pamdir}/pam_timestamp.so %{pamdir}/pam_tty_audit.so %{pamdir}/pam_umask.so -%{pamdir}/pam_unix.so -%{pamdir}/pam_unix_acct.so -%{pamdir}/pam_unix_auth.so -%{pamdir}/pam_unix_passwd.so -%{pamdir}/pam_unix_session.so %{pamdir}/pam_usertype.so %{pamdir}/pam_warn.so %{pamdir}/pam_wheel.so @@ -428,6 +434,14 @@ done %attr(0700,root,root) %{sbindir}/unix_update %{_unitdir}/pam_namespace.service +%files -n pam_unix +%defattr(-,root,root,755) +%{pamdir}/pam_unix.so +%{pamdir}/pam_unix_acct.so +%{pamdir}/pam_unix_auth.so +%{pamdir}/pam_unix_passwd.so +%{pamdir}/pam_unix_session.so + %files extra %defattr(-,root,root,755) %{pamdir}/pam_userdb.so diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes new file mode 100644 index 0000000..dec6d15 --- /dev/null +++ b/pam_unix-nis.changes @@ -0,0 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk + +- Fix split provides and BuildRequires + +------------------------------------------------------------------- +Fri Feb 12 13:44:39 UTC 2021 - Thorsten Kukuk + +- standalone pam_unix with NIS support diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec new file mode 100644 index 0000000..2dd9557 --- /dev/null +++ b/pam_unix-nis.spec @@ -0,0 +1,105 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if !0%{?usrmerged} +%define libdir /%{_lib} +%define sbindir /sbin +%define pamdir /%{_lib}/security +%else +%define libdir %{_libdir} +%define sbindir %{_sbindir} +# moving this to /usr needs fixing +# several packages short of +# https://github.com/linux-pam/linux-pam/issues/256 +%define pamdir %{_libdir}/security +%endif + +# +%define enable_selinux 1 +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} + %define config_noreplace 1 +%endif +Name: pam_unix-nis +# +Version: 1.5.1 +Release: 0 +Summary: PAM module for standard UNIX and NIS authentication +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: http://www.linux-pam.org/ +Source: Linux-PAM-%{version}.tar.xz +Source9: baselibs.conf +Patch: Makefile-pam_unix-nis.diff +BuildRequires: pam-devel +%if 0%{?suse_version} > 1320 +BuildRequires: pkgconfig(libeconf) +BuildRequires: pkgconfig(libnsl) +BuildRequires: pkgconfig(libtirpc) +%endif +%if %{enable_selinux} +BuildRequires: libselinux-devel +%endif +Provides: pam:/%{_lib}/security/pam_unix.so +Provides: pam_unix.so + +%description +This package contains the pam_unix module, which does the standard +UNIX authentication against the passwd and shadow database. This +module has NIS support. + +%prep +%setup -q -n Linux-PAM-%{version} +%patch -p1 + +%build +export CFLAGS="%{optflags} -DNDEBUG" +%configure \ + --includedir=%{_includedir}/security \ + --docdir=%{_docdir}/pam \ + --htmldir=%{_docdir}/pam/html \ + --pdfdir=%{_docdir}/pam/pdf \ +%if !0%{?usrmerged} + --sbindir=/sbin \ + --libdir=/%{_lib} \ +%endif + --enable-isadir=../..%{pamdir} \ + --enable-securedir=%{pamdir} \ + --enable-vendordir=%{_distconfdir} \ + --enable-tally2 --enable-cracklib +make -C modules/pam_unix + +%install +mkdir -p %{buildroot}%{pamdir} +install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{pamdir}/ +for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do + ln -f %{buildroot}%{pamdir}/pam_unix.so %{buildroot}%{pamdir}/$x.so +done + +%files +%license COPYING +%{pamdir}/pam_unix.so +%{pamdir}/pam_unix_acct.so +%{pamdir}/pam_unix_auth.so +%{pamdir}/pam_unix_passwd.so +%{pamdir}/pam_unix_session.so + +%changelog -- 2.51.1 From 2d6d13afabed4c736280ddee2979bc9fb43aa670ed2078ebbc9d8c878d1d01df Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 16 Feb 2021 10:35:18 +0000 Subject: [PATCH 149/226] Accepting request 872796 from home:kukuk:etc - Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside pam library OBS-URL: https://build.opensuse.org/request/show/872796 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=233 --- pam_unix-nis.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes index dec6d15..d746e0a 100644 --- a/pam_unix-nis.changes +++ b/pam_unix-nis.changes @@ -2,6 +2,8 @@ Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk - Fix split provides and BuildRequires +- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside + pam library ------------------------------------------------------------------- Fri Feb 12 13:44:39 UTC 2021 - Thorsten Kukuk -- 2.51.1 From fadf030a4625562cb0dd64e7f3392af568e52b260e93aa12c96b3eff26eb3476 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Feb 2021 22:17:30 +0000 Subject: [PATCH 150/226] - Add missing conflicts for pam_unix-nis - Add missing conflicts for pam_unix OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=234 --- baselibs.conf | 2 ++ pam.changes | 5 +++++ pam_unix-nis.changes | 5 +++++ pam_unix-nis.spec | 1 + 4 files changed, 13 insertions(+) diff --git a/baselibs.conf b/baselibs.conf index cda4eab..0ef7093 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -3,4 +3,6 @@ pam-extra pam-deprecated pam-devel pam_unix + conflicts "pam_unix-nis-" pam_unix-nis + conflicts "pam_unix-" diff --git a/pam.changes b/pam.changes index a16e612..8c8680e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + ------------------------------------------------------------------- Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes index d746e0a..709fdc9 100644 --- a/pam_unix-nis.changes +++ b/pam_unix-nis.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 18 22:16:58 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix + ------------------------------------------------------------------- Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec index 2dd9557..73c4dc9 100644 --- a/pam_unix-nis.spec +++ b/pam_unix-nis.spec @@ -60,6 +60,7 @@ BuildRequires: libselinux-devel %endif Provides: pam:/%{_lib}/security/pam_unix.so Provides: pam_unix.so +Conflicts: pam_unix %description This package contains the pam_unix module, which does the standard -- 2.51.1 From 9080c178e7340caea011d7b2899bb6b375b542f586123daa59ebeae3434c27c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Thu, 1 Apr 2021 08:02:50 +0000 Subject: [PATCH 151/226] Accepting request 882509 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/882509 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=235 --- ...3-make-nofile-unlimited-mean-nr_open.patch | 755 ++++++++++++++++++ pam.changes | 10 + pam.spec | 2 + 3 files changed, 767 insertions(+) create mode 100644 pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch diff --git a/pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch b/pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch new file mode 100644 index 0000000..7616282 --- /dev/null +++ b/pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch @@ -0,0 +1,755 @@ +Index: Linux-PAM-1.5.1/doc/sag/Linux-PAM_SAG.txt +=================================================================== +--- Linux-PAM-1.5.1.orig/doc/sag/Linux-PAM_SAG.txt ++++ Linux-PAM-1.5.1/doc/sag/Linux-PAM_SAG.txt +@@ -2171,6 +2171,9 @@ The fields listed above should be filled + All items support the values -1, unlimited or infinity indicating no limit, + except for priority, nice, and nonewprivs. + ++If nofile is to be set to one of these values, ++it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). ++ + If a hard limit or soft limit of a resource is set to a valid value, but + outside of the supported range of the local system, the system may reject the + new limit or unexpected behavior may occur. If the control value required is +Index: Linux-PAM-1.5.1/doc/sag/html/sag-pam_limits.html +=================================================================== +--- Linux-PAM-1.5.1.orig/doc/sag/html/sag-pam_limits.html ++++ Linux-PAM-1.5.1/doc/sag/html/sag-pam_limits.html +@@ -104,6 +104,9 @@ + unlimited or infinity indicating no limit, + except for priority, nice, + and nonewprivs. ++ If nofile is to be set to one of these values, ++ it will be set to the contents of /proc/sys/fs/nr_open instead ++ (see setrlimit(3)). +

+ If a hard limit or soft limit of a resource is set to a valid value, + but outside of the supported range of the local system, the system +Index: Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5 +=================================================================== +--- Linux-PAM-1.5.1.orig/modules/pam_limits/limits.conf.5 ++++ Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5 +@@ -290,6 +290,8 @@ indicating no limit, except for + \fBpriority\fR, + \fBnice\fR, and + \fBnonewprivs\fR\&. ++If \fBnofile\fP is to be set to one of these values, ++it will be set to the contents of \fI/proc/sys/fs/nr_open\fP instead (see \fBsetrlimit\fP(3))\&. + .PP + If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur\&. If the control value + \fIrequired\fR +Index: Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5.xml +=================================================================== +--- Linux-PAM-1.5.1.orig/modules/pam_limits/limits.conf.5.xml ++++ Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5.xml +@@ -283,6 +283,8 @@ + unlimited or infinity indicating no limit, + except for priority, nice, + and nonewprivs. ++ If nofile is to be set to one of these values, ++ it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). + + + If a hard limit or soft limit of a resource is set to a valid value, +Index: Linux-PAM-1.5.1/modules/pam_limits/pam_limits.c +=================================================================== +--- Linux-PAM-1.5.1.orig/modules/pam_limits/pam_limits.c ++++ Linux-PAM-1.5.1/modules/pam_limits/pam_limits.c +@@ -228,21 +228,21 @@ rlimit2str (int i) + /* Counts the number of user logins and check against the limit*/ + static int + check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, +- struct pam_limit_s *pl) ++ struct pam_limit_s *pl) + { + struct utmp *ut; + int count; + + if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_DEBUG, ++ pam_syslog(pamh, LOG_DEBUG, + "checking logins for '%s' (maximum of %d)", name, limit); + } + + if (limit < 0) +- return 0; /* no limits imposed */ ++ return 0; /* no limits imposed */ + if (limit == 0) /* maximum 0 logins ? */ { +- pam_syslog(pamh, LOG_WARNING, "No logins allowed for '%s'", name); +- return LOGIN_ERR; ++ pam_syslog(pamh, LOG_WARNING, "No logins allowed for '%s'", name); ++ return LOGIN_ERR; + } + + setutent(); +@@ -265,14 +265,14 @@ check_logins (pam_handle_t *pamh, const + + while((ut = getutent())) { + #ifdef USER_PROCESS +- if (ut->ut_type != USER_PROCESS) { +- continue; ++ if (ut->ut_type != USER_PROCESS) { ++ continue; + } + #endif +- if (ut->UT_USER[0] == '\0') { +- continue; ++ if (ut->UT_USER[0] == '\0') { ++ continue; + } +- if (!pl->flag_numsyslogins) { ++ if (!pl->flag_numsyslogins) { + char user[sizeof(ut->UT_USER) + 1]; + user[0] = '\0'; + strncat(user, ut->UT_USER, sizeof(ut->UT_USER)); +@@ -281,11 +281,11 @@ check_logins (pam_handle_t *pamh, const + || (pl->login_limit_def == LIMITS_DEF_GROUP) + || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) + && strcmp(name, user) != 0) { +- continue; ++ continue; + } + if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) + && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { +- continue; ++ continue; + } + if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { + /* process does not exist anymore */ +@@ -307,50 +307,50 @@ check_logins (pam_handle_t *pamh, const + } else { + pam_syslog(pamh, LOG_NOTICE, "Too many system logins (max %d)", limit); + } +- return LOGIN_ERR; ++ return LOGIN_ERR; + } + return 0; + } + + static const char *lnames[RLIM_NLIMITS] = { +- [RLIMIT_CPU] = "Max cpu time", +- [RLIMIT_FSIZE] = "Max file size", +- [RLIMIT_DATA] = "Max data size", +- [RLIMIT_STACK] = "Max stack size", +- [RLIMIT_CORE] = "Max core file size", +- [RLIMIT_RSS] = "Max resident set", +- [RLIMIT_NPROC] = "Max processes", +- [RLIMIT_NOFILE] = "Max open files", +- [RLIMIT_MEMLOCK] = "Max locked memory", ++ [RLIMIT_CPU] = "Max cpu time", ++ [RLIMIT_FSIZE] = "Max file size", ++ [RLIMIT_DATA] = "Max data size", ++ [RLIMIT_STACK] = "Max stack size", ++ [RLIMIT_CORE] = "Max core file size", ++ [RLIMIT_RSS] = "Max resident set", ++ [RLIMIT_NPROC] = "Max processes", ++ [RLIMIT_NOFILE] = "Max open files", ++ [RLIMIT_MEMLOCK] = "Max locked memory", + #ifdef RLIMIT_AS +- [RLIMIT_AS] = "Max address space", ++ [RLIMIT_AS] = "Max address space", + #endif + #ifdef RLIMIT_LOCKS +- [RLIMIT_LOCKS] = "Max file locks", ++ [RLIMIT_LOCKS] = "Max file locks", + #endif + #ifdef RLIMIT_SIGPENDING +- [RLIMIT_SIGPENDING] = "Max pending signals", ++ [RLIMIT_SIGPENDING] = "Max pending signals", + #endif + #ifdef RLIMIT_MSGQUEUE +- [RLIMIT_MSGQUEUE] = "Max msgqueue size", ++ [RLIMIT_MSGQUEUE] = "Max msgqueue size", + #endif + #ifdef RLIMIT_NICE +- [RLIMIT_NICE] = "Max nice priority", ++ [RLIMIT_NICE] = "Max nice priority", + #endif + #ifdef RLIMIT_RTPRIO +- [RLIMIT_RTPRIO] = "Max realtime priority", ++ [RLIMIT_RTPRIO] = "Max realtime priority", + #endif + #ifdef RLIMIT_RTTIME +- [RLIMIT_RTTIME] = "Max realtime timeout", ++ [RLIMIT_RTTIME] = "Max realtime timeout", + #endif + }; + + static int str2rlimit(char *name) { + int i; + if (!name || *name == '\0') +- return -1; ++ return -1; + for(i = 0; i < RLIM_NLIMITS; i++) { +- if (strcmp(name, lnames[i]) == 0) return i; ++ if (strcmp(name, lnames[i]) == 0) return i; + } + return -1; + } +@@ -360,25 +360,25 @@ static rlim_t str2rlim_t(char *value) { + + if (!value) return (rlim_t)rlimit; + if (strcmp(value, "unlimited") == 0) { +- return RLIM_INFINITY; ++ return RLIM_INFINITY; + } + rlimit = strtoull(value, NULL, 10); + return (rlim_t)rlimit; + } + + #define LIMITS_SKIP_WHITESPACE { \ +- /* step backwards over spaces */ \ +- pos--; \ +- while (pos && line[pos] == ' ') pos--; \ +- if (!pos) continue; \ +- line[pos+1] = '\0'; \ ++ /* step backwards over spaces */ \ ++ pos--; \ ++ while (pos && line[pos] == ' ') pos--; \ ++ if (!pos) continue; \ ++ line[pos+1] = '\0'; \ + } + #define LIMITS_MARK_ITEM(item) { \ +- /* step backwards over non-spaces */ \ +- pos--; \ +- while (pos && line[pos] != ' ') pos--; \ +- if (!pos) continue; \ +- item = line + pos + 1; \ ++ /* step backwards over non-spaces */ \ ++ pos--; \ ++ while (pos && line[pos] != ' ') pos--; \ ++ if (!pos) continue; \ ++ item = line + pos + 1; \ + } + + static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) +@@ -390,54 +390,54 @@ static void parse_kernel_limits(pam_hand + char *hard, *soft, *name; + + if (!(limitsfile = fopen(proclimits, "r"))) { +- pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); +- return; ++ pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); ++ return; + } + + while (fgets(line, 256, limitsfile)) { +- int pos = strlen(line); +- if (pos < 2) continue; ++ int pos = strlen(line); ++ if (pos < 2) continue; ++ ++ /* drop trailing newline */ ++ if (line[pos-1] == '\n') { ++ pos--; ++ line[pos] = '\0'; ++ } + +- /* drop trailing newline */ +- if (line[pos-1] == '\n') { +- pos--; +- line[pos] = '\0'; +- } +- +- /* determine formatting boundary of limits report */ +- if (!maxlen && pam_str_skip_prefix(line, "Limit") != NULL) { +- maxlen = pos; +- continue; +- } +- +- if (pos == maxlen) { +- /* step backwards over "Units" name */ +- LIMITS_SKIP_WHITESPACE; +- LIMITS_MARK_ITEM(hard); /* not a typo, units unused */ +- } +- +- /* step backwards over "Hard Limit" value */ +- LIMITS_SKIP_WHITESPACE; +- LIMITS_MARK_ITEM(hard); +- +- /* step backwards over "Soft Limit" value */ +- LIMITS_SKIP_WHITESPACE; +- LIMITS_MARK_ITEM(soft); +- +- /* step backwards over name of limit */ +- LIMITS_SKIP_WHITESPACE; +- name = line; +- +- i = str2rlimit(name); +- if (i < 0 || i >= RLIM_NLIMITS) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name); +- continue; +- } +- pl->limits[i].limit.rlim_cur = str2rlim_t(soft); +- pl->limits[i].limit.rlim_max = str2rlim_t(hard); +- pl->limits[i].src_soft = LIMITS_DEF_KERNEL; +- pl->limits[i].src_hard = LIMITS_DEF_KERNEL; ++ /* determine formatting boundary of limits report */ ++ if (!maxlen && pam_str_skip_prefix(line, "Limit") != NULL) { ++ maxlen = pos; ++ continue; ++ } ++ ++ if (pos == maxlen) { ++ /* step backwards over "Units" name */ ++ LIMITS_SKIP_WHITESPACE; ++ LIMITS_MARK_ITEM(hard); /* not a typo, units unused */ ++ } ++ ++ /* step backwards over "Hard Limit" value */ ++ LIMITS_SKIP_WHITESPACE; ++ LIMITS_MARK_ITEM(hard); ++ ++ /* step backwards over "Soft Limit" value */ ++ LIMITS_SKIP_WHITESPACE; ++ LIMITS_MARK_ITEM(soft); ++ ++ /* step backwards over name of limit */ ++ LIMITS_SKIP_WHITESPACE; ++ name = line; ++ ++ i = str2rlimit(name); ++ if (i < 0 || i >= RLIM_NLIMITS) { ++ if (ctrl & PAM_DEBUG_ARG) ++ pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name); ++ continue; ++ } ++ pl->limits[i].limit.rlim_cur = str2rlim_t(soft); ++ pl->limits[i].limit.rlim_max = str2rlim_t(hard); ++ pl->limits[i].src_soft = LIMITS_DEF_KERNEL; ++ pl->limits[i].src_hard = LIMITS_DEF_KERNEL; + } + fclose(limitsfile); + } +@@ -486,6 +486,54 @@ static int init_limits(pam_handle_t *pam + + return retval; + } ++/* ++ * Read the contents of /proc/sys/fs/ ++ * return 1 if conversion succeeds, result is in *valuep ++ * return 0 if conversion fails. ++ */ ++static int ++value_from_proc_sys_fs(const pam_handle_t *pamh, const char *name, rlim_t *valuep) ++{ ++ char pathname[128]; ++ char buf[128]; ++ FILE *fp; ++ int retval; ++ ++ retval = 0; ++ ++ snprintf(pathname, sizeof(pathname), "/proc/sys/fs/%s", name); ++ ++ if ((fp = fopen(pathname, "r")) != NULL) { ++ if (fgets(buf, sizeof(buf), fp) != NULL) { ++ char *endptr; ++ ++#ifdef __USE_FILE_OFFSET64 ++ *valuep = strtoull(buf, &endptr, 10); ++#else ++ *valuep = strtoul(buf, &endptr, 10); ++#endif ++ ++ retval = (endptr != buf); ++ } ++ ++ fclose(fp); ++ } ++ ++ return retval; ++} ++ ++/* ++ * Check if the string passed as the argument corresponds to ++ * "unlimited" ++ */ ++static inline int ++is_unlimited(const char *lim_value) ++{ ++ return strcmp(lim_value, "-1") == 0 ++ || strcmp(lim_value, "-") == 0 ++ || strcmp(lim_value, "unlimited") == 0 ++ || strcmp(lim_value, "infinity") == 0; ++} + + static void + process_limit (const pam_handle_t *pamh, int source, const char *lim_type, +@@ -505,9 +553,9 @@ process_limit (const pam_handle_t *pamh, + limits_def_names[source]); + + if (strcmp(lim_item, "cpu") == 0) +- limit_item = RLIMIT_CPU; ++ limit_item = RLIMIT_CPU; + else if (strcmp(lim_item, "fsize") == 0) +- limit_item = RLIMIT_FSIZE; ++ limit_item = RLIMIT_FSIZE; + else if (strcmp(lim_item, "data") == 0) + limit_item = RLIMIT_DATA; + else if (strcmp(lim_item, "stack") == 0) +@@ -557,8 +605,8 @@ process_limit (const pam_handle_t *pamh, + } else if (strcmp(lim_item, "nonewprivs") == 0) { + limit_item = LIMIT_NONEWPRIVS; + } else { +- pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); +- return; ++ pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); ++ return; + } + + if (strcmp(lim_type,"soft")==0) +@@ -569,9 +617,10 @@ process_limit (const pam_handle_t *pamh, + limit_type=LIMIT_SOFT | LIMIT_HARD; + else if (limit_item != LIMIT_LOGIN && limit_item != LIMIT_NUMSYSLOGINS + && limit_item != LIMIT_NONEWPRIVS) { +- pam_syslog(pamh, LOG_DEBUG, "unknown limit type '%s'", lim_type); +- return; ++ pam_syslog(pamh, LOG_DEBUG, "unknown limit type '%s'", lim_type); ++ return; + } ++ + if (limit_item == LIMIT_NONEWPRIVS) { + /* just require a bool-style 0 or 1 */ + if (strcmp(lim_value, "0") == 0) { +@@ -587,9 +636,7 @@ process_limit (const pam_handle_t *pamh, + #ifdef RLIMIT_NICE + && limit_item != RLIMIT_NICE + #endif +- && (strcmp(lim_value, "-1") == 0 +- || strcmp(lim_value, "-") == 0 || strcmp(lim_value, "unlimited") == 0 +- || strcmp(lim_value, "infinity") == 0)) { ++ && is_unlimited(lim_value)) { + int_value = -1; + rlimit_value = RLIM_INFINITY; + } else if (limit_item == LIMIT_PRI || limit_item == LIMIT_LOGIN || +@@ -605,7 +652,7 @@ process_limit (const pam_handle_t *pamh, + pam_syslog(pamh, LOG_DEBUG, + "wrong limit value '%s' for limit type '%s'", + lim_value, lim_type); +- return; ++ return; + } + } else { + #ifdef __USE_FILE_OFFSET64 +@@ -631,7 +678,7 @@ process_limit (const pam_handle_t *pamh, + } + + switch(limit_item) { +- case RLIMIT_CPU: ++ case RLIMIT_CPU: + if (rlimit_value != RLIM_INFINITY) + { + if (rlimit_value >= RLIM_INFINITY/60) +@@ -639,17 +686,17 @@ process_limit (const pam_handle_t *pamh, + else + rlimit_value *= 60; + } +- break; +- case RLIMIT_FSIZE: +- case RLIMIT_DATA: +- case RLIMIT_STACK: +- case RLIMIT_CORE: +- case RLIMIT_RSS: +- case RLIMIT_MEMLOCK: ++ break; ++ case RLIMIT_FSIZE: ++ case RLIMIT_DATA: ++ case RLIMIT_STACK: ++ case RLIMIT_CORE: ++ case RLIMIT_RSS: ++ case RLIMIT_MEMLOCK: + #ifdef RLIMIT_AS +- case RLIMIT_AS: ++ case RLIMIT_AS: + #endif +- if (rlimit_value != RLIM_INFINITY) ++ if (rlimit_value != RLIM_INFINITY) + { + if (rlimit_value >= RLIM_INFINITY/1024) + rlimit_value = RLIM_INFINITY; +@@ -664,29 +711,42 @@ process_limit (const pam_handle_t *pamh, + if (int_value < -20) + int_value = -20; + rlimit_value = 20 - int_value; +- break; ++ break; + #endif ++ case RLIMIT_NOFILE: ++ /* ++ * If nofile is to be set to "unlimited", try to set it to ++ * the value in /proc/sys/fs/nr_open instead. ++ */ ++ if (rlimit_value == RLIM_INFINITY) { ++ if (!value_from_proc_sys_fs(pamh, "nr_open", &rlimit_value)) ++ pam_syslog(pamh, LOG_DEBUG, ++ "Cannot set \"nofile\" to a sensible value"); ++ else ++ pam_syslog(pamh, LOG_WARNING, "Setting \"nofile\" limit to %lu", (long unsigned) rlimit_value); ++ } ++ break; + } + + if ( (limit_item != LIMIT_LOGIN) + && (limit_item != LIMIT_NUMSYSLOGINS) + && (limit_item != LIMIT_PRI) + && (limit_item != LIMIT_NONEWPRIVS) ) { +- if (limit_type & LIMIT_SOFT) { ++ if (limit_type & LIMIT_SOFT) { + if (pl->limits[limit_item].src_soft < source) { +- return; ++ return; + } else { +- pl->limits[limit_item].limit.rlim_cur = rlimit_value; +- pl->limits[limit_item].src_soft = source; +- } ++ pl->limits[limit_item].limit.rlim_cur = rlimit_value; ++ pl->limits[limit_item].src_soft = source; ++ } + } +- if (limit_type & LIMIT_HARD) { ++ if (limit_type & LIMIT_HARD) { + if (pl->limits[limit_item].src_hard < source) { +- return; +- } else { +- pl->limits[limit_item].limit.rlim_max = rlimit_value; +- pl->limits[limit_item].src_hard = source; +- } ++ return; ++ } else { ++ pl->limits[limit_item].limit.rlim_max = rlimit_value; ++ pl->limits[limit_item].src_hard = source; ++ } + } + } else { + /* recent kernels support negative priority limits (=raise priority) */ +@@ -764,42 +824,42 @@ parse_config_file(pam_handle_t *pamh, co + + /* check for the LIMITS_FILE */ + if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); ++ pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); + fil = fopen(CONF_FILE, "r"); + if (fil == NULL) { +- pam_syslog (pamh, LOG_WARNING, ++ pam_syslog (pamh, LOG_WARNING, + "cannot read settings from %s: %m", CONF_FILE); +- return PAM_SERVICE_ERR; ++ return PAM_SERVICE_ERR; + } + + /* start the show */ + while (fgets(buf, LINE_LENGTH, fil) != NULL) { +- char domain[LINE_LENGTH]; +- char ltype[LINE_LENGTH]; +- char item[LINE_LENGTH]; +- char value[LINE_LENGTH]; +- int i; +- int rngtype; +- size_t j; +- char *tptr,*line; +- uid_t min_uid = (uid_t)-1, max_uid = (uid_t)-1; +- +- line = buf; +- /* skip the leading white space */ +- while (*line && isspace(*line)) +- line++; +- +- /* Rip off the comments */ +- tptr = strchr(line,'#'); +- if (tptr) +- *tptr = '\0'; +- /* Rip off the newline char */ +- tptr = strchr(line,'\n'); +- if (tptr) +- *tptr = '\0'; +- /* Anything left ? */ +- if (!strlen(line)) +- continue; ++ char domain[LINE_LENGTH]; ++ char ltype[LINE_LENGTH]; ++ char item[LINE_LENGTH]; ++ char value[LINE_LENGTH]; ++ int i; ++ int rngtype; ++ size_t j; ++ char *tptr,*line; ++ uid_t min_uid = (uid_t)-1, max_uid = (uid_t)-1; ++ ++ line = buf; ++ /* skip the leading white space */ ++ while (*line && isspace(*line)) ++ line++; ++ ++ /* Rip off the comments */ ++ tptr = strchr(line,'#'); ++ if (tptr) ++ *tptr = '\0'; ++ /* Rip off the newline char */ ++ tptr = strchr(line,'\n'); ++ if (tptr) ++ *tptr = '\0'; ++ /* Anything left ? */ ++ if (!strlen(line)) ++ continue; + + domain[0] = ltype[0] = item[0] = value[0] = '\0'; + +@@ -807,23 +867,23 @@ parse_config_file(pam_handle_t *pamh, co + D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]", + i, domain, ltype, item, value)); + +- for(j=0; j < strlen(ltype); j++) +- ltype[j]=tolower(ltype[j]); ++ for(j=0; j < strlen(ltype); j++) ++ ltype[j]=tolower(ltype[j]); + + if ((rngtype=parse_uid_range(pamh, domain, &min_uid, &max_uid)) < 0) { + pam_syslog(pamh, LOG_WARNING, "invalid uid range '%s' - skipped", domain); + continue; + } + +- if (i == 4) { /* a complete line */ ++ if (i == 4) { /* a complete line */ + for(j=0; j < strlen(item); j++) + item[j]=tolower(item[j]); + for(j=0; j < strlen(value); j++) + value[j]=tolower(value[j]); + +- if (strcmp(uname, domain) == 0) /* this user have a limit */ +- process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); +- else if (domain[0]=='@') { ++ if (strcmp(uname, domain) == 0) /* this user have a limit */ ++ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); ++ else if (domain[0]=='@') { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, + "checking if %s is in group %s", +@@ -849,7 +909,7 @@ parse_config_file(pam_handle_t *pamh, co + process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, + pl); + } +- } else if (domain[0]=='%') { ++ } else if (domain[0]=='%') { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_DEBUG, + "checking if %s is in group %s", +@@ -880,7 +940,7 @@ parse_config_file(pam_handle_t *pamh, co + case LIMIT_RANGE_MM: + pam_syslog(pamh, LOG_WARNING, "range unsupported for %%group matching - ignored"); + } +- } else { ++ } else { + switch(rngtype) { + case LIMIT_RANGE_NONE: + if (strcmp(domain, "*") == 0) +@@ -951,8 +1011,8 @@ parse_config_file(pam_handle_t *pamh, co + } + fclose(fil); + return PAM_IGNORE; +- } else { +- pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line); ++ } else { ++ pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line); + } + } + fclose(fil); +@@ -979,8 +1039,8 @@ static int setup_limits(pam_handle_t *pa + /* skip it if its not initialized */ + continue; + } +- if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) +- pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; ++ if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) ++ pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; + res = setrlimit(i, &pl->limits[i].limit); + if (res != 0) + pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", +@@ -989,30 +1049,30 @@ static int setup_limits(pam_handle_t *pa + } + + if (status) { +- retval = LIMIT_ERR; ++ retval = LIMIT_ERR; + } + + status = setpriority(PRIO_PROCESS, 0, pl->priority); + if (status != 0) { +- pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m"); +- retval = LIMIT_ERR; ++ pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m"); ++ retval = LIMIT_ERR; + } + + if (uid == 0) { + D(("skip login limit check for uid=0")); + } else if (pl->login_limit > 0) { +- if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { ++ if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { + #ifdef HAVE_LIBAUDIT + if (!(ctrl & PAM_NO_AUDIT)) { + pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS, + "pam_limits", PAM_PERM_DENIED); + /* ignore return value as we fail anyway */ +- } ++ } + #endif +- retval |= LOGIN_ERR; ++ retval |= LOGIN_ERR; + } + } else if (pl->login_limit == 0) { +- retval |= LOGIN_ERR; ++ retval |= LOGIN_ERR; + } + + if (pl->nonewprivs) { +@@ -1049,22 +1109,22 @@ pam_sm_open_session (pam_handle_t *pamh, + ctrl = _pam_parse(pamh, argc, argv, pl); + retval = pam_get_item( pamh, PAM_USER, (void*) &user_name ); + if ( user_name == NULL || retval != PAM_SUCCESS ) { +- pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); +- return PAM_SESSION_ERR; ++ pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); ++ return PAM_SESSION_ERR; + } + + pwd = pam_modutil_getpwnam(pamh, user_name); + if (!pwd) { +- if (ctrl & PAM_DEBUG_ARG) +- pam_syslog(pamh, LOG_WARNING, ++ if (ctrl & PAM_DEBUG_ARG) ++ pam_syslog(pamh, LOG_WARNING, + "open_session username '%s' does not exist", user_name); +- return PAM_USER_UNKNOWN; ++ return PAM_USER_UNKNOWN; + } + + retval = init_limits(pamh, pl, ctrl); + if (retval != PAM_SUCCESS) { +- pam_syslog(pamh, LOG_ERR, "cannot initialize"); +- return PAM_ABORT; ++ pam_syslog(pamh, LOG_ERR, "cannot initialize"); ++ return PAM_ABORT; + } + + retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); +@@ -1099,7 +1159,7 @@ pam_sm_open_session (pam_handle_t *pamh, + } + if (retval != PAM_SUCCESS) + goto out; +- } ++ } + } + + out: +@@ -1115,7 +1175,7 @@ out: + pam_error(pamh, _("There were too many logins for '%s'."), + pwd->pw_name); + if (retval != LIMITED_OK) { +- return PAM_PERM_DENIED; ++ return PAM_PERM_DENIED; + } + + return PAM_SUCCESS; diff --git a/pam.changes b/pam.changes index 8c8680e..25b562a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + ------------------------------------------------------------------- Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 52a9852..1db726f 100644 --- a/pam.spec +++ b/pam.spec @@ -65,6 +65,7 @@ Patch6: pam_cracklib-removal.patch Patch7: pam_tally2-removal.patch Patch8: pam-bsc1177858-dont-free-environment-string.patch Patch9: pam-pam_cracklib-add-usersubstr.patch +Patch10: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -176,6 +177,7 @@ cp -a %{SOURCE12} . %patch7 -R -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 %if 0%{?usrmerged} %patch99 -p1 %endif -- 2.51.1 From 24e9b7b6ee75804fc1eb3ce5fc13779f155e65419619de791c5f049e8d1073ce Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 7 Apr 2021 13:01:25 +0000 Subject: [PATCH 152/226] Accepting request 883597 from home:jmoellers:branches:Linux-PAM bsc1184358 OBS-URL: https://build.opensuse.org/request/show/883597 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=236 --- ...58-prevent-LOCAL-from-being-resolved.patch | 90 +++++++++++++++++++ pam.changes | 10 +++ pam.spec | 2 + 3 files changed, 102 insertions(+) create mode 100644 bsc1184358-prevent-LOCAL-from-being-resolved.patch diff --git a/bsc1184358-prevent-LOCAL-from-being-resolved.patch b/bsc1184358-prevent-LOCAL-from-being-resolved.patch new file mode 100644 index 0000000..d627f27 --- /dev/null +++ b/bsc1184358-prevent-LOCAL-from-being-resolved.patch @@ -0,0 +1,90 @@ +From c4dbba499f335ad88536244254d2d444b8e1c17c Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 6 Apr 2021 12:27:38 +0200 +Subject: [PATCH] pam_access: clean up the remote host matching code + +* modules/pam_access/pam_access.c (from_match): Split out remote_match() + function and avoid calling it when matching against LOCAL keyword. + There is also no point in doing domain match against TTY or SERVICE. +--- + modules/pam_access/pam_access.c | 42 +++++++++++++++++++++------------ + 1 file changed, 27 insertions(+), 15 deletions(-) + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 98848c54..b493c7bd 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -160,6 +160,7 @@ static int list_match (pam_handle_t *, char *, char *, struct login_info *, + static int user_match (pam_handle_t *, char *, struct login_info *); + static int group_match (pam_handle_t *, const char *, const char *, int); + static int from_match (pam_handle_t *, char *, struct login_info *); ++static int remote_match (pam_handle_t *, char *, struct login_info *); + static int string_match (pam_handle_t *, const char *, const char *, int); + static int network_netmask_match (pam_handle_t *, const char *, const char *, struct login_info *); + +@@ -589,11 +590,9 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr, + /* from_match - match a host or tty against a list of tokens */ + + static int +-from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) ++from_match (pam_handle_t *pamh, char *tok, struct login_info *item) + { + const char *string = item->from; +- int tok_len; +- int str_len; + int rv; + + if (item->debug) +@@ -616,13 +615,28 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) + } else if ((rv = string_match(pamh, tok, string, item->debug)) != NO) { + /* ALL or exact match */ + return rv; +- } else if (tok[0] == '.') { /* domain: match last fields */ +- if ((str_len = strlen(string)) > (tok_len = strlen(tok)) +- && strcasecmp(tok, string + str_len - tok_len) == 0) +- return (YES); +- } else if (item->from_remote_host == 0) { /* local: no PAM_RHOSTS */ +- if (strcasecmp(tok, "LOCAL") == 0) +- return (YES); ++ } else if (strcasecmp(tok, "LOCAL") == 0) { ++ /* LOCAL matches only local accesses */ ++ if (!item->from_remote_host) ++ return YES; ++ return NO; ++ } else if (item->from_remote_host) { ++ return remote_match(pamh, tok, item); ++ } ++ return NO; ++} ++ ++static int ++remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) ++{ ++ const char *string = item->from; ++ size_t tok_len = strlen(tok); ++ size_t str_len; ++ ++ if (tok[0] == '.') { /* domain: match last fields */ ++ if ((str_len = strlen(string)) > tok_len ++ && strcasecmp(tok, string + str_len - tok_len) == 0) ++ return YES; + } else if (tok[(tok_len = strlen(tok)) - 1] == '.') { + struct addrinfo hint; + +@@ -661,13 +675,11 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) + runp = runp->ai_next; + } + } +- } else { +- /* Assume network/netmask with a IP of a host. */ +- if (network_netmask_match(pamh, tok, string, item)) +- return YES; ++ return NO; + } + +- return NO; ++ /* Assume network/netmask with an IP of a host. */ ++ return network_netmask_match(pamh, tok, string, item); + } + + /* string_match - match a string against one token */ diff --git a/pam.changes b/pam.changes index 25b562a..5067a9b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + ------------------------------------------------------------------- Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers diff --git a/pam.spec b/pam.spec index 1db726f..7eebb66 100644 --- a/pam.spec +++ b/pam.spec @@ -66,6 +66,7 @@ Patch7: pam_tally2-removal.patch Patch8: pam-bsc1177858-dont-free-environment-string.patch Patch9: pam-pam_cracklib-add-usersubstr.patch Patch10: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch +Patch11: bsc1184358-prevent-LOCAL-from-being-resolved.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -178,6 +179,7 @@ cp -a %{SOURCE12} . %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %if 0%{?usrmerged} %patch99 -p1 %endif -- 2.51.1 From 55bb007d9764594ee2973eb1b53eb95af58add88fc0cc16b26963ae36957b044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 17 May 2021 06:51:34 +0000 Subject: [PATCH 153/226] Accepting request 892225 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/892225 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=237 --- baselibs.conf | 1 + pam.changes | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/baselibs.conf b/baselibs.conf index 0ef7093..fe7f89d 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,5 @@ pam + arch i586 requires "systemd-" pam-extra pam-deprecated pam-devel diff --git a/pam.changes b/pam.changes index 5067a9b..04df050 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + ------------------------------------------------------------------- Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers -- 2.51.1 From 9a6bc49f241f5aa08446251660efed3b582df5d3e5a8fa1afb45f299f9d3e4ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Tue, 25 May 2021 06:24:45 +0000 Subject: [PATCH 154/226] Accepting request 894273 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/894273 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=238 --- baselibs.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/baselibs.conf b/baselibs.conf index fe7f89d..6a4307c 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,5 +1,5 @@ pam - arch i586 requires "systemd-" + systemd-32bit if systemd pam-extra pam-deprecated pam-devel -- 2.51.1 From 9563615f529a3ca8d3edf3c7abbc4d9d32162711777d7b83f26b5e86180cfaeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 14 Jun 2021 12:34:37 +0000 Subject: [PATCH 155/226] Accepting request 899457 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/899457 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=239 --- baselibs.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/baselibs.conf b/baselibs.conf index 6a4307c..568a1c2 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,5 +1,5 @@ pam - systemd-32bit if systemd + requires "(systemd- if systemd)" pam-extra pam-deprecated pam-devel -- 2.51.1 From dd0389449bbb144b126387f137c7f83275f6b17100187f307ea14de6487c44e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Fri, 25 Jun 2021 09:44:49 +0000 Subject: [PATCH 156/226] Accepting request 902295 from home:gmbr3:Active - Create /run/motd.d OBS-URL: https://build.opensuse.org/request/show/902295 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=240 --- motd.tmpfiles | 2 ++ pam.changes | 5 +++++ pam.spec | 8 +++++++- 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 motd.tmpfiles diff --git a/motd.tmpfiles b/motd.tmpfiles new file mode 100644 index 0000000..e42e072 --- /dev/null +++ b/motd.tmpfiles @@ -0,0 +1,2 @@ +#Type Path Mode User Group Age Argument +d /run/motd.d 0755 root root - - diff --git a/pam.changes b/pam.changes index 04df050..a6da8fc 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + ------------------------------------------------------------------- Mon May 10 14:22:01 UTC 2021 - Josef Möllers diff --git a/pam.spec b/pam.spec index 7eebb66..1530c8d 100644 --- a/pam.spec +++ b/pam.spec @@ -58,6 +58,7 @@ Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh +Source13: motd.tmpfiles Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-xauth_ownership.patch @@ -264,7 +265,9 @@ install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ # rpm macros mkdir -p %{buildroot}/usr/lib/rpm/macros.d echo "%%_pamdir %pamdir" > %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.pam -# Create filelist with translatins +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/motd.conf +# Create filelist with translations %find_lang Linux-PAM %verifyscript @@ -275,6 +278,7 @@ echo "%%_pamdir %pamdir" > %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.pam /sbin/ldconfig %set_permissions %{sbindir}/unix_chkpwd %set_permissions %{sbindir}/unix2_chkpwd +%tmpfiles_create %{_tmpfilesdir}/motd.conf %postun -p /sbin/ldconfig %pre @@ -295,6 +299,7 @@ done %dir %{_sysconfdir}/security %dir %{_sysconfdir}/security/limits.d %dir %{_prefix}/lib/motd.d +%ghost %dir %{_rundir}/motd.d %if %{defined config_noreplace} %config(noreplace) %{_sysconfdir}/pam.d/other %config(noreplace) %{_sysconfdir}/pam.d/common-* @@ -437,6 +442,7 @@ done %verify(not mode) %attr(4755,root,shadow) %{sbindir}/unix2_chkpwd %attr(0700,root,root) %{sbindir}/unix_update %{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/motd.conf %files -n pam_unix %defattr(-,root,root,755) -- 2.51.1 From 089ed3e485868e77211d85340d0434e7d56ed65df642345131b50443680c31ba Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 9 Jul 2021 12:12:20 +0000 Subject: [PATCH 157/226] Accepting request 903070 from home:lnussel:usrmove - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) - Backport patch to not install /usr/etc/securetty (boo#1033626) ie no distro defaults and don't complain about it missing (pam_securetty-don-t-complain-about-missing-config.patch) - add debug bcond to be able to build pam with debug output easily - add macros file to allow other packages to stop hardcoding directory names. Compatible with Fedora. - Remove usrmerged conditional as it's now the default OBS-URL: https://build.opensuse.org/request/show/903070 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=241 --- macros.pam | 7 + pam-usrmerge.diff | 16 -- pam.changes | 11 + pam.spec | 266 ++++++++---------- ...-don-t-complain-about-missing-config.patch | 40 +++ pam_unix-nis.changes | 5 + pam_unix-nis.spec | 37 +-- securetty | 10 - 8 files changed, 192 insertions(+), 200 deletions(-) create mode 100644 macros.pam delete mode 100644 pam-usrmerge.diff create mode 100644 pam_securetty-don-t-complain-about-missing-config.patch delete mode 100644 securetty diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..fdffe5d --- /dev/null +++ b/macros.pam @@ -0,0 +1,7 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_distconfdir}/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/pam-usrmerge.diff b/pam-usrmerge.diff deleted file mode 100644 index 6b8c150..0000000 --- a/pam-usrmerge.diff +++ /dev/null @@ -1,16 +0,0 @@ -Index: Linux-PAM-1.4.0/libpam/pam_handlers.c -=================================================================== ---- Linux-PAM-1.4.0.orig/libpam/pam_handlers.c -+++ Linux-PAM-1.4.0/libpam/pam_handlers.c -@@ -801,6 +801,11 @@ int _pam_add_handler(pam_handle_t *pamh - } else if (asprintf(&mod_full_path, "%s%s", - DEFAULT_MODULE_PATH, mod_path) >= 0) { - mod = _pam_load_module(pamh, mod_full_path, handler_type); -+ /* for usrmerge transition, the the path in / also */ -+ if (mod == NULL && !strncmp(DEFAULT_MODULE_PATH, "/usr/", 5) && -+ access(mod_full_path+4, F_OK)) { -+ mod = _pam_load_module(pamh, mod_full_path+4, handler_type); -+ } - _pam_drop(mod_full_path); - } else { - pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); diff --git a/pam.changes b/pam.changes index a6da8fc..7ba0097 100644 --- a/pam.changes +++ b/pam.changes @@ -3,6 +3,17 @@ Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer - Create /run/motd.d +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + ------------------------------------------------------------------- Mon May 10 14:22:01 UTC 2021 - Josef Möllers diff --git a/pam.spec b/pam.spec index 1530c8d..82c75e2 100644 --- a/pam.spec +++ b/pam.spec @@ -15,19 +15,7 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # - -%if !0%{?usrmerged} -%define libdir /%{_lib} -%define sbindir /sbin -%define pamdir /%{_lib}/security -%else -%define libdir %{_libdir} -%define sbindir %{_sbindir} -# moving this to /usr needs fixing -# several packages short of -# https://github.com/linux-pam/linux-pam/issues/256 -%define pamdir %{_libdir}/security -%endif +%bcond_with debug # %define enable_selinux 1 @@ -38,6 +26,9 @@ %define _distconfdir %{_sysconfdir} %define config_noreplace 1 %endif +# +%{load:%{_sourcedir}/macros.pam} +# Name: pam # Version: 1.5.1 @@ -48,12 +39,12 @@ Group: System/Libraries URL: http://www.linux-pam.org/ Source: Linux-PAM-%{version}.tar.xz Source1: Linux-PAM-%{version}-docs.tar.xz +Source2: macros.pam Source3: other.pamd Source4: common-auth.pamd Source5: common-account.pamd Source6: common-password.pamd Source7: common-session.pamd -Source8: securetty Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 @@ -68,15 +59,14 @@ Patch8: pam-bsc1177858-dont-free-environment-string.patch Patch9: pam-pam_cracklib-add-usersubstr.patch Patch10: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch Patch11: bsc1184358-prevent-LOCAL-from-being-resolved.patch +# https://github.com/linux-pam/linux-pam/commit/e842a5fc075002f46672ebcd8e896624f1ec8068 +Patch100: pam_securetty-don-t-complain-about-missing-config.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel BuildRequires: flex BuildRequires: libtool BuildRequires: xz -# this is only needed in the transition phase to make sure modules -# are also loaded from /lib/security as fallback -Patch99: pam-usrmerge.diff Requires(post): permissions # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! @@ -181,25 +171,25 @@ cp -a %{SOURCE12} . %patch9 -p1 %patch10 -p1 %patch11 -p1 -%if 0%{?usrmerged} -%patch99 -p1 -%endif +%patch100 -p1 %build bash ./pam-login_defs-check.sh -export CFLAGS="%{optflags} -DNDEBUG" +export CFLAGS="%{optflags}" +%if !%{with debug} +CFLAGS="$CFLAGS -DNDEBUG" +%endif %configure \ --includedir=%{_includedir}/security \ --docdir=%{_docdir}/pam \ --htmldir=%{_docdir}/pam/html \ --pdfdir=%{_docdir}/pam/pdf \ -%if !0%{?usrmerged} - --sbindir=/sbin \ - --libdir=/%{_lib} \ -%endif - --enable-isadir=../..%{pamdir} \ - --enable-securedir=%{pamdir} \ + --enable-isadir=../..%{_pam_moduledir} \ + --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_distconfdir} \ +%if %{with debug} + --enable-debug \ +%endif --enable-tally2 --enable-cracklib make %{?_smp_mflags} gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam @@ -208,46 +198,31 @@ gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} %make_build check %install -mkdir -p %{buildroot}%{_sysconfdir}/pam.d -mkdir -p %{buildroot}%{_distconfdir}/pam.d +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} mkdir -p %{buildroot}%{_includedir}/security -mkdir -p %{buildroot}%{pamdir} +mkdir -p %{buildroot}%{_pam_moduledir} mkdir -p %{buildroot}/sbin mkdir -p -m 755 %{buildroot}%{_libdir} %make_install /sbin/ldconfig -n %{buildroot}%{libdir} # Install documentation %make_install -C doc -# install securetty -install -m 644 %{SOURCE8} %{buildroot}%{_distconfdir} -%ifarch s390 s390x -for i in ttyS0 ttyS1 hvc0 hvc1 hvc2 hvc3 hvc4 hvc5 hvc6 hvc7 sclp_line0 ttysclp0; do - echo "$i" >>%{buildroot}/%{_distconfdir}/securetty -done -%endif # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript -install -d %{buildroot}%{_sysconfdir}/security/namespace.d +install -d %{buildroot}%{_pam_secconfdir}/namespace.d # install other.pamd and common-*.pamd -install -m 644 %{SOURCE3} %{buildroot}%{_distconfdir}/pam.d/other -install -m 644 %{SOURCE4} %{buildroot}%{_distconfdir}/pam.d/common-auth -install -m 644 %{SOURCE5} %{buildroot}%{_distconfdir}/pam.d/common-account -install -m 644 %{SOURCE6} %{buildroot}%{_distconfdir}/pam.d/common-password -install -m 644 %{SOURCE7} %{buildroot}%{_distconfdir}/pam.d/common-session -%if !0%{?usrmerged} -rm %{buildroot}/%{_lib}/libpam.so -ln -sf ../../%{_lib}/libpam.so.%{libpam_so_version} %{buildroot}%{_libdir}/libpam.so -rm %{buildroot}/%{_lib}/libpamc.so -ln -sf ../../%{_lib}/libpamc.so.%{libpamc_so_version} %{buildroot}%{_libdir}/libpamc.so -rm %{buildroot}/%{_lib}/libpam_misc.so -ln -sf ../../%{_lib}/libpam_misc.so.%{libpam_misc_so_version} %{buildroot}%{_libdir}/libpam_misc.so -%endif +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session mkdir -p %{buildroot}%{_prefix}/lib/motd.d # # Remove crap # find %{buildroot} -type f -name "*.la" -delete -print for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f %{buildroot}%{pamdir}/pam_unix.so %{buildroot}%{pamdir}/$x.so + ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so done # # Install READMEs of PAM modules @@ -260,24 +235,23 @@ for i in pam_*/README; do done popd # Install unix2_chkpwd -install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{sbindir} +install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ # rpm macros -mkdir -p %{buildroot}/usr/lib/rpm/macros.d -echo "%%_pamdir %pamdir" > %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.pam +install -D -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/motd.conf # Create filelist with translations %find_lang Linux-PAM %verifyscript -%verify_permissions -e %{sbindir}/unix_chkpwd -%verify_permissions -e %{sbindir}/unix2_chkpwd +%verify_permissions -e %{_sbindir}/unix_chkpwd +%verify_permissions -e %{_sbindir}/unix2_chkpwd %post /sbin/ldconfig -%set_permissions %{sbindir}/unix_chkpwd -%set_permissions %{sbindir}/unix2_chkpwd +%set_permissions %{_sbindir}/unix_chkpwd +%set_permissions %{_sbindir}/unix2_chkpwd %tmpfiles_create %{_tmpfilesdir}/motd.conf %postun -p /sbin/ldconfig @@ -294,34 +268,32 @@ done %files -f Linux-PAM.lang %exclude %{_defaultdocdir}/pam -%dir %{_sysconfdir}/pam.d -%dir %{_distconfdir}/pam.d -%dir %{_sysconfdir}/security -%dir %{_sysconfdir}/security/limits.d +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secconfdir}/limits.d %dir %{_prefix}/lib/motd.d %ghost %dir %{_rundir}/motd.d %if %{defined config_noreplace} -%config(noreplace) %{_sysconfdir}/pam.d/other -%config(noreplace) %{_sysconfdir}/pam.d/common-* -%config(noreplace) %{_sysconfdir}/securetty +%config(noreplace) %{_pam_confdir}/other +%config(noreplace) %{_pam_confdir}/common-* %else -%{_distconfdir}/pam.d/other -%{_distconfdir}/pam.d/common-* -%{_distconfdir}/securetty +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* %endif %config(noreplace) %{_sysconfdir}/environment -%config(noreplace) %{_sysconfdir}/security/access.conf -%config(noreplace) %{_sysconfdir}/security/group.conf -%config(noreplace) %{_sysconfdir}/security/faillock.conf -%config(noreplace) %{_sysconfdir}/security/limits.conf -%config(noreplace) %{_sysconfdir}/security/pam_env.conf +%config(noreplace) %{_pam_secconfdir}/access.conf +%config(noreplace) %{_pam_secconfdir}/group.conf +%config(noreplace) %{_pam_secconfdir}/faillock.conf +%config(noreplace) %{_pam_secconfdir}/limits.conf +%config(noreplace) %{_pam_secconfdir}/pam_env.conf %if %{enable_selinux} -%config(noreplace) %{_sysconfdir}/security/sepermit.conf +%config(noreplace) %{_pam_secconfdir}/sepermit.conf %endif -%config(noreplace) %{_sysconfdir}/security/time.conf -%config(noreplace) %{_sysconfdir}/security/namespace.conf -%config(noreplace) %{_sysconfdir}/security/namespace.init -%dir %{_sysconfdir}/security/namespace.d +%config(noreplace) %{_pam_secconfdir}/time.conf +%config(noreplace) %{_pam_secconfdir}/namespace.conf +%config(noreplace) %{_pam_secconfdir}/namespace.init +%dir %{_pam_secconfdir}/namespace.d %doc NEWS %license COPYING %{_mandir}/man5/environment.5%{?ext_man} @@ -380,88 +352,88 @@ done %{_mandir}/man8/unix2_chkpwd.8%{?ext_man} %{_mandir}/man8/unix_chkpwd.8%{?ext_man} %{_mandir}/man8/unix_update.8%{?ext_man} -%{libdir}/libpam.so.0 -%{libdir}/libpam.so.%{libpam_so_version} -%{libdir}/libpamc.so.0 -%{libdir}/libpamc.so.%{libpamc_so_version} -%{libdir}/libpam_misc.so.0 -%{libdir}/libpam_misc.so.%{libpam_misc_so_version} -%dir %{pamdir} -%{pamdir}/pam_access.so -%{pamdir}/pam_debug.so -%{pamdir}/pam_deny.so -%{pamdir}/pam_echo.so -%{pamdir}/pam_env.so -%{pamdir}/pam_exec.so -%{pamdir}/pam_faildelay.so -%{pamdir}/pam_faillock.so -%{pamdir}/pam_filter.so -%dir %{pamdir}/pam_filter -%{pamdir}//pam_filter/upperLOWER -%{pamdir}/pam_ftp.so -%{pamdir}/pam_group.so -%{pamdir}/pam_issue.so -%{pamdir}/pam_keyinit.so -%{pamdir}/pam_lastlog.so -%{pamdir}/pam_limits.so -%{pamdir}/pam_listfile.so -%{pamdir}/pam_localuser.so -%{pamdir}/pam_loginuid.so -%{pamdir}/pam_mail.so -%{pamdir}/pam_mkhomedir.so -%{pamdir}/pam_motd.so -%{pamdir}/pam_namespace.so -%{pamdir}/pam_nologin.so -%{pamdir}/pam_permit.so -%{pamdir}/pam_pwhistory.so -%{pamdir}/pam_rhosts.so -%{pamdir}/pam_rootok.so -%{pamdir}/pam_securetty.so +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_lastlog.so +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so %if %{enable_selinux} -%{pamdir}/pam_selinux.so -%{pamdir}/pam_sepermit.so +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so %endif -%{pamdir}/pam_setquota.so -%{pamdir}/pam_shells.so -%{pamdir}/pam_stress.so -%{pamdir}/pam_succeed_if.so -%{pamdir}/pam_time.so -%{pamdir}/pam_timestamp.so -%{pamdir}/pam_tty_audit.so -%{pamdir}/pam_umask.so -%{pamdir}/pam_usertype.so -%{pamdir}/pam_warn.so -%{pamdir}/pam_wheel.so -%{pamdir}/pam_xauth.so -%{sbindir}/faillock -%{sbindir}/mkhomedir_helper -%{sbindir}/pam_namespace_helper -%{sbindir}/pam_timestamp_check -%{sbindir}/pwhistory_helper -%verify(not mode) %attr(4755,root,shadow) %{sbindir}/unix_chkpwd -%verify(not mode) %attr(4755,root,shadow) %{sbindir}/unix2_chkpwd -%attr(0700,root,root) %{sbindir}/unix_update +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_timestamp.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pam_timestamp_check +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update %{_unitdir}/pam_namespace.service %{_tmpfilesdir}/motd.conf %files -n pam_unix %defattr(-,root,root,755) -%{pamdir}/pam_unix.so -%{pamdir}/pam_unix_acct.so -%{pamdir}/pam_unix_auth.so -%{pamdir}/pam_unix_passwd.so -%{pamdir}/pam_unix_session.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_unix_acct.so +%{_pam_moduledir}/pam_unix_auth.so +%{_pam_moduledir}/pam_unix_passwd.so +%{_pam_moduledir}/pam_unix_session.so %files extra %defattr(-,root,root,755) -%{pamdir}/pam_userdb.so +%{_pam_moduledir}/pam_userdb.so %{_mandir}/man8/pam_userdb.8%{?ext_man} %files deprecated %defattr(-,root,root,755) -%{pamdir}/pam_cracklib.so -%{pamdir}/pam_tally2.so -%{sbindir}/pam_tally2 +%{_pam_moduledir}/pam_cracklib.so +%{_pam_moduledir}/pam_tally2.so +%{_sbindir}/pam_tally2 %files doc %defattr(644,root,root,755) diff --git a/pam_securetty-don-t-complain-about-missing-config.patch b/pam_securetty-don-t-complain-about-missing-config.patch new file mode 100644 index 0000000..60d93e8 --- /dev/null +++ b/pam_securetty-don-t-complain-about-missing-config.patch @@ -0,0 +1,40 @@ +From e842a5fc075002f46672ebcd8e896624f1ec8068 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel +Date: Tue, 26 Jan 2021 13:07:20 +0100 +Subject: [PATCH] pam_securetty: don't complain about missing config + +Not shipping a config file should be perfectly valid for distros while +still having eg login pre-configured to honor securetty when present. +PAM itself doesn't ship any template either. So avoid spamming the log +file if /etc/securetty wasn't found. +--- + modules/pam_securetty/pam_securetty.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c +index b4d71751..47a5cd9f 100644 +--- a/modules/pam_securetty/pam_securetty.c ++++ b/modules/pam_securetty/pam_securetty.c +@@ -111,7 +111,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, + #ifdef VENDORDIR + if (errno == ENOENT) { + if (stat(SECURETTY2_FILE, &ttyfileinfo)) { +- pam_syslog(pamh, LOG_NOTICE, ++ if (ctrl & PAM_DEBUG_ARG) ++ pam_syslog(pamh, LOG_DEBUG, + "Couldn't open %s: %m", SECURETTY2_FILE); + return PAM_SUCCESS; /* for compatibility with old securetty handling, + this needs to succeed. But we still log the +@@ -120,7 +121,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, + securettyfile = SECURETTY2_FILE; + } else { + #endif +- pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); ++ if (ctrl & PAM_DEBUG_ARG) ++ pam_syslog(pamh, LOG_DEBUG, "Couldn't open %s: %m", SECURETTY_FILE); + return PAM_SUCCESS; /* for compatibility with old securetty handling, + this needs to succeed. But we still log the + error. */ +-- +2.26.2 + diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes index 709fdc9..75b5e39 100644 --- a/pam_unix-nis.changes +++ b/pam_unix-nis.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jun 9 14:02:02 UTC 2021 - Ludwig Nussel + +- Remove usrmerged conditional as it's now the default + ------------------------------------------------------------------- Thu Feb 18 22:16:58 UTC 2021 - Thorsten Kukuk diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec index 73c4dc9..2b5db09 100644 --- a/pam_unix-nis.spec +++ b/pam_unix-nis.spec @@ -16,19 +16,6 @@ # -%if !0%{?usrmerged} -%define libdir /%{_lib} -%define sbindir /sbin -%define pamdir /%{_lib}/security -%else -%define libdir %{_libdir} -%define sbindir %{_sbindir} -# moving this to /usr needs fixing -# several packages short of -# https://github.com/linux-pam/linux-pam/issues/256 -%define pamdir %{_libdir}/security -%endif - # %define enable_selinux 1 %define libpam_so_version 0.85.1 @@ -78,29 +65,25 @@ export CFLAGS="%{optflags} -DNDEBUG" --docdir=%{_docdir}/pam \ --htmldir=%{_docdir}/pam/html \ --pdfdir=%{_docdir}/pam/pdf \ -%if !0%{?usrmerged} - --sbindir=/sbin \ - --libdir=/%{_lib} \ -%endif - --enable-isadir=../..%{pamdir} \ - --enable-securedir=%{pamdir} \ + --enable-isadir=../..%{_pam_moduledir} \ + --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_distconfdir} \ --enable-tally2 --enable-cracklib make -C modules/pam_unix %install -mkdir -p %{buildroot}%{pamdir} -install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{pamdir}/ +mkdir -p %{buildroot}%{_pam_moduledir} +install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{_pam_moduledir}/ for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f %{buildroot}%{pamdir}/pam_unix.so %{buildroot}%{pamdir}/$x.so + ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so done %files %license COPYING -%{pamdir}/pam_unix.so -%{pamdir}/pam_unix_acct.so -%{pamdir}/pam_unix_auth.so -%{pamdir}/pam_unix_passwd.so -%{pamdir}/pam_unix_session.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_unix_acct.so +%{_pam_moduledir}/pam_unix_auth.so +%{_pam_moduledir}/pam_unix_passwd.so +%{_pam_moduledir}/pam_unix_session.so %changelog diff --git a/securetty b/securetty deleted file mode 100644 index 20a3840..0000000 --- a/securetty +++ /dev/null @@ -1,10 +0,0 @@ -# -# This file contains the device names of tty lines (one per line, -# without leading /dev/) on which root is allowed to login. -# -tty1 -tty2 -tty3 -tty4 -tty5 -tty6 -- 2.51.1 From 0fc7ab76cc6e06e1cadaa090878e44fadd4d5a5655caf10f7c88cbc9c37e55a3 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 13 Jul 2021 13:43:07 +0000 Subject: [PATCH 158/226] - revert-check_shadow_expiry.diff: revert wrong CRYPT_SALT_METHOD_LEGACY check. - revert-check_shadow_expiry.diff: revert wrong CRYPT_SALT_METHOD_LEGACY check. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=242 --- pam.changes | 6 ++++++ pam.spec | 4 +++- pam_unix-nis.changes | 6 ++++++ pam_unix-nis.spec | 2 ++ revert-check_shadow_expiry.diff | 31 +++++++++++++++++++++++++++++++ 5 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 revert-check_shadow_expiry.diff diff --git a/pam.changes b/pam.changes index 7ba0097..038c58d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + ------------------------------------------------------------------- Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer diff --git a/pam.spec b/pam.spec index 82c75e2..763c0ca 100644 --- a/pam.spec +++ b/pam.spec @@ -61,6 +61,7 @@ Patch10: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch Patch11: bsc1184358-prevent-LOCAL-from-being-resolved.patch # https://github.com/linux-pam/linux-pam/commit/e842a5fc075002f46672ebcd8e896624f1ec8068 Patch100: pam_securetty-don-t-complain-about-missing-config.patch +Patch101: revert-check_shadow_expiry.diff BuildRequires: audit-devel BuildRequires: bison BuildRequires: cracklib-devel @@ -172,6 +173,7 @@ cp -a %{SOURCE12} . %patch10 -p1 %patch11 -p1 %patch100 -p1 +%patch101 -p1 %build bash ./pam-login_defs-check.sh @@ -191,7 +193,7 @@ CFLAGS="$CFLAGS -DNDEBUG" --enable-debug \ %endif --enable-tally2 --enable-cracklib -make %{?_smp_mflags} +%make_build gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam %check diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes index 75b5e39..ebba241 100644 --- a/pam_unix-nis.changes +++ b/pam_unix-nis.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Jul 13 13:40:54 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + ------------------------------------------------------------------- Wed Jun 9 14:02:02 UTC 2021 - Ludwig Nussel diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec index 2b5db09..dd8a6c1 100644 --- a/pam_unix-nis.spec +++ b/pam_unix-nis.spec @@ -36,6 +36,7 @@ URL: http://www.linux-pam.org/ Source: Linux-PAM-%{version}.tar.xz Source9: baselibs.conf Patch: Makefile-pam_unix-nis.diff +Patch1: revert-check_shadow_expiry.diff BuildRequires: pam-devel %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) @@ -57,6 +58,7 @@ module has NIS support. %prep %setup -q -n Linux-PAM-%{version} %patch -p1 +%patch1 -p1 %build export CFLAGS="%{optflags} -DNDEBUG" diff --git a/revert-check_shadow_expiry.diff b/revert-check_shadow_expiry.diff new file mode 100644 index 0000000..ef87ed9 --- /dev/null +++ b/revert-check_shadow_expiry.diff @@ -0,0 +1,31 @@ +pam_unix: do not use crypt_checksalt when checking for password expiration + +According to Zack Weinberg, the intended meaning of +CRYPT_SALT_METHOD_LEGACY is "passwd(1) should not use this hashing +method", it is not supposed to mean "force a password change on next +login for any user with an existing stored hash using this method". + +This reverts commit 4da9feb. + +* modules/pam_unix/passverify.c (check_shadow_expiry) +[CRYPT_CHECKSALT_AVAILABLE]: Remove. + + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index f6132f805..5a19ed856 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -289,13 +289,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, + D(("account expired")); + return PAM_ACCT_EXPIRED; + } +-#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE +- if (spent->sp_lstchg == 0 || +- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY || +- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) { +-#else + if (spent->sp_lstchg == 0) { +-#endif + D(("need a new password")); + *daysleft = 0; + return PAM_NEW_AUTHTOK_REQD; -- 2.51.1 From 4139f4902b3856ce341f62d1351a0d0668bd741dcf4e3083b82c977bb412d879 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 13 Jul 2021 13:53:02 +0000 Subject: [PATCH 159/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=243 --- pam.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pam.spec b/pam.spec index 763c0ca..93585a2 100644 --- a/pam.spec +++ b/pam.spec @@ -240,7 +240,7 @@ popd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ # rpm macros -install -D -m 644 %{SOURCE2} %{buildroot}%{_prefix}/lib/rpm/macros.d/macros.pam +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/motd.conf # Create filelist with translations @@ -454,6 +454,6 @@ done %{_libdir}/libpam.so %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so -%{_prefix}/lib/rpm/macros.d/macros.pam +%{_rpmmacrodir}/macros.pam %changelog -- 2.51.1 From 39b8fe8e870d51a2cad66c79595cec3b35f1a1deb73f6c9266e956c44744b1fe Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 9 Aug 2021 08:32:39 +0000 Subject: [PATCH 160/226] Accepting request 909931 from home:pgajdos - package man5/motd.5 as a man-pages link to man8/pam_motd.8 [bsc#1188724] OBS-URL: https://build.opensuse.org/request/show/909931 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=244 --- pam.changes | 6 ++++++ pam.spec | 3 +++ 2 files changed, 9 insertions(+) diff --git a/pam.changes b/pam.changes index 038c58d..d8bcdc5 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + ------------------------------------------------------------------- Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 93585a2..3f7be43 100644 --- a/pam.spec +++ b/pam.spec @@ -239,6 +239,8 @@ popd # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 # rpm macros install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d @@ -301,6 +303,7 @@ done %{_mandir}/man5/environment.5%{?ext_man} %{_mandir}/man5/*.conf.5%{?ext_man} %{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} %{_mandir}/man8/PAM.8%{?ext_man} %{_mandir}/man8/faillock.8%{?ext_man} %{_mandir}/man8/mkhomedir_helper.8%{?ext_man} -- 2.51.1 From c6cae773e244d2f6f5a162e8a646b8fdbd9c2529deb596470d94d4b59ff63a57 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 12 Aug 2021 14:45:10 +0000 Subject: [PATCH 161/226] - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask explicit "usergroups" option and instead read it from login.def's "USERGROUP_ENAB" option if umask is only defined there. [bsc#1189139] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=245 --- pam.changes | 8 ++ pam.spec | 2 + pam_umask-usergroups-login_defs.patch | 123 ++++++++++++++++++++++++++ 3 files changed, 133 insertions(+) create mode 100644 pam_umask-usergroups-login_defs.patch diff --git a/pam.changes b/pam.changes index d8bcdc5..37d3691 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + ------------------------------------------------------------------- Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com diff --git a/pam.spec b/pam.spec index 3f7be43..67dd4c8 100644 --- a/pam.spec +++ b/pam.spec @@ -59,6 +59,7 @@ Patch8: pam-bsc1177858-dont-free-environment-string.patch Patch9: pam-pam_cracklib-add-usersubstr.patch Patch10: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch Patch11: bsc1184358-prevent-LOCAL-from-being-resolved.patch +Patch12: pam_umask-usergroups-login_defs.patch # https://github.com/linux-pam/linux-pam/commit/e842a5fc075002f46672ebcd8e896624f1ec8068 Patch100: pam_securetty-don-t-complain-about-missing-config.patch Patch101: revert-check_shadow_expiry.diff @@ -172,6 +173,7 @@ cp -a %{SOURCE12} . %patch9 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %patch100 -p1 %patch101 -p1 diff --git a/pam_umask-usergroups-login_defs.patch b/pam_umask-usergroups-login_defs.patch new file mode 100644 index 0000000..cb3b2c2 --- /dev/null +++ b/pam_umask-usergroups-login_defs.patch @@ -0,0 +1,123 @@ +Description: +Deprecate pam_umask explicit "usergroups" option and instead read it from /etc/login.def's +"USERGROUP_ENAB" option if umask is only defined there. +Original Author: Martin Pitt +Bug-Debian: http://bugs.debian.org/583958 + +diff -urN Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.8.xml Linux-PAM-1.5.1/modules/pam_umask/pam_umask.8.xml +--- Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.8.xml 2020-11-25 17:57:02.000000000 +0100 ++++ Linux-PAM-1.5.1/modules/pam_umask/pam_umask.8.xml 2021-08-12 16:02:56.108249895 +0200 +@@ -61,12 +61,13 @@ + + + +- UMASK entry from /etc/login.defs ++ UMASK entry from /etc/login.defs ++ (influenced by USERGROUPS_ENAB) + + + + +- UMASK= entry from /etc/default/login ++ UMASK= entry from /etc/default/login + + + +@@ -118,6 +119,11 @@ + If the user is not root and the username is the same as + primary group name, the umask group bits are set to be the + same as owner bits (examples: 022 -> 002, 077 -> 007). ++ Note that using this option explicitly is discouraged. pam_umask ++ enables this functionality by default if ++ /etc/login.defs enables ++ USERGROUPS_ENAB, and the umask is not set explicitly in other ++ places than /etc/login.defs. + + + +diff -urN Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.c Linux-PAM-1.5.1/modules/pam_umask/pam_umask.c +--- Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.c 2020-11-25 17:57:02.000000000 +0100 ++++ Linux-PAM-1.5.1/modules/pam_umask/pam_umask.c 2021-08-12 16:14:40.505589328 +0200 +@@ -103,7 +103,23 @@ + parse_option (pamh, *argv, options); + + if (options->umask == NULL) +- options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK"); ++ { ++ options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK"); ++ /* login.defs' USERGROUPS_ENAB will modify the UMASK setting there by way ++ * of usergroups; but we don't want it to influence umask definitions ++ * from other places (like GECOS). ++ */ ++ if (options->umask != NULL) ++ { ++ char *result = pam_modutil_search_key (pamh, LOGIN_DEFS, ++ "USERGROUPS_ENAB"); ++ if (result != NULL) ++ { ++ options->usergroups = (strcasecmp (result, "yes") == 0); ++ free (result); ++ } ++ } ++ } + if (options->umask == NULL) + options->umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK"); + +--- Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.8 2021-08-12 16:34:08.314505891 +0200 ++++ Linux-PAM-1.5.1/modules/pam_umask/pam_umask.8 2021-08-12 16:14:43.969615764 +0200 +@@ -68,7 +68,9 @@ + .sp -1 + .IP \(bu 2.3 + .\} +-UMASK entry from /etc/login\&.defs ++UMASK entry from ++/etc/login\&.defs ++(influenced by USERGROUPS_ENAB) + .RE + .sp + .RS 4 +@@ -79,7 +81,8 @@ + .sp -1 + .IP \(bu 2.3 + .\} +-UMASK= entry from /etc/default/login ++UMASK= entry from ++/etc/default/login + .RE + .PP + The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. +@@ -98,7 +101,10 @@ + .PP + \fBusergroups\fR + .RS 4 +-If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. ++If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. Note that using this option explicitly is discouraged\&. pam_umask enables this functionality by default if ++/etc/login\&.defs ++enables USERGROUPS_ENAB, and the umask is not set explicitly in other places than ++/etc/login\&.defs\&. + .RE + .PP + \fBnousergroups\fR +--- Linux-PAM-1.5.1.pre/modules/pam_umask/README 2021-08-12 16:34:08.638508373 +0200 ++++ Linux-PAM-1.5.1/modules/pam_umask/README 2021-08-12 16:14:44.241617840 +0200 +@@ -15,7 +15,7 @@ + + • umask= argument + +- • UMASK entry from /etc/login.defs ++ • UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB) + + • UMASK= entry from /etc/default/login + +@@ -38,7 +38,10 @@ + + If the user is not root and the username is the same as primary group name, + the umask group bits are set to be the same as owner bits (examples: 022 -> +- 002, 077 -> 007). ++ 002, 077 -> 007). Note that using this option explicitly is discouraged. ++ pam_umask enables this functionality by default if /etc/login.defs enables ++ USERGROUPS_ENAB, and the umask is not set explicitly in other places than / ++ etc/login.defs. + + nousergroups + -- 2.51.1 From dc65a6a40a3259a5007385816fd5d14c5091aa8dfa826af466b841368d4969e5 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 10 Sep 2021 09:48:01 +0000 Subject: [PATCH 162/226] Accepting request 917897 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/917897 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=246 --- Linux-PAM-1.5.1-docs.tar.xz | 3 - Linux-PAM-1.5.1.tar.xz | 3 - Linux-PAM-1.5.2-docs.tar.xz | 3 + Linux-PAM-1.5.2-docs.tar.xz.asc | 16 + Linux-PAM-1.5.2.tar.xz | 3 + Linux-PAM-1.5.2.tar.xz.asc | 16 + ...58-prevent-LOCAL-from-being-resolved.patch | 90 - openSUSE_Tumbleweed-x86_64.bl | 4980 +++++++++++++++++ ...3-make-nofile-unlimited-mean-nr_open.patch | 755 --- pam-pam_cracklib-add-usersubstr.patch | 81 - pam.changes | 39 + pam.spec | 49 +- pam_cracklib-removal.patch | 1740 ------ ...-don-t-complain-about-missing-config.patch | 40 - pam_umask-usergroups-login_defs.patch | 158 +- pam_unix-nis.spec | 2 +- revert-check_shadow_expiry.diff | 31 - 17 files changed, 5149 insertions(+), 2860 deletions(-) delete mode 100644 Linux-PAM-1.5.1-docs.tar.xz delete mode 100644 Linux-PAM-1.5.1.tar.xz create mode 100644 Linux-PAM-1.5.2-docs.tar.xz create mode 100644 Linux-PAM-1.5.2-docs.tar.xz.asc create mode 100644 Linux-PAM-1.5.2.tar.xz create mode 100644 Linux-PAM-1.5.2.tar.xz.asc delete mode 100644 bsc1184358-prevent-LOCAL-from-being-resolved.patch create mode 100644 openSUSE_Tumbleweed-x86_64.bl delete mode 100644 pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch delete mode 100644 pam-pam_cracklib-add-usersubstr.patch delete mode 100644 pam_cracklib-removal.patch delete mode 100644 pam_securetty-don-t-complain-about-missing-config.patch delete mode 100644 revert-check_shadow_expiry.diff diff --git a/Linux-PAM-1.5.1-docs.tar.xz b/Linux-PAM-1.5.1-docs.tar.xz deleted file mode 100644 index e006f6a..0000000 --- a/Linux-PAM-1.5.1-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d0fc4ef466d0050f46b0ccd2f73373c60c47454da55f6fb2fd04b0701c73c134 -size 441632 diff --git a/Linux-PAM-1.5.1.tar.xz b/Linux-PAM-1.5.1.tar.xz deleted file mode 100644 index 684a247..0000000 --- a/Linux-PAM-1.5.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc -size 972964 diff --git a/Linux-PAM-1.5.2-docs.tar.xz b/Linux-PAM-1.5.2-docs.tar.xz new file mode 100644 index 0000000..f0d6411 --- /dev/null +++ b/Linux-PAM-1.5.2-docs.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bd75b3474dfbed60dff728721c48a6dd88bfea901b607c469bbe5fa5ccc535e4 +size 443276 diff --git a/Linux-PAM-1.5.2-docs.tar.xz.asc b/Linux-PAM-1.5.2-docs.tar.xz.asc new file mode 100644 index 0000000..36d23e4 --- /dev/null +++ b/Linux-PAM-1.5.2-docs.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp +7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ +cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j +klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS +oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R +XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR +rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0 +ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC +wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf +c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN +JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU +kfOtmSc7D8FhaXULOtvi +=ijjK +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.5.2.tar.xz b/Linux-PAM-1.5.2.tar.xz new file mode 100644 index 0000000..6da688b --- /dev/null +++ b/Linux-PAM-1.5.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d +size 988784 diff --git a/Linux-PAM-1.5.2.tar.xz.asc b/Linux-PAM-1.5.2.tar.xz.asc new file mode 100644 index 0000000..8eddb9d --- /dev/null +++ b/Linux-PAM-1.5.2.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu +h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t +tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch +XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4 +huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd +ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T +JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74 +sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu +FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W +vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf +8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+ +q1y3BpSxAA1wOd9/mTM+ +=KMIz +-----END PGP SIGNATURE----- diff --git a/bsc1184358-prevent-LOCAL-from-being-resolved.patch b/bsc1184358-prevent-LOCAL-from-being-resolved.patch deleted file mode 100644 index d627f27..0000000 --- a/bsc1184358-prevent-LOCAL-from-being-resolved.patch +++ /dev/null @@ -1,90 +0,0 @@ -From c4dbba499f335ad88536244254d2d444b8e1c17c Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 6 Apr 2021 12:27:38 +0200 -Subject: [PATCH] pam_access: clean up the remote host matching code - -* modules/pam_access/pam_access.c (from_match): Split out remote_match() - function and avoid calling it when matching against LOCAL keyword. - There is also no point in doing domain match against TTY or SERVICE. ---- - modules/pam_access/pam_access.c | 42 +++++++++++++++++++++------------ - 1 file changed, 27 insertions(+), 15 deletions(-) - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 98848c54..b493c7bd 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -160,6 +160,7 @@ static int list_match (pam_handle_t *, char *, char *, struct login_info *, - static int user_match (pam_handle_t *, char *, struct login_info *); - static int group_match (pam_handle_t *, const char *, const char *, int); - static int from_match (pam_handle_t *, char *, struct login_info *); -+static int remote_match (pam_handle_t *, char *, struct login_info *); - static int string_match (pam_handle_t *, const char *, const char *, int); - static int network_netmask_match (pam_handle_t *, const char *, const char *, struct login_info *); - -@@ -589,11 +590,9 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr, - /* from_match - match a host or tty against a list of tokens */ - - static int --from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) -+from_match (pam_handle_t *pamh, char *tok, struct login_info *item) - { - const char *string = item->from; -- int tok_len; -- int str_len; - int rv; - - if (item->debug) -@@ -616,13 +615,28 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) - } else if ((rv = string_match(pamh, tok, string, item->debug)) != NO) { - /* ALL or exact match */ - return rv; -- } else if (tok[0] == '.') { /* domain: match last fields */ -- if ((str_len = strlen(string)) > (tok_len = strlen(tok)) -- && strcasecmp(tok, string + str_len - tok_len) == 0) -- return (YES); -- } else if (item->from_remote_host == 0) { /* local: no PAM_RHOSTS */ -- if (strcasecmp(tok, "LOCAL") == 0) -- return (YES); -+ } else if (strcasecmp(tok, "LOCAL") == 0) { -+ /* LOCAL matches only local accesses */ -+ if (!item->from_remote_host) -+ return YES; -+ return NO; -+ } else if (item->from_remote_host) { -+ return remote_match(pamh, tok, item); -+ } -+ return NO; -+} -+ -+static int -+remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) -+{ -+ const char *string = item->from; -+ size_t tok_len = strlen(tok); -+ size_t str_len; -+ -+ if (tok[0] == '.') { /* domain: match last fields */ -+ if ((str_len = strlen(string)) > tok_len -+ && strcasecmp(tok, string + str_len - tok_len) == 0) -+ return YES; - } else if (tok[(tok_len = strlen(tok)) - 1] == '.') { - struct addrinfo hint; - -@@ -661,13 +675,11 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) - runp = runp->ai_next; - } - } -- } else { -- /* Assume network/netmask with a IP of a host. */ -- if (network_netmask_match(pamh, tok, string, item)) -- return YES; -+ return NO; - } - -- return NO; -+ /* Assume network/netmask with an IP of a host. */ -+ return network_netmask_match(pamh, tok, string, item); - } - - /* string_match - match a string against one token */ diff --git a/openSUSE_Tumbleweed-x86_64.bl b/openSUSE_Tumbleweed-x86_64.bl new file mode 100644 index 0000000..20407e7 --- /dev/null +++ b/openSUSE_Tumbleweed-x86_64.bl @@ -0,0 +1,4980 @@ +[ 0s] Using BUILD_ROOT=/var/cache/obs/worker/root_4/.mount +[ 0s] Using BUILD_ARCH=x86_64:i686:i586:i486:i386 +[ 0s] Doing kvm build in /var/cache/obs/worker/root_4/root +[ 0s] +[ 0s] +[ 0s] goat01 started "build pam.spec" at Wed May 19 09:35:36 UTC 2021. +[ 0s] +[ 0s] Building pam for project 'home:jmoellers:branches:Linux-PAM' repository 'openSUSE_Tumbleweed' arch 'x86_64' srcmd5 '83207f1f0c181b7e3f3c5becb047aaec' +[ 0s] +[ 0s] processing recipe /var/cache/obs/worker/root_4/.build-srcdir/pam.spec ... +[ 0s] running changelog2spec --target rpm --file /var/cache/obs/worker/root_4/.build-srcdir/pam.spec +[ 0s] init_buildsystem --configdir /var/run/obs/worker/4/build/configs --cachedir /var/cache/build --prepare --clean --rpmlist /var/cache/obs/worker/root_4/.build.rpmlist /var/cache/obs/worker/root_4/.build-srcdir/pam.spec build ... +[ 1s] cycle: rpm-config-SUSE -> rpm +[ 1s] breaking dependency rpm-config-SUSE -> rpm +[ 1s] [1/33] preinstalling filesystem... +[ 1s] [2/33] preinstalling permissions... +[ 1s] [3/33] preinstalling glibc... +[ 1s] [4/33] preinstalling fillup... +[ 1s] [5/33] preinstalling libacl1... +[ 1s] [6/33] preinstalling libattr1... +[ 1s] [7/33] preinstalling libbz2-1... +[ 1s] [8/33] preinstalling libcap2... +[ 1s] [9/33] preinstalling libgcc_s1... +[ 1s] [10/33] preinstalling libgpg-error0... +[ 1s] [11/33] preinstalling liblua5_4-5... +[ 1s] [12/33] preinstalling liblzma5... +[ 1s] [13/33] preinstalling libpcre1... +[ 1s] [14/33] preinstalling libpcre2-8-0... +[ 2s] [15/33] preinstalling libpopt0... +[ 2s] [16/33] preinstalling libz1... +[ 2s] [17/33] preinstalling libzstd1... +[ 2s] [18/33] preinstalling attr... +[ 2s] [19/33] preinstalling libelf1... +[ 2s] [20/33] preinstalling libgcrypt20... +[ 2s] [21/33] preinstalling libncurses6... +[ 2s] [22/33] preinstalling libselinux1... +[ 2s] [23/33] preinstalling libreadline8... +[ 2s] [24/33] preinstalling tar... +[ 2s] [25/33] preinstalling bash... +[ 2s] [26/33] preinstalling diffutils... +[ 2s] [27/33] preinstalling grep... +[ 2s] [28/33] preinstalling pam... +[ 2s] [29/33] preinstalling sed... +[ 2s] [30/33] preinstalling coreutils... +[ 2s] [31/33] preinstalling aaa_base... +[ 2s] [32/33] preinstalling rpm-config-SUSE... +[ 2s] [33/33] preinstalling rpm... +[ 2s] +[ 2s] [1/11] preinstalling kernel-obs-build... +[ 3s] [2/11] preinstalling libblkid1... +[ 3s] [3/11] preinstalling libcrypt1... +[ 3s] [4/11] preinstalling libdb-4_8... +[ 3s] [5/11] preinstalling libmnl0... +[ 3s] [6/11] preinstalling libsmartcols1... +[ 3s] [7/11] preinstalling libuuid1... +[ 3s] [8/11] preinstalling iproute2... +[ 3s] [9/11] preinstalling libmount1... +[ 3s] [10/11] preinstalling perl-base... +[ 3s] [11/11] preinstalling util-linux... +[ 3s] copying packages... +[ 4s] reordering...cycle: libncurses6 -> terminfo-base +[ 4s] breaking dependency terminfo-base -> libncurses6 +[ 4s] cycle: binutils -> libctf0 +[ 4s] breaking dependency binutils -> libctf0 +[ 4s] cycle: rpm -> rpm-config-SUSE +[ 4s] breaking dependency rpm -> rpm-config-SUSE +[ 4s] cycle: libcrack2 -> cracklib +[ 4s] breaking dependency cracklib -> libcrack2 +[ 4s] cycle: pam -> pam_unix +[ 4s] breaking dependency pam -> pam_unix +[ 4s] done +[ 4s] booting kvm... +[ 4s] ### VM INTERACTION START ### +[ 4s] Using UART console +[ 4s] /usr/bin/qemu-kvm -nodefaults -no-reboot -nographic -vga none -cpu host -object rng-random,filename=/dev/random,id=rng0 -device virtio-rng-pci,rng=rng0 -runas qemu -net none -kernel /var/cache/obs/worker/root_4/.mount/boot/kernel -initrd /var/cache/obs/worker/root_4/.mount/boot/initrd -append root=/dev/disk/by-id/virtio-0 rootfstype=ext4 rootflags=noatime ext4.allow_unsupported=1 mitigations=off panic=1 quiet no-kvmclock elevator=noop nmi_watchdog=0 rw rd.driver.pre=binfmt_misc console=ttyS0 init=/.build/build -m 10240 -drive file=/var/cache/obs/worker/root_4/root,format=raw,if=none,id=disk,cache=unsafe -device virtio-blk-pci,drive=disk,serial=0 -drive file=/var/cache/obs/worker/root_4/swap,format=raw,if=none,id=swap,cache=unsafe -device virtio-blk-pci,drive=swap,serial=1 -serial stdio -chardev socket,id=monitor,server,nowait,path=/var/cache/obs/worker/root_4/root.qemu/monitor -mon chardev=monitor,mode=readline -smp 8 +[ 4s] c[?7l[2J[0mSeaBIOS (version rel-1.14.0-0-g155821a-rebuilt.opensuse.org) +[ 8s] Booting from ROM..c[?7l[2J### VM INTERACTION END ### +[ 8s] 2nd stage started in virtual machine +[ 8s] machine type: x86_64 +[ 8s] [ 4.242868] sysrq: Changing Loglevel +[ 8s] Linux version: 5[ 4.243314] sysrq: Loglevel set to 4 +[ 8s] .12.3-1-default #1 SMP Wed May 12 09:01:49 UTC 2021 (25d4ec7) +[ 8s] Increasing log level from now on... +[ 8s] Enable sysrq operations +[ 8s] Setting up swapspace version 1, size = 2 GiB (2147479552 bytes) +[ 8s] no label, UUID=a142abc4-28c5-4bc5-b535-58e167a82a53 +[ 8s] swapon: /dev/vdb: found signature [pagesize=4096, signature=swap] +[ 8s] swapon: /dev/vdb: pagesize=4096, swapsize=2147483648, devsize=2147483648 +[ 8s] swapon /dev/vdb +[ 8s] WARNING: udev not running, creating extra device nodes +[ 9s] logging output to //.build.log... +[ 9s] processing recipe /.build-srcdir/pam.spec ... +[ 9s] init_buildsystem --configdir /.build/configs --cachedir /var/cache/build /.build-srcdir/pam.spec build ... +[ 9s] initializing rpm db... +[ 9s] querying package ids... +[ 9s] [1/151] cumulate file-magic-5.40-1.1 +[ 9s] [2/151] cumulate kernel-obs-build-5.12.3-1.1 +[ 9s] [3/151] cumulate libsemanage-conf-3.2-1.3 +[ 9s] [4/151] cumulate pkgconf-m4-1.7.3-3.1 +[ 9s] [5/151] cumulate system-user-root-20190513-1.24 +[ 9s] [6/151] cumulate filesystem-15.5-39.1 +[ 9s] [7/151] cumulate glibc-2.33-6.1 +[ 9s] [8/151] cumulate fillup-1.42-276.4 +[ 9s] [9/151] cumulate libacl1-2.2.53-5.5 +[ 9s] [10/151] cumulate libatomic1-11.0.0+git183291-1.5 +[ 9s] [11/151] cumulate libattr1-2.5.1-1.1 +[ 9s] [12/151] cumulate libaudit1-2.8.5-5.3 +[ 9s] [13/151] cumulate libblkid1-2.36.2-1.5 +[ 9s] [14/151] cumulate libbz2-1-1.0.8-2.22 +[ 9s] [15/151] cumulate libcap-ng0-0.7.10-1.18 +[ 9s] [16/151] cumulate libcap2-2.49-2.1 +[ 9s] [17/151] cumulate libcrypt1-4.4.19-1.1 +[ 9s] [18/151] cumulate libeconf0-0.4.0+git20210413.fdb8025-1.1 +[ 9s] [19/151] cumulate libexpat1-2.3.0-1.1 +[ 9s] [20/151] cumulate libfl2-2.6.4-6.1 +[ 9s] [21/151] cumulate libgcc_s1-11.0.0+git183291-1.5 +[ 9s] [22/151] cumulate libgdbm6-1.19-1.3 +[ 9s] [23/151] cumulate libgmp10-6.2.1-3.1 +[ 9s] [24/151] cumulate libgomp1-11.0.0+git183291-1.5 +[ 9s] [25/151] cumulate libgpg-error0-1.42-1.1 +[ 9s] [26/151] cumulate libitm1-11.0.0+git183291-1.5 +[ 9s] [27/151] cumulate libltdl7-2.4.6-8.22 +[ 9s] [28/151] cumulate liblua5_4-5-5.4.3-2.1 +[ 9s] [29/151] cumulate liblzma5-5.2.5-1.18 +[ 9s] [30/151] cumulate libmnl0-1.0.4-2.5 +[ 9s] [31/151] cumulate libpcre1-8.44-3.2 +[ 9s] [32/151] cumulate libpcre2-16-0-10.36-2.1 +[ 9s] [33/151] cumulate libpcre2-32-0-10.36-2.1 +[ 9s] [34/151] cumulate libpcre2-8-0-10.36-2.1 +[ 9s] [35/151] cumulate libpkgconf3-1.7.3-3.1 +[ 9s] [36/151] cumulate libpopt0-1.18-2.4 +[ 9s] [37/151] cumulate libsepol2-3.2-1.1 +[ 9s] [38/151] cumulate libsmartcols1-2.36.2-1.5 +[ 9s] [39/151] cumulate libtextstyle0-0.21-2.4 +[ 9s] [40/151] cumulate libuuid1-2.36.2-1.5 +[ 9s] [41/151] cumulate libz1-1.2.11-18.3 +[ 9s] [42/151] cumulate libzstd1-1.4.9-1.2 +[ 9s] [43/151] cumulate patch-2.7.6-3.31 +[ 9s] [44/151] cumulate update-alternatives-1.19.0.5-8.1 +[ 9s] [45/151] cumulate libfl-devel-2.6.4-6.1 +[ 9s] [46/151] cumulate attr-2.5.1-1.1 +[ 9s] [47/151] cumulate libauparse0-2.8.5-5.3 +[ 9s] [48/151] cumulate libctf-nobfd0-2.36-4.1 +[ 9s] [49/151] cumulate libelf1-0.184-1.1 +[ 9s] [50/151] cumulate libgcrypt20-1.9.3-1.1 +[ 9s] [51/151] cumulate libgdbm_compat4-1.19-1.3 +[ 9s] [52/151] cumulate libisl23-0.23-2.3 +[ 9s] [53/151] cumulate libmpfr6-4.1.0-2.2 +[ 9s] [54/151] cumulate libpcre2-posix2-10.36-2.1 +[ 9s] [55/151] cumulate libselinux1-3.2-2.1 +[ 9s] [56/151] cumulate libstdc++6-11.0.0+git183291-1.5 +[ 9s] [57/151] cumulate perl-base-5.32.1-1.1 +[ 9s] [58/151] cumulate pkgconf-1.7.3-3.1 +[ 9s] [59/151] cumulate chkstat-1550_20210125-27.3 +[ 9s] [60/151] cumulate libfdisk1-2.36.2-1.5 +[ 9s] [61/151] cumulate libxml2-2-2.9.10-11.1 +[ 9s] [62/151] cumulate libmagic1-5.40-1.1 +[ 9s] [63/151] cumulate build-mkbaselibs-20210120-1.4 +[ 9s] [64/151] cumulate rpm-build-perl-4.16.1.3-2.1 +[ 9s] [65/151] cumulate dwz-0.14-1.1 +[ 9s] [66/151] cumulate file-5.40-1.1 +[ 9s] [67/151] cumulate findutils-4.8.0-2.1 +[ 9s] [68/151] cumulate libasan6-11.0.0+git183291-1.5 +[ 9s] [69/151] cumulate libdb-4_8-4.8.30-38.25 +[ 9s] [70/151] cumulate liblsan0-11.0.0+git183291-1.5 +[ 9s] [71/151] cumulate libmount1-2.36.2-1.5 +[ 9s] [72/151] cumulate libmpc3-1.2.1-1.3 +[ 9s] [73/151] cumulate libtsan0-11.0.0+git183291-1.5 +[ 9s] [74/151] cumulate libubsan1-11.0.0+git183291-1.5 +[ 9s] [75/151] cumulate tar-1.34-1.4 +[ 9s] [76/151] cumulate libdw1-0.184-1.1 +[ 9s] [77/151] cumulate libsemanage2-3.2-1.3 +[ 9s] [78/151] cumulate cpp10-10.3.0+git1587-1.2 +[ 9s] [79/151] cumulate perl-5.32.1-1.1 +[ 9s] [80/151] cumulate brp-check-suse-84.87+git20210420.a4765d7-1.1 +[ 9s] [81/151] cumulate terminfo-base-6.2.20210501-19.1 +[ 9s] [82/151] cumulate libncurses6-6.2.20210501-19.1 +[ 9s] [83/151] cumulate libreadline8-8.1-2.1 +[ 9s] [84/151] cumulate ncurses-utils-6.2.20210501-19.1 +[ 9s] [85/151] cumulate bash-5.1.4-2.1 +[ 9s] [86/151] cumulate login_defs-4.8.1-6.2 +[ 9s] [87/151] cumulate sysuser-shadow-3.0-11.1 +[ 9s] [88/151] cumulate cpio-2.13-2.4 +[ 9s] [89/151] cumulate cpp-10-3.3 +[ 9s] [90/151] cumulate diffutils-3.7-4.4 +[ 9s] [91/151] cumulate gzip-1.10-8.1 +[ 9s] [92/151] cumulate hostname-3.23-2.4 +[ 9s] [93/151] cumulate m4-1.4.18-5.19 +[ 9s] [94/151] cumulate make-4.3-2.22 +[ 9s] [95/151] cumulate which-2.21-4.33 +[ 9s] [96/151] cumulate bzip2-1.0.8-2.22 +[ 9s] [97/151] cumulate cracklib-2.9.7-1.8 +[ 9s] [98/151] cumulate gawk-5.1.0-2.5 +[ 9s] [99/151] cumulate grep-3.6-2.4 +[ 9s] [100/151] cumulate pkgconf-pkg-config-1.7.3-3.1 +[ 9s] [101/151] cumulate xz-5.2.5-1.18 +[ 9s] [102/151] cumulate sed-4.8-3.5 +[ 9s] [103/151] cumulate gettext-runtime-0.21-2.4 +[ 9s] [104/151] cumulate iproute2-5.12-1.1 +[ 9s] [105/151] cumulate coreutils-8.32-8.1 +[ 9s] [106/151] cumulate binutils-2.36-4.1 +[ 9s] [107/151] cumulate systemd-rpm-macros-11-1.1 +[ 9s] [108/151] cumulate libeconf-devel-0.4.0+git20210413.fdb8025-1.1 +[ 9s] [109/151] cumulate libxcrypt-devel-4.4.19-1.1 +[ 9s] [110/151] cumulate linux-glibc-devel-5.11-1.2 +[ 9s] [111/151] cumulate system-group-hardware-20170617-21.2 +[ 9s] [112/151] cumulate audit-devel-2.8.5-5.3 +[ 9s] [113/151] cumulate autoconf-2.69-17.18 +[ 9s] [114/151] cumulate bison-3.7.6-3.1 +[ 9s] [115/151] cumulate glibc-locale-base-2.33-6.1 +[ 9s] [116/151] cumulate libcrack2-2.9.7-1.8 +[ 9s] [117/151] cumulate libctf0-2.36-4.1 +[ 9s] [118/151] cumulate flex-2.6.4-6.1 +[ 9s] [119/151] cumulate permissions-config-1550_20210125-27.3 +[ 9s] [120/151] cumulate gettext-tools-0.21-2.4 +[ 9s] [121/151] cumulate aaa_base-84.87+git20210317.2c04190-1.1 +[ 9s] [122/151] cumulate rpm-4.16.1.3-2.1 +[ 9s] [123/151] cumulate aaa_base-malloccheck-84.87+git20210317.2c04190-1.1 +[ 9s] [124/151] cumulate glibc-locale-2.33-6.1 +[ 9s] [125/151] cumulate permissions-20210125.1550-27.3 +[ 9s] [126/151] cumulate rpm-config-SUSE-0.g76-1.1 +[ 9s] [127/151] cumulate automake-1.16.3-3.1 +[ 9s] [128/151] cumulate glibc-devel-2.33-6.1 +[ 9s] [129/151] cumulate librpmbuild9-4.16.1.3-2.1 +[ 9s] [130/151] cumulate build-compare-20200727T175347.d95eb35-1.6 +[ 9s] [131/151] cumulate cracklib-devel-2.9.7-1.8 +[ 9s] [132/151] cumulate libdb-4_8-devel-4.8.30-38.25 +[ 9s] [133/151] cumulate libstdc++6-devel-gcc10-10.3.0+git1587-1.2 +[ 9s] [134/151] cumulate libsepol-devel-3.2-1.1 +[ 9s] [135/151] cumulate libutempter0-1.2.0-3.3 +[ 9s] [136/151] cumulate libtool-2.4.6-8.22 +[ 9s] [137/151] cumulate post-build-checks-84.87+git20210304.df696a0-1.1 +[ 9s] [138/151] cumulate pam-1.5.1-10.1 +[ 9s] [139/151] cumulate rpmlint-mini-1.10-23.12 +[ 9s] [140/151] cumulate gcc10-10.3.0+git1587-1.2 +[ 9s] [141/151] cumulate libstdc++-devel-10-3.3 +[ 9s] [142/151] cumulate rpmlint-Factory-1.0-99.1 +[ 9s] [143/151] cumulate gcc-10-3.3 +[ 9s] [144/151] cumulate pam-devel-1.5.1-10.1 +[ 9s] [145/151] cumulate pam_unix-1.5.1-10.1 +[ 9s] [146/151] cumulate shadow-4.8.1-6.2 +[ 9s] [147/151] cumulate util-linux-2.36.2-1.5 +[ 9s] [148/151] cumulate gcc-PIE-10-3.3 +[ 9s] [149/151] cumulate pcre2-devel-10.36-2.1 +[ 9s] [150/151] cumulate rpm-build-4.16.1.3-2.1 +[ 9s] [151/151] cumulate libselinux-devel-3.2-2.1 +[ 9s] now installing cumulated packages +[ 9s] Preparing... ######################################## +[ 9s] Updating / installing... +[ 9s] system-user-root-20190513-1.24 ######################################## +[ 9s] filesystem-15.5-39.1 ######################################## +[ 9s] glibc-2.33-6.1 ######################################## +[ 9s] libz1-1.2.11-18.3 ######################################## +[ 9s] libgcc_s1-11.0.0+git183291-1.5 ######################################## +[ 9s] libstdc++6-11.0.0+git183291-1.5 ######################################## +[ 9s] libcrypt1-4.4.19-1.1 ######################################## +[ 9s] perl-base-5.32.1-1.1 ######################################## +[ 9s] libaudit1-2.8.5-5.3 ######################################## +[ 9s] libbz2-1-1.0.8-2.22 ######################################## +[ 9s] libgmp10-6.2.1-3.1 ######################################## +[ 9s] terminfo-base-6.2.20210501-19.1 ######################################## +[ 9s] libncurses6-6.2.20210501-19.1 ######################################## +[ 9s] ncurses-utils-6.2.20210501-19.1 ######################################## +[ 9s] libelf1-0.184-1.1 ######################################## +[ 9s] libacl1-2.2.53-5.5 ######################################## +[ 9s] liblzma5-5.2.5-1.18 ######################################## +[ 9s] libcap2-2.49-2.1 ######################################## +[ 9s] libeconf0-0.4.0+git20210413.fdb8025-1.######################################## +[ 9s] libpcre2-8-0-10.36-2.1 ######################################## +[ 9s] libselinux1-3.2-2.1 ######################################## +[ 9s] libmpfr6-4.1.0-2.2 ######################################## +[ 9s] fillup-1.42-276.4 ######################################## +[ 9s] libattr1-2.5.1-1.1 ######################################## +[ 9s] libblkid1-2.36.2-1.5 ######################################## +[ 9s] libgomp1-11.0.0+git183291-1.5 ######################################## +[ 9s] libpopt0-1.18-2.4 ######################################## +[ 9s] libzstd1-1.4.9-1.2 ######################################## +[ 9s] update-alternatives-1.19.0.5-8.1 ######################################## +[ 9s] libmpc3-1.2.1-1.3 ######################################## +[ 9s] chkstat-1550_20210125-27.3 ######################################## +[ 9s] libxml2-2-2.9.10-11.1 ######################################## +[ 9s] libdw1-0.184-1.1 ######################################## +[ 9s] libreadline8-8.1-2.1 ######################################## +[ 9s] bash-5.1.4-2.1 ######################################## +[ 9s] coreutils-8.32-8.1 ######################################## +[ 9s] m4-1.4.18-5.19 ######################################## +[ 9s] gawk-5.1.0-2.5 ######################################## +[ 9s] update-alternatives: using /usr/bin/gawk to provide /bin/awk (awk) in auto mode +[ 9s] xz-5.2.5-1.18 ######################################## +[ 9s] sed-4.8-3.5 ######################################## +[ 9s] login_defs-4.8.1-6.2 ######################################## +[ 9s] cpio-2.13-2.4 ######################################## +[ 10s] tar-1.34-1.4 ######################################## +[ 10s] diffutils-3.7-4.4 ######################################## +[ 10s] which-2.21-4.33 ######################################## +[ 10s] libisl23-0.23-2.3 ######################################## +[ 10s] cpp10-10.3.0+git1587-1.2 ######################################## +[ 10s] libdb-4_8-4.8.30-38.25 ######################################## +[ 10s] libgdbm6-1.19-1.3 ######################################## +[ 10s] libsepol2-3.2-1.1 ######################################## +[ 10s] libtextstyle0-0.21-2.4 ######################################## +[ 10s] libuuid1-2.36.2-1.5 ######################################## +[ 10s] libfdisk1-2.36.2-1.5 ######################################## +[ 10s] gettext-runtime-0.21-2.4 ######################################## +[ 10s] gettext-tools-0.21-2.4 ######################################## +[ 10s] libgdbm_compat4-1.19-1.3 ######################################## +[ 10s] perl-5.32.1-1.1 ######################################## +[ 10s] cpp-10-3.3 ######################################## +[ 10s] autoconf-2.69-17.18 ######################################## +[ 10s] automake-1.16.3-3.1 ######################################## +[ 10s] systemd-rpm-macros-11-1.1 ######################################## +[ 10s] linux-glibc-devel-5.11-1.2 ######################################## +[ 11s] glibc-locale-base-2.33-6.1 ######################################## +[ 12s] glibc-locale-2.33-6.1 ######################################## +[ 12s] permissions-config-1550_20210125-27.3 ######################################## +[ 12s] Updating /etc/sysconfig/security ... +[ 12s] Checking permissions and ownerships - using the permissions files +[ 12s] /usr/share/permissions/permissions +[ 12s] /usr/share/permissions/permissions.easy +[ 12s] /etc/permissions.local +[ 12s] /sbin/unix2_chkpwd: setting to root:shadow 4755 (wrong owner/group root:root) +[ 12s] /sbin/unix_chkpwd: setting to root:shadow 4755 (wrong owner/group root:root) +[ 12s] /usr/bin/mount: setting to root:root 4755 (wrong permissions 0755) +[ 12s] /usr/bin/su: setting to root:root 4755 (wrong permissions 0755) +[ 12s] /usr/bin/umount: setting to root:root 4755 (wrong permissions 0755) +[ 12s] permissions-20210125.1550-27.3 ######################################## +[ 12s] pam_unix-1.5.1-10.1 ######################################## +[ 12s] pam-1.5.1-10.1 ######################################## +[ 12s] gzip-1.10-8.1 ######################################## +[ 12s] make-4.3-2.22 ######################################## +[ 12s] bzip2-1.0.8-2.22 ######################################## +[ 12s] cracklib-2.9.7-1.8 ######################################## +[ 12s] libcrack2-2.9.7-1.8 ######################################## +[ 12s] libmount1-2.36.2-1.5 ######################################## +[ 12s] findutils-4.8.0-2.1 ######################################## +[ 12s] libpcre2-posix2-10.36-2.1 ######################################## +[ 12s] dwz-0.14-1.1 ######################################## +[ 12s] libauparse0-2.8.5-5.3 ######################################## +[ 12s] rpm-build-perl-4.16.1.3-2.1 ######################################## +[ 12s] libasan6-11.0.0+git183291-1.5 ######################################## +[ 12s] liblsan0-11.0.0+git183291-1.5 ######################################## +[ 12s] libtsan0-11.0.0+git183291-1.5 ######################################## +[ 12s] libubsan1-11.0.0+git183291-1.5 ######################################## +[ 12s] libctf-nobfd0-2.36-4.1 ######################################## +[ 12s] binutils-2.36-4.1 ######################################## +[ 12s] update-alternatives: using /usr/bin/ld.bfd to provide /usr/bin/ld (ld) in auto mode +[ 12s] libctf0-2.36-4.1 ######################################## +[ 12s] libatomic1-11.0.0+git183291-1.5 ######################################## +[ 12s] libcap-ng0-0.7.10-1.18 ######################################## +[ 12s] libexpat1-2.3.0-1.1 ######################################## +[ 12s] libfl2-2.6.4-6.1 ######################################## +[ 12s] libfl-devel-2.6.4-6.1 ######################################## +[ 12s] libgpg-error0-1.42-1.1 ######################################## +[ 12s] libgcrypt20-1.9.3-1.1 ######################################## +[ 12s] libitm1-11.0.0+git183291-1.5 ######################################## +[ 12s] libltdl7-2.4.6-8.22 ######################################## +[ 12s] liblua5_4-5-5.4.3-2.1 ######################################## +[ 12s] rpm-config-SUSE-0.g76-1.1 ######################################## +[ 13s] rpm-4.16.1.3-2.1 ######################################## +[ 13s] Updating /etc/sysconfig/services ... +[ 13s] libmnl0-1.0.4-2.5 ######################################## +[ 13s] iproute2-5.12-1.1 ######################################## +[ 13s] libpcre1-8.44-3.2 ######################################## +[ 13s] grep-3.6-2.4 ######################################## +[ 13s] aaa_base-84.87+git20210317.2c04190-1.1######################################## +[ 13s] Updating /etc/sysconfig/language ... +[ 13s] Updating /etc/sysconfig/proxy ... +[ 13s] Updating /etc/sysconfig/windowmanager ... +[ 13s] aaa_base-malloccheck-84.87+git20210317######################################## +[ 13s] libpcre2-16-0-10.36-2.1 ######################################## +[ 13s] libpcre2-32-0-10.36-2.1 ######################################## +[ 13s] libpkgconf3-1.7.3-3.1 ######################################## +[ 13s] pkgconf-1.7.3-3.1 ######################################## +[ 13s] libsmartcols1-2.36.2-1.5 ######################################## +[ 13s] patch-2.7.6-3.31 ######################################## +[ 13s] pkgconf-m4-1.7.3-3.1 ######################################## +[ 13s] pkgconf-pkg-config-1.7.3-3.1 ######################################## +[ 13s] libxcrypt-devel-4.4.19-1.1 ######################################## +[ 13s] glibc-devel-2.33-6.1 ######################################## +[ 13s] libstdc++6-devel-gcc10-10.3.0+git1587-######################################## +[ 13s] libstdc++-devel-10-3.3 ######################################## +[ 13s] pcre2-devel-10.36-2.1 ######################################## +[ 13s] libsepol-devel-3.2-1.1 ######################################## +[ 13s] gcc10-10.3.0+git1587-1.2 ######################################## +[ 13s] gcc-10-3.3 ######################################## +[ 13s] libsemanage-conf-3.2-1.3 ######################################## +[ 13s] libsemanage2-3.2-1.3 ######################################## +[ 13s] shadow-4.8.1-6.2 ######################################## +[ 14s] sysuser-shadow-3.0-11.1 ######################################## +[ 14s] /usr/sbin/groupadd -r kmem +[ 14s] /usr/sbin/groupadd -r lock +[ 14s] /usr/sbin/groupadd -r -g 5 tty +[ 14s] /usr/sbin/groupadd -r utmp +[ 14s] /usr/sbin/groupadd -r audio +[ 14s] /usr/sbin/groupadd -r cdrom +[ 14s] /usr/sbin/groupadd -r dialout +[ 14s] /usr/sbin/groupadd -r disk +[ 14s] /usr/sbin/groupadd -r input +[ 14s] /usr/sbin/groupadd -r lp +[ 14s] /usr/sbin/groupadd -r render +[ 14s] /usr/sbin/groupadd -r tape +[ 14s] /usr/sbin/groupadd -r video +[ 14s] system-group-hardware-20170617-21.2 ######################################## +[ 14s] libutempter0-1.2.0-3.3 ######################################## +[ 14s] util-linux-2.36.2-1.5 ######################################## +[ 14s] /usr/bin/mount: setting to root:root 4755 (wrong permissions 0755) +[ 14s] /usr/bin/umount: setting to root:root 4755 (wrong permissions 0755) +[ 14s] /usr/bin/wall: setting to root:tty 2755 (wrong permissions 0755) +[ 14s] /usr/bin/write: setting to root:tty 2755 (wrong permissions 0755) +[ 14s] /usr/bin/su: setting to root:root 4755 (wrong permissions 0755) +[ 14s] file-magic-5.40-1.1 ######################################## +[ 14s] libmagic1-5.40-1.1 ######################################## +[ 14s] file-5.40-1.1 ######################################## +[ 14s] librpmbuild9-4.16.1.3-2.1 ######################################## +[ 14s] rpmlint-mini-1.10-23.12 ######################################## +[ 14s] rpmlint-Factory-1.0-99.1 ######################################## +[ 14s] rpm-build-4.16.1.3-2.1 ######################################## +[ 14s] build-compare-20200727T175347.d95eb35-######################################## +[ 14s] gcc-PIE-10-3.3 ######################################## +[ 14s] libselinux-devel-3.2-2.1 ######################################## +[ 14s] cracklib-devel-2.9.7-1.8 ######################################## +[ 14s] libdb-4_8-devel-4.8.30-38.25 ######################################## +[ 14s] pam-devel-1.5.1-10.1 ######################################## +[ 14s] libeconf-devel-0.4.0+git20210413.fdb80######################################## +[ 14s] audit-devel-2.8.5-5.3 ######################################## +[ 14s] post-build-checks-84.87+git20210304.df######################################## +[ 14s] libtool-2.4.6-8.22 ######################################## +[ 14s] flex-2.6.4-6.1 ######################################## +[ 14s] brp-check-suse-84.87+git20210420.a4765######################################## +[ 14s] bison-3.7.6-3.1 ######################################## +[ 14s] hostname-3.23-2.4 ######################################## +[ 14s] attr-2.5.1-1.1 ######################################## +[ 14s] build-mkbaselibs-20210120-1.4 ######################################## +[ 14s] kernel-obs-build-5.12.3-1.1 ######################################## +[ 15s] now finalizing build dir... +[ 15s] ... running 01-add_abuild_user_to_trusted_group +[ 15s] ... running 02-set_timezone_to_utc +[ 15s] ... running 11-hack_uname_version_to_kernel_version +[ 15s] RTNETLINK answers: File exists +[ 15s] RTNETLINK answers: File exists +[ 15s] ----------------------------------------------------------------- +[ 15s] I have the following modifications for pam.spec: +[ 15s] 44c44 +[ 15s] < Release: 0 +[ 15s] --- +[ 15s] > Release: 11.1 +[ 15s] ----------------------------------------------------------------- +[ 15s] ----- building pam.spec (user abuild) +[ 15s] ----------------------------------------------------------------- +[ 15s] ----------------------------------------------------------------- +[ 15s] + exec rpmbuild -ba --define '_srcdefattr (-,root,root)' --nosignature --define 'disturl obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/83207f1f0c181b7e3f3c5becb047aaec-pam' /home/abuild/rpmbuild/SOURCES/pam.spec +[ 15s] setting SOURCE_DATE_EPOCH=1620604800 +[ 15s] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.cjs8Eb +[ 15s] + umask 022 +[ 15s] + cd /home/abuild/rpmbuild/BUILD +[ 15s] + cd /home/abuild/rpmbuild/BUILD +[ 15s] + rm -rf Linux-PAM-1.5.1 +[ 15s] + /usr/bin/xz -dc /home/abuild/rpmbuild/SOURCES/Linux-PAM-1.5.1-docs.tar.xz +[ 15s] + /usr/bin/tar -xof - +[ 15s] + STATUS=0 +[ 15s] + '[' 0 -ne 0 ']' +[ 15s] + /usr/bin/xz -dc /home/abuild/rpmbuild/SOURCES/Linux-PAM-1.5.1.tar.xz +[ 15s] + /usr/bin/tar -xof - +[ 15s] + STATUS=0 +[ 15s] + '[' 0 -ne 0 ']' +[ 15s] + cd Linux-PAM-1.5.1 +[ 15s] + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . +[ 15s] + cp -a /home/abuild/rpmbuild/SOURCES/pam-login_defs-check.sh . +[ 15s] + echo 'Patch #2 (pam-limit-nproc.patch):' +[ 15s] Patch #2 (pam-limit-nproc.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 +[ 15s] patching file modules/pam_limits/limits.conf +[ 15s] Hunk #1 succeeded at 58 (offset 11 lines). +[ 15s] + echo 'Patch #4 (pam-hostnames-in-access_conf.patch):' +[ 15s] Patch #4 (pam-hostnames-in-access_conf.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 +[ 15s] patching file modules/pam_access/pam_access.c +[ 15s] + echo 'Patch #5 (pam-xauth_ownership.patch):' +[ 15s] Patch #5 (pam-xauth_ownership.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 +[ 15s] patching file modules/pam_xauth/pam_xauth.c +[ 15s] + echo 'Patch #6 (pam_cracklib-removal.patch):' +[ 15s] Patch #6 (pam_cracklib-removal.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -R +[ 15s] patching file configure.ac +[ 15s] Hunk #2 succeeded at 644 (offset -18 lines). +[ 15s] Hunk #3 succeeded at 662 (offset -20 lines). +[ 15s] patching file modules/Makefile.am +[ 15s] Hunk #2 succeeded at 48 (offset -8 lines). +[ 15s] patching file modules/pam_cracklib/Makefile.am +[ 15s] patching file modules/pam_cracklib/README.xml +[ 15s] patching file modules/pam_cracklib/pam_cracklib.8.xml +[ 15s] patching file modules/pam_cracklib/pam_cracklib.c +[ 15s] patching file modules/pam_cracklib/tst-pam_cracklib +[ 15s] + echo 'Patch #7 (pam_tally2-removal.patch):' +[ 15s] Patch #7 (pam_tally2-removal.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -R +[ 15s] patching file configure.ac +[ 15s] Hunk #1 succeeded at 635 (offset 22 lines). +[ 15s] Hunk #2 succeeded at 670 (offset 23 lines). +[ 15s] Hunk #3 succeeded at 701 (offset 23 lines). +[ 15s] patching file modules/Makefile.am +[ 15s] Hunk #1 succeeded at 34 (offset 4 lines). +[ 15s] Hunk #2 succeeded at 90 (offset 5 lines). +[ 15s] patching file modules/pam_tally2/Makefile.am +[ 15s] patching file modules/pam_tally2/pam_tally2.c +[ 15s] patching file modules/pam_tally2/pam_tally2_app.c +[ 15s] patching file modules/pam_tally2/tallylog.h +[ 15s] patching file modules/pam_tally2/tst-pam_tally2 +[ 15s] + echo 'Patch #8 (pam-bsc1177858-dont-free-environment-string.patch):' +[ 15s] Patch #8 (pam-bsc1177858-dont-free-environment-string.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 +[ 15s] patching file modules/pam_xauth/pam_xauth.c +[ 15s] + echo 'Patch #9 (pam-pam_cracklib-add-usersubstr.patch):' +[ 15s] Patch #9 (pam-pam_cracklib-add-usersubstr.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 +[ 15s] patching file modules/pam_cracklib/pam_cracklib.c +[ 15s] + echo 'Patch #10 (pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch):' +[ 15s] Patch #10 (pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 +[ 15s] patching file doc/sag/Linux-PAM_SAG.txt +[ 15s] patching file doc/sag/html/sag-pam_limits.html +[ 15s] patching file modules/pam_limits/limits.conf.5 +[ 15s] patching file modules/pam_limits/limits.conf.5.xml +[ 15s] patching file modules/pam_limits/pam_limits.c +[ 15s] + echo 'Patch #11 (bsc1184358-prevent-LOCAL-from-being-resolved.patch):' +[ 15s] Patch #11 (bsc1184358-prevent-LOCAL-from-being-resolved.patch): +[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 +[ 15s] patching file modules/pam_access/pam_access.c +[ 15s] + RPM_EC=0 +[ 15s] ++ jobs -p +[ 15s] + exit 0 +[ 15s] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Cepyvj +[ 15s] + umask 022 +[ 15s] + cd /home/abuild/rpmbuild/BUILD +[ 15s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 15s] ++ dirname /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 15s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT +[ 15s] + /usr/bin/mkdir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 15s] + cd Linux-PAM-1.5.1 +[ 15s] + bash ./pam-login_defs-check.sh +[ 15s] Checking login.defs variables in pam... OK +[ 15s] + export 'CFLAGS=-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG' +[ 15s] + CFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG' +[ 15s] + CFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG' +[ 15s] + export CFLAGS +[ 15s] + CXXFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto' +[ 15s] + export CXXFLAGS +[ 15s] + FFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto ' +[ 15s] + export FFLAGS +[ 15s] + FCFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto ' +[ 15s] + export FCFLAGS +[ 15s] + LDFLAGS=-flto=auto +[ 15s] + export LDFLAGS +[ 15s] + ./configure --host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --includedir=/usr/include/security --docdir=/usr/share/doc/packages/pam --htmldir=/usr/share/doc/packages/pam/html --pdfdir=/usr/share/doc/packages/pam/pdf --sbindir=/sbin --libdir=/lib64 --enable-isadir=../../lib64/security --enable-securedir=/lib64/security --enable-vendordir=/usr/etc --enable-tally2 --enable-cracklib +[ 16s] configure: WARNING: unrecognized options: --enable-tally2, --enable-cracklib +[ 16s] checking for a BSD-compatible install... /usr/bin/install -c +[ 16s] checking whether build environment is sane... yes +[ 16s] checking for a thread-safe mkdir -p... /usr/bin/mkdir -p +[ 16s] checking for gawk... gawk +[ 16s] checking whether make sets $(MAKE)... yes +[ 16s] checking whether make supports nested variables... yes +[ 16s] checking build system type... x86_64-suse-linux-gnu +[ 16s] checking host system type... x86_64-suse-linux-gnu +[ 16s] checking whether make supports the include directive... yes (GNU style) +[ 16s] checking for x86_64-suse-linux-gnu-gcc... no +[ 16s] checking for gcc... gcc +[ 16s] checking whether the C compiler works... yes +[ 16s] checking for C compiler default output file name... a.out +[ 16s] checking for suffix of executables... +[ 16s] checking whether we are cross compiling... no +[ 16s] checking for suffix of object files... o +[ 16s] checking whether we are using the GNU C compiler... yes +[ 16s] checking whether gcc accepts -g... yes +[ 16s] checking for gcc option to accept ISO C89... none needed +[ 16s] checking whether gcc understands -c and -o together... yes +[ 16s] checking dependency style of gcc... none +[ 16s] checking how to run the C preprocessor... gcc -E +[ 16s] checking for grep that handles long lines and -e... /usr/bin/grep +[ 16s] checking for egrep... /usr/bin/grep -E +[ 16s] checking for ANSI C header files... yes +[ 16s] checking for sys/types.h... yes +[ 16s] checking for sys/stat.h... yes +[ 16s] checking for stdlib.h... yes +[ 16s] checking for string.h... yes +[ 16s] checking for memory.h... yes +[ 16s] checking for strings.h... yes +[ 16s] checking for inttypes.h... yes +[ 17s] checking for stdint.h... yes +[ 17s] checking for unistd.h... yes +[ 17s] checking minix/config.h usability... no +[ 17s] checking minix/config.h presence... no +[ 17s] checking for minix/config.h... no +[ 17s] checking whether it is safe to define __EXTENSIONS__... yes +[ 17s] checking how to print strings... printf +[ 17s] checking for a sed that does not truncate output... /usr/bin/sed +[ 17s] checking for fgrep... /usr/bin/grep -F +[ 17s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld +[ 17s] checking if the linker (/usr/x86_64-suse-linux/bin/ld) is GNU ld... yes +[ 17s] checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B +[ 17s] checking the name lister (/usr/bin/nm -B) interface... BSD nm +[ 17s] checking whether ln -s works... yes +[ 17s] checking the maximum length of command line arguments... 1572864 +[ 17s] checking how to convert x86_64-suse-linux-gnu file names to x86_64-suse-linux-gnu format... func_convert_file_noop +[ 17s] checking how to convert x86_64-suse-linux-gnu file names to toolchain format... func_convert_file_noop +[ 17s] checking for /usr/x86_64-suse-linux/bin/ld option to reload object files... -r +[ 17s] checking for x86_64-suse-linux-gnu-objdump... no +[ 17s] checking for objdump... objdump +[ 17s] checking how to recognize dependent libraries... pass_all +[ 17s] checking for x86_64-suse-linux-gnu-dlltool... no +[ 17s] checking for dlltool... no +[ 17s] checking how to associate runtime and link libraries... printf %s\n +[ 17s] checking for x86_64-suse-linux-gnu-ar... no +[ 17s] checking for ar... ar +[ 17s] checking for archiver @FILE support... @ +[ 17s] checking for x86_64-suse-linux-gnu-strip... no +[ 17s] checking for strip... strip +[ 17s] checking for x86_64-suse-linux-gnu-ranlib... no +[ 17s] checking for ranlib... ranlib +[ 17s] checking command to parse /usr/bin/nm -B output from gcc object... ok +[ 17s] checking for sysroot... no +[ 17s] checking for a working dd... /usr/bin/dd +[ 17s] checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1 +[ 17s] checking for x86_64-suse-linux-gnu-mt... no +[ 17s] checking for mt... no +[ 17s] checking if : is a manifest tool... no +[ 17s] checking for dlfcn.h... yes +[ 17s] checking for objdir... .libs +[ 17s] checking if gcc supports -fno-rtti -fno-exceptions... no +[ 17s] checking for gcc option to produce PIC... -fPIC -DPIC +[ 17s] checking if gcc PIC flag -fPIC -DPIC works... yes +[ 17s] checking if gcc static flag -static works... no +[ 17s] checking if gcc supports -c -o file.o... yes +[ 17s] checking if gcc supports -c -o file.o... (cached) yes +[ 17s] checking whether the gcc linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) supports shared libraries... yes +[ 17s] checking whether -lc should be explicitly linked in... no +[ 17s] checking dynamic linker characteristics... GNU/Linux ld.so +[ 17s] checking how to hardcode library paths into programs... immediate +[ 17s] checking whether stripping libraries is possible... yes +[ 17s] checking if libtool supports shared libraries... yes +[ 17s] checking whether to build shared libraries... yes +[ 17s] checking whether to build static libraries... no +[ 17s] checking for x86_64-suse-linux-gnu-gcc... gcc +[ 17s] checking whether we are using the GNU C compiler... (cached) yes +[ 17s] checking whether gcc accepts -g... (cached) yes +[ 17s] checking for gcc option to accept ISO C89... (cached) none needed +[ 17s] checking whether gcc understands -c and -o together... (cached) yes +[ 17s] checking dependency style of gcc... (cached) none +[ 17s] checking for bison... bison -y +[ 17s] checking for flex... flex +[ 17s] checking lex output file root... lex.yy +[ 18s] checking lex library... -lfl +[ 18s] checking whether yytext is a pointer... yes +[ 18s] checking whether ln -s works... yes +[ 18s] checking whether make sets $(MAKE)... (cached) yes +[ 18s] checking whether ld supports --as-needed... yes +[ 18s] checking whether ld supports --no-undefined... yes +[ 18s] checking whether ld supports -O1... yes +[ 18s] checking whether ld supports "-z now"... yes +[ 18s] checking for special C compiler options needed for large files... no +[ 18s] checking for _FILE_OFFSET_BITS value needed for large files... no +[ 18s] checking whether gcc handles -Werror -Wunknown-warning-option... no +[ 18s] checking whether gcc handles -W... yes +[ 19s] checking whether gcc handles -Wall... yes +[ 19s] checking whether gcc handles -Wbad-function-cast... yes +[ 19s] checking whether gcc handles -Wcast-align... yes +[ 19s] checking whether gcc handles -Wcast-align=strict... yes +[ 19s] checking whether gcc handles -Wcast-qual... yes +[ 19s] checking whether gcc handles -Wdeprecated... yes +[ 19s] checking whether gcc handles -Winline... yes +[ 19s] checking whether gcc handles -Wmain... yes +[ 19s] checking whether gcc handles -Wmissing-declarations... yes +[ 19s] checking whether gcc handles -Wmissing-format-attribute... yes +[ 19s] checking whether gcc handles -Wmissing-prototypes... yes +[ 19s] checking whether gcc handles -Wp64... no +[ 19s] checking whether gcc handles -Wpointer-arith... yes +[ 19s] checking whether gcc handles -Wreturn-type... yes +[ 19s] checking whether gcc handles -Wshadow... yes +[ 20s] checking whether gcc handles -Wstrict-prototypes... yes +[ 20s] checking whether gcc handles -Wuninitialized... yes +[ 20s] checking whether gcc handles -Wwrite-strings... yes +[ 20s] checking for CC_FOR_BUILD... gcc +[ 20s] checking for __attribute__((unused))... yes +[ 20s] checking for .symver assembler directive... yes +[ 20s] checking for ld --version-script... yes +[ 20s] checking for -fpie/-pie support... yes +[ 20s] checking for libprelude-config... no +[ 20s] checking for libprelude - version >= 0.9.0... no +[ 20s] Defining $ISA to "../../lib64/security" +[ 20s] checking paths.h usability... yes +[ 20s] checking paths.h presence... yes +[ 20s] checking for paths.h... yes +[ 20s] checking for xauth... no +[ 20s] checking for library containing dlopen... -ldl +[ 20s] checking libaudit.h usability... yes +[ 20s] checking libaudit.h presence... yes +[ 20s] checking for libaudit.h... yes +[ 20s] checking for audit_log_acct_message in -laudit... yes +[ 20s] checking for struct audit_tty_status... yes +[ 20s] checking for struct audit_tty_status.log_passwd... yes +[ 20s] checking xcrypt.h usability... yes +[ 20s] checking xcrypt.h presence... yes +[ 20s] checking for xcrypt.h... yes +[ 20s] checking crypt.h usability... yes +[ 20s] checking crypt.h presence... yes +[ 20s] checking for crypt.h... yes +[ 20s] checking for library containing crypt... -lxcrypt +[ 21s] checking for crypt_r... yes +[ 21s] checking for crypt_gensalt_r... no +[ 21s] checking for db_create... yes +[ 21s] checking db.h usability... yes +[ 21s] checking db.h presence... yes +[ 21s] checking for db.h... yes +[ 21s] checking for x86_64-suse-linux-gnu-pkg-config... /usr/bin/x86_64-suse-linux-gnu-pkg-config +[ 21s] checking pkg-config is at least version 0.9.0... yes +[ 21s] checking for libtirpc... no +[ 21s] checking for libnsl... no +[ 21s] checking for yp_match in -lnsl... no +[ 21s] checking for yp_get_default_domain... no +[ 21s] checking for yperr_string... no +[ 21s] checking for yp_master... no +[ 21s] checking for yp_bind... no +[ 21s] checking for yp_match... no +[ 21s] checking for yp_unbind... no +[ 21s] checking for getrpcport... no +[ 22s] checking for rpcb_getaddr... no +[ 22s] checking rpc/rpc.h usability... no +[ 22s] checking rpc/rpc.h presence... no +[ 22s] checking for rpc/rpc.h... no +[ 22s] checking rpcsvc/ypclnt.h usability... no +[ 22s] checking rpcsvc/ypclnt.h presence... no +[ 22s] checking for rpcsvc/ypclnt.h... no +[ 22s] checking rpcsvc/yp_prot.h usability... no +[ 22s] checking rpcsvc/yp_prot.h presence... no +[ 22s] checking for rpcsvc/yp_prot.h... no +[ 22s] checking whether getrpcport is declared... no +[ 22s] checking for getfilecon in -lselinux... yes +[ 22s] checking for setkeycreatecon... yes +[ 22s] checking for getseuser... yes +[ 22s] checking for libeconf... yes +[ 22s] checking for dirent.h that defines DIR... yes +[ 22s] checking for library containing opendir... none required +[ 22s] checking for ANSI C header files... (cached) yes +[ 22s] checking for sys/wait.h that is POSIX.1 compatible... yes +[ 22s] checking fcntl.h usability... yes +[ 22s] checking fcntl.h presence... yes +[ 22s] checking for fcntl.h... yes +[ 22s] checking limits.h usability... yes +[ 22s] checking limits.h presence... yes +[ 22s] checking for limits.h... yes +[ 22s] checking malloc.h usability... yes +[ 22s] checking malloc.h presence... yes +[ 22s] checking for malloc.h... yes +[ 22s] checking sys/file.h usability... yes +[ 22s] checking sys/file.h presence... yes +[ 22s] checking for sys/file.h... yes +[ 22s] checking sys/ioctl.h usability... yes +[ 22s] checking sys/ioctl.h presence... yes +[ 22s] checking for sys/ioctl.h... yes +[ 22s] checking sys/time.h usability... yes +[ 22s] checking sys/time.h presence... yes +[ 22s] checking for sys/time.h... yes +[ 22s] checking syslog.h usability... yes +[ 22s] checking syslog.h presence... yes +[ 22s] checking for syslog.h... yes +[ 23s] checking net/if.h usability... yes +[ 23s] checking net/if.h presence... yes +[ 23s] checking for net/if.h... yes +[ 23s] checking termio.h usability... yes +[ 23s] checking termio.h presence... yes +[ 23s] checking for termio.h... yes +[ 23s] checking for unistd.h... (cached) yes +[ 23s] checking sys/fsuid.h usability... yes +[ 23s] checking sys/fsuid.h presence... yes +[ 23s] checking for sys/fsuid.h... yes +[ 23s] checking inittypes.h usability... no +[ 23s] checking inittypes.h presence... no +[ 23s] checking for inittypes.h... no +[ 23s] checking lastlog.h usability... yes +[ 23s] checking lastlog.h presence... yes +[ 23s] checking for lastlog.h... yes +[ 23s] checking utmp.h usability... yes +[ 23s] checking utmp.h presence... yes +[ 23s] checking for utmp.h... yes +[ 23s] checking utmpx.h usability... yes +[ 23s] checking utmpx.h presence... yes +[ 23s] checking for utmpx.h... yes +[ 23s] checking whether byte ordering is bigendian... no +[ 23s] checking for an ANSI C-conforming const... yes +[ 23s] checking for uid_t in sys/types.h... yes +[ 23s] checking for off_t... yes +[ 23s] checking for pid_t... yes +[ 23s] checking for size_t... yes +[ 23s] checking whether time.h and sys/time.h may both be included... yes +[ 23s] checking whether struct tm is in sys/time.h or time.h... time.h +[ 23s] checking type of array argument to getgroups... gid_t +[ 23s] checking whether gcc needs -traditional... no +[ 23s] checking for working memcmp... yes +[ 24s] checking for vprintf... yes +[ 24s] checking for _doprnt... no +[ 24s] checking for fseeko... yes +[ 24s] checking for getdomainname... yes +[ 24s] checking for gethostname... yes +[ 24s] checking for gettimeofday... yes +[ 24s] checking for lckpwdf... yes +[ 24s] checking for mkdir... yes +[ 24s] checking for select... yes +[ 24s] checking for strcspn... yes +[ 24s] checking for strdup... yes +[ 24s] checking for strspn... yes +[ 25s] checking for strstr... yes +[ 25s] checking for strtol... yes +[ 25s] checking for uname... yes +[ 25s] checking for getutent_r... yes +[ 25s] checking for getpwnam_r... yes +[ 25s] checking for getpwuid_r... yes +[ 25s] checking for getgrnam_r... yes +[ 25s] checking for getgrgid_r... yes +[ 25s] checking for getspnam_r... yes +[ 25s] checking for getmntent_r... yes +[ 25s] checking for getgrouplist... yes +[ 25s] checking for getline... yes +[ 25s] checking for getdelim... yes +[ 26s] checking for inet_ntop... yes +[ 26s] checking for inet_pton... yes +[ 26s] checking for innetgr... yes +[ 26s] checking for quotactl... yes +[ 26s] checking for unshare... yes +[ 26s] checking for ruserok_af... yes +[ 26s] checking for logwtmp... yes +[ 26s] checking for xsltproc... no +[ 26s] checking for xmllint... /bin/true +[ 26s] checking for XML catalog (/etc/xml/catalog)... not found +[ 26s] checking for xmlcatalog... no +[ 26s] checking for DocBook XML DTD V4.4 in XML catalog... not found +[ 26s] checking for DocBook XSL Stylesheets in XML catalog... not found +[ 26s] checking for w3m... no +[ 26s] checking for elinks... no +[ 26s] checking for fop... no +[ 26s] checking whether NLS is requested... yes +[ 26s] checking for msgfmt... /usr/bin/msgfmt +[ 26s] checking for gmsgfmt... /usr/bin/msgfmt +[ 26s] checking for xgettext... /usr/bin/xgettext +[ 26s] checking for msgmerge... /usr/bin/msgmerge +[ 26s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld -m elf_x86_64 +[ 26s] checking if the linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) is GNU ld... yes +[ 26s] checking for shared library run path origin... done +[ 26s] checking for CFPreferencesCopyAppValue... no +[ 26s] checking for CFLocaleCopyCurrent... no +[ 26s] checking for GNU gettext in libc... yes +[ 26s] checking whether to use NLS... yes +[ 26s] checking where the gettext function comes from... libc +[ 26s] checking for dngettext... yes +[ 26s] checking whether __NR_keyctl is declared... yes +[ 26s] checking that generated files are newer than configure... done +[ 26s] configure: creating ./config.status +[ 27s] config.status: creating Makefile +[ 27s] config.status: creating libpam/Makefile +[ 27s] config.status: creating libpamc/Makefile +[ 27s] config.status: creating libpamc/test/Makefile +[ 27s] config.status: creating libpam_misc/Makefile +[ 27s] config.status: creating conf/Makefile +[ 27s] config.status: creating conf/pam_conv1/Makefile +[ 27s] config.status: creating po/Makefile.in +[ 27s] config.status: creating Make.xml.rules +[ 27s] config.status: creating modules/Makefile +[ 27s] config.status: creating modules/pam_access/Makefile +[ 27s] config.status: creating modules/pam_debug/Makefile +[ 27s] config.status: creating modules/pam_deny/Makefile +[ 27s] config.status: creating modules/pam_echo/Makefile +[ 27s] config.status: creating modules/pam_env/Makefile +[ 27s] config.status: creating modules/pam_faildelay/Makefile +[ 27s] config.status: creating modules/pam_faillock/Makefile +[ 27s] config.status: creating modules/pam_filter/Makefile +[ 27s] config.status: creating modules/pam_filter/upperLOWER/Makefile +[ 27s] config.status: creating modules/pam_ftp/Makefile +[ 27s] config.status: creating modules/pam_group/Makefile +[ 27s] config.status: creating modules/pam_issue/Makefile +[ 27s] config.status: creating modules/pam_keyinit/Makefile +[ 27s] config.status: creating modules/pam_lastlog/Makefile +[ 27s] config.status: creating modules/pam_limits/Makefile +[ 27s] config.status: creating modules/pam_listfile/Makefile +[ 27s] config.status: creating modules/pam_localuser/Makefile +[ 27s] config.status: creating modules/pam_loginuid/Makefile +[ 27s] config.status: creating modules/pam_mail/Makefile +[ 27s] config.status: creating modules/pam_mkhomedir/Makefile +[ 27s] config.status: creating modules/pam_motd/Makefile +[ 27s] config.status: creating modules/pam_namespace/Makefile +[ 27s] config.status: creating modules/pam_namespace/pam_namespace_helper +[ 27s] config.status: creating modules/pam_namespace/pam_namespace.service +[ 27s] config.status: creating modules/pam_nologin/Makefile +[ 27s] config.status: creating modules/pam_permit/Makefile +[ 27s] config.status: creating modules/pam_pwhistory/Makefile +[ 27s] config.status: creating modules/pam_rhosts/Makefile +[ 27s] config.status: creating modules/pam_rootok/Makefile +[ 27s] config.status: creating modules/pam_exec/Makefile +[ 27s] config.status: creating modules/pam_securetty/Makefile +[ 27s] config.status: creating modules/pam_selinux/Makefile +[ 27s] config.status: creating modules/pam_sepermit/Makefile +[ 28s] config.status: creating modules/pam_setquota/Makefile +[ 28s] config.status: creating modules/pam_shells/Makefile +[ 28s] config.status: creating modules/pam_stress/Makefile +[ 28s] config.status: creating modules/pam_succeed_if/Makefile +[ 28s] config.status: creating modules/pam_time/Makefile +[ 28s] config.status: creating modules/pam_timestamp/Makefile +[ 28s] config.status: creating modules/pam_tty_audit/Makefile +[ 28s] config.status: creating modules/pam_umask/Makefile +[ 28s] config.status: creating modules/pam_unix/Makefile +[ 28s] config.status: creating modules/pam_userdb/Makefile +[ 28s] config.status: creating modules/pam_usertype/Makefile +[ 28s] config.status: creating modules/pam_warn/Makefile +[ 28s] config.status: creating modules/pam_wheel/Makefile +[ 28s] config.status: creating modules/pam_xauth/Makefile +[ 28s] config.status: creating doc/Makefile +[ 28s] config.status: creating doc/specs/Makefile +[ 28s] config.status: creating doc/man/Makefile +[ 28s] config.status: creating doc/sag/Makefile +[ 28s] config.status: creating doc/adg/Makefile +[ 28s] config.status: creating doc/mwg/Makefile +[ 28s] config.status: creating examples/Makefile +[ 28s] config.status: creating tests/Makefile +[ 28s] config.status: creating xtests/Makefile +[ 28s] config.status: creating config.h +[ 28s] config.status: executing depfiles commands +[ 28s] config.status: executing libtool commands +[ 28s] config.status: executing po-directories commands +[ 28s] config.status: creating po/POTFILES +[ 28s] config.status: creating po/Makefile +[ 28s] configure: WARNING: unrecognized options: --enable-tally2, --enable-cracklib +[ 28s] + make -j8 +[ 28s] CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing aclocal-1.16 -I m4 +[ 29s] CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing autoconf +[ 29s] cd . && /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing automake-1.16 --gnu +[ 30s] /bin/sh ./config.status --recheck +[ 30s] running CONFIG_SHELL=/bin/sh /bin/sh ./configure --host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --includedir=/usr/include/security --docdir=/usr/share/doc/packages/pam --htmldir=/usr/share/doc/packages/pam/html --pdfdir=/usr/share/doc/packages/pam/pdf --sbindir=/sbin --libdir=/lib64 --enable-isadir=../../lib64/security --enable-securedir=/lib64/security --enable-vendordir=/usr/etc --enable-tally2 --enable-cracklib build_alias=x86_64-suse-linux-gnu host_alias=x86_64-suse-linux-gnu CFLAGS=-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG LDFLAGS=-flto=auto PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig --no-create --no-recursion +[ 30s] checking for a BSD-compatible install... /usr/bin/install -c +[ 30s] checking whether build environment is sane... yes +[ 30s] checking for a thread-safe mkdir -p... /usr/bin/mkdir -p +[ 30s] checking for gawk... gawk +[ 30s] checking whether make sets $(MAKE)... yes +[ 30s] checking whether make supports nested variables... yes +[ 30s] checking build system type... x86_64-suse-linux-gnu +[ 30s] checking host system type... x86_64-suse-linux-gnu +[ 30s] checking whether make supports the include directive... yes (GNU style) +[ 30s] checking for x86_64-suse-linux-gnu-gcc... no +[ 30s] checking for gcc... gcc +[ 30s] checking whether the C compiler works... yes +[ 30s] checking for C compiler default output file name... a.out +[ 30s] checking for suffix of executables... +[ 30s] checking whether we are cross compiling... no +[ 30s] checking for suffix of object files... o +[ 30s] checking whether we are using the GNU C compiler... yes +[ 30s] checking whether gcc accepts -g... yes +[ 30s] checking for gcc option to accept ISO C89... none needed +[ 30s] checking whether gcc understands -c and -o together... doc/specs/Makefile.am:16: warning: 'CFLAGS' is a user variable, you should not override it; +[ 30s] doc/specs/Makefile.am:16: use 'AM_CFLAGS' instead +[ 30s] doc/specs/Makefile.am:15: warning: 'CPPFLAGS' is a user variable, you should not override it; +[ 30s] doc/specs/Makefile.am:15: use 'AM_CPPFLAGS' instead +[ 30s] doc/specs/Makefile.am:17: warning: 'LDFLAGS' is a user variable, you should not override it; +[ 30s] doc/specs/Makefile.am:17: use 'AM_LDFLAGS' instead +[ 30s] yes +[ 30s] checking dependency style of gcc... none +[ 30s] checking how to run the C preprocessor... gcc -E +[ 30s] checking for grep that handles long lines and -e... /usr/bin/grep +[ 30s] checking for egrep... /usr/bin/grep -E +[ 30s] checking for ANSI C header files... yes +[ 31s] checking for sys/types.h... yes +[ 31s] checking for sys/stat.h... yes +[ 31s] checking for stdlib.h... yes +[ 31s] checking for string.h... yes +[ 31s] checking for memory.h... yes +[ 31s] checking for strings.h... yes +[ 31s] checking for inttypes.h... yes +[ 31s] checking for stdint.h... yes +[ 31s] checking for unistd.h... yes +[ 31s] checking minix/config.h usability... no +[ 31s] checking minix/config.h presence... no +[ 31s] checking for minix/config.h... no +[ 31s] checking whether it is safe to define __EXTENSIONS__... yes +[ 31s] checking how to print strings... printf +[ 31s] checking for a sed that does not truncate output... /usr/bin/sed +[ 31s] checking for fgrep... /usr/bin/grep -F +[ 31s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld +[ 31s] checking if the linker (/usr/x86_64-suse-linux/bin/ld) is GNU ld... yes +[ 31s] checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B +[ 31s] checking the name lister (/usr/bin/nm -B) interface... BSD nm +[ 31s] checking whether ln -s works... yes +[ 31s] checking the maximum length of command line arguments... 1572864 +[ 31s] checking how to convert x86_64-suse-linux-gnu file names to x86_64-suse-linux-gnu format... func_convert_file_noop +[ 31s] checking how to convert x86_64-suse-linux-gnu file names to toolchain format... func_convert_file_noop +[ 31s] checking for /usr/x86_64-suse-linux/bin/ld option to reload object files... -r +[ 31s] checking for x86_64-suse-linux-gnu-objdump... no +[ 31s] checking for objdump... objdump +[ 31s] checking how to recognize dependent libraries... pass_all +[ 31s] checking for x86_64-suse-linux-gnu-dlltool... no +[ 31s] checking for dlltool... no +[ 31s] checking how to associate runtime and link libraries... printf %s\n +[ 31s] checking for x86_64-suse-linux-gnu-ar... no +[ 31s] checking for ar... ar +[ 31s] checking for archiver @FILE support... @ +[ 31s] checking for x86_64-suse-linux-gnu-strip... no +[ 31s] checking for strip... strip +[ 31s] checking for x86_64-suse-linux-gnu-ranlib... no +[ 31s] checking for ranlib... ranlib +[ 31s] checking command to parse /usr/bin/nm -B output from gcc object... ok +[ 31s] checking for sysroot... no +[ 31s] checking for a working dd... /usr/bin/dd +[ 31s] checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1 +[ 31s] checking for x86_64-suse-linux-gnu-mt... no +[ 31s] checking for mt... no +[ 31s] checking if : is a manifest tool... no +[ 31s] checking for dlfcn.h... yes +[ 31s] checking for objdir... .libs +[ 31s] checking if gcc supports -fno-rtti -fno-exceptions... no +[ 31s] checking for gcc option to produce PIC... -fPIC -DPIC +[ 31s] checking if gcc PIC flag -fPIC -DPIC works... yes +[ 31s] checking if gcc static flag -static works... no +[ 31s] checking if gcc supports -c -o file.o... yes +[ 31s] checking if gcc supports -c -o file.o... (cached) yes +[ 31s] checking whether the gcc linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) supports shared libraries... yes +[ 31s] checking whether -lc should be explicitly linked in... no +[ 31s] checking dynamic linker characteristics... GNU/Linux ld.so +[ 31s] checking how to hardcode library paths into programs... immediate +[ 31s] checking whether stripping libraries is possible... yes +[ 31s] checking if libtool supports shared libraries... yes +[ 31s] checking whether to build shared libraries... yes +[ 31s] checking whether to build static libraries... no +[ 31s] checking for x86_64-suse-linux-gnu-gcc... gcc +[ 32s] checking whether we are using the GNU C compiler... (cached) yes +[ 32s] checking whether gcc accepts -g... (cached) yes +[ 32s] checking for gcc option to accept ISO C89... (cached) none needed +[ 32s] checking whether gcc understands -c and -o together... (cached) yes +[ 32s] checking dependency style of gcc... (cached) none +[ 32s] checking for bison... bison -y +[ 32s] checking for flex... flex +[ 32s] checking lex output file root... lex.yy +[ 32s] checking lex library... -lfl +[ 32s] checking whether yytext is a pointer... yes +[ 32s] checking whether ln -s works... yes +[ 32s] checking whether make sets $(MAKE)... (cached) yes +[ 32s] checking whether ld supports --as-needed... yes +[ 32s] checking whether ld supports --no-undefined... yes +[ 32s] checking whether ld supports -O1... yes +[ 32s] checking whether ld supports "-z now"... yes +[ 32s] checking for special C compiler options needed for large files... no +[ 33s] checking for _FILE_OFFSET_BITS value needed for large files... no +[ 33s] checking whether gcc handles -Werror -Wunknown-warning-option... no +[ 33s] checking whether gcc handles -W... yes +[ 33s] checking whether gcc handles -Wall... yes +[ 33s] checking whether gcc handles -Wbad-function-cast... yes +[ 33s] checking whether gcc handles -Wcast-align... yes +[ 33s] checking whether gcc handles -Wcast-align=strict... yes +[ 33s] checking whether gcc handles -Wcast-qual... yes +[ 33s] checking whether gcc handles -Wdeprecated... yes +[ 33s] checking whether gcc handles -Winline... yes +[ 33s] checking whether gcc handles -Wmain... yes +[ 33s] checking whether gcc handles -Wmissing-declarations... yes +[ 33s] checking whether gcc handles -Wmissing-format-attribute... yes +[ 33s] checking whether gcc handles -Wmissing-prototypes... yes +[ 33s] checking whether gcc handles -Wp64... no +[ 33s] checking whether gcc handles -Wpointer-arith... yes +[ 34s] checking whether gcc handles -Wreturn-type... yes +[ 34s] checking whether gcc handles -Wshadow... yes +[ 34s] checking whether gcc handles -Wstrict-prototypes... yes +[ 34s] checking whether gcc handles -Wuninitialized... yes +[ 34s] checking whether gcc handles -Wwrite-strings... yes +[ 34s] checking for CC_FOR_BUILD... gcc +[ 34s] checking for __attribute__((unused))... yes +[ 34s] checking for .symver assembler directive... yes +[ 34s] checking for ld --version-script... yes +[ 34s] checking for -fpie/-pie support... yes +[ 34s] checking for libprelude-config... no +[ 34s] checking for libprelude - version >= 0.9.0... no +[ 34s] Defining $ISA to "../../lib64/security" +[ 34s] checking paths.h usability... yes +[ 34s] checking paths.h presence... yes +[ 34s] checking for paths.h... yes +[ 34s] checking for xauth... no +[ 34s] checking for library containing dlopen... -ldl +[ 34s] checking crack.h usability... yes +[ 34s] checking crack.h presence... yes +[ 34s] checking for crack.h... yes +[ 34s] checking for FascistCheck in -lcrack... yes +[ 34s] checking libaudit.h usability... yes +[ 34s] checking libaudit.h presence... yes +[ 34s] checking for libaudit.h... yes +[ 34s] checking for audit_log_acct_message in -laudit... yes +[ 35s] checking for struct audit_tty_status... yes +[ 35s] checking for struct audit_tty_status.log_passwd... yes +[ 35s] checking xcrypt.h usability... yes +[ 35s] checking xcrypt.h presence... yes +[ 35s] checking for xcrypt.h... yes +[ 35s] checking crypt.h usability... yes +[ 35s] checking crypt.h presence... yes +[ 35s] checking for crypt.h... yes +[ 35s] checking for library containing crypt... -lxcrypt +[ 35s] checking for crypt_r... yes +[ 35s] checking for crypt_gensalt_r... no +[ 35s] checking for db_create... yes +[ 35s] checking db.h usability... yes +[ 35s] checking db.h presence... yes +[ 35s] checking for db.h... yes +[ 35s] checking for x86_64-suse-linux-gnu-pkg-config... /usr/bin/x86_64-suse-linux-gnu-pkg-config +[ 35s] checking pkg-config is at least version 0.9.0... yes +[ 35s] checking for TIRPC... no +[ 35s] checking for NSL... no +[ 35s] checking for yp_match in -lnsl... no +[ 35s] checking for yp_get_default_domain... no +[ 35s] checking for yperr_string... no +[ 35s] checking for yp_master... no +[ 36s] checking for yp_bind... no +[ 36s] checking for yp_match... no +[ 36s] checking for yp_unbind... no +[ 36s] checking for getrpcport... no +[ 36s] checking for rpcb_getaddr... no +[ 36s] checking rpc/rpc.h usability... no +[ 36s] checking rpc/rpc.h presence... no +[ 36s] checking for rpc/rpc.h... no +[ 36s] checking rpcsvc/ypclnt.h usability... no +[ 36s] checking rpcsvc/ypclnt.h presence... no +[ 36s] checking for rpcsvc/ypclnt.h... no +[ 36s] checking rpcsvc/yp_prot.h usability... no +[ 36s] checking rpcsvc/yp_prot.h presence... no +[ 36s] checking for rpcsvc/yp_prot.h... no +[ 36s] checking whether getrpcport is declared... no +[ 36s] checking for getfilecon in -lselinux... yes +[ 36s] checking for setkeycreatecon... yes +[ 36s] checking for getseuser... yes +[ 36s] checking for ECONF... yes +[ 36s] checking for dirent.h that defines DIR... yes +[ 36s] checking for library containing opendir... none required +[ 36s] checking for ANSI C header files... (cached) yes +[ 36s] checking for sys/wait.h that is POSIX.1 compatible... yes +[ 36s] checking fcntl.h usability... yes +[ 36s] checking fcntl.h presence... yes +[ 36s] checking for fcntl.h... yes +[ 36s] checking limits.h usability... yes +[ 36s] checking limits.h presence... yes +[ 36s] checking for limits.h... yes +[ 37s] checking malloc.h usability... yes +[ 37s] checking malloc.h presence... yes +[ 37s] checking for malloc.h... yes +[ 37s] checking sys/file.h usability... yes +[ 37s] checking sys/file.h presence... yes +[ 37s] checking for sys/file.h... yes +[ 37s] checking sys/ioctl.h usability... yes +[ 37s] checking sys/ioctl.h presence... yes +[ 37s] checking for sys/ioctl.h... yes +[ 37s] checking sys/time.h usability... yes +[ 37s] checking sys/time.h presence... yes +[ 37s] checking for sys/time.h... yes +[ 37s] checking syslog.h usability... yes +[ 37s] checking syslog.h presence... yes +[ 37s] checking for syslog.h... yes +[ 37s] checking net/if.h usability... yes +[ 37s] checking net/if.h presence... yes +[ 37s] checking for net/if.h... yes +[ 37s] checking termio.h usability... yes +[ 37s] checking termio.h presence... yes +[ 37s] checking for termio.h... yes +[ 37s] checking for unistd.h... (cached) yes +[ 37s] checking sys/fsuid.h usability... yes +[ 37s] checking sys/fsuid.h presence... yes +[ 37s] checking for sys/fsuid.h... yes +[ 37s] checking inittypes.h usability... no +[ 37s] checking inittypes.h presence... no +[ 37s] checking for inittypes.h... no +[ 37s] checking lastlog.h usability... yes +[ 37s] checking lastlog.h presence... yes +[ 37s] checking for lastlog.h... yes +[ 37s] checking utmp.h usability... yes +[ 37s] checking utmp.h presence... yes +[ 37s] checking for utmp.h... yes +[ 37s] checking utmpx.h usability... yes +[ 37s] checking utmpx.h presence... yes +[ 37s] checking for utmpx.h... yes +[ 37s] checking whether byte ordering is bigendian... no +[ 37s] checking for an ANSI C-conforming const... yes +[ 37s] checking for uid_t in sys/types.h... yes +[ 37s] checking for off_t... yes +[ 37s] checking for pid_t... yes +[ 37s] checking for size_t... yes +[ 37s] checking whether time.h and sys/time.h may both be included... yes +[ 38s] checking whether struct tm is in sys/time.h or time.h... time.h +[ 38s] checking type of array argument to getgroups... gid_t +[ 38s] checking whether gcc needs -traditional... no +[ 38s] checking for working memcmp... yes +[ 38s] checking for vprintf... yes +[ 38s] checking for _doprnt... no +[ 38s] checking for fseeko... yes +[ 38s] checking for getdomainname... yes +[ 38s] checking for gethostname... yes +[ 38s] checking for gettimeofday... yes +[ 38s] checking for lckpwdf... yes +[ 38s] checking for mkdir... yes +[ 38s] checking for select... yes +[ 39s] checking for strcspn... yes +[ 39s] checking for strdup... yes +[ 39s] checking for strspn... yes +[ 39s] checking for strstr... yes +[ 39s] checking for strtol... yes +[ 39s] checking for uname... yes +[ 39s] checking for getutent_r... yes +[ 39s] checking for getpwnam_r... yes +[ 39s] checking for getpwuid_r... yes +[ 39s] checking for getgrnam_r... yes +[ 39s] checking for getgrgid_r... yes +[ 39s] checking for getspnam_r... yes +[ 40s] checking for getmntent_r... yes +[ 40s] checking for getgrouplist... yes +[ 40s] checking for getline... yes +[ 40s] checking for getdelim... yes +[ 40s] checking for inet_ntop... yes +[ 40s] checking for inet_pton... yes +[ 40s] checking for innetgr... yes +[ 40s] checking for quotactl... yes +[ 40s] checking for unshare... yes +[ 40s] checking for ruserok_af... yes +[ 40s] checking for logwtmp... yes +[ 40s] checking for xsltproc... no +[ 40s] checking for xmllint... /bin/true +[ 40s] checking for XML catalog (/etc/xml/catalog)... not found +[ 40s] checking for xmlcatalog... no +[ 40s] checking for DocBook XML DTD V4.4 in XML catalog... not found +[ 40s] checking for DocBook XSL Stylesheets in XML catalog... not found +[ 40s] checking for w3m... no +[ 40s] checking for elinks... no +[ 40s] checking for fop... no +[ 40s] checking whether NLS is requested... yes +[ 40s] checking for msgfmt... /usr/bin/msgfmt +[ 40s] checking for gmsgfmt... /usr/bin/msgfmt +[ 40s] checking for xgettext... /usr/bin/xgettext +[ 40s] checking for msgmerge... /usr/bin/msgmerge +[ 40s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld -m elf_x86_64 +[ 40s] checking if the linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) is GNU ld... yes +[ 40s] checking for shared library run path origin... done +[ 40s] checking for CFPreferencesCopyAppValue... no +[ 40s] checking for CFLocaleCopyCurrent... no +[ 41s] checking for GNU gettext in libc... yes +[ 41s] checking whether to use NLS... yes +[ 41s] checking where the gettext function comes from... libc +[ 41s] checking for dngettext... yes +[ 41s] checking whether __NR_keyctl is declared... yes +[ 41s] checking that generated files are newer than configure... done +[ 41s] configure: creating ./config.status +[ 41s] /bin/sh ./config.status +[ 41s] config.status: creating Makefile +[ 41s] config.status: creating libpam/Makefile +[ 41s] config.status: creating libpamc/Makefile +[ 41s] config.status: creating libpamc/test/Makefile +[ 41s] config.status: creating libpam_misc/Makefile +[ 41s] config.status: creating conf/Makefile +[ 41s] config.status: creating conf/pam_conv1/Makefile +[ 41s] config.status: creating po/Makefile.in +[ 41s] config.status: creating Make.xml.rules +[ 41s] config.status: creating modules/Makefile +[ 41s] config.status: creating modules/pam_access/Makefile +[ 41s] config.status: creating modules/pam_cracklib/Makefile +[ 41s] config.status: creating modules/pam_debug/Makefile +[ 41s] config.status: creating modules/pam_deny/Makefile +[ 41s] config.status: creating modules/pam_echo/Makefile +[ 41s] config.status: creating modules/pam_env/Makefile +[ 41s] config.status: creating modules/pam_faildelay/Makefile +[ 41s] config.status: creating modules/pam_faillock/Makefile +[ 41s] config.status: creating modules/pam_filter/Makefile +[ 41s] config.status: creating modules/pam_filter/upperLOWER/Makefile +[ 41s] config.status: creating modules/pam_ftp/Makefile +[ 42s] config.status: creating modules/pam_group/Makefile +[ 42s] config.status: creating modules/pam_issue/Makefile +[ 42s] config.status: creating modules/pam_keyinit/Makefile +[ 42s] config.status: creating modules/pam_lastlog/Makefile +[ 42s] config.status: creating modules/pam_limits/Makefile +[ 42s] config.status: creating modules/pam_listfile/Makefile +[ 42s] config.status: creating modules/pam_localuser/Makefile +[ 42s] config.status: creating modules/pam_loginuid/Makefile +[ 42s] config.status: creating modules/pam_mail/Makefile +[ 42s] config.status: creating modules/pam_mkhomedir/Makefile +[ 42s] config.status: creating modules/pam_motd/Makefile +[ 42s] config.status: creating modules/pam_namespace/Makefile +[ 42s] config.status: creating modules/pam_namespace/pam_namespace_helper +[ 42s] config.status: creating modules/pam_namespace/pam_namespace.service +[ 42s] config.status: creating modules/pam_nologin/Makefile +[ 42s] config.status: creating modules/pam_permit/Makefile +[ 42s] config.status: creating modules/pam_pwhistory/Makefile +[ 42s] config.status: creating modules/pam_rhosts/Makefile +[ 42s] config.status: creating modules/pam_rootok/Makefile +[ 42s] config.status: creating modules/pam_exec/Makefile +[ 42s] config.status: creating modules/pam_securetty/Makefile +[ 42s] config.status: creating modules/pam_selinux/Makefile +[ 42s] config.status: creating modules/pam_sepermit/Makefile +[ 42s] config.status: creating modules/pam_setquota/Makefile +[ 42s] config.status: creating modules/pam_shells/Makefile +[ 42s] config.status: creating modules/pam_stress/Makefile +[ 42s] config.status: creating modules/pam_succeed_if/Makefile +[ 42s] config.status: creating modules/pam_tally2/Makefile +[ 42s] config.status: creating modules/pam_time/Makefile +[ 42s] config.status: creating modules/pam_timestamp/Makefile +[ 42s] config.status: creating modules/pam_tty_audit/Makefile +[ 42s] config.status: creating modules/pam_umask/Makefile +[ 42s] config.status: creating modules/pam_unix/Makefile +[ 42s] config.status: creating modules/pam_userdb/Makefile +[ 42s] config.status: creating modules/pam_usertype/Makefile +[ 42s] config.status: creating modules/pam_warn/Makefile +[ 42s] config.status: creating modules/pam_wheel/Makefile +[ 42s] config.status: creating modules/pam_xauth/Makefile +[ 42s] config.status: creating doc/Makefile +[ 42s] config.status: creating doc/specs/Makefile +[ 42s] config.status: creating doc/man/Makefile +[ 42s] config.status: creating doc/sag/Makefile +[ 42s] config.status: creating doc/adg/Makefile +[ 42s] config.status: creating doc/mwg/Makefile +[ 42s] config.status: creating examples/Makefile +[ 42s] config.status: creating tests/Makefile +[ 42s] config.status: creating xtests/Makefile +[ 42s] config.status: creating config.h +[ 42s] config.status: config.h is unchanged +[ 42s] config.status: executing depfiles commands +[ 42s] config.status: executing libtool commands +[ 42s] config.status: executing po-directories commands +[ 42s] config.status: creating po/POTFILES +[ 42s] config.status: creating po/Makefile +[ 42s] (CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing' autoheader) +[ 42s] rm -f stamp-h1 +[ 42s] touch config.h.in +[ 43s] cd . && /bin/sh ./config.status config.h +[ 43s] config.status: creating config.h +[ 43s] make all-recursive +[ 43s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 43s] Making all in libpam +[ 43s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_account.lo pam_account.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_auth.lo pam_auth.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_data.lo pam_data.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_delay.lo pam_delay.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_dispatch.lo pam_dispatch.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_end.lo pam_end.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_env.lo pam_env.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_get_authtok.lo pam_get_authtok.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_account.c -fPIC -DPIC -o .libs/pam_account.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_dispatch.c -fPIC -DPIC -o .libs/pam_dispatch.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_end.c -fPIC -DPIC -o .libs/pam_end.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_env.c -fPIC -DPIC -o .libs/pam_env.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_data.c -fPIC -DPIC -o .libs/pam_data.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_get_authtok.c -fPIC -DPIC -o .libs/pam_get_authtok.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_delay.c -fPIC -DPIC -o .libs/pam_delay.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_handlers.lo pam_handlers.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_item.lo pam_item.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_misc.lo pam_misc.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_password.lo pam_password.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_prelude.lo pam_prelude.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_session.lo pam_session.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_start.lo pam_start.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_item.c -fPIC -DPIC -o .libs/pam_item.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_misc.c -fPIC -DPIC -o .libs/pam_misc.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_handlers.c -fPIC -DPIC -o .libs/pam_handlers.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_password.c -fPIC -DPIC -o .libs/pam_password.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_prelude.c -fPIC -DPIC -o .libs/pam_prelude.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_strerror.lo pam_strerror.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_vprompt.lo pam_vprompt.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_start.c -fPIC -DPIC -o .libs/pam_start.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_syslog.lo pam_syslog.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_session.c -fPIC -DPIC -o .libs/pam_session.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_dynamic.lo pam_dynamic.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_auth.c -fPIC -DPIC -o .libs/pam_auth.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_audit.lo pam_audit.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_syslog.c -fPIC -DPIC -o .libs/pam_syslog.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_check_user.lo pam_modutil_check_user.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_cleanup.lo pam_modutil_cleanup.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getpwnam.lo pam_modutil_getpwnam.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_vprompt.c -fPIC -DPIC -o .libs/pam_vprompt.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_strerror.c -fPIC -DPIC -o .libs/pam_strerror.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_dynamic.c -fPIC -DPIC -o .libs/pam_dynamic.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_audit.c -fPIC -DPIC -o .libs/pam_audit.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_ioloop.lo pam_modutil_ioloop.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_check_user.c -fPIC -DPIC -o .libs/pam_modutil_check_user.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getpwnam.c -fPIC -DPIC -o .libs/pam_modutil_getpwnam.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getgrgid.lo pam_modutil_getgrgid.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_cleanup.c -fPIC -DPIC -o .libs/pam_modutil_cleanup.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getpwuid.lo pam_modutil_getpwuid.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getgrnam.lo pam_modutil_getgrnam.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getspnam.lo pam_modutil_getspnam.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getlogin.lo pam_modutil_getlogin.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_ingroup.lo pam_modutil_ingroup.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_ioloop.c -fPIC -DPIC -o .libs/pam_modutil_ioloop.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_priv.lo pam_modutil_priv.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getgrgid.c -fPIC -DPIC -o .libs/pam_modutil_getgrgid.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getgrnam.c -fPIC -DPIC -o .libs/pam_modutil_getgrnam.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getpwuid.c -fPIC -DPIC -o .libs/pam_modutil_getpwuid.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getlogin.c -fPIC -DPIC -o .libs/pam_modutil_getlogin.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getspnam.c -fPIC -DPIC -o .libs/pam_modutil_getspnam.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_sanitize.lo pam_modutil_sanitize.c +[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_searchkey.lo pam_modutil_searchkey.c +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_priv.c -fPIC -DPIC -o .libs/pam_modutil_priv.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_ingroup.c -fPIC -DPIC -o .libs/pam_modutil_ingroup.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_sanitize.c -fPIC -DPIC -o .libs/pam_modutil_sanitize.o +[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_searchkey.c -fPIC -DPIC -o .libs/pam_modutil_searchkey.o +[ 43s] /bin/sh ../libtool --tag=CC --mode=link gcc -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 85:1:85 -Wl,--version-script=./libpam.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpam.la -rpath /lib64 pam_account.lo pam_auth.lo pam_data.lo pam_delay.lo pam_dispatch.lo pam_end.lo pam_env.lo pam_get_authtok.lo pam_handlers.lo pam_item.lo pam_misc.lo pam_password.lo pam_prelude.lo pam_session.lo pam_start.lo pam_strerror.lo pam_vprompt.lo pam_syslog.lo pam_dynamic.lo pam_audit.lo pam_modutil_check_user.lo pam_modutil_cleanup.lo pam_modutil_getpwnam.lo pam_modutil_ioloop.lo pam_modutil_getgrgid.lo pam_modutil_getpwuid.lo pam_modutil_getgrnam.lo pam_modutil_getspnam.lo pam_modutil_getlogin.lo pam_modutil_ingroup.lo pam_modutil_priv.lo pam_modutil_sanitize.lo pam_modutil_searchkey.lo -laudit -leconf -ldl +[ 43s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_account.o .libs/pam_auth.o .libs/pam_data.o .libs/pam_delay.o .libs/pam_dispatch.o .libs/pam_end.o .libs/pam_env.o .libs/pam_get_authtok.o .libs/pam_handlers.o .libs/pam_item.o .libs/pam_misc.o .libs/pam_password.o .libs/pam_prelude.o .libs/pam_session.o .libs/pam_start.o .libs/pam_strerror.o .libs/pam_vprompt.o .libs/pam_syslog.o .libs/pam_dynamic.o .libs/pam_audit.o .libs/pam_modutil_check_user.o .libs/pam_modutil_cleanup.o .libs/pam_modutil_getpwnam.o .libs/pam_modutil_ioloop.o .libs/pam_modutil_getgrgid.o .libs/pam_modutil_getpwuid.o .libs/pam_modutil_getgrnam.o .libs/pam_modutil_getspnam.o .libs/pam_modutil_getlogin.o .libs/pam_modutil_ingroup.o .libs/pam_modutil_priv.o .libs/pam_modutil_sanitize.o .libs/pam_modutil_searchkey.o -laudit -leconf -ldl -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpam.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpam.so.0 -o .libs/libpam.so.0.85.1 +[ 44s] libtool: link: (cd ".libs" && rm -f "libpam.so.0" && ln -s "libpam.so.0.85.1" "libpam.so.0") +[ 44s] libtool: link: (cd ".libs" && rm -f "libpam.so" && ln -s "libpam.so.0.85.1" "libpam.so") +[ 44s] libtool: link: ( cd ".libs" && rm -f "libpam.la" && ln -s "../libpam.la" "libpam.la" ) +[ 44s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' +[ 44s] Making all in tests +[ 44s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 44s] make[2]: Nothing to be done for 'all'. +[ 44s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 44s] Making all in libpamc +[ 44s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 44s] Making all in test +[ 44s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' +[ 44s] make[3]: Nothing to be done for 'all'. +[ 44s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' +[ 44s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pamc_client.lo pamc_client.c +[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pamc_converse.lo pamc_converse.c +[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pamc_load.lo pamc_load.c +[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pamc_client.c -fPIC -DPIC -o .libs/pamc_client.o +[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pamc_load.c -fPIC -DPIC -o .libs/pamc_load.o +[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pamc_converse.c -fPIC -DPIC -o .libs/pamc_converse.o +[ 44s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 82:1:82 -Wl,--version-script=./libpamc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpamc.la -rpath /lib64 pamc_client.lo pamc_converse.lo pamc_load.lo +[ 44s] libtool: link: gcc -shared -fPIC -DPIC .libs/pamc_client.o .libs/pamc_converse.o .libs/pamc_load.o -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpamc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpamc.so.0 -o .libs/libpamc.so.0.82.1 +[ 44s] libtool: link: (cd ".libs" && rm -f "libpamc.so.0" && ln -s "libpamc.so.0.82.1" "libpamc.so.0") +[ 44s] libtool: link: (cd ".libs" && rm -f "libpamc.so" && ln -s "libpamc.so.0.82.1" "libpamc.so") +[ 44s] libtool: link: ( cd ".libs" && rm -f "libpamc.la" && ln -s "../libpamc.la" "libpamc.la" ) +[ 44s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 44s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 44s] Making all in libpam_misc +[ 44s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' +[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o help_env.lo help_env.c +[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o misc_conv.lo misc_conv.c +[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c help_env.c -fPIC -DPIC -o .libs/help_env.o +[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c misc_conv.c -fPIC -DPIC -o .libs/misc_conv.o +[ 45s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 82:1:82 -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpam_misc.la -rpath /lib64 help_env.lo misc_conv.lo ../libpam/libpam.la +[ 45s] libtool: link: gcc -shared -fPIC -DPIC .libs/help_env.o .libs/misc_conv.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpam_misc.so.0 -o .libs/libpam_misc.so.0.82.1 +[ 45s] libtool: link: (cd ".libs" && rm -f "libpam_misc.so.0" && ln -s "libpam_misc.so.0.82.1" "libpam_misc.so.0") +[ 45s] libtool: link: (cd ".libs" && rm -f "libpam_misc.so" && ln -s "libpam_misc.so.0.82.1" "libpam_misc.so") +[ 45s] libtool: link: ( cd ".libs" && rm -f "libpam_misc.la" && ln -s "../libpam_misc.la" "libpam_misc.la" ) +[ 45s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' +[ 45s] Making all in modules +[ 45s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 45s] Making all in pam_access +[ 45s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 45s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" -DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_access.lo pam_access.c +[ 45s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" "-DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\"" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_access.c -fPIC -DPIC -o .libs/pam_access.o +[ 45s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" -DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_access.la -rpath /lib64/security pam_access.lo ../../libpam/libpam.la +[ 45s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_access.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_access.so -o .libs/pam_access.so +[ 45s] libtool: link: ( cd ".libs" && rm -f "pam_access.la" && ln -s "../pam_access.la" "pam_access.la" ) +[ 45s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 45s] Making all in pam_cracklib +[ 45s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 45s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_cracklib.lo pam_cracklib.c +[ 45s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_cracklib.c -fPIC -DPIC -o .libs/pam_cracklib.o +[ 45s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_cracklib.la -rpath /lib64/security pam_cracklib.lo ../../libpam/libpam.la -lcrack -lxcrypt +[ 45s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_cracklib.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lcrack -lxcrypt -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_cracklib.so -o .libs/pam_cracklib.so +[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_cracklib.la" && ln -s "../pam_cracklib.la" "pam_cracklib.la" ) +[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 46s] Making all in pam_debug +[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_debug.lo pam_debug.c +[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_debug.c -fPIC -DPIC -o .libs/pam_debug.o +[ 46s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_debug.la -rpath /lib64/security pam_debug.lo ../../libpam/libpam.la +[ 46s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_debug.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_debug.so -o .libs/pam_debug.so +[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_debug.la" && ln -s "../pam_debug.la" "pam_debug.la" ) +[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 46s] Making all in pam_deny +[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_deny.lo pam_deny.c +[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_deny.c -fPIC -DPIC -o .libs/pam_deny.o +[ 46s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_deny.la -rpath /lib64/security pam_deny.lo ../../libpam/libpam.la +[ 46s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_deny.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_deny.so -o .libs/pam_deny.so +[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_deny.la" && ln -s "../pam_deny.la" "pam_deny.la" ) +[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 46s] Making all in pam_echo +[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_echo.lo pam_echo.c +[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_echo.c -fPIC -DPIC -o .libs/pam_echo.o +[ 46s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_echo.la -rpath /lib64/security pam_echo.lo ../../libpam/libpam.la +[ 46s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_echo.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_echo.so -o .libs/pam_echo.so +[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_echo.la" && ln -s "../pam_echo.la" "pam_echo.la" ) +[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 46s] Making all in pam_env +[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_env.lo pam_env.c +[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_env.c -fPIC -DPIC -o .libs/pam_env.o +[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_env.la -rpath /lib64/security pam_env.lo ../../libpam/libpam.la +[ 47s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_env.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_env.so -o .libs/pam_env.so +[ 47s] libtool: link: ( cd ".libs" && rm -f "pam_env.la" && ln -s "../pam_env.la" "pam_env.la" ) +[ 47s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 47s] Making all in pam_exec +[ 47s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_exec.lo pam_exec.c +[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_exec.c -fPIC -DPIC -o .libs/pam_exec.o +[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_exec.la -rpath /lib64/security pam_exec.lo ../../libpam/libpam.la +[ 47s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_exec.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_exec.so -o .libs/pam_exec.so +[ 47s] libtool: link: ( cd ".libs" && rm -f "pam_exec.la" && ln -s "../pam_exec.la" "pam_exec.la" ) +[ 47s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 47s] Making all in pam_faildelay +[ 47s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_faildelay.lo pam_faildelay.c +[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_faildelay.c -fPIC -DPIC -o .libs/pam_faildelay.o +[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faildelay.la -rpath /lib64/security pam_faildelay.lo ../../libpam/libpam.la +[ 47s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_faildelay.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faildelay.so -o .libs/pam_faildelay.so +[ 47s] libtool: link: ( cd ".libs" && rm -f "pam_faildelay.la" && ln -s "../pam_faildelay.la" "pam_faildelay.la" ) +[ 47s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 47s] Making all in pam_faillock +[ 47s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 47s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o faillock-main.o `test -f 'main.c' || echo './'`main.c +[ 47s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o faillock-faillock.o `test -f 'faillock.c' || echo './'`faillock.c +[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_faillock.lo pam_faillock.c +[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o faillock.lo faillock.c +[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c faillock.c -fPIC -DPIC -o .libs/faillock.o +[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_faillock.c -fPIC -DPIC -o .libs/pam_faillock.o +[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o faillock faillock-main.o faillock-faillock.o ../../libpam/libpam.la -laudit +[ 48s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faillock.la -rpath /lib64/security pam_faillock.lo faillock.lo ../../libpam/libpam.la -laudit +[ 48s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/faillock faillock-main.o faillock-faillock.o ../../libpam/.libs/libpam.so -laudit +[ 48s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_faillock.o .libs/faillock.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faillock.so -o .libs/pam_faillock.so +[ 48s] libtool: link: ( cd ".libs" && rm -f "pam_faillock.la" && ln -s "../pam_faillock.la" "pam_faillock.la" ) +[ 48s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 48s] Making all in pam_filter +[ 48s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 48s] Making all in upperLOWER +[ 48s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' +[ 48s] gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../libpam/include -I../../../libpamc/include -I./.. -fpie -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o upperLOWER.o upperLOWER.c +[ 48s] /bin/sh ../../../libtool --tag=CC --mode=link gcc -I../../../libpam/include -I../../../libpamc/include -I./.. -fpie -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o upperLOWER upperLOWER.o ../../../libpam/libpam.la +[ 48s] libtool: link: gcc -I../../../libpam/include -I../../../libpamc/include -I./.. -fpie -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/upperLOWER upperLOWER.o ../../../libpam/.libs/libpam.so +[ 48s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' +[ 48s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 48s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_filter.lo pam_filter.c +[ 48s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_filter.c -fPIC -DPIC -o .libs/pam_filter.o +[ 48s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_filter.la -rpath /lib64/security pam_filter.lo ../../libpam/libpam.la +[ 48s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_filter.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_filter.so -o .libs/pam_filter.so +[ 48s] libtool: link: ( cd ".libs" && rm -f "pam_filter.la" && ln -s "../pam_filter.la" "pam_filter.la" ) +[ 48s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 48s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 48s] Making all in pam_ftp +[ 48s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 48s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_ftp.lo pam_ftp.c +[ 48s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_ftp.c -fPIC -DPIC -o .libs/pam_ftp.o +[ 49s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_ftp.la -rpath /lib64/security pam_ftp.lo ../../libpam/libpam.la +[ 49s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_ftp.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_ftp.so -o .libs/pam_ftp.so +[ 49s] libtool: link: ( cd ".libs" && rm -f "pam_ftp.la" && ln -s "../pam_ftp.la" "pam_ftp.la" ) +[ 49s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 49s] Making all in pam_group +[ 49s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 49s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_group.lo pam_group.c +[ 49s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_group.c -fPIC -DPIC -o .libs/pam_group.o +[ 49s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_group.la -rpath /lib64/security pam_group.lo ../../libpam/libpam.la +[ 49s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_group.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_group.so -o .libs/pam_group.so +[ 49s] libtool: link: ( cd ".libs" && rm -f "pam_group.la" && ln -s "../pam_group.la" "pam_group.la" ) +[ 49s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 49s] Making all in pam_issue +[ 49s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 49s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_issue.lo pam_issue.c +[ 49s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_issue.c -fPIC -DPIC -o .libs/pam_issue.o +[ 49s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_issue.la -rpath /lib64/security pam_issue.lo ../../libpam/libpam.la +[ 49s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_issue.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_issue.so -o .libs/pam_issue.so +[ 49s] libtool: link: ( cd ".libs" && rm -f "pam_issue.la" && ln -s "../pam_issue.la" "pam_issue.la" ) +[ 49s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 49s] Making all in pam_keyinit +[ 49s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 49s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_keyinit.lo pam_keyinit.c +[ 49s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_keyinit.c -fPIC -DPIC -o .libs/pam_keyinit.o +[ 50s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_keyinit.la -rpath /lib64/security pam_keyinit.lo ../../libpam/libpam.la +[ 50s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_keyinit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_keyinit.so -o .libs/pam_keyinit.so +[ 50s] libtool: link: ( cd ".libs" && rm -f "pam_keyinit.la" && ln -s "../pam_keyinit.la" "pam_keyinit.la" ) +[ 50s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 50s] Making all in pam_lastlog +[ 50s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 50s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_lastlog.lo pam_lastlog.c +[ 50s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_lastlog.c -fPIC -DPIC -o .libs/pam_lastlog.o +[ 50s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_lastlog.la -rpath /lib64/security pam_lastlog.lo ../../libpam/libpam.la -lutil +[ 50s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_lastlog.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lutil -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_lastlog.so -o .libs/pam_lastlog.so +[ 50s] libtool: link: ( cd ".libs" && rm -f "pam_lastlog.la" && ln -s "../pam_lastlog.la" "pam_lastlog.la" ) +[ 50s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 50s] Making all in pam_limits +[ 50s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 50s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_limits.lo pam_limits.c +[ 50s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include "-DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\"" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_limits.c -fPIC -DPIC -o .libs/pam_limits.o +[ 50s] pam_limits.c: In function 'value_from_proc_sys_fs': +[ 50s] pam_limits.c:495:44: warning: unused parameter 'pamh' [-Wunused-parameter] +[ 50s] 495 | value_from_proc_sys_fs(const pam_handle_t *pamh, const char *name, rlim_t *valuep) +[ 50s] | ~~~~~~~~~~~~~~~~~~~~^~~~ +[ 50s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_limits.la -rpath /lib64/security pam_limits.lo ../../libpam/libpam.la +[ 50s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_limits.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_limits.so -o .libs/pam_limits.so +[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_limits.la" && ln -s "../pam_limits.la" "pam_limits.la" ) +[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 51s] Making all in pam_listfile +[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_listfile.lo pam_listfile.c +[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_listfile.c -fPIC -DPIC -o .libs/pam_listfile.o +[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_listfile.la -rpath /lib64/security pam_listfile.lo ../../libpam/libpam.la +[ 51s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_listfile.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_listfile.so -o .libs/pam_listfile.so +[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_listfile.la" && ln -s "../pam_listfile.la" "pam_listfile.la" ) +[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 51s] Making all in pam_localuser +[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_localuser.lo pam_localuser.c +[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_localuser.c -fPIC -DPIC -o .libs/pam_localuser.o +[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_localuser.la -rpath /lib64/security pam_localuser.lo ../../libpam/libpam.la +[ 51s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_localuser.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_localuser.so -o .libs/pam_localuser.so +[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_localuser.la" && ln -s "../pam_localuser.la" "pam_localuser.la" ) +[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 51s] Making all in pam_loginuid +[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_loginuid.lo pam_loginuid.c +[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_loginuid.c -fPIC -DPIC -o .libs/pam_loginuid.o +[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_loginuid.la -rpath /lib64/security pam_loginuid.lo ../../libpam/libpam.la -laudit +[ 51s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_loginuid.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_loginuid.so -o .libs/pam_loginuid.so +[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_loginuid.la" && ln -s "../pam_loginuid.la" "pam_loginuid.la" ) +[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 51s] Making all in pam_mail +[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_mail.lo pam_mail.c +[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_mail.c -fPIC -DPIC -o .libs/pam_mail.o +[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mail.la -rpath /lib64/security pam_mail.lo ../../libpam/libpam.la +[ 52s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_mail.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mail.so -o .libs/pam_mail.so +[ 52s] libtool: link: ( cd ".libs" && rm -f "pam_mail.la" && ln -s "../pam_mail.la" "pam_mail.la" ) +[ 52s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 52s] Making all in pam_mkhomedir +[ 52s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 52s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo './'`mkhomedir_helper.c +[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_mkhomedir.lo pam_mkhomedir.c +[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_mkhomedir.c -fPIC -DPIC -o .libs/pam_mkhomedir.o +[ 52s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o mkhomedir_helper mkhomedir_helper-mkhomedir_helper.o ../../libpam/libpam.la +[ 52s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mkhomedir.la -rpath /lib64/security pam_mkhomedir.lo ../../libpam/libpam.la +[ 52s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/mkhomedir_helper mkhomedir_helper-mkhomedir_helper.o ../../libpam/.libs/libpam.so +[ 52s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_mkhomedir.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mkhomedir.so -o .libs/pam_mkhomedir.so +[ 52s] libtool: link: ( cd ".libs" && rm -f "pam_mkhomedir.la" && ln -s "../pam_mkhomedir.la" "pam_mkhomedir.la" ) +[ 52s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 52s] Making all in pam_motd +[ 52s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_motd.lo pam_motd.c +[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_motd.c -fPIC -DPIC -o .libs/pam_motd.o +[ 52s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_motd.la -rpath /lib64/security pam_motd.lo ../../libpam/libpam.la +[ 52s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_motd.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_motd.so -o .libs/pam_motd.so +[ 52s] libtool: link: ( cd ".libs" && rm -f "pam_motd.la" && ln -s "../pam_motd.la" "pam_motd.la" ) +[ 52s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 52s] Making all in pam_namespace +[ 52s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_namespace.lo pam_namespace.c +[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o md5.lo md5.c +[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o argv_parse.lo argv_parse.c +[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c md5.c -fPIC -DPIC -o .libs/md5.o +[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_namespace.c -fPIC -DPIC -o .libs/pam_namespace.o +[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c argv_parse.c -fPIC -DPIC -o .libs/argv_parse.o +[ 53s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_namespace.la -rpath /lib64/security pam_namespace.lo md5.lo argv_parse.lo ../../libpam/libpam.la -lselinux +[ 53s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_namespace.o .libs/md5.o .libs/argv_parse.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_namespace.so -o .libs/pam_namespace.so +[ 53s] libtool: link: ( cd ".libs" && rm -f "pam_namespace.la" && ln -s "../pam_namespace.la" "pam_namespace.la" ) +[ 53s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 53s] Making all in pam_nologin +[ 53s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 53s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_nologin.lo pam_nologin.c +[ 53s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_nologin.c -fPIC -DPIC -o .libs/pam_nologin.o +[ 53s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_nologin.la -rpath /lib64/security pam_nologin.lo ../../libpam/libpam.la +[ 53s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_nologin.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_nologin.so -o .libs/pam_nologin.so +[ 53s] libtool: link: ( cd ".libs" && rm -f "pam_nologin.la" && ln -s "../pam_nologin.la" "pam_nologin.la" ) +[ 53s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 53s] Making all in pam_permit +[ 53s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 53s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_permit.lo pam_permit.c +[ 53s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_permit.c -fPIC -DPIC -o .libs/pam_permit.o +[ 53s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_permit.la -rpath /lib64/security pam_permit.lo ../../libpam/libpam.la +[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_permit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_permit.so -o .libs/pam_permit.so +[ 54s] libtool: link: ( cd ".libs" && rm -f "pam_permit.la" && ln -s "../pam_permit.la" "pam_permit.la" ) +[ 54s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 54s] Making all in pam_pwhistory +[ 54s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 54s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pwhistory_helper-pwhistory_helper.o `test -f 'pwhistory_helper.c' || echo './'`pwhistory_helper.c +[ 54s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pwhistory_helper-opasswd.o `test -f 'opasswd.c' || echo './'`opasswd.c +[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_pwhistory_la-pam_pwhistory.lo `test -f 'pam_pwhistory.c' || echo './'`pam_pwhistory.c +[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_pwhistory_la-opasswd.lo `test -f 'opasswd.c' || echo './'`opasswd.c +[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c opasswd.c -fPIC -DPIC -o .libs/pam_pwhistory_la-opasswd.o +[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pwhistory_helper pwhistory_helper-pwhistory_helper.o pwhistory_helper-opasswd.o ../../libpam/libpam.la -lxcrypt +[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_pwhistory.c -fPIC -DPIC -o .libs/pam_pwhistory_la-pam_pwhistory.o +[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_pwhistory.la -rpath /lib64/security pam_pwhistory_la-pam_pwhistory.lo pam_pwhistory_la-opasswd.lo ../../libpam/libpam.la -lxcrypt -lselinux +[ 54s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pwhistory_helper pwhistory_helper-pwhistory_helper.o pwhistory_helper-opasswd.o ../../libpam/.libs/libpam.so -lxcrypt +[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_pwhistory_la-pam_pwhistory.o .libs/pam_pwhistory_la-opasswd.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_pwhistory.so -o .libs/pam_pwhistory.so +[ 54s] libtool: link: ( cd ".libs" && rm -f "pam_pwhistory.la" && ln -s "../pam_pwhistory.la" "pam_pwhistory.la" ) +[ 54s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 54s] Making all in pam_rhosts +[ 54s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_rhosts.lo pam_rhosts.c +[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_rhosts.c -fPIC -DPIC -o .libs/pam_rhosts.o +[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rhosts.la -rpath /lib64/security pam_rhosts.lo ../../libpam/libpam.la +[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_rhosts.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rhosts.so -o .libs/pam_rhosts.so +[ 54s] libtool: link: ( cd ".libs" && rm -f "pam_rhosts.la" && ln -s "../pam_rhosts.la" "pam_rhosts.la" ) +[ 54s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 54s] Making all in pam_rootok +[ 54s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_rootok.lo pam_rootok.c +[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_rootok.c -fPIC -DPIC -o .libs/pam_rootok.o +[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rootok.la -rpath /lib64/security pam_rootok.lo ../../libpam/libpam.la -lselinux -laudit +[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_rootok.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rootok.so -o .libs/pam_rootok.so +[ 55s] libtool: link: ( cd ".libs" && rm -f "pam_rootok.la" && ln -s "../pam_rootok.la" "pam_rootok.la" ) +[ 55s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 55s] Making all in pam_securetty +[ 55s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 55s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_securetty.lo pam_securetty.c +[ 55s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_securetty.c -fPIC -DPIC -o .libs/pam_securetty.o +[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_securetty.la -rpath /lib64/security pam_securetty.lo ../../libpam/libpam.la +[ 55s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_securetty.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_securetty.so -o .libs/pam_securetty.so +[ 55s] libtool: link: ( cd ".libs" && rm -f "pam_securetty.la" && ln -s "../pam_securetty.la" "pam_securetty.la" ) +[ 55s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 55s] Making all in pam_selinux +[ 55s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 55s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_selinux_check.o pam_selinux_check.c +[ 55s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_selinux.lo pam_selinux.c +[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_selinux_check pam_selinux_check.o ../../libpam/libpam.la ../../libpam_misc/libpam_misc.la +[ 55s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_selinux.c -fPIC -DPIC -o .libs/pam_selinux.o +[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_selinux.la -rpath /lib64/security pam_selinux.lo ../../libpam/libpam.la -lselinux -laudit +[ 55s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pam_selinux_check pam_selinux_check.o ../../libpam/.libs/libpam.so ../../libpam_misc/.libs/libpam_misc.so +[ 55s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_selinux.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_selinux.so -o .libs/pam_selinux.so +[ 55s] libtool: link: ( cd ".libs" && rm -f "pam_selinux.la" && ln -s "../pam_selinux.la" "pam_selinux.la" ) +[ 55s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 55s] Making all in pam_sepermit +[ 55s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 55s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_sepermit.lo pam_sepermit.c +[ 55s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_sepermit.c -fPIC -DPIC -o .libs/pam_sepermit.o +[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_sepermit.la -rpath /lib64/security pam_sepermit.lo ../../libpam/libpam.la -lselinux +[ 56s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_sepermit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_sepermit.so -o .libs/pam_sepermit.so +[ 56s] libtool: link: ( cd ".libs" && rm -f "pam_sepermit.la" && ln -s "../pam_sepermit.la" "pam_sepermit.la" ) +[ 56s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 56s] Making all in pam_setquota +[ 56s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 56s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_setquota.lo pam_setquota.c +[ 56s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_setquota.c -fPIC -DPIC -o .libs/pam_setquota.o +[ 56s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_setquota.la -rpath /lib64/security pam_setquota.lo ../../libpam/libpam.la +[ 56s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_setquota.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_setquota.so -o .libs/pam_setquota.so +[ 56s] libtool: link: ( cd ".libs" && rm -f "pam_setquota.la" && ln -s "../pam_setquota.la" "pam_setquota.la" ) +[ 56s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 56s] Making all in pam_shells +[ 56s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 56s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_shells.lo pam_shells.c +[ 56s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_shells.c -fPIC -DPIC -o .libs/pam_shells.o +[ 56s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_shells.la -rpath /lib64/security pam_shells.lo ../../libpam/libpam.la +[ 56s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_shells.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_shells.so -o .libs/pam_shells.so +[ 56s] libtool: link: ( cd ".libs" && rm -f "pam_shells.la" && ln -s "../pam_shells.la" "pam_shells.la" ) +[ 56s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 56s] Making all in pam_stress +[ 56s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 56s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_stress.lo pam_stress.c +[ 56s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_stress.c -fPIC -DPIC -o .libs/pam_stress.o +[ 56s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_stress.la -rpath /lib64/security pam_stress.lo ../../libpam/libpam.la +[ 57s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_stress.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_stress.so -o .libs/pam_stress.so +[ 57s] libtool: link: ( cd ".libs" && rm -f "pam_stress.la" && ln -s "../pam_stress.la" "pam_stress.la" ) +[ 57s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 57s] Making all in pam_succeed_if +[ 57s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 57s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_succeed_if.lo pam_succeed_if.c +[ 57s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_succeed_if.c -fPIC -DPIC -o .libs/pam_succeed_if.o +[ 57s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_succeed_if.la -rpath /lib64/security pam_succeed_if.lo ../../libpam/libpam.la +[ 57s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_succeed_if.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_succeed_if.so -o .libs/pam_succeed_if.so +[ 57s] libtool: link: ( cd ".libs" && rm -f "pam_succeed_if.la" && ln -s "../pam_succeed_if.la" "pam_succeed_if.la" ) +[ 57s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 57s] Making all in pam_tally2 +[ 57s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 57s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_tally2-pam_tally2_app.o `test -f 'pam_tally2_app.c' || echo './'`pam_tally2_app.c +[ 57s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_tally2.lo pam_tally2.c +[ 57s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_tally2.c -fPIC -DPIC -o .libs/pam_tally2.o +[ 57s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tally2 pam_tally2-pam_tally2_app.o ../../libpam/libpam.la -laudit +[ 57s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tally2.la -rpath /lib64/security pam_tally2.lo ../../libpam/libpam.la -laudit +[ 57s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pam_tally2 pam_tally2-pam_tally2_app.o ../../libpam/.libs/libpam.so -laudit +[ 57s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_tally2.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tally2.so -o .libs/pam_tally2.so +[ 57s] libtool: link: ( cd ".libs" && rm -f "pam_tally2.la" && ln -s "../pam_tally2.la" "pam_tally2.la" ) +[ 57s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 57s] Making all in pam_time +[ 57s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 57s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_time.lo pam_time.c +[ 57s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_time.c -fPIC -DPIC -o .libs/pam_time.o +[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_time.la -rpath /lib64/security pam_time.lo ../../libpam/libpam.la +[ 58s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_time.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_time.so -o .libs/pam_time.so +[ 58s] libtool: link: ( cd ".libs" && rm -f "pam_time.la" && ln -s "../pam_time.la" "pam_time.la" ) +[ 58s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 58s] Making all in pam_timestamp +[ 58s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 58s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo './'`pam_timestamp_check.c +[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo './'`pam_timestamp.c +[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo './'`hmacsha1.c +[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo './'`sha1.c +[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c hmacsha1.c -fPIC -DPIC -o .libs/pam_timestamp_la-hmacsha1.o +[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_timestamp.c -fPIC -DPIC -o .libs/pam_timestamp_la-pam_timestamp.o +[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_timestamp_check pam_timestamp_check-pam_timestamp_check.o ../../libpam/libpam.la +[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c sha1.c -fPIC -DPIC -o .libs/pam_timestamp_la-sha1.o +[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_timestamp.la -rpath /lib64/security pam_timestamp_la-pam_timestamp.lo pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo ../../libpam/libpam.la +[ 58s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pam_timestamp_check pam_timestamp_check-pam_timestamp_check.o ../../libpam/.libs/libpam.so +[ 58s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_timestamp_la-pam_timestamp.o .libs/pam_timestamp_la-hmacsha1.o .libs/pam_timestamp_la-sha1.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_timestamp.so -o .libs/pam_timestamp.so +[ 58s] libtool: link: ( cd ".libs" && rm -f "pam_timestamp.la" && ln -s "../pam_timestamp.la" "pam_timestamp.la" ) +[ 58s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 58s] Making all in pam_tty_audit +[ 58s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_tty_audit.lo pam_tty_audit.c +[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_tty_audit.c -fPIC -DPIC -o .libs/pam_tty_audit.o +[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tty_audit.la -rpath /lib64/security pam_tty_audit.lo ../../libpam/libpam.la +[ 58s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_tty_audit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tty_audit.so -o .libs/pam_tty_audit.so +[ 59s] libtool: link: ( cd ".libs" && rm -f "pam_tty_audit.la" && ln -s "../pam_tty_audit.la" "pam_tty_audit.la" ) +[ 59s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 59s] Making all in pam_umask +[ 59s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_umask.lo pam_umask.c +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_umask.c -fPIC -DPIC -o .libs/pam_umask.o +[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_umask.la -rpath /lib64/security pam_umask.lo ../../libpam/libpam.la +[ 59s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_umask.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_umask.so -o .libs/pam_umask.so +[ 59s] libtool: link: ( cd ".libs" && rm -f "pam_umask.la" && ln -s "../pam_umask.la" "pam_umask.la" ) +[ 59s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 59s] Making all in pam_unix +[ 59s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo './'`bigcrypt.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo './'`bigcrypt_main.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo './'`unix_chkpwd.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo './'`md5_good.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo './'`md5_broken.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo './'`bigcrypt.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo './'`passverify.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo './'`unix_update.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo './'`md5_good.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo './'`md5_broken.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo './'`bigcrypt.c +[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-passverify.o `test -f 'passverify.c' || echo './'`passverify.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o bigcrypt.lo bigcrypt.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_acct.lo pam_unix_acct.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_auth.lo pam_unix_auth.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_passwd.lo pam_unix_passwd.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_sess.lo pam_unix_sess.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o support.lo support.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o passverify.lo passverify.c +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_passwd.c -fPIC -DPIC -o .libs/pam_unix_passwd.o +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_acct.c -fPIC -DPIC -o .libs/pam_unix_acct.o +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_auth.c -fPIC -DPIC -o .libs/pam_unix_auth.o +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o yppasswd_xdr.lo yppasswd_xdr.c +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c passverify.c -fPIC -DPIC -o .libs/passverify.o +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c support.c -fPIC -DPIC -o .libs/support.o +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c bigcrypt.c -fPIC -DPIC -o .libs/bigcrypt.o +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o md5_good.lo md5_good.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o md5_broken.lo md5_broken.c +[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o bigcrypt bigcrypt-bigcrypt.o bigcrypt-bigcrypt_main.o -lxcrypt +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c yppasswd_xdr.c -fPIC -DPIC -o .libs/yppasswd_xdr.o +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_sess.c -fPIC -DPIC -o .libs/pam_unix_sess.o +[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_chkpwd unix_chkpwd-unix_chkpwd.o unix_chkpwd-md5_good.o unix_chkpwd-md5_broken.o unix_chkpwd-bigcrypt.o unix_chkpwd-passverify.o -lxcrypt -lselinux -laudit +[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_update unix_update-unix_update.o unix_update-md5_good.o unix_update-md5_broken.o unix_update-bigcrypt.o unix_update-passverify.o -lxcrypt -lselinux +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c md5_broken.c -fPIC -DPIC -o .libs/md5_broken.o +[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c md5_good.c -fPIC -DPIC -o .libs/md5_good.o +[ 59s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o bigcrypt bigcrypt-bigcrypt.o bigcrypt-bigcrypt_main.o -lxcrypt +[ 59s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_chkpwd unix_chkpwd-unix_chkpwd.o unix_chkpwd-md5_good.o unix_chkpwd-md5_broken.o unix_chkpwd-bigcrypt.o unix_chkpwd-passverify.o -lxcrypt -lselinux -laudit +[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_unix.la -rpath /lib64/security bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo yppasswd_xdr.lo md5_good.lo md5_broken.lo ../../libpam/libpam.la -lxcrypt -lselinux +[ 59s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_update unix_update-unix_update.o unix_update-md5_good.o unix_update-md5_broken.o unix_update-bigcrypt.o unix_update-passverify.o -lxcrypt -lselinux +[ 59s] libtool: link: gcc -shared -fPIC -DPIC .libs/bigcrypt.o .libs/pam_unix_acct.o .libs/pam_unix_auth.o .libs/pam_unix_passwd.o .libs/pam_unix_sess.o .libs/support.o .libs/passverify.o .libs/yppasswd_xdr.o .libs/md5_good.o .libs/md5_broken.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_unix.so -o .libs/pam_unix.so +[ 60s] libtool: link: ( cd ".libs" && rm -f "pam_unix.la" && ln -s "../pam_unix.la" "pam_unix.la" ) +[ 60s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 60s] Making all in pam_userdb +[ 60s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 60s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_userdb.lo pam_userdb.c +[ 60s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_userdb.c -fPIC -DPIC -o .libs/pam_userdb.o +[ 60s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -ldb -lxcrypt -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_userdb.la -rpath /lib64/security pam_userdb.lo ../../libpam/libpam.la +[ 60s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_userdb.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs -ldb -lxcrypt ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_userdb.so -o .libs/pam_userdb.so +[ 60s] libtool: link: ( cd ".libs" && rm -f "pam_userdb.la" && ln -s "../pam_userdb.la" "pam_userdb.la" ) +[ 60s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 60s] Making all in pam_usertype +[ 60s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 60s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_usertype.lo pam_usertype.c +[ 60s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_usertype.c -fPIC -DPIC -o .libs/pam_usertype.o +[ 60s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_usertype.la -rpath /lib64/security pam_usertype.lo ../../libpam/libpam.la +[ 60s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_usertype.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_usertype.so -o .libs/pam_usertype.so +[ 61s] libtool: link: ( cd ".libs" && rm -f "pam_usertype.la" && ln -s "../pam_usertype.la" "pam_usertype.la" ) +[ 61s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 61s] Making all in pam_warn +[ 61s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 61s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_warn.lo pam_warn.c +[ 61s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_warn.c -fPIC -DPIC -o .libs/pam_warn.o +[ 61s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_warn.la -rpath /lib64/security pam_warn.lo ../../libpam/libpam.la +[ 61s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_warn.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_warn.so -o .libs/pam_warn.so +[ 61s] libtool: link: ( cd ".libs" && rm -f "pam_warn.la" && ln -s "../pam_warn.la" "pam_warn.la" ) +[ 61s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 61s] Making all in pam_wheel +[ 61s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 61s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_wheel.lo pam_wheel.c +[ 61s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_wheel.c -fPIC -DPIC -o .libs/pam_wheel.o +[ 61s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_wheel.la -rpath /lib64/security pam_wheel.lo ../../libpam/libpam.la +[ 61s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_wheel.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_wheel.so -o .libs/pam_wheel.so +[ 61s] libtool: link: ( cd ".libs" && rm -f "pam_wheel.la" && ln -s "../pam_wheel.la" "pam_wheel.la" ) +[ 61s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 61s] Making all in pam_xauth +[ 61s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 61s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_xauth.lo pam_xauth.c +[ 61s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_xauth.c -fPIC -DPIC -o .libs/pam_xauth.o +[ 61s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_xauth.la -rpath /lib64/security pam_xauth.lo ../../libpam/libpam.la -lselinux +[ 61s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_xauth.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_xauth.so -o .libs/pam_xauth.so +[ 62s] libtool: link: ( cd ".libs" && rm -f "pam_xauth.la" && ln -s "../pam_xauth.la" "pam_xauth.la" ) +[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 62s] make[3]: Nothing to be done for 'all-am'. +[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 62s] Making all in po +[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' +[ 62s] make[2]: Nothing to be done for 'all'. +[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' +[ 62s] Making all in conf +[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 62s] Making all in pam_conv1 +[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 62s] make all-am +[ 62s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_conv1-pam_conv_l.o `test -f 'pam_conv_l.c' || echo './'`pam_conv_l.c +[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_conv1-pam_conv_y.o `test -f 'pam_conv_y.c' || echo './'`pam_conv_y.c +[ 62s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_conv1 pam_conv1-pam_conv_l.o pam_conv1-pam_conv_y.o +[ 62s] libtool: link: gcc -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_conv1 pam_conv1-pam_conv_l.o pam_conv1-pam_conv_y.o +[ 62s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 62s] make[3]: Nothing to be done for 'all-am'. +[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 62s] Making all in examples +[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' +[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o xsh.o xsh.c +[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o vpass.o vpass.c +[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o blank.o blank.c +[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o check_user.o check_user.c +[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o check_user check_user.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la +[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o vpass vpass.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la +[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o blank blank.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la +[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o xsh xsh.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la +[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/vpass vpass.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so +[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/check_user check_user.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so +[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/xsh xsh.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so +[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/blank blank.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so +[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' +[ 62s] Making all in xtests +[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' +[ 62s] make[2]: Nothing to be done for 'all'. +[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' +[ 62s] Making all in doc +[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 62s] Making all in man +[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 62s] make[3]: Nothing to be done for 'all'. +[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 62s] Making all in specs +[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 62s] make all-am +[ 62s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o padout-parse_l.o `test -f 'parse_l.c' || echo './'`parse_l.c +[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o padout-parse_y.o `test -f 'parse_y.c' || echo './'`parse_y.c +[ 62s] /bin/sh ../../libtool --tag=CC --mode=link gcc -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o padout padout-parse_l.o padout-parse_y.o +[ 62s] libtool: link: gcc -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o padout padout-parse_l.o padout-parse_y.o +[ 63s] ./padout < ./draft-morgan-pam.raw > draft-morgan-pam-current.txt +[ 63s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 63s] Making all in sag +[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 63s] make[3]: Nothing to be done for 'all'. +[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 63s] Making all in adg +[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 63s] make[3]: Nothing to be done for 'all'. +[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 63s] Making all in mwg +[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 63s] make[3]: Nothing to be done for 'all'. +[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 63s] make[3]: Nothing to be done for 'all-am'. +[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 63s] + gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -I/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/include /home/abuild/rpmbuild/SOURCES/unix2_chkpwd.c -o /home/abuild/rpmbuild/BUILD/unix2_chkpwd -L/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs -lpam +[ 63s] + RPM_EC=0 +[ 63s] ++ jobs -p +[ 63s] + exit 0 +[ 63s] Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.81ucSl +[ 63s] + umask 022 +[ 63s] + cd /home/abuild/rpmbuild/BUILD +[ 63s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 63s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT +[ 63s] + /usr/bin/mkdir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 63s] + cd Linux-PAM-1.5.1 +[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/pam.d +[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d +[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security +[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security +[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin +[ 63s] + mkdir -p -m 755 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64 +[ 63s] + make install DESTDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 63s] Making install in libpam +[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' +[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' +[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' +[ 63s] /bin/sh ../libtool --mode=install /usr/bin/install -c libpam.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' +[ 63s] libtool: install: /usr/bin/install -c .libs/libpam.so.0.85.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.so.0.85.1 +[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam.so.0.85.1 libpam.so.0 || { rm -f libpam.so.0 && ln -s libpam.so.0.85.1 libpam.so.0; }; }) +[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam.so.0.85.1 libpam.so || { rm -f libpam.so && ln -s libpam.so.0.85.1 libpam.so; }; }) +[ 63s] libtool: install: /usr/bin/install -c .libs/libpam.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.la +[ 63s] libtool: warning: remember to run 'libtool --finish /lib64' +[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 63s] /usr/bin/install -c -m 644 include/security/_pam_compat.h include/security/_pam_macros.h include/security/_pam_types.h include/security/pam_appl.h include/security/pam_modules.h include/security/pam_ext.h include/security/pam_modutil.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' +[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' +[ 63s] Making install in tests +[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 63s] make[2]: Nothing to be done for 'install-exec-am'. +[ 63s] make[2]: Nothing to be done for 'install-data-am'. +[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 63s] Making install in libpamc +[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 63s] Making install in test +[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' +[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' +[ 63s] make[3]: Nothing to be done for 'install-exec-am'. +[ 63s] make[3]: Nothing to be done for 'install-data-am'. +[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' +[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' +[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' +[ 63s] /bin/sh ../libtool --mode=install /usr/bin/install -c libpamc.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' +[ 63s] libtool: install: /usr/bin/install -c .libs/libpamc.so.0.82.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.so.0.82.1 +[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpamc.so.0.82.1 libpamc.so.0 || { rm -f libpamc.so.0 && ln -s libpamc.so.0.82.1 libpamc.so.0; }; }) +[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpamc.so.0.82.1 libpamc.so || { rm -f libpamc.so && ln -s libpamc.so.0.82.1 libpamc.so; }; }) +[ 63s] libtool: install: /usr/bin/install -c .libs/libpamc.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.la +[ 63s] libtool: warning: remember to run 'libtool --finish /lib64' +[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 63s] /usr/bin/install -c -m 644 include/security/pam_client.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' +[ 63s] Making install in libpam_misc +[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' +[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' +[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' +[ 63s] /bin/sh ../libtool --mode=install /usr/bin/install -c libpam_misc.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' +[ 63s] libtool: warning: relinking 'libpam_misc.la' +[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 82:1:82 -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpam_misc.la -rpath /lib64 help_env.lo misc_conv.lo ../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 63s] libtool: relink: gcc -shared -fPIC -DPIC .libs/help_env.o .libs/misc_conv.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpam_misc.so.0 -o .libs/libpam_misc.so.0.82.1 +[ 63s] libtool: install: /usr/bin/install -c .libs/libpam_misc.so.0.82.1T /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.so.0.82.1 +[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam_misc.so.0.82.1 libpam_misc.so.0 || { rm -f libpam_misc.so.0 && ln -s libpam_misc.so.0.82.1 libpam_misc.so.0; }; }) +[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam_misc.so.0.82.1 libpam_misc.so || { rm -f libpam_misc.so && ln -s libpam_misc.so.0.82.1 libpam_misc.so; }; }) +[ 63s] libtool: install: /usr/bin/install -c .libs/libpam_misc.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.la +[ 63s] libtool: warning: remember to run 'libtool --finish /lib64' +[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 63s] /usr/bin/install -c -m 644 include/security/pam_misc.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 64s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' +[ 64s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' +[ 64s] Making install in modules +[ 64s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 64s] Making install in pam_access +[ 64s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 64s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 64s] make[3]: Nothing to be done for 'install-exec-am'. +[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 64s] /usr/bin/install -c -m 644 access.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 64s] /usr/bin/install -c -m 644 access.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 64s] /usr/bin/install -c -m 644 pam_access.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 64s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_access.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 64s] libtool: warning: relinking 'pam_access.la' +[ 64s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" "-DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\"" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_access.la -rpath /lib64/security pam_access.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 64s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_access.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_access.so -o .libs/pam_access.so +[ 64s] libtool: install: /usr/bin/install -c .libs/pam_access.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_access.so +[ 64s] libtool: install: /usr/bin/install -c .libs/pam_access.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_access.la +[ 64s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 64s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 64s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 64s] Making install in pam_cracklib +[ 64s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 64s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 64s] make[3]: Nothing to be done for 'install-exec-am'. +[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 64s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_cracklib.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 64s] libtool: warning: relinking 'pam_cracklib.la' +[ 64s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_cracklib.la -rpath /lib64/security pam_cracklib.lo ../../libpam/libpam.la -lcrack -lxcrypt -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 64s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_cracklib.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lcrack -lxcrypt -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_cracklib.so -o .libs/pam_cracklib.so +[ 64s] libtool: install: /usr/bin/install -c .libs/pam_cracklib.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_cracklib.so +[ 64s] libtool: install: /usr/bin/install -c .libs/pam_cracklib.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_cracklib.la +[ 64s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 64s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 64s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 64s] Making install in pam_debug +[ 64s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 64s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 64s] make[3]: Nothing to be done for 'install-exec-am'. +[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 64s] /usr/bin/install -c -m 644 pam_debug.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 64s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_debug.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 64s] libtool: warning: relinking 'pam_debug.la' +[ 64s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_debug.la -rpath /lib64/security pam_debug.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_debug.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_debug.so -o .libs/pam_debug.so +[ 65s] libtool: install: /usr/bin/install -c .libs/pam_debug.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_debug.so +[ 65s] libtool: install: /usr/bin/install -c .libs/pam_debug.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_debug.la +[ 65s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 65s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 65s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 65s] Making install in pam_deny +[ 65s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 65s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 65s] make[3]: Nothing to be done for 'install-exec-am'. +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 65s] /usr/bin/install -c -m 644 pam_deny.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 65s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_deny.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 65s] libtool: warning: relinking 'pam_deny.la' +[ 65s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_deny.la -rpath /lib64/security pam_deny.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_deny.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_deny.so -o .libs/pam_deny.so +[ 65s] libtool: install: /usr/bin/install -c .libs/pam_deny.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_deny.so +[ 65s] libtool: install: /usr/bin/install -c .libs/pam_deny.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_deny.la +[ 65s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 65s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 65s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 65s] Making install in pam_echo +[ 65s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 65s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 65s] make[3]: Nothing to be done for 'install-exec-am'. +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 65s] /usr/bin/install -c -m 644 pam_echo.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 65s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_echo.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 65s] libtool: warning: relinking 'pam_echo.la' +[ 65s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_echo.la -rpath /lib64/security pam_echo.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_echo.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_echo.so -o .libs/pam_echo.so +[ 65s] libtool: install: /usr/bin/install -c .libs/pam_echo.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_echo.so +[ 65s] libtool: install: /usr/bin/install -c .libs/pam_echo.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_echo.la +[ 65s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 65s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 65s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 65s] Making install in pam_env +[ 65s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 65s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc' +[ 65s] /usr/bin/install -c -m 644 environment '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc' +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 65s] /usr/bin/install -c -m 644 pam_env.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 65s] /usr/bin/install -c -m 644 pam_env.conf.5 environment.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 65s] /usr/bin/install -c -m 644 pam_env.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 65s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_env.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 65s] libtool: warning: relinking 'pam_env.la' +[ 65s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_env.la -rpath /lib64/security pam_env.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_env.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_env.so -o .libs/pam_env.so +[ 66s] libtool: install: /usr/bin/install -c .libs/pam_env.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_env.so +[ 66s] libtool: install: /usr/bin/install -c .libs/pam_env.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_env.la +[ 66s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 66s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 66s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 66s] Making install in pam_exec +[ 66s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 66s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 66s] make[3]: Nothing to be done for 'install-exec-am'. +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 66s] /usr/bin/install -c -m 644 pam_exec.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_exec.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 66s] libtool: warning: relinking 'pam_exec.la' +[ 66s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_exec.la -rpath /lib64/security pam_exec.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 66s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_exec.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_exec.so -o .libs/pam_exec.so +[ 66s] libtool: install: /usr/bin/install -c .libs/pam_exec.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_exec.so +[ 66s] libtool: install: /usr/bin/install -c .libs/pam_exec.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_exec.la +[ 66s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 66s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 66s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 66s] Making install in pam_faildelay +[ 66s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 66s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 66s] make[3]: Nothing to be done for 'install-exec-am'. +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 66s] /usr/bin/install -c -m 644 pam_faildelay.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_faildelay.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 66s] libtool: warning: relinking 'pam_faildelay.la' +[ 66s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faildelay.la -rpath /lib64/security pam_faildelay.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 66s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_faildelay.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faildelay.so -o .libs/pam_faildelay.so +[ 66s] libtool: install: /usr/bin/install -c .libs/pam_faildelay.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faildelay.so +[ 66s] libtool: install: /usr/bin/install -c .libs/pam_faildelay.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faildelay.la +[ 66s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 66s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 66s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 66s] Making install in pam_faillock +[ 66s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 66s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c faillock '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 66s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' +[ 66s] libtool: install: /usr/bin/install -c .libs/faillock /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/faillock +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 66s] /usr/bin/install -c -m 644 faillock.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 66s] /usr/bin/install -c -m 644 faillock.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 66s] /usr/bin/install -c -m 644 pam_faillock.8 faillock.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_faillock.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 66s] libtool: warning: relinking 'pam_faillock.la' +[ 66s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faillock.la -rpath /lib64/security pam_faillock.lo faillock.lo ../../libpam/libpam.la -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 67s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_faillock.o .libs/faillock.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faillock.so -o .libs/pam_faillock.so +[ 67s] libtool: install: /usr/bin/install -c .libs/pam_faillock.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faillock.so +[ 67s] libtool: install: /usr/bin/install -c .libs/pam_faillock.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faillock.la +[ 67s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 67s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 67s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 67s] Making install in pam_filter +[ 67s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 67s] Making install in upperLOWER +[ 67s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' +[ 67s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' +[ 67s] make[4]: Nothing to be done for 'install-exec-am'. +[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter' +[ 67s] /bin/sh ../../../libtool --mode=install /usr/bin/install -c upperLOWER '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter' +[ 67s] libtool: warning: '../../../libpam/libpam.la' has not been installed in '/lib64' +[ 67s] libtool: install: /usr/bin/install -c .libs/upperLOWER /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter/upperLOWER +[ 67s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' +[ 67s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' +[ 67s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 67s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 67s] make[4]: Nothing to be done for 'install-exec-am'. +[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 67s] /usr/bin/install -c -m 644 pam_filter.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' +[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 67s] /usr/bin/install -c -m 644 pam_filter.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 67s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_filter.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 67s] libtool: warning: relinking 'pam_filter.la' +[ 67s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_filter.la -rpath /lib64/security pam_filter.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 67s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_filter.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_filter.so -o .libs/pam_filter.so +[ 67s] libtool: install: /usr/bin/install -c .libs/pam_filter.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter.so +[ 67s] libtool: install: /usr/bin/install -c .libs/pam_filter.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter.la +[ 67s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 67s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 67s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 67s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 67s] Making install in pam_ftp +[ 67s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 67s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 67s] make[3]: Nothing to be done for 'install-exec-am'. +[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 67s] /usr/bin/install -c -m 644 pam_ftp.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 67s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_ftp.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 67s] libtool: warning: relinking 'pam_ftp.la' +[ 67s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_ftp.la -rpath /lib64/security pam_ftp.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 67s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_ftp.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_ftp.so -o .libs/pam_ftp.so +[ 68s] libtool: install: /usr/bin/install -c .libs/pam_ftp.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_ftp.so +[ 68s] libtool: install: /usr/bin/install -c .libs/pam_ftp.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_ftp.la +[ 68s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 68s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 68s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 68s] Making install in pam_group +[ 68s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 68s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 68s] make[3]: Nothing to be done for 'install-exec-am'. +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 68s] /usr/bin/install -c -m 644 group.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 68s] /usr/bin/install -c -m 644 group.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 68s] /usr/bin/install -c -m 644 pam_group.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 68s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_group.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 68s] libtool: warning: relinking 'pam_group.la' +[ 68s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_group.la -rpath /lib64/security pam_group.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 68s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_group.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_group.so -o .libs/pam_group.so +[ 68s] libtool: install: /usr/bin/install -c .libs/pam_group.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_group.so +[ 68s] libtool: install: /usr/bin/install -c .libs/pam_group.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_group.la +[ 68s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 68s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 68s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 68s] Making install in pam_issue +[ 68s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 68s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 68s] make[3]: Nothing to be done for 'install-exec-am'. +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 68s] /usr/bin/install -c -m 644 pam_issue.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 68s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_issue.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 68s] libtool: warning: relinking 'pam_issue.la' +[ 68s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_issue.la -rpath /lib64/security pam_issue.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 68s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_issue.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_issue.so -o .libs/pam_issue.so +[ 68s] libtool: install: /usr/bin/install -c .libs/pam_issue.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_issue.so +[ 68s] libtool: install: /usr/bin/install -c .libs/pam_issue.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_issue.la +[ 68s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 68s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 68s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 68s] Making install in pam_keyinit +[ 68s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 68s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 68s] make[3]: Nothing to be done for 'install-exec-am'. +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 68s] /usr/bin/install -c -m 644 pam_keyinit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 68s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_keyinit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 68s] libtool: warning: relinking 'pam_keyinit.la' +[ 68s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_keyinit.la -rpath /lib64/security pam_keyinit.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 68s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_keyinit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_keyinit.so -o .libs/pam_keyinit.so +[ 69s] libtool: install: /usr/bin/install -c .libs/pam_keyinit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_keyinit.so +[ 69s] libtool: install: /usr/bin/install -c .libs/pam_keyinit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_keyinit.la +[ 69s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 69s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 69s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 69s] Making install in pam_lastlog +[ 69s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 69s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 69s] make[3]: Nothing to be done for 'install-exec-am'. +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 69s] /usr/bin/install -c -m 644 pam_lastlog.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 69s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_lastlog.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 69s] libtool: warning: relinking 'pam_lastlog.la' +[ 69s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_lastlog.la -rpath /lib64/security pam_lastlog.lo ../../libpam/libpam.la -lutil -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 69s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_lastlog.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lutil -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_lastlog.so -o .libs/pam_lastlog.so +[ 69s] libtool: install: /usr/bin/install -c .libs/pam_lastlog.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_lastlog.so +[ 69s] libtool: install: /usr/bin/install -c .libs/pam_lastlog.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_lastlog.la +[ 69s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 69s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 69s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 69s] Making install in pam_limits +[ 69s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 69s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 69s] make[3]: Nothing to be done for 'install-exec-am'. +[ 69s] mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security/limits.d +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 69s] /usr/bin/install -c -m 644 limits.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 69s] /usr/bin/install -c -m 644 limits.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 69s] /usr/bin/install -c -m 644 pam_limits.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 69s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_limits.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 69s] libtool: warning: relinking 'pam_limits.la' +[ 69s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include "-DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\"" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_limits.la -rpath /lib64/security pam_limits.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 69s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_limits.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_limits.so -o .libs/pam_limits.so +[ 69s] libtool: install: /usr/bin/install -c .libs/pam_limits.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_limits.so +[ 69s] libtool: install: /usr/bin/install -c .libs/pam_limits.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_limits.la +[ 69s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 69s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 69s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 69s] Making install in pam_listfile +[ 69s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 69s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 69s] make[3]: Nothing to be done for 'install-exec-am'. +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 69s] /usr/bin/install -c -m 644 pam_listfile.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 69s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_listfile.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 70s] libtool: warning: relinking 'pam_listfile.la' +[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_listfile.la -rpath /lib64/security pam_listfile.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 70s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_listfile.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_listfile.so -o .libs/pam_listfile.so +[ 70s] libtool: install: /usr/bin/install -c .libs/pam_listfile.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_listfile.so +[ 70s] libtool: install: /usr/bin/install -c .libs/pam_listfile.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_listfile.la +[ 70s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 70s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 70s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 70s] Making install in pam_localuser +[ 70s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 70s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 70s] make[3]: Nothing to be done for 'install-exec-am'. +[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 70s] /usr/bin/install -c -m 644 pam_localuser.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 70s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_localuser.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 70s] libtool: warning: relinking 'pam_localuser.la' +[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_localuser.la -rpath /lib64/security pam_localuser.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 70s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_localuser.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_localuser.so -o .libs/pam_localuser.so +[ 70s] libtool: install: /usr/bin/install -c .libs/pam_localuser.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_localuser.so +[ 70s] libtool: install: /usr/bin/install -c .libs/pam_localuser.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_localuser.la +[ 70s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 70s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 70s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 70s] Making install in pam_loginuid +[ 70s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 70s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 70s] make[3]: Nothing to be done for 'install-exec-am'. +[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 70s] /usr/bin/install -c -m 644 pam_loginuid.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 70s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_loginuid.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 70s] libtool: warning: relinking 'pam_loginuid.la' +[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_loginuid.la -rpath /lib64/security pam_loginuid.lo ../../libpam/libpam.la -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 70s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_loginuid.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_loginuid.so -o .libs/pam_loginuid.so +[ 70s] libtool: install: /usr/bin/install -c .libs/pam_loginuid.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_loginuid.so +[ 70s] libtool: install: /usr/bin/install -c .libs/pam_loginuid.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_loginuid.la +[ 70s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 70s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 70s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 70s] Making install in pam_mail +[ 70s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 70s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 70s] make[3]: Nothing to be done for 'install-exec-am'. +[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 70s] /usr/bin/install -c -m 644 pam_mail.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 70s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_mail.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 70s] libtool: warning: relinking 'pam_mail.la' +[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mail.la -rpath /lib64/security pam_mail.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 71s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_mail.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mail.so -o .libs/pam_mail.so +[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mail.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mail.so +[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mail.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mail.la +[ 71s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 71s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 71s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 71s] Making install in pam_mkhomedir +[ 71s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 71s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 71s] /bin/sh ../../libtool --mode=install /usr/bin/install -c mkhomedir_helper '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 71s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' +[ 71s] libtool: install: /usr/bin/install -c .libs/mkhomedir_helper /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/mkhomedir_helper +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 71s] /usr/bin/install -c -m 644 pam_mkhomedir.8 mkhomedir_helper.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 71s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_mkhomedir.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 71s] libtool: warning: relinking 'pam_mkhomedir.la' +[ 71s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mkhomedir.la -rpath /lib64/security pam_mkhomedir.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 71s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_mkhomedir.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mkhomedir.so -o .libs/pam_mkhomedir.so +[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mkhomedir.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mkhomedir.so +[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mkhomedir.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mkhomedir.la +[ 71s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 71s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 71s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 71s] Making install in pam_motd +[ 71s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 71s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 71s] make[3]: Nothing to be done for 'install-exec-am'. +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 71s] /usr/bin/install -c -m 644 pam_motd.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 71s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_motd.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 71s] libtool: warning: relinking 'pam_motd.la' +[ 71s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_motd.la -rpath /lib64/security pam_motd.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 71s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_motd.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_motd.so -o .libs/pam_motd.so +[ 71s] libtool: install: /usr/bin/install -c .libs/pam_motd.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_motd.so +[ 71s] libtool: install: /usr/bin/install -c .libs/pam_motd.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_motd.la +[ 71s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 71s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 71s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 71s] Making install in pam_namespace +[ 71s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 71s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 71s] /usr/bin/install -c pam_namespace_helper '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 71s] mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security/namespace.d +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 71s] /usr/bin/install -c -m 644 namespace.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 71s] /usr/bin/install -c namespace.init '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 71s] /usr/bin/install -c -m 644 namespace.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 71s] /usr/bin/install -c -m 644 pam_namespace.8 pam_namespace_helper.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 72s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_namespace.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 72s] libtool: warning: relinking 'pam_namespace.la' +[ 72s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_namespace.la -rpath /lib64/security pam_namespace.lo md5.lo argv_parse.lo ../../libpam/libpam.la -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 72s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_namespace.o .libs/md5.o .libs/argv_parse.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_namespace.so -o .libs/pam_namespace.so +[ 72s] libtool: install: /usr/bin/install -c .libs/pam_namespace.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_namespace.so +[ 72s] libtool: install: /usr/bin/install -c .libs/pam_namespace.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_namespace.la +[ 72s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/systemd/system' +[ 72s] /usr/bin/install -c -m 644 pam_namespace.service '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/systemd/system' +[ 72s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 72s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 72s] Making install in pam_nologin +[ 72s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 72s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 72s] make[3]: Nothing to be done for 'install-exec-am'. +[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 72s] /usr/bin/install -c -m 644 pam_nologin.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 72s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_nologin.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 72s] libtool: warning: relinking 'pam_nologin.la' +[ 72s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_nologin.la -rpath /lib64/security pam_nologin.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 72s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_nologin.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_nologin.so -o .libs/pam_nologin.so +[ 73s] libtool: install: /usr/bin/install -c .libs/pam_nologin.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_nologin.so +[ 73s] libtool: install: /usr/bin/install -c .libs/pam_nologin.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_nologin.la +[ 73s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 73s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 73s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 73s] Making install in pam_permit +[ 73s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 73s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 73s] make[3]: Nothing to be done for 'install-exec-am'. +[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 73s] /usr/bin/install -c -m 644 pam_permit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_permit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 73s] libtool: warning: relinking 'pam_permit.la' +[ 73s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_permit.la -rpath /lib64/security pam_permit.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 73s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_permit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_permit.so -o .libs/pam_permit.so +[ 73s] libtool: install: /usr/bin/install -c .libs/pam_permit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_permit.so +[ 73s] libtool: install: /usr/bin/install -c .libs/pam_permit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_permit.la +[ 73s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 73s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 73s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 73s] Making install in pam_pwhistory +[ 73s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 73s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pwhistory_helper '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 73s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' +[ 73s] libtool: install: /usr/bin/install -c .libs/pwhistory_helper /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/pwhistory_helper +[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 73s] /usr/bin/install -c -m 644 pam_pwhistory.8 pwhistory_helper.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_pwhistory.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 73s] libtool: warning: relinking 'pam_pwhistory.la' +[ 73s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_pwhistory.la -rpath /lib64/security pam_pwhistory_la-pam_pwhistory.lo pam_pwhistory_la-opasswd.lo ../../libpam/libpam.la -lxcrypt -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 73s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_pwhistory_la-pam_pwhistory.o .libs/pam_pwhistory_la-opasswd.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_pwhistory.so -o .libs/pam_pwhistory.so +[ 73s] libtool: install: /usr/bin/install -c .libs/pam_pwhistory.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_pwhistory.so +[ 73s] libtool: install: /usr/bin/install -c .libs/pam_pwhistory.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_pwhistory.la +[ 73s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 73s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 73s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 73s] Making install in pam_rhosts +[ 73s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 73s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 73s] make[3]: Nothing to be done for 'install-exec-am'. +[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 73s] /usr/bin/install -c -m 644 pam_rhosts.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_rhosts.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 73s] libtool: warning: relinking 'pam_rhosts.la' +[ 73s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rhosts.la -rpath /lib64/security pam_rhosts.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 73s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_rhosts.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rhosts.so -o .libs/pam_rhosts.so +[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rhosts.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rhosts.so +[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rhosts.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rhosts.la +[ 74s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 74s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 74s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 74s] Making install in pam_rootok +[ 74s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 74s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 74s] make[3]: Nothing to be done for 'install-exec-am'. +[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 74s] /usr/bin/install -c -m 644 pam_rootok.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 74s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_rootok.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 74s] libtool: warning: relinking 'pam_rootok.la' +[ 74s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rootok.la -rpath /lib64/security pam_rootok.lo ../../libpam/libpam.la -lselinux -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 74s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_rootok.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rootok.so -o .libs/pam_rootok.so +[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rootok.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rootok.so +[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rootok.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rootok.la +[ 74s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 74s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 74s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 74s] Making install in pam_securetty +[ 74s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 74s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 74s] make[3]: Nothing to be done for 'install-exec-am'. +[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 74s] /usr/bin/install -c -m 644 pam_securetty.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 74s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_securetty.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 74s] libtool: warning: relinking 'pam_securetty.la' +[ 74s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_securetty.la -rpath /lib64/security pam_securetty.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 74s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_securetty.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_securetty.so -o .libs/pam_securetty.so +[ 74s] libtool: install: /usr/bin/install -c .libs/pam_securetty.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_securetty.so +[ 74s] libtool: install: /usr/bin/install -c .libs/pam_securetty.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_securetty.la +[ 74s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 74s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 74s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 74s] Making install in pam_selinux +[ 74s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 74s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 74s] make[3]: Nothing to be done for 'install-exec-am'. +[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 74s] /usr/bin/install -c -m 644 pam_selinux.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 74s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_selinux.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 74s] libtool: warning: relinking 'pam_selinux.la' +[ 74s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_selinux.la -rpath /lib64/security pam_selinux.lo ../../libpam/libpam.la -lselinux -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 74s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_selinux.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_selinux.so -o .libs/pam_selinux.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_selinux.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_selinux.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_selinux.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_selinux.la +[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 75s] Making install in pam_sepermit +[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 75s] make[3]: Nothing to be done for 'install-exec-am'. +[ 75s] mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/var/run/sepermit +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 75s] /usr/bin/install -c -m 644 sepermit.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 75s] /usr/bin/install -c -m 644 sepermit.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 75s] /usr/bin/install -c -m 644 pam_sepermit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 75s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_sepermit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 75s] libtool: warning: relinking 'pam_sepermit.la' +[ 75s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_sepermit.la -rpath /lib64/security pam_sepermit.lo ../../libpam/libpam.la -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 75s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_sepermit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_sepermit.so -o .libs/pam_sepermit.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_sepermit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_sepermit.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_sepermit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_sepermit.la +[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 75s] Making install in pam_setquota +[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 75s] make[3]: Nothing to be done for 'install-exec-am'. +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 75s] /usr/bin/install -c -m 644 pam_setquota.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 75s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_setquota.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 75s] libtool: warning: relinking 'pam_setquota.la' +[ 75s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_setquota.la -rpath /lib64/security pam_setquota.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 75s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_setquota.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_setquota.so -o .libs/pam_setquota.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_setquota.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_setquota.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_setquota.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_setquota.la +[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 75s] Making install in pam_shells +[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 75s] make[3]: Nothing to be done for 'install-exec-am'. +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 75s] /usr/bin/install -c -m 644 pam_shells.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 75s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_shells.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 75s] libtool: warning: relinking 'pam_shells.la' +[ 75s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_shells.la -rpath /lib64/security pam_shells.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 75s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_shells.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_shells.so -o .libs/pam_shells.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_shells.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_shells.so +[ 75s] libtool: install: /usr/bin/install -c .libs/pam_shells.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_shells.la +[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 75s] Making install in pam_stress +[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 75s] make[3]: Nothing to be done for 'install-exec-am'. +[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 76s] /usr/bin/install -c -m 644 pam_stress.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_stress.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 76s] libtool: warning: relinking 'pam_stress.la' +[ 76s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_stress.la -rpath /lib64/security pam_stress.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 76s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_stress.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_stress.so -o .libs/pam_stress.so +[ 76s] libtool: install: /usr/bin/install -c .libs/pam_stress.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_stress.so +[ 76s] libtool: install: /usr/bin/install -c .libs/pam_stress.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_stress.la +[ 76s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 76s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 76s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 76s] Making install in pam_succeed_if +[ 76s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 76s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 76s] make[3]: Nothing to be done for 'install-exec-am'. +[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 76s] /usr/bin/install -c -m 644 pam_succeed_if.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_succeed_if.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 76s] libtool: warning: relinking 'pam_succeed_if.la' +[ 76s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_succeed_if.la -rpath /lib64/security pam_succeed_if.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 76s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_succeed_if.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_succeed_if.so -o .libs/pam_succeed_if.so +[ 76s] libtool: install: /usr/bin/install -c .libs/pam_succeed_if.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_succeed_if.so +[ 76s] libtool: install: /usr/bin/install -c .libs/pam_succeed_if.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_succeed_if.la +[ 76s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 76s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 76s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 76s] Making install in pam_tally2 +[ 76s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 76s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_tally2 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 76s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' +[ 76s] libtool: install: /usr/bin/install -c .libs/pam_tally2 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/pam_tally2 +[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_tally2.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 76s] libtool: warning: relinking 'pam_tally2.la' +[ 76s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tally2.la -rpath /lib64/security pam_tally2.lo ../../libpam/libpam.la -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 76s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_tally2.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tally2.so -o .libs/pam_tally2.so +[ 77s] libtool: install: /usr/bin/install -c .libs/pam_tally2.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tally2.so +[ 77s] libtool: install: /usr/bin/install -c .libs/pam_tally2.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tally2.la +[ 77s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 77s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 77s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 77s] Making install in pam_time +[ 77s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 77s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 77s] make[3]: Nothing to be done for 'install-exec-am'. +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 77s] /usr/bin/install -c -m 644 time.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 77s] /usr/bin/install -c -m 644 time.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 77s] /usr/bin/install -c -m 644 pam_time.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_time.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 77s] libtool: warning: relinking 'pam_time.la' +[ 77s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_time.la -rpath /lib64/security pam_time.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 77s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_time.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_time.so -o .libs/pam_time.so +[ 77s] libtool: install: /usr/bin/install -c .libs/pam_time.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_time.so +[ 77s] libtool: install: /usr/bin/install -c .libs/pam_time.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_time.la +[ 77s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 77s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 77s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 77s] Making install in pam_timestamp +[ 77s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 77s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_timestamp_check '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 77s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' +[ 77s] libtool: install: /usr/bin/install -c .libs/pam_timestamp_check /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/pam_timestamp_check +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 77s] /usr/bin/install -c -m 644 pam_timestamp.8 pam_timestamp_check.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_timestamp.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 77s] libtool: warning: relinking 'pam_timestamp.la' +[ 77s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_timestamp.la -rpath /lib64/security pam_timestamp_la-pam_timestamp.lo pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 77s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_timestamp_la-pam_timestamp.o .libs/pam_timestamp_la-hmacsha1.o .libs/pam_timestamp_la-sha1.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_timestamp.so -o .libs/pam_timestamp.so +[ 77s] libtool: install: /usr/bin/install -c .libs/pam_timestamp.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_timestamp.so +[ 77s] libtool: install: /usr/bin/install -c .libs/pam_timestamp.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_timestamp.la +[ 77s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 77s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 77s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 77s] Making install in pam_tty_audit +[ 77s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 77s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 77s] make[3]: Nothing to be done for 'install-exec-am'. +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 77s] /usr/bin/install -c -m 644 pam_tty_audit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_tty_audit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 78s] libtool: warning: relinking 'pam_tty_audit.la' +[ 78s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tty_audit.la -rpath /lib64/security pam_tty_audit.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 78s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_tty_audit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tty_audit.so -o .libs/pam_tty_audit.so +[ 78s] libtool: install: /usr/bin/install -c .libs/pam_tty_audit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tty_audit.so +[ 78s] libtool: install: /usr/bin/install -c .libs/pam_tty_audit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tty_audit.la +[ 78s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 78s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 78s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 78s] Making install in pam_umask +[ 78s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 78s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 78s] make[3]: Nothing to be done for 'install-exec-am'. +[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 78s] /usr/bin/install -c -m 644 pam_umask.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 78s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_umask.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 78s] libtool: warning: relinking 'pam_umask.la' +[ 78s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_umask.la -rpath /lib64/security pam_umask.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 78s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_umask.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_umask.so -o .libs/pam_umask.so +[ 78s] libtool: install: /usr/bin/install -c .libs/pam_umask.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_umask.so +[ 78s] libtool: install: /usr/bin/install -c .libs/pam_umask.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_umask.la +[ 78s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 78s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 78s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 78s] Making install in pam_unix +[ 78s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 78s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 78s] /bin/sh ../../libtool --mode=install /usr/bin/install -c unix_chkpwd unix_update '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' +[ 78s] libtool: install: /usr/bin/install -c unix_chkpwd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/unix_chkpwd +[ 78s] libtool: install: /usr/bin/install -c unix_update /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/unix_update +[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 78s] /usr/bin/install -c -m 644 pam_unix.8 unix_chkpwd.8 unix_update.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 78s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_unix.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 78s] libtool: warning: relinking 'pam_unix.la' +[ 78s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_unix.la -rpath /lib64/security bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo yppasswd_xdr.lo md5_good.lo md5_broken.lo ../../libpam/libpam.la -lxcrypt -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 78s] libtool: relink: gcc -shared -fPIC -DPIC .libs/bigcrypt.o .libs/pam_unix_acct.o .libs/pam_unix_auth.o .libs/pam_unix_passwd.o .libs/pam_unix_sess.o .libs/support.o .libs/passverify.o .libs/yppasswd_xdr.o .libs/md5_good.o .libs/md5_broken.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_unix.so -o .libs/pam_unix.so +[ 79s] libtool: install: /usr/bin/install -c .libs/pam_unix.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so +[ 79s] libtool: install: /usr/bin/install -c .libs/pam_unix.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.la +[ 79s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 79s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 79s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 79s] Making install in pam_userdb +[ 79s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 79s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 79s] make[3]: Nothing to be done for 'install-exec-am'. +[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 79s] /usr/bin/install -c -m 644 pam_userdb.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 79s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_userdb.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 79s] libtool: warning: relinking 'pam_userdb.la' +[ 79s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -ldb -lxcrypt -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_userdb.la -rpath /lib64/security pam_userdb.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 79s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_userdb.o -ldb -lxcrypt -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_userdb.so -o .libs/pam_userdb.so +[ 79s] libtool: install: /usr/bin/install -c .libs/pam_userdb.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_userdb.so +[ 79s] libtool: install: /usr/bin/install -c .libs/pam_userdb.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_userdb.la +[ 79s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 79s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 79s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 79s] Making install in pam_usertype +[ 79s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 79s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 79s] make[3]: Nothing to be done for 'install-exec-am'. +[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 79s] /usr/bin/install -c -m 644 pam_usertype.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 79s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_usertype.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 79s] libtool: warning: relinking 'pam_usertype.la' +[ 79s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_usertype.la -rpath /lib64/security pam_usertype.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 79s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_usertype.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_usertype.so -o .libs/pam_usertype.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_usertype.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_usertype.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_usertype.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_usertype.la +[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 80s] Making install in pam_warn +[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 80s] make[3]: Nothing to be done for 'install-exec-am'. +[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 80s] /usr/bin/install -c -m 644 pam_warn.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 80s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_warn.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 80s] libtool: warning: relinking 'pam_warn.la' +[ 80s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_warn.la -rpath /lib64/security pam_warn.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 80s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_warn.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_warn.so -o .libs/pam_warn.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_warn.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_warn.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_warn.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_warn.la +[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 80s] Making install in pam_wheel +[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 80s] make[3]: Nothing to be done for 'install-exec-am'. +[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 80s] /usr/bin/install -c -m 644 pam_wheel.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 80s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_wheel.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 80s] libtool: warning: relinking 'pam_wheel.la' +[ 80s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_wheel.la -rpath /lib64/security pam_wheel.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 80s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_wheel.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_wheel.so -o .libs/pam_wheel.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_wheel.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_wheel.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_wheel.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_wheel.la +[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 80s] Making install in pam_xauth +[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 80s] make[3]: Nothing to be done for 'install-exec-am'. +[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 80s] /usr/bin/install -c -m 644 pam_xauth.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 80s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_xauth.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' +[ 80s] libtool: warning: relinking 'pam_xauth.la' +[ 80s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_xauth.la -rpath /lib64/security pam_xauth.lo ../../libpam/libpam.la -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) +[ 80s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_xauth.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_xauth.so -o .libs/pam_xauth.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_xauth.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_xauth.so +[ 80s] libtool: install: /usr/bin/install -c .libs/pam_xauth.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_xauth.la +[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' +[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 80s] make[3]: Nothing to be done for 'install-exec-am'. +[ 80s] make[3]: Nothing to be done for 'install-data-am'. +[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 80s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' +[ 80s] Making install in po +[ 80s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' +[ 80s] installing af.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo +[ 80s] installing am.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo +[ 80s] installing ar.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo +[ 80s] installing as.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo +[ 80s] installing be.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing bg.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing bn_IN.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing bn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing bs.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ca.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing cs.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing cy.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing da.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing de_CH.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing de.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing el.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing eo.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing es.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing et.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing eu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing fa.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing fi.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing fr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ga.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing gl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing gu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing he.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing hi.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing hr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing hu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ia.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing id.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing is.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing it.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ja.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ka.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing kk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing km.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing kn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ko.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing kw_GB.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ky.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing lt.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing lv.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing mk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ml.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing mn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing mr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ms.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing my.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing nb.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ne.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing nl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing nn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing or.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing pa.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing pl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing pt_BR.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing pt.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ro.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ru.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing si.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing sk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing sl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing sq.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing sr@latin.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing sr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing sv.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ta.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing te.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing tg.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing th.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing tr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing uk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing ur.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing vi.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing yo.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing zh_CN.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing zh_HK.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing zh_TW.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing zu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo +[ 81s] installing az.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo +[ 81s] if test "Linux-PAM" = "gettext-tools"; then \ +[ 81s] /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/gettext/po; \ +[ 81s] for file in Makefile.in.in remove-potcdate.sin quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot Makevars.template; do \ +[ 81s] /usr/bin/install -c -m 644 ./$file \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/gettext/po/$file; \ +[ 81s] done; \ +[ 81s] for file in Makevars; do \ +[ 81s] rm -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/gettext/po/$file; \ +[ 81s] done; \ +[ 81s] else \ +[ 81s] : ; \ +[ 81s] fi +[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' +[ 81s] Making install in conf +[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 81s] Making install in pam_conv1 +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 81s] make install-am +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 81s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 81s] make[4]: Nothing to be done for 'install-exec-am'. +[ 81s] make[4]: Nothing to be done for 'install-data-am'. +[ 81s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 81s] make[3]: Nothing to be done for 'install-exec-am'. +[ 81s] make[3]: Nothing to be done for 'install-data-am'. +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' +[ 81s] Making install in examples +[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' +[ 81s] make[2]: Nothing to be done for 'install-exec-am'. +[ 81s] make[2]: Nothing to be done for 'install-data-am'. +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' +[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' +[ 81s] Making install in xtests +[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' +[ 81s] make[2]: Nothing to be done for 'install-exec-am'. +[ 81s] make[2]: Nothing to be done for 'install-data-am'. +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' +[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' +[ 81s] Making install in doc +[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 81s] Making install in man +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 81s] make[3]: Nothing to be done for 'install-exec-am'. +[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' +[ 81s] /usr/bin/install -c -m 644 pam.3 pam_acct_mgmt.3 pam_authenticate.3 pam_chauthtok.3 pam_close_session.3 pam_conv.3 pam_end.3 pam_error.3 pam_fail_delay.3 pam_xauth_data.3 pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 pam_getenvlist.3 pam_info.3 pam_open_session.3 pam_prompt.3 pam_putenv.3 pam_set_data.3 pam_set_item.3 pam_syslog.3 pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 misc_conv.3 pam_misc_paste_env.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' +[ 81s] /usr/bin/install -c -m 644 pam_misc_drop_env.3 pam_misc_setenv.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' +[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 81s] /usr/bin/install -c -m 644 pam.conf.5 pam.d.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 81s] /usr/bin/install -c -m 644 PAM.8 pam.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 81s] Making install in specs +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 81s] make install-am +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 81s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 81s] make[4]: Nothing to be done for 'install-exec-am'. +[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' +[ 81s] /usr/bin/install -c -m 644 draft-morgan-pam-current.txt rfc86.0.txt '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' +[ 81s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 81s] Making install in sag +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 81s] make[3]: Nothing to be done for 'install-exec-am'. +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html +[ 81s] if test -f html/Linux-PAM_SAG.html; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_SAG.html html/sag-*.html \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 81s] elif test -f ./html/Linux-PAM_SAG.html; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_SAG.html \ +[ 81s] ./html/sag-*.html \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 81s] fi +[ 81s] if test -f Linux-PAM_SAG.txt; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 81s] elif test -f ./Linux-PAM_SAG.txt; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.txt \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 81s] fi +[ 81s] if test -f Linux-PAM_SAG.pdf; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 81s] elif test -f ./Linux-PAM_SAG.pdf; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.pdf \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 81s] fi +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 81s] Making install in adg +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 81s] make[3]: Nothing to be done for 'install-exec-am'. +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html +[ 81s] if test -f html/Linux-PAM_ADG.html; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_ADG.html html/adg-*.html \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 81s] elif test -f ./html/Linux-PAM_ADG.html; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_ADG.html \ +[ 81s] ./html/adg-*.html \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 81s] fi +[ 81s] if test -f Linux-PAM_ADG.txt; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 81s] elif test -f ./Linux-PAM_ADG.txt; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.txt \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 81s] fi +[ 81s] if test -f Linux-PAM_ADG.pdf; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 81s] elif test -f ./Linux-PAM_ADG.pdf; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.pdf \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 81s] fi +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 81s] Making install in mwg +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 81s] make[3]: Nothing to be done for 'install-exec-am'. +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html +[ 81s] if test -f html/Linux-PAM_MWG.html; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_MWG.html html/mwg-*.html \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 81s] elif test -f ./html/Linux-PAM_MWG.html; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_MWG.html \ +[ 81s] ./html/mwg-*.html \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 81s] fi +[ 81s] if test -f Linux-PAM_MWG.txt; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 81s] elif test -f ./Linux-PAM_MWG.txt; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.txt \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 81s] fi +[ 81s] if test -f Linux-PAM_MWG.pdf; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 81s] elif test -f ./Linux-PAM_MWG.pdf; then \ +[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.pdf \ +[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 81s] fi +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 81s] make[3]: Nothing to be done for 'install-exec-am'. +[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' +[ 81s] /usr/bin/install -c -m 644 index.html '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' +[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 81s] make[2]: Nothing to be done for 'install-exec-am'. +[ 81s] make[2]: Nothing to be done for 'install-data-am'. +[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' +[ 81s] + /sbin/ldconfig -n /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 +[ 81s] + make install DESTDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -C doc +[ 81s] make: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 81s] Making install in man +[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 81s] make[2]: Nothing to be done for 'install-exec-am'. +[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' +[ 82s] /usr/bin/install -c -m 644 pam.3 pam_acct_mgmt.3 pam_authenticate.3 pam_chauthtok.3 pam_close_session.3 pam_conv.3 pam_end.3 pam_error.3 pam_fail_delay.3 pam_xauth_data.3 pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 pam_getenvlist.3 pam_info.3 pam_open_session.3 pam_prompt.3 pam_putenv.3 pam_set_data.3 pam_set_item.3 pam_syslog.3 pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 misc_conv.3 pam_misc_paste_env.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' +[ 82s] /usr/bin/install -c -m 644 pam_misc_drop_env.3 pam_misc_setenv.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' +[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 82s] /usr/bin/install -c -m 644 pam.conf.5 pam.d.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' +[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 82s] /usr/bin/install -c -m 644 PAM.8 pam.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' +[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' +[ 82s] Making install in specs +[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 82s] make install-am +[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 82s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 82s] make[3]: Nothing to be done for 'install-exec-am'. +[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' +[ 82s] /usr/bin/install -c -m 644 draft-morgan-pam-current.txt rfc86.0.txt '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' +[ 82s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' +[ 82s] Making install in sag +[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 82s] make[2]: Nothing to be done for 'install-exec-am'. +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html +[ 82s] if test -f html/Linux-PAM_SAG.html; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_SAG.html html/sag-*.html \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 82s] elif test -f ./html/Linux-PAM_SAG.html; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_SAG.html \ +[ 82s] ./html/sag-*.html \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 82s] fi +[ 82s] if test -f Linux-PAM_SAG.txt; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 82s] elif test -f ./Linux-PAM_SAG.txt; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.txt \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 82s] fi +[ 82s] if test -f Linux-PAM_SAG.pdf; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 82s] elif test -f ./Linux-PAM_SAG.pdf; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.pdf \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 82s] fi +[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' +[ 82s] Making install in adg +[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 82s] make[2]: Nothing to be done for 'install-exec-am'. +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html +[ 82s] if test -f html/Linux-PAM_ADG.html; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_ADG.html html/adg-*.html \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 82s] elif test -f ./html/Linux-PAM_ADG.html; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_ADG.html \ +[ 82s] ./html/adg-*.html \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 82s] fi +[ 82s] if test -f Linux-PAM_ADG.txt; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 82s] elif test -f ./Linux-PAM_ADG.txt; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.txt \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 82s] fi +[ 82s] if test -f Linux-PAM_ADG.pdf; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 82s] elif test -f ./Linux-PAM_ADG.pdf; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.pdf \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 82s] fi +[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' +[ 82s] Making install in mwg +[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 82s] make[2]: Nothing to be done for 'install-exec-am'. +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html +[ 82s] if test -f html/Linux-PAM_MWG.html; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_MWG.html html/mwg-*.html \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 82s] elif test -f ./html/Linux-PAM_MWG.html; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_MWG.html \ +[ 82s] ./html/mwg-*.html \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ +[ 82s] fi +[ 82s] if test -f Linux-PAM_MWG.txt; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 82s] elif test -f ./Linux-PAM_MWG.txt; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.txt \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ +[ 82s] fi +[ 82s] if test -f Linux-PAM_MWG.pdf; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 82s] elif test -f ./Linux-PAM_MWG.pdf; then \ +[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.pdf \ +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ +[ 82s] fi +[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' +[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 82s] make[2]: Nothing to be done for 'install-exec-am'. +[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' +[ 82s] /usr/bin/install -c -m 644 index.html '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' +[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 82s] make: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' +[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/securetty /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc +[ 82s] + install -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security/namespace.d +[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/other.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/other +[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-auth.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-auth +[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-account.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-account +[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-password.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-password +[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-session.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-session +[ 82s] + rm /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.so +[ 82s] + ln -sf ../../lib64/libpam.so.0.85.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64/libpam.so +[ 82s] + rm /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.so +[ 82s] + ln -sf ../../lib64/libpamc.so.0.82.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64/libpamc.so +[ 82s] + rm /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.so +[ 82s] + ln -sf ../../lib64/libpam_misc.so.0.82.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64/libpam_misc.so +[ 82s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/motd.d +[ 82s] + find /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -type f -name '*.la' -delete -print +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_access.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_cracklib.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_debug.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_deny.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_echo.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_env.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_exec.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faildelay.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faillock.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_ftp.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_group.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_issue.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_keyinit.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_lastlog.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_limits.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_listfile.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_localuser.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_loginuid.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mail.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mkhomedir.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_motd.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_namespace.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_nologin.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_permit.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_pwhistory.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rhosts.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rootok.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_securetty.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_selinux.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_sepermit.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_setquota.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_shells.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_stress.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_succeed_if.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tally2.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_time.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_timestamp.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tty_audit.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_umask.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_userdb.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_usertype.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_warn.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_wheel.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_xauth.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.la +[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.la +[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session +[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_auth.so +[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session +[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_acct.so +[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session +[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_passwd.so +[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session +[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_session.so +[ 82s] + DOC=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 82s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules +[ 82s] + pushd modules +[ 82s] ~/rpmbuild/BUILD/Linux-PAM-1.5.1/modules ~/rpmbuild/BUILD/Linux-PAM-1.5.1 +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_access/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_access +[ 82s] 'pam_access/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_access' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_debug/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_debug +[ 82s] 'pam_debug/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_debug' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_deny/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_deny +[ 82s] 'pam_deny/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_deny' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_echo/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_echo +[ 82s] 'pam_echo/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_echo' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_env/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_env +[ 82s] 'pam_env/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_env' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_exec/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_exec +[ 82s] 'pam_exec/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_exec' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_faildelay/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faildelay +[ 82s] 'pam_faildelay/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faildelay' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_faillock/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faillock +[ 82s] 'pam_faillock/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faillock' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_filter/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_filter +[ 82s] 'pam_filter/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_filter' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_ftp/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_ftp +[ 82s] 'pam_ftp/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_ftp' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_group/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_group +[ 82s] 'pam_group/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_group' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_issue/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_issue +[ 82s] 'pam_issue/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_issue' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_keyinit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_keyinit +[ 82s] 'pam_keyinit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_keyinit' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_lastlog/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_lastlog +[ 82s] 'pam_lastlog/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_lastlog' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_limits/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_limits +[ 82s] 'pam_limits/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_limits' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_listfile/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_listfile +[ 82s] 'pam_listfile/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_listfile' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_localuser/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_localuser +[ 82s] 'pam_localuser/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_localuser' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_loginuid/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_loginuid +[ 82s] 'pam_loginuid/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_loginuid' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_mail/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mail +[ 82s] 'pam_mail/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mail' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_mkhomedir/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mkhomedir +[ 82s] 'pam_mkhomedir/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mkhomedir' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_motd/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_motd +[ 82s] 'pam_motd/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_motd' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_namespace/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_namespace +[ 82s] 'pam_namespace/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_namespace' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_nologin/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_nologin +[ 82s] 'pam_nologin/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_nologin' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_permit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_permit +[ 82s] 'pam_permit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_permit' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_pwhistory/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_pwhistory +[ 82s] 'pam_pwhistory/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_pwhistory' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_rhosts/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rhosts +[ 82s] 'pam_rhosts/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rhosts' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_rootok/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rootok +[ 82s] 'pam_rootok/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rootok' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_securetty/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_securetty +[ 82s] 'pam_securetty/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_securetty' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_selinux/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_selinux +[ 82s] 'pam_selinux/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_selinux' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_sepermit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_sepermit +[ 82s] 'pam_sepermit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_sepermit' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_setquota/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_setquota +[ 82s] 'pam_setquota/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_setquota' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_shells/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_shells +[ 82s] 'pam_shells/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_shells' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_stress/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_stress +[ 82s] 'pam_stress/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_stress' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_succeed_if/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_succeed_if +[ 82s] 'pam_succeed_if/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_succeed_if' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_time/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_time +[ 82s] 'pam_time/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_time' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_timestamp/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_timestamp +[ 82s] 'pam_timestamp/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_timestamp' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_tty_audit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_tty_audit +[ 82s] 'pam_tty_audit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_tty_audit' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_umask/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_umask +[ 82s] 'pam_umask/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_umask' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_unix/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_unix +[ 82s] 'pam_unix/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_unix' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_userdb/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_userdb +[ 82s] 'pam_userdb/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_userdb' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_usertype/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_usertype +[ 82s] 'pam_usertype/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_usertype' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_warn/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_warn +[ 82s] 'pam_warn/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_warn' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_wheel/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_wheel +[ 82s] 'pam_wheel/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_wheel' +[ 82s] + for i in pam_*/README +[ 82s] + cp -fpv pam_xauth/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_xauth +[ 82s] 'pam_xauth/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_xauth' +[ 82s] + popd +[ 82s] ~/rpmbuild/BUILD/Linux-PAM-1.5.1 +[ 82s] + install -m 755 /home/abuild/rpmbuild/BUILD/unix2_chkpwd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin +[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/unix2_chkpwd.8 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64//usr/share/man/man8/ +[ 82s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/rpm/macros.d +[ 82s] + echo '%_pamdir /lib64/security' +[ 82s] + /usr/lib/rpm/find-lang.sh /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 Linux-PAM +[ 82s] removing translation /usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 82s] removing translation /usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 82s] removing translation /usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 82s] removing translation /usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 82s] removing translation /usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo: 23 translated messages. +[ 82s] removing translation /usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 82s] removing translation /usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 82s] removing translation /usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 82s] removing translation /usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo: 1 translated message. +[ 82s] removing translation /usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 83s] removing translation /usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo: 64 translated messages. +[ 83s] removing translation /usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 83s] removing translation /usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 83s] removing translation /usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. +[ 83s] removing translation /usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo: 61 translated messages. +[ 83s] removing translation /usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo: 19 translated messages. +[ 83s] + /usr/lib/rpm/brp-compress +[ 83s] + /usr/lib/rpm/brp-suse +[ 83s] calling /usr/lib/rpm/brp-suse.d/brp-05-permissions +[ 83s] calling /usr/lib/rpm/brp-suse.d/brp-15-strip-debug +[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-25-symlink +[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-40-rootfs +[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-45-tcl +[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-50-generate-fips-hmac +[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-75-ar +[ 84s] Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.gLO8R7 +[ 84s] + umask 022 +[ 84s] + cd /home/abuild/rpmbuild/BUILD +[ 84s] + cd Linux-PAM-1.5.1 +[ 84s] + /usr/bin/make -O -j8 V=1 VERBOSE=1 check +[ 84s] Making check in libpam +[ 84s] make[1]: Nothing to be done for 'check'. +[ 84s] Making check in tests +[ 84s] /usr/bin/make tst-pam_start tst-pam_end tst-pam_fail_delay tst-pam_open_session tst-pam_close_session tst-pam_acct_mgmt tst-pam_authenticate tst-pam_chauthtok tst-pam_setcred tst-pam_get_item tst-pam_set_item tst-pam_getenvlist tst-pam_get_user tst-pam_set_data tst-pam_mkargv tst-pam_start_confdir tst-dlopen +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_open_session.o tst-pam_open_session.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_start.o tst-pam_start.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_fail_delay.o tst-pam_fail_delay.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_close_session.o tst-pam_close_session.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_acct_mgmt.o tst-pam_acct_mgmt.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_authenticate.o tst-pam_authenticate.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_chauthtok.o tst-pam_chauthtok.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_end.o tst-pam_end.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_get_item.o tst-pam_get_item.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_set_item.o tst-pam_set_item.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_get_user.o tst-pam_get_user.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_getenvlist.o tst-pam_getenvlist.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_mkargv.o tst-pam_mkargv.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-dlopen.o tst-dlopen.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_start_confdir.o tst-pam_start_confdir.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_set_data.o tst-pam_set_data.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_setcred.o tst-pam_setcred.c +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_end tst-pam_end.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_end tst-pam_end.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_start tst-pam_start.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_start tst-pam_start.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_authenticate tst-pam_authenticate.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_authenticate tst-pam_authenticate.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_chauthtok tst-pam_chauthtok.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_chauthtok tst-pam_chauthtok.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_fail_delay tst-pam_fail_delay.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_fail_delay tst-pam_fail_delay.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_close_session tst-pam_close_session.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_close_session tst-pam_close_session.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_acct_mgmt tst-pam_acct_mgmt.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_acct_mgmt tst-pam_acct_mgmt.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_open_session tst-pam_open_session.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_open_session tst-pam_open_session.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_setcred tst-pam_setcred.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_setcred tst-pam_setcred.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_get_item tst-pam_get_item.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_get_item tst-pam_get_item.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_getenvlist tst-pam_getenvlist.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_getenvlist tst-pam_getenvlist.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_mkargv tst-pam_mkargv.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_mkargv tst-pam_mkargv.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_set_item tst-pam_set_item.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_set_item tst-pam_set_item.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_get_user tst-pam_get_user.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_get_user tst-pam_get_user.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_set_data tst-pam_set_data.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_set_data tst-pam_set_data.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-dlopen tst-dlopen.o -ldl +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-dlopen tst-dlopen.o -ldl +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_start_confdir tst-pam_start_confdir.o ../libpam/libpam.la +[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_start_confdir tst-pam_start_confdir.o ../libpam/.libs/libpam.so +[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] /usr/bin/make check-TESTS +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_start +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_open_session +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_close_session +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_authenticate +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_acct_mgmt +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_chauthtok +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_end +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_fail_delay +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_setcred +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_getenvlist +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_get_item +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_set_item +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 84s] PASS: tst-pam_get_user +[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] PASS: tst-pam_set_data +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] PASS: tst-pam_mkargv +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] PASS: tst-pam_start_confdir +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] ============================================================================ +[ 85s] Testsuite summary for Linux-PAM 1.5.1 +[ 85s] ============================================================================ +[ 85s] # TOTAL: 16 +[ 85s] # PASS: 16 +[ 85s] # SKIP: 0 +[ 85s] # XFAIL: 0 +[ 85s] # FAIL: 0 +[ 85s] # XPASS: 0 +[ 85s] # ERROR: 0 +[ 85s] ============================================================================ +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' +[ 85s] Making check in libpamc +[ 85s] Making check in test +[ 85s] make[2]: Nothing to be done for 'check'. +[ 85s] make[2]: Nothing to be done for 'check-am'. +[ 85s] Making check in libpam_misc +[ 85s] make[1]: Nothing to be done for 'check'. +[ 85s] Making check in modules +[ 85s] Making check in pam_access +[ 85s] /usr/bin/make tst-pam_access +[ 85s] make[3]: Nothing to be done for 'tst-pam_access'. +[ 85s] /usr/bin/make check-TESTS +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 85s] PASS: tst-pam_access +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 85s] ============================================================================ +[ 85s] Testsuite summary for Linux-PAM 1.5.1 +[ 85s] ============================================================================ +[ 85s] # TOTAL: 1 +[ 85s] # PASS: 1 +[ 85s] # SKIP: 0 +[ 85s] # XFAIL: 0 +[ 85s] # FAIL: 0 +[ 85s] # XPASS: 0 +[ 85s] # ERROR: 0 +[ 85s] ============================================================================ +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' +[ 85s] Making check in pam_cracklib +[ 85s] /usr/bin/make tst-pam_cracklib +[ 85s] make[3]: Nothing to be done for 'tst-pam_cracklib'. +[ 85s] /usr/bin/make check-TESTS +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 85s] PASS: tst-pam_cracklib +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 85s] ============================================================================ +[ 85s] Testsuite summary for Linux-PAM 1.5.1 +[ 85s] ============================================================================ +[ 85s] # TOTAL: 1 +[ 85s] # PASS: 1 +[ 85s] # SKIP: 0 +[ 85s] # XFAIL: 0 +[ 85s] # FAIL: 0 +[ 85s] # XPASS: 0 +[ 85s] # ERROR: 0 +[ 85s] ============================================================================ +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' +[ 85s] Making check in pam_debug +[ 85s] /usr/bin/make tst-pam_debug-retval \ +[ 85s] tst-pam_debug +[ 85s] make[3]: Nothing to be done for 'tst-pam_debug'. +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_debug-retval.o tst-pam_debug-retval.c +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_debug-retval tst-pam_debug-retval.o ../../libpam/libpam.la +[ 85s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_debug-retval tst-pam_debug-retval.o ../../libpam/.libs/libpam.so +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] /usr/bin/make check-TESTS +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] PASS: tst-pam_debug +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] PASS: tst-pam_debug-retval +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] ============================================================================ +[ 85s] Testsuite summary for Linux-PAM 1.5.1 +[ 85s] ============================================================================ +[ 85s] # TOTAL: 2 +[ 85s] # PASS: 2 +[ 85s] # SKIP: 0 +[ 85s] # XFAIL: 0 +[ 85s] # FAIL: 0 +[ 85s] # XPASS: 0 +[ 85s] # ERROR: 0 +[ 85s] ============================================================================ +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' +[ 85s] Making check in pam_deny +[ 85s] /usr/bin/make tst-pam_deny-retval \ +[ 85s] tst-pam_deny +[ 85s] make[3]: Nothing to be done for 'tst-pam_deny'. +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_deny-retval.o tst-pam_deny-retval.c +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_deny-retval tst-pam_deny-retval.o ../../libpam/libpam.la +[ 85s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_deny-retval tst-pam_deny-retval.o ../../libpam/.libs/libpam.so +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] /usr/bin/make check-TESTS +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] PASS: tst-pam_deny +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] PASS: tst-pam_deny-retval +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] ============================================================================ +[ 85s] Testsuite summary for Linux-PAM 1.5.1 +[ 85s] ============================================================================ +[ 85s] # TOTAL: 2 +[ 85s] # PASS: 2 +[ 85s] # SKIP: 0 +[ 85s] # XFAIL: 0 +[ 85s] # FAIL: 0 +[ 85s] # XPASS: 0 +[ 85s] # ERROR: 0 +[ 85s] ============================================================================ +[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' +[ 85s] Making check in pam_echo +[ 85s] /usr/bin/make tst-pam_echo-retval \ +[ 85s] tst-pam_echo +[ 85s] make[3]: Nothing to be done for 'tst-pam_echo'. +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 85s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_echo-retval.o tst-pam_echo-retval.c +[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 85s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_echo-retval tst-pam_echo-retval.o ../../libpam/libpam.la +[ 85s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_echo-retval tst-pam_echo-retval.o ../../libpam/.libs/libpam.so +[ 86s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 86s] PASS: tst-pam_echo +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 86s] PASS: tst-pam_echo-retval +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 2 +[ 86s] # PASS: 2 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' +[ 86s] Making check in pam_env +[ 86s] /usr/bin/make tst-pam_env +[ 86s] make[3]: Nothing to be done for 'tst-pam_env'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 86s] PASS: tst-pam_env +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' +[ 86s] Making check in pam_exec +[ 86s] /usr/bin/make tst-pam_exec +[ 86s] make[3]: Nothing to be done for 'tst-pam_exec'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 86s] PASS: tst-pam_exec +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' +[ 86s] Making check in pam_faildelay +[ 86s] /usr/bin/make tst-pam_faildelay-retval \ +[ 86s] tst-pam_faildelay +[ 86s] make[3]: Nothing to be done for 'tst-pam_faildelay'. +[ 86s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_faildelay-retval.o tst-pam_faildelay-retval.c +[ 86s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_faildelay-retval tst-pam_faildelay-retval.o ../../libpam/libpam.la +[ 86s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_faildelay-retval tst-pam_faildelay-retval.o ../../libpam/.libs/libpam.so +[ 86s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] PASS: tst-pam_faildelay +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] PASS: tst-pam_faildelay-retval +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 2 +[ 86s] # PASS: 2 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' +[ 86s] Making check in pam_faillock +[ 86s] /usr/bin/make tst-pam_faillock +[ 86s] make[3]: Nothing to be done for 'tst-pam_faillock'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 86s] PASS: tst-pam_faillock +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' +[ 86s] Making check in pam_filter +[ 86s] Making check in upperLOWER +[ 86s] make[3]: Nothing to be done for 'check'. +[ 86s] /usr/bin/make tst-pam_filter +[ 86s] make[4]: Nothing to be done for 'tst-pam_filter'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[5]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 86s] PASS: tst-pam_filter +[ 86s] make[5]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 86s] make[5]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[5]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' +[ 86s] Making check in pam_ftp +[ 86s] /usr/bin/make tst-pam_ftp +[ 86s] make[3]: Nothing to be done for 'tst-pam_ftp'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 86s] PASS: tst-pam_ftp +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' +[ 86s] Making check in pam_group +[ 86s] /usr/bin/make tst-pam_group +[ 86s] make[3]: Nothing to be done for 'tst-pam_group'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 86s] PASS: tst-pam_group +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' +[ 86s] Making check in pam_issue +[ 86s] /usr/bin/make tst-pam_issue +[ 86s] make[3]: Nothing to be done for 'tst-pam_issue'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 86s] PASS: tst-pam_issue +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' +[ 86s] Making check in pam_keyinit +[ 86s] /usr/bin/make tst-pam_keyinit +[ 86s] make[3]: Nothing to be done for 'tst-pam_keyinit'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 86s] PASS: tst-pam_keyinit +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' +[ 86s] Making check in pam_lastlog +[ 86s] /usr/bin/make tst-pam_lastlog +[ 86s] make[3]: Nothing to be done for 'tst-pam_lastlog'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 86s] PASS: tst-pam_lastlog +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' +[ 86s] Making check in pam_limits +[ 86s] /usr/bin/make tst-pam_limits +[ 86s] make[3]: Nothing to be done for 'tst-pam_limits'. +[ 86s] /usr/bin/make check-TESTS +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 86s] PASS: tst-pam_limits +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 86s] ============================================================================ +[ 86s] Testsuite summary for Linux-PAM 1.5.1 +[ 86s] ============================================================================ +[ 86s] # TOTAL: 1 +[ 86s] # PASS: 1 +[ 86s] # SKIP: 0 +[ 86s] # XFAIL: 0 +[ 86s] # FAIL: 0 +[ 86s] # XPASS: 0 +[ 86s] # ERROR: 0 +[ 86s] ============================================================================ +[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' +[ 86s] Making check in pam_listfile +[ 86s] /usr/bin/make tst-pam_listfile +[ 86s] make[3]: Nothing to be done for 'tst-pam_listfile'. +[ 86s] /usr/bin/make check-TESTS +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 87s] PASS: tst-pam_listfile +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 87s] ============================================================================ +[ 87s] Testsuite summary for Linux-PAM 1.5.1 +[ 87s] ============================================================================ +[ 87s] # TOTAL: 1 +[ 87s] # PASS: 1 +[ 87s] # SKIP: 0 +[ 87s] # XFAIL: 0 +[ 87s] # FAIL: 0 +[ 87s] # XPASS: 0 +[ 87s] # ERROR: 0 +[ 87s] ============================================================================ +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' +[ 87s] Making check in pam_localuser +[ 87s] /usr/bin/make tst-pam_localuser-retval \ +[ 87s] tst-pam_localuser +[ 87s] make[3]: Nothing to be done for 'tst-pam_localuser'. +[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_localuser-retval.o tst-pam_localuser-retval.c +[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_localuser-retval tst-pam_localuser-retval.o ../../libpam/libpam.la +[ 87s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_localuser-retval tst-pam_localuser-retval.o ../../libpam/.libs/libpam.so +[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] /usr/bin/make check-TESTS +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] PASS: tst-pam_localuser +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] PASS: tst-pam_localuser-retval +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] ============================================================================ +[ 87s] Testsuite summary for Linux-PAM 1.5.1 +[ 87s] ============================================================================ +[ 87s] # TOTAL: 2 +[ 87s] # PASS: 2 +[ 87s] # SKIP: 0 +[ 87s] # XFAIL: 0 +[ 87s] # FAIL: 0 +[ 87s] # XPASS: 0 +[ 87s] # ERROR: 0 +[ 87s] ============================================================================ +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' +[ 87s] Making check in pam_loginuid +[ 87s] /usr/bin/make tst-pam_loginuid +[ 87s] make[3]: Nothing to be done for 'tst-pam_loginuid'. +[ 87s] /usr/bin/make check-TESTS +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 87s] PASS: tst-pam_loginuid +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 87s] ============================================================================ +[ 87s] Testsuite summary for Linux-PAM 1.5.1 +[ 87s] ============================================================================ +[ 87s] # TOTAL: 1 +[ 87s] # PASS: 1 +[ 87s] # SKIP: 0 +[ 87s] # XFAIL: 0 +[ 87s] # FAIL: 0 +[ 87s] # XPASS: 0 +[ 87s] # ERROR: 0 +[ 87s] ============================================================================ +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' +[ 87s] Making check in pam_mail +[ 87s] /usr/bin/make tst-pam_mail +[ 87s] make[3]: Nothing to be done for 'tst-pam_mail'. +[ 87s] /usr/bin/make check-TESTS +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 87s] PASS: tst-pam_mail +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 87s] ============================================================================ +[ 87s] Testsuite summary for Linux-PAM 1.5.1 +[ 87s] ============================================================================ +[ 87s] # TOTAL: 1 +[ 87s] # PASS: 1 +[ 87s] # SKIP: 0 +[ 87s] # XFAIL: 0 +[ 87s] # FAIL: 0 +[ 87s] # XPASS: 0 +[ 87s] # ERROR: 0 +[ 87s] ============================================================================ +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' +[ 87s] Making check in pam_mkhomedir +[ 87s] /usr/bin/make tst-pam_mkhomedir-retval \ +[ 87s] tst-pam_mkhomedir +[ 87s] make[3]: Nothing to be done for 'tst-pam_mkhomedir'. +[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_mkhomedir-retval.o tst-pam_mkhomedir-retval.c +[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_mkhomedir-retval tst-pam_mkhomedir-retval.o ../../libpam/libpam.la +[ 87s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_mkhomedir-retval tst-pam_mkhomedir-retval.o ../../libpam/.libs/libpam.so +[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] /usr/bin/make check-TESTS +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] PASS: tst-pam_mkhomedir +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] PASS: tst-pam_mkhomedir-retval +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] ============================================================================ +[ 87s] Testsuite summary for Linux-PAM 1.5.1 +[ 87s] ============================================================================ +[ 87s] # TOTAL: 2 +[ 87s] # PASS: 2 +[ 87s] # SKIP: 0 +[ 87s] # XFAIL: 0 +[ 87s] # FAIL: 0 +[ 87s] # XPASS: 0 +[ 87s] # ERROR: 0 +[ 87s] ============================================================================ +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' +[ 87s] Making check in pam_motd +[ 87s] /usr/bin/make tst-pam_motd +[ 87s] make[3]: Nothing to be done for 'tst-pam_motd'. +[ 87s] /usr/bin/make check-TESTS +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 87s] PASS: tst-pam_motd +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 87s] ============================================================================ +[ 87s] Testsuite summary for Linux-PAM 1.5.1 +[ 87s] ============================================================================ +[ 87s] # TOTAL: 1 +[ 87s] # PASS: 1 +[ 87s] # SKIP: 0 +[ 87s] # XFAIL: 0 +[ 87s] # FAIL: 0 +[ 87s] # XPASS: 0 +[ 87s] # ERROR: 0 +[ 87s] ============================================================================ +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' +[ 87s] Making check in pam_namespace +[ 87s] /usr/bin/make tst-pam_namespace +[ 87s] make[3]: Nothing to be done for 'tst-pam_namespace'. +[ 87s] /usr/bin/make check-TESTS +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 87s] PASS: tst-pam_namespace +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 87s] ============================================================================ +[ 87s] Testsuite summary for Linux-PAM 1.5.1 +[ 87s] ============================================================================ +[ 87s] # TOTAL: 1 +[ 87s] # PASS: 1 +[ 87s] # SKIP: 0 +[ 87s] # XFAIL: 0 +[ 87s] # FAIL: 0 +[ 87s] # XPASS: 0 +[ 87s] # ERROR: 0 +[ 87s] ============================================================================ +[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' +[ 87s] Making check in pam_nologin +[ 87s] /usr/bin/make tst-pam_nologin-retval \ +[ 87s] tst-pam_nologin +[ 87s] make[3]: Nothing to be done for 'tst-pam_nologin'. +[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 87s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_nologin-retval.o tst-pam_nologin-retval.c +[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_nologin-retval tst-pam_nologin-retval.o ../../libpam/libpam.la +[ 88s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_nologin-retval tst-pam_nologin-retval.o ../../libpam/.libs/libpam.so +[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] /usr/bin/make check-TESTS +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] PASS: tst-pam_nologin +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] PASS: tst-pam_nologin-retval +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] ============================================================================ +[ 88s] Testsuite summary for Linux-PAM 1.5.1 +[ 88s] ============================================================================ +[ 88s] # TOTAL: 2 +[ 88s] # PASS: 2 +[ 88s] # SKIP: 0 +[ 88s] # XFAIL: 0 +[ 88s] # FAIL: 0 +[ 88s] # XPASS: 0 +[ 88s] # ERROR: 0 +[ 88s] ============================================================================ +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' +[ 88s] Making check in pam_permit +[ 88s] /usr/bin/make tst-pam_permit-retval \ +[ 88s] tst-pam_permit +[ 88s] make[3]: Nothing to be done for 'tst-pam_permit'. +[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_permit-retval.o tst-pam_permit-retval.c +[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_permit-retval tst-pam_permit-retval.o ../../libpam/libpam.la +[ 88s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_permit-retval tst-pam_permit-retval.o ../../libpam/.libs/libpam.so +[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] /usr/bin/make check-TESTS +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] PASS: tst-pam_permit +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] PASS: tst-pam_permit-retval +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] ============================================================================ +[ 88s] Testsuite summary for Linux-PAM 1.5.1 +[ 88s] ============================================================================ +[ 88s] # TOTAL: 2 +[ 88s] # PASS: 2 +[ 88s] # SKIP: 0 +[ 88s] # XFAIL: 0 +[ 88s] # FAIL: 0 +[ 88s] # XPASS: 0 +[ 88s] # ERROR: 0 +[ 88s] ============================================================================ +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' +[ 88s] Making check in pam_pwhistory +[ 88s] /usr/bin/make tst-pam_pwhistory +[ 88s] make[3]: Nothing to be done for 'tst-pam_pwhistory'. +[ 88s] /usr/bin/make check-TESTS +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 88s] PASS: tst-pam_pwhistory +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 88s] ============================================================================ +[ 88s] Testsuite summary for Linux-PAM 1.5.1 +[ 88s] ============================================================================ +[ 88s] # TOTAL: 1 +[ 88s] # PASS: 1 +[ 88s] # SKIP: 0 +[ 88s] # XFAIL: 0 +[ 88s] # FAIL: 0 +[ 88s] # XPASS: 0 +[ 88s] # ERROR: 0 +[ 88s] ============================================================================ +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' +[ 88s] Making check in pam_rhosts +[ 88s] /usr/bin/make tst-pam_rhosts +[ 88s] make[3]: Nothing to be done for 'tst-pam_rhosts'. +[ 88s] /usr/bin/make check-TESTS +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 88s] PASS: tst-pam_rhosts +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 88s] ============================================================================ +[ 88s] Testsuite summary for Linux-PAM 1.5.1 +[ 88s] ============================================================================ +[ 88s] # TOTAL: 1 +[ 88s] # PASS: 1 +[ 88s] # SKIP: 0 +[ 88s] # XFAIL: 0 +[ 88s] # FAIL: 0 +[ 88s] # XPASS: 0 +[ 88s] # ERROR: 0 +[ 88s] ============================================================================ +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' +[ 88s] Making check in pam_rootok +[ 88s] /usr/bin/make tst-pam_rootok-retval \ +[ 88s] tst-pam_rootok +[ 88s] make[3]: Nothing to be done for 'tst-pam_rootok'. +[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_rootok-retval.o tst-pam_rootok-retval.c +[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_rootok-retval tst-pam_rootok-retval.o ../../libpam/libpam.la +[ 88s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_rootok-retval tst-pam_rootok-retval.o ../../libpam/.libs/libpam.so +[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] /usr/bin/make check-TESTS +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] PASS: tst-pam_rootok +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] PASS: tst-pam_rootok-retval +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] ============================================================================ +[ 88s] Testsuite summary for Linux-PAM 1.5.1 +[ 88s] ============================================================================ +[ 88s] # TOTAL: 2 +[ 88s] # PASS: 2 +[ 88s] # SKIP: 0 +[ 88s] # XFAIL: 0 +[ 88s] # FAIL: 0 +[ 88s] # XPASS: 0 +[ 88s] # ERROR: 0 +[ 88s] ============================================================================ +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' +[ 88s] Making check in pam_securetty +[ 88s] /usr/bin/make tst-pam_securetty +[ 88s] make[3]: Nothing to be done for 'tst-pam_securetty'. +[ 88s] /usr/bin/make check-TESTS +[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 88s] PASS: tst-pam_securetty +[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' +[ 89s] Making check in pam_selinux +[ 89s] /usr/bin/make tst-pam_selinux +[ 89s] make[3]: Nothing to be done for 'tst-pam_selinux'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 89s] PASS: tst-pam_selinux +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' +[ 89s] Making check in pam_sepermit +[ 89s] /usr/bin/make tst-pam_sepermit +[ 89s] make[3]: Nothing to be done for 'tst-pam_sepermit'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 89s] PASS: tst-pam_sepermit +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' +[ 89s] Making check in pam_setquota +[ 89s] /usr/bin/make tst-pam_setquota +[ 89s] make[3]: Nothing to be done for 'tst-pam_setquota'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 89s] PASS: tst-pam_setquota +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' +[ 89s] Making check in pam_shells +[ 89s] /usr/bin/make tst-pam_shells +[ 89s] make[3]: Nothing to be done for 'tst-pam_shells'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 89s] PASS: tst-pam_shells +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' +[ 89s] Making check in pam_stress +[ 89s] /usr/bin/make tst-pam_stress +[ 89s] make[3]: Nothing to be done for 'tst-pam_stress'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 89s] PASS: tst-pam_stress +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' +[ 89s] Making check in pam_succeed_if +[ 89s] /usr/bin/make tst-pam_succeed_if +[ 89s] make[3]: Nothing to be done for 'tst-pam_succeed_if'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 89s] PASS: tst-pam_succeed_if +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' +[ 89s] Making check in pam_tally2 +[ 89s] /usr/bin/make tst-pam_tally2 +[ 89s] make[3]: Nothing to be done for 'tst-pam_tally2'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 89s] PASS: tst-pam_tally2 +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' +[ 89s] Making check in pam_time +[ 89s] /usr/bin/make tst-pam_time +[ 89s] make[3]: Nothing to be done for 'tst-pam_time'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 89s] PASS: tst-pam_time +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' +[ 89s] Making check in pam_timestamp +[ 89s] /usr/bin/make hmacfile \ +[ 89s] tst-pam_timestamp +[ 89s] make[3]: Nothing to be done for 'tst-pam_timestamp'. +[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o hmacsha1.o hmacsha1.c +[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o hmacfile.o hmacfile.c +[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o sha1.o sha1.c +[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o hmacfile hmacfile.o hmacsha1.o sha1.o ../../libpam/libpam.la +[ 89s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/hmacfile hmacfile.o hmacsha1.o sha1.o ../../libpam/.libs/libpam.so +[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] PASS: tst-pam_timestamp +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] PASS: hmacfile +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 2 +[ 89s] # PASS: 2 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' +[ 89s] Making check in pam_tty_audit +[ 89s] /usr/bin/make tst-pam_tty_audit +[ 89s] make[3]: Nothing to be done for 'tst-pam_tty_audit'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 89s] PASS: tst-pam_tty_audit +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' +[ 89s] Making check in pam_umask +[ 89s] /usr/bin/make tst-pam_umask +[ 89s] make[3]: Nothing to be done for 'tst-pam_umask'. +[ 89s] /usr/bin/make check-TESTS +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 89s] PASS: tst-pam_umask +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 89s] ============================================================================ +[ 89s] Testsuite summary for Linux-PAM 1.5.1 +[ 89s] ============================================================================ +[ 89s] # TOTAL: 1 +[ 89s] # PASS: 1 +[ 89s] # SKIP: 0 +[ 89s] # XFAIL: 0 +[ 89s] # FAIL: 0 +[ 89s] # XPASS: 0 +[ 89s] # ERROR: 0 +[ 89s] ============================================================================ +[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' +[ 89s] Making check in pam_unix +[ 89s] /usr/bin/make tst-pam_unix +[ 89s] make[3]: Nothing to be done for 'tst-pam_unix'. +[ 89s] /usr/bin/make check-TESTS +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 90s] PASS: tst-pam_unix +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 90s] ============================================================================ +[ 90s] Testsuite summary for Linux-PAM 1.5.1 +[ 90s] ============================================================================ +[ 90s] # TOTAL: 1 +[ 90s] # PASS: 1 +[ 90s] # SKIP: 0 +[ 90s] # XFAIL: 0 +[ 90s] # FAIL: 0 +[ 90s] # XPASS: 0 +[ 90s] # ERROR: 0 +[ 90s] ============================================================================ +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' +[ 90s] Making check in pam_userdb +[ 90s] /usr/bin/make tst-pam_userdb +[ 90s] make[3]: Nothing to be done for 'tst-pam_userdb'. +[ 90s] /usr/bin/make check-TESTS +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 90s] PASS: tst-pam_userdb +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 90s] ============================================================================ +[ 90s] Testsuite summary for Linux-PAM 1.5.1 +[ 90s] ============================================================================ +[ 90s] # TOTAL: 1 +[ 90s] # PASS: 1 +[ 90s] # SKIP: 0 +[ 90s] # XFAIL: 0 +[ 90s] # FAIL: 0 +[ 90s] # XPASS: 0 +[ 90s] # ERROR: 0 +[ 90s] ============================================================================ +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' +[ 90s] Making check in pam_usertype +[ 90s] /usr/bin/make tst-pam_usertype +[ 90s] make[3]: Nothing to be done for 'tst-pam_usertype'. +[ 90s] /usr/bin/make check-TESTS +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 90s] PASS: tst-pam_usertype +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 90s] ============================================================================ +[ 90s] Testsuite summary for Linux-PAM 1.5.1 +[ 90s] ============================================================================ +[ 90s] # TOTAL: 1 +[ 90s] # PASS: 1 +[ 90s] # SKIP: 0 +[ 90s] # XFAIL: 0 +[ 90s] # FAIL: 0 +[ 90s] # XPASS: 0 +[ 90s] # ERROR: 0 +[ 90s] ============================================================================ +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' +[ 90s] Making check in pam_warn +[ 90s] /usr/bin/make tst-pam_warn-retval \ +[ 90s] tst-pam_warn +[ 90s] make[3]: Nothing to be done for 'tst-pam_warn'. +[ 90s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_warn-retval.o tst-pam_warn-retval.c +[ 90s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_warn-retval tst-pam_warn-retval.o ../../libpam/libpam.la +[ 90s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_warn-retval tst-pam_warn-retval.o ../../libpam/.libs/libpam.so +[ 90s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] /usr/bin/make check-TESTS +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] PASS: tst-pam_warn +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] PASS: tst-pam_warn-retval +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] ============================================================================ +[ 90s] Testsuite summary for Linux-PAM 1.5.1 +[ 90s] ============================================================================ +[ 90s] # TOTAL: 2 +[ 90s] # PASS: 2 +[ 90s] # SKIP: 0 +[ 90s] # XFAIL: 0 +[ 90s] # FAIL: 0 +[ 90s] # XPASS: 0 +[ 90s] # ERROR: 0 +[ 90s] ============================================================================ +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' +[ 90s] Making check in pam_wheel +[ 90s] /usr/bin/make tst-pam_wheel +[ 90s] make[3]: Nothing to be done for 'tst-pam_wheel'. +[ 90s] /usr/bin/make check-TESTS +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 90s] PASS: tst-pam_wheel +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 90s] ============================================================================ +[ 90s] Testsuite summary for Linux-PAM 1.5.1 +[ 90s] ============================================================================ +[ 90s] # TOTAL: 1 +[ 90s] # PASS: 1 +[ 90s] # SKIP: 0 +[ 90s] # XFAIL: 0 +[ 90s] # FAIL: 0 +[ 90s] # XPASS: 0 +[ 90s] # ERROR: 0 +[ 90s] ============================================================================ +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' +[ 90s] Making check in pam_xauth +[ 90s] /usr/bin/make tst-pam_xauth +[ 90s] make[3]: Nothing to be done for 'tst-pam_xauth'. +[ 90s] /usr/bin/make check-TESTS +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 90s] PASS: tst-pam_xauth +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 90s] ============================================================================ +[ 90s] Testsuite summary for Linux-PAM 1.5.1 +[ 90s] ============================================================================ +[ 90s] # TOTAL: 1 +[ 90s] # PASS: 1 +[ 90s] # SKIP: 0 +[ 90s] # XFAIL: 0 +[ 90s] # FAIL: 0 +[ 90s] # XPASS: 0 +[ 90s] # ERROR: 0 +[ 90s] ============================================================================ +[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' +[ 90s] make[2]: Nothing to be done for 'check-am'. +[ 90s] Making check in po +[ 90s] make[1]: Nothing to be done for 'check'. +[ 90s] Making check in conf +[ 90s] Making check in pam_conv1 +[ 90s] /usr/bin/make check-am +[ 90s] make[3]: Nothing to be done for 'check-am'. +[ 90s] make[2]: Nothing to be done for 'check-am'. +[ 90s] Making check in examples +[ 90s] make[1]: Nothing to be done for 'check'. +[ 90s] Making check in xtests +[ 90s] make[1]: Nothing to be done for 'check'. +[ 90s] Making check in doc +[ 90s] Making check in man +[ 90s] make[2]: Nothing to be done for 'check'. +[ 90s] Making check in specs +[ 90s] /usr/bin/make check-am +[ 90s] make[3]: Nothing to be done for 'check-am'. +[ 90s] Making check in sag +[ 90s] make[2]: Nothing to be done for 'check'. +[ 90s] Making check in adg +[ 90s] make[2]: Nothing to be done for 'check'. +[ 90s] Making check in mwg +[ 90s] make[2]: Nothing to be done for 'check'. +[ 90s] make[2]: Nothing to be done for 'check-am'. +[ 90s] + RPM_EC=0 +[ 90s] ++ jobs -p +[ 90s] + exit 0 +[ 90s] Processing files: pam-1.5.1-11.1.x86_64 +[ 90s] Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.1Rcggb +[ 90s] + umask 022 +[ 90s] + cd /home/abuild/rpmbuild/BUILD +[ 90s] + cd Linux-PAM-1.5.1 +[ 90s] + DOCDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 90s] + export LC_ALL=C +[ 90s] + LC_ALL=C +[ 90s] + export DOCDIR +[ 90s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 90s] + cp -pr NEWS /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam +[ 90s] + RPM_EC=0 +[ 90s] ++ jobs -p +[ 90s] + exit 0 +[ 90s] Executing(%license): /bin/sh -e /var/tmp/rpm-tmp.lBPyEI +[ 90s] + umask 022 +[ 90s] + cd /home/abuild/rpmbuild/BUILD +[ 90s] + cd Linux-PAM-1.5.1 +[ 90s] + LICENSEDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/licenses/pam +[ 90s] + export LC_ALL=C +[ 90s] + LC_ALL=C +[ 90s] + export LICENSEDIR +[ 90s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/licenses/pam +[ 90s] + cp -pr COPYING /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/licenses/pam +[ 90s] + RPM_EC=0 +[ 90s] ++ jobs -p +[ 90s] + exit 0 +[ 92s] Provides: config(pam) = 1.5.1-11.1 libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_1.4)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.3)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.9)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.3.2)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.4.1)(64bit) libpam_misc.so.0()(64bit) libpam_misc.so.0(LIBPAM_MISC_1.0)(64bit) libpamc.so.0()(64bit) libpamc.so.0(LIBPAMC_1.0)(64bit) pam = 1.5.1-11.1 pam(x86-64) = 1.5.1-11.1 +[ 92s] Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /sbin/ldconfig +[ 92s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 +[ 92s] Requires(verify): /bin/sh +[ 92s] Requires(pre): /bin/sh group(shadow) user(root) +[ 92s] Requires(post): /bin/sh permissions +[ 92s] Requires(postun): /sbin/ldconfig +[ 92s] Requires(posttrans): /bin/sh +[ 92s] Requires: /bin/sh libaudit.so.1()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.15)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.27)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.33)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(XCRYPT_2.0)(64bit) libcrypt.so.1(XCRYPT_4.3)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libeconf.so.0()(64bit) libeconf.so.0(LIBECONF_0.2)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.3)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.9)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.3.2)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.4.1)(64bit) libselinux.so.1()(64bit) libselinux.so.1(LIBSELINUX_1.0)(64bit) libutil.so.1()(64bit) libutil.so.1(GLIBC_2.2.5)(64bit) +[ 92s] Recommends: login_defs-support-for-pam >= 1.3.1 +[ 92s] Suggests: pam_unix +[ 92s] Processing files: pam_unix-1.5.1-11.1.x86_64 +[ 92s] Provides: pam_unix = 1.5.1-11.1 pam_unix(x86-64) = 1.5.1-11.1 pam_unix.so +[ 92s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 +[ 92s] Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.33)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(XCRYPT_2.0)(64bit) libcrypt.so.1(XCRYPT_4.3)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.9)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.3.2)(64bit) libselinux.so.1()(64bit) libselinux.so.1(LIBSELINUX_1.0)(64bit) +[ 92s] Conflicts: pam_unix-nis +[ 92s] Processing files: pam-extra-1.5.1-11.1.x86_64 +[ 92s] Provides: pam-extra = 1.5.1-11.1 pam-extra(x86-64) = 1.5.1-11.1 +[ 92s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 +[ 92s] Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(XCRYPT_2.0)(64bit) libdb-4.8.so()(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) +[ 92s] Processing files: pam-doc-1.5.1-11.1.noarch +[ 94s] Provides: pam-doc = 1.5.1-11.1 +[ 94s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 +[ 94s] Processing files: pam-devel-1.5.1-11.1.x86_64 +[ 94s] Provides: pam-devel = 1.5.1-11.1 pam-devel(x86-64) = 1.5.1-11.1 +[ 94s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 +[ 94s] Processing files: pam-deprecated-1.5.1-11.1.x86_64 +[ 94s] Provides: pam-deprecated = 1.5.1-11.1 pam-deprecated(x86-64) = 1.5.1-11.1 pam:/lib64/security/pam_cracklib.so pam:/lib64/security/pam_tally2.so +[ 94s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 +[ 94s] Requires: libaudit.so.1()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.33)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libcrack.so.2()(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) +[ 94s] Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 94s] Wrote: /home/abuild/rpmbuild/SRPMS/pam-1.5.1-11.1.src.rpm +[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-extra-1.5.1-11.1.x86_64.rpm +[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam_unix-1.5.1-11.1.x86_64.rpm +[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-deprecated-1.5.1-11.1.x86_64.rpm +[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-devel-1.5.1-11.1.x86_64.rpm +[ 95s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-1.5.1-11.1.x86_64.rpm +[ 95s] Wrote: /home/abuild/rpmbuild/RPMS/noarch/pam-doc-1.5.1-11.1.noarch.rpm +[ 95s] Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.Enm2pi +[ 95s] + umask 022 +[ 95s] + cd /home/abuild/rpmbuild/BUILD +[ 95s] + cd Linux-PAM-1.5.1 +[ 95s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 +[ 95s] + RPM_EC=0 +[ 95s] ++ jobs -p +[ 95s] + exit 0 +[ 95s] ... checking for files with abuild user/group +[ 95s] ... running 00-check-install-rpms +[ 95s] ... installing all built rpms +[ 95s] Verifying packages... +[ 95s] Preparing packages... +[ 95s] pam_unix-1.5.1-11.1.x86_64 +[ 95s] pam-1.5.1-11.1.x86_64 +[ 95s] pam-deprecated-1.5.1-11.1.x86_64 +[ 95s] pam-extra-1.5.1-11.1.x86_64 +[ 95s] pam-devel-1.5.1-11.1.x86_64 +[ 95s] pam-doc-1.5.1-11.1.noarch +[ 95s] pam-devel-1.5.1-10.1.x86_64 +[ 95s] pam-1.5.1-10.1.x86_64 +[ 95s] pam_unix-1.5.1-10.1.x86_64 +[ 95s] ... running 50-check-binary-kernel-log +[ 95s] ... running 50-check-core-files +[ 95s] ... checking for core files +[ 95s] ... running 50-check-debuginfo +[ 95s] ... testing for empty debuginfo packages +[ 95s] ... running 50-check-filelist +[ 95s] ... checking filelist +[ 95s] ... running 50-check-gconf-scriptlets +[ 95s] ... testing GConf scriptlet presence +[ 95s] ... running 50-check-installtest +[ 95s] ... testing for pre/postinstall scripts that are not idempotent +[ 96s] ... running 50-check-invalid-provides +[ 96s] ... running 50-check-invalid-requires +[ 96s] ... running 50-check-kernel-build-id +[ 96s] ... running 50-check-lanana +[ 96s] ... running 50-check-libtool-deps +[ 96s] ... testing devel dependencies required by libtool .la files +[ 96s] (can be skipped by "skip-check-libtool-deps" anywhere in spec) +[ 96s] ... running 50-check-packaged-twice +[ 96s] ... running 50-check-permissions +[ 96s] ... testing for modified permissions +[ 96s] ... running 98-revert-uname-hack +[ 96s] ... running 99-check-remove-rpms +[ 96s] ... removing all built rpms +[ 96s] (order: reverse pam-deprecated pam-extra pam-doc) +[ 96s] +[ 96s] RPMLINT report: +[ 96s] =============== +[ 100s] pam-devel.x86_64: W: files-duplicate /usr/share/man/man3/pam_get_authtok_verify.3.gz /usr/share/man/man3/pam_get_authtok_noverify.3.gz +[ 100s] pam.x86_64: W: shared-lib-without-dependency-information /lib64/security/pam_deny.so +[ 100s] pam.x86_64: W: shlib-policy-missing-suffix +[ 100s] Your package containing shared libraries does not end in a digit and should +[ 100s] probably be split. +[ 100s] +[ 100s] pam.x86_64: W: suse-missing-rclink pam_namespace +[ 100s] The package contains an init script or systemd service file but lacks the +[ 100s] symlink /usr/sbin/rcFOO -> /usr/sbin/service +[ 100s] +[ 100s] pam.x86_64: W: systemd-service-without-service_add_post pam_namespace.service +[ 100s] The package contains a systemd service but doesn't contain a %post with a call +[ 100s] to service_add_post. +[ 100s] +[ 100s] pam.x86_64: W: systemd-service-without-service_add_pre pam_namespace.service +[ 100s] The package contains a systemd service but doesn't contain a %pre with a call +[ 100s] to service_add_pre. +[ 100s] +[ 100s] pam.x86_64: W: systemd-service-without-service_del_postun pam_namespace.service +[ 100s] The package contains a systemd service but doesn't contain a %postun with a +[ 100s] call to service_del_postun. +[ 100s] +[ 100s] pam.x86_64: W: systemd-service-without-service_del_preun pam_namespace.service +[ 100s] The package contains a systemd service but doesn't contain a %preun with a +[ 100s] call to service_del_preun. +[ 100s] +[ 100s] pam-deprecated.x86_64: W: useless-provides pam +[ 100s] This package provides 2 times the same capacity. It should only provide it +[ 100s] once. +[ 100s] +[ 100s] 7 packages and 0 specfiles checked; 0 errors, 9 warnings. +[ 100s] +[ 100s] ... creating baselibs +[ 101s] no targets for arch x86_64, skipping pam +[ 101s] no targets for arch x86_64, skipping pam_unix +[ 101s] no targets for arch x86_64, skipping pam-deprecated +[ 101s] no targets for arch x86_64, skipping pam-extra +[ 101s] no targets for arch x86_64, skipping pam-devel +[ 101s] ... comparing built packages with the former built +[ 101s] /usr/lib/build/pkg-diff.sh +[ 101s] compare /.build.oldpackages/pam-1.5.1-10.1.src.rpm /home/abuild/rpmbuild/SRPMS/pam-1.5.1-11.1.src.rpm +[ 101s] comparing the rpm tags of pam +[ 101s] --- old-rpm-tags +[ 101s] +++ new-rpm-tags +[ 101s] @@ -9,7 +9,7 @@ +[ 101s] PAM (Pluggable Authentication Modules) is a system security tool that +[ 101s] allows system administrators to set authentication policies without +[ 101s] having to recompile programs that do authentication. +[ 101s] -obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/480af3e46b7280a899332c27d202c4d5-pam +[ 101s] +obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/83207f1f0c181b7e3f3c5becb047aaec-pam +[ 101s] GPL-2.0-or-later OR BSD-3-Clause +[ 101s] System/Libraries http://www.linux-pam.org/ (none) (none) (none) +[ 101s] (none) 4.16.1.3 (none) +[ 101s] @@ -116,7 +116,7 @@ +[ 101s] ___QF_CHECKSUM___ +[ 101s] Linux-PAM-1.5.1-docs.tar.xz d0fc4ef466d0050f46b0ccd2f73373c60c47454da55f6fb2fd04b0701c73c134 0 +[ 101s] Linux-PAM-1.5.1.tar.xz 201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc 0 +[ 101s] -baselibs.conf 23facfeb7998c47f2ab5848178516c4ec07af74b1f51a46dc525d2c21971fb22 0 +[ 101s] +baselibs.conf db7f0122b228544e69bb910abdd00413a37a6add76c6b0bf97fdca2179c261dd 0 +[ 101s] bsc1184358-prevent-LOCAL-from-being-resolved.patch 74b29693e0221dbcdeee30dbee898aa23890f1281d3c79b12bcbb229438b25b2 0 +[ 101s] common-account.pamd 75606d3d6c62eb65529bb4ed1d96cdf78239a6982307f162642cbd48170fdb99 0 +[ 101s] common-auth.pamd 81239d477a14c57016e01cc8b0d41c1fd5bf2508abed3628f80e894e826ff684 0 +[ 101s] @@ -131,7 +131,7 @@ +[ 101s] pam-pam_cracklib-add-usersubstr.patch 5e24f9b63dbc5f306c3e53e1d1b18367e9fb40f26960ef7ae3e8cf611675a9b2 0 +[ 101s] pam-usrmerge.diff 39c90d58b2d07f79030e3d4e11147a15ed993312bbc9954522e3e196042656a0 0 +[ 101s] pam-xauth_ownership.patch 13322398c4987b24aa0eb7591f027178b98b2d24f611a100767b02eddb605972 0 +[ 101s] -pam.spec e559730d894d53fa8b1f88385ff05f41ac3dd79d3fd4f67f97899834ca36708b 32 +[ 101s] +pam.spec 4a61b990e506971bdd21aaa836214ee5facb32b58245dbfdbf8c0265f53a59ad 32 +[ 101s] pam_cracklib-removal.patch eec79a176e200b057651ca0c10b09ed955008f6c797fa08ffefcee03d4563e79 0 +[ 101s] pam_tally2-removal.patch a9f053ef71f1bc0915d553ac107b560f71d2e54a3de82c4b34251fb756eaccc9 0 +[ 101s] securetty 5a85f6ffe7296d0365b11d7804abbafc8d3540aab53ac0bc5440f97c94ded4de 0 +[ 101s] comparing rpmtags +[ 101s] --- old-rpmtags +[ 101s] +++ new-rpmtags +[ 101s] @@ -3,7 +3,7 @@ +[ 101s] PAM (Pluggable Authentication Modules) is a system security tool that +[ 101s] allows system administrators to set authentication policies without +[ 101s] having to recompile programs that do authentication. +[ 101s] -obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/480af3e46b7280a899332c27d202c4d5-pam +[ 101s] +obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/83207f1f0c181b7e3f3c5becb047aaec-pam +[ 101s] GPL-2.0-or-later OR BSD-3-Clause +[ 101s] System/Libraries http://www.linux-pam.org/ (none) (none) (none) +[ 101s] (none) 4.16.1.3 (none) +[ 101s] RPM meta information is different +[ 101s] ... saving statistics +[ 101s] ... saving built packages +[ 101s] RPMS/x86_64/pam-1.5.1-11.1.x86_64.rpm +[ 101s] RPMS/x86_64/pam_unix-1.5.1-11.1.x86_64.rpm +[ 101s] RPMS/x86_64/pam-deprecated-1.5.1-11.1.x86_64.rpm +[ 101s] RPMS/x86_64/pam-extra-1.5.1-11.1.x86_64.rpm +[ 101s] RPMS/x86_64/pam-devel-1.5.1-11.1.x86_64.rpm +[ 101s] RPMS/noarch/pam-doc-1.5.1-11.1.noarch.rpm +[ 101s] SRPMS/pam-1.5.1-11.1.src.rpm +[ 101s] OTHER/_statistics +[ 101s] OTHER/rpmlint.log +[ 101s] +[ 101s] goat01 finished "build pam.spec" at Wed May 19 09:37:16 UTC 2021. +[ 101s] +[ 101s] ### VM INTERACTION START ### +[ 104s] [ 99.492878] sysrq: Power Off +[ 104s] [ 99.497045] reboot: Power down +[ 104s] ### VM INTERACTION END ### +[ 104s] build: extracting built packages... +[ 104s] RPMS/x86_64/pam-1.5.1-11.1.x86_64.rpm +[ 104s] RPMS/x86_64/pam_unix-1.5.1-11.1.x86_64.rpm +[ 104s] RPMS/x86_64/pam-deprecated-1.5.1-11.1.x86_64.rpm +[ 104s] RPMS/x86_64/pam-extra-1.5.1-11.1.x86_64.rpm +[ 104s] RPMS/x86_64/pam-devel-1.5.1-11.1.x86_64.rpm +[ 104s] RPMS/noarch/pam-doc-1.5.1-11.1.noarch.rpm +[ 104s] SRPMS/pam-1.5.1-11.1.src.rpm +[ 104s] OTHER/_statistics +[ 104s] OTHER/rpmlint.log diff --git a/pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch b/pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch deleted file mode 100644 index 7616282..0000000 --- a/pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch +++ /dev/null @@ -1,755 +0,0 @@ -Index: Linux-PAM-1.5.1/doc/sag/Linux-PAM_SAG.txt -=================================================================== ---- Linux-PAM-1.5.1.orig/doc/sag/Linux-PAM_SAG.txt -+++ Linux-PAM-1.5.1/doc/sag/Linux-PAM_SAG.txt -@@ -2171,6 +2171,9 @@ The fields listed above should be filled - All items support the values -1, unlimited or infinity indicating no limit, - except for priority, nice, and nonewprivs. - -+If nofile is to be set to one of these values, -+it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). -+ - If a hard limit or soft limit of a resource is set to a valid value, but - outside of the supported range of the local system, the system may reject the - new limit or unexpected behavior may occur. If the control value required is -Index: Linux-PAM-1.5.1/doc/sag/html/sag-pam_limits.html -=================================================================== ---- Linux-PAM-1.5.1.orig/doc/sag/html/sag-pam_limits.html -+++ Linux-PAM-1.5.1/doc/sag/html/sag-pam_limits.html -@@ -104,6 +104,9 @@ - unlimited or infinity indicating no limit, - except for priority, nice, - and nonewprivs. -+ If nofile is to be set to one of these values, -+ it will be set to the contents of /proc/sys/fs/nr_open instead -+ (see setrlimit(3)). -

- If a hard limit or soft limit of a resource is set to a valid value, - but outside of the supported range of the local system, the system -Index: Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5 -=================================================================== ---- Linux-PAM-1.5.1.orig/modules/pam_limits/limits.conf.5 -+++ Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5 -@@ -290,6 +290,8 @@ indicating no limit, except for - \fBpriority\fR, - \fBnice\fR, and - \fBnonewprivs\fR\&. -+If \fBnofile\fP is to be set to one of these values, -+it will be set to the contents of \fI/proc/sys/fs/nr_open\fP instead (see \fBsetrlimit\fP(3))\&. - .PP - If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur\&. If the control value - \fIrequired\fR -Index: Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5.xml -=================================================================== ---- Linux-PAM-1.5.1.orig/modules/pam_limits/limits.conf.5.xml -+++ Linux-PAM-1.5.1/modules/pam_limits/limits.conf.5.xml -@@ -283,6 +283,8 @@ - unlimited or infinity indicating no limit, - except for priority, nice, - and nonewprivs. -+ If nofile is to be set to one of these values, -+ it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). - - - If a hard limit or soft limit of a resource is set to a valid value, -Index: Linux-PAM-1.5.1/modules/pam_limits/pam_limits.c -=================================================================== ---- Linux-PAM-1.5.1.orig/modules/pam_limits/pam_limits.c -+++ Linux-PAM-1.5.1/modules/pam_limits/pam_limits.c -@@ -228,21 +228,21 @@ rlimit2str (int i) - /* Counts the number of user logins and check against the limit*/ - static int - check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, -- struct pam_limit_s *pl) -+ struct pam_limit_s *pl) - { - struct utmp *ut; - int count; - - if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_DEBUG, -+ pam_syslog(pamh, LOG_DEBUG, - "checking logins for '%s' (maximum of %d)", name, limit); - } - - if (limit < 0) -- return 0; /* no limits imposed */ -+ return 0; /* no limits imposed */ - if (limit == 0) /* maximum 0 logins ? */ { -- pam_syslog(pamh, LOG_WARNING, "No logins allowed for '%s'", name); -- return LOGIN_ERR; -+ pam_syslog(pamh, LOG_WARNING, "No logins allowed for '%s'", name); -+ return LOGIN_ERR; - } - - setutent(); -@@ -265,14 +265,14 @@ check_logins (pam_handle_t *pamh, const - - while((ut = getutent())) { - #ifdef USER_PROCESS -- if (ut->ut_type != USER_PROCESS) { -- continue; -+ if (ut->ut_type != USER_PROCESS) { -+ continue; - } - #endif -- if (ut->UT_USER[0] == '\0') { -- continue; -+ if (ut->UT_USER[0] == '\0') { -+ continue; - } -- if (!pl->flag_numsyslogins) { -+ if (!pl->flag_numsyslogins) { - char user[sizeof(ut->UT_USER) + 1]; - user[0] = '\0'; - strncat(user, ut->UT_USER, sizeof(ut->UT_USER)); -@@ -281,11 +281,11 @@ check_logins (pam_handle_t *pamh, const - || (pl->login_limit_def == LIMITS_DEF_GROUP) - || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) - && strcmp(name, user) != 0) { -- continue; -+ continue; - } - if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) - && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { -- continue; -+ continue; - } - if (kill(ut->ut_pid, 0) == -1 && errno == ESRCH) { - /* process does not exist anymore */ -@@ -307,50 +307,50 @@ check_logins (pam_handle_t *pamh, const - } else { - pam_syslog(pamh, LOG_NOTICE, "Too many system logins (max %d)", limit); - } -- return LOGIN_ERR; -+ return LOGIN_ERR; - } - return 0; - } - - static const char *lnames[RLIM_NLIMITS] = { -- [RLIMIT_CPU] = "Max cpu time", -- [RLIMIT_FSIZE] = "Max file size", -- [RLIMIT_DATA] = "Max data size", -- [RLIMIT_STACK] = "Max stack size", -- [RLIMIT_CORE] = "Max core file size", -- [RLIMIT_RSS] = "Max resident set", -- [RLIMIT_NPROC] = "Max processes", -- [RLIMIT_NOFILE] = "Max open files", -- [RLIMIT_MEMLOCK] = "Max locked memory", -+ [RLIMIT_CPU] = "Max cpu time", -+ [RLIMIT_FSIZE] = "Max file size", -+ [RLIMIT_DATA] = "Max data size", -+ [RLIMIT_STACK] = "Max stack size", -+ [RLIMIT_CORE] = "Max core file size", -+ [RLIMIT_RSS] = "Max resident set", -+ [RLIMIT_NPROC] = "Max processes", -+ [RLIMIT_NOFILE] = "Max open files", -+ [RLIMIT_MEMLOCK] = "Max locked memory", - #ifdef RLIMIT_AS -- [RLIMIT_AS] = "Max address space", -+ [RLIMIT_AS] = "Max address space", - #endif - #ifdef RLIMIT_LOCKS -- [RLIMIT_LOCKS] = "Max file locks", -+ [RLIMIT_LOCKS] = "Max file locks", - #endif - #ifdef RLIMIT_SIGPENDING -- [RLIMIT_SIGPENDING] = "Max pending signals", -+ [RLIMIT_SIGPENDING] = "Max pending signals", - #endif - #ifdef RLIMIT_MSGQUEUE -- [RLIMIT_MSGQUEUE] = "Max msgqueue size", -+ [RLIMIT_MSGQUEUE] = "Max msgqueue size", - #endif - #ifdef RLIMIT_NICE -- [RLIMIT_NICE] = "Max nice priority", -+ [RLIMIT_NICE] = "Max nice priority", - #endif - #ifdef RLIMIT_RTPRIO -- [RLIMIT_RTPRIO] = "Max realtime priority", -+ [RLIMIT_RTPRIO] = "Max realtime priority", - #endif - #ifdef RLIMIT_RTTIME -- [RLIMIT_RTTIME] = "Max realtime timeout", -+ [RLIMIT_RTTIME] = "Max realtime timeout", - #endif - }; - - static int str2rlimit(char *name) { - int i; - if (!name || *name == '\0') -- return -1; -+ return -1; - for(i = 0; i < RLIM_NLIMITS; i++) { -- if (strcmp(name, lnames[i]) == 0) return i; -+ if (strcmp(name, lnames[i]) == 0) return i; - } - return -1; - } -@@ -360,25 +360,25 @@ static rlim_t str2rlim_t(char *value) { - - if (!value) return (rlim_t)rlimit; - if (strcmp(value, "unlimited") == 0) { -- return RLIM_INFINITY; -+ return RLIM_INFINITY; - } - rlimit = strtoull(value, NULL, 10); - return (rlim_t)rlimit; - } - - #define LIMITS_SKIP_WHITESPACE { \ -- /* step backwards over spaces */ \ -- pos--; \ -- while (pos && line[pos] == ' ') pos--; \ -- if (!pos) continue; \ -- line[pos+1] = '\0'; \ -+ /* step backwards over spaces */ \ -+ pos--; \ -+ while (pos && line[pos] == ' ') pos--; \ -+ if (!pos) continue; \ -+ line[pos+1] = '\0'; \ - } - #define LIMITS_MARK_ITEM(item) { \ -- /* step backwards over non-spaces */ \ -- pos--; \ -- while (pos && line[pos] != ' ') pos--; \ -- if (!pos) continue; \ -- item = line + pos + 1; \ -+ /* step backwards over non-spaces */ \ -+ pos--; \ -+ while (pos && line[pos] != ' ') pos--; \ -+ if (!pos) continue; \ -+ item = line + pos + 1; \ - } - - static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) -@@ -390,54 +390,54 @@ static void parse_kernel_limits(pam_hand - char *hard, *soft, *name; - - if (!(limitsfile = fopen(proclimits, "r"))) { -- pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); -- return; -+ pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); -+ return; - } - - while (fgets(line, 256, limitsfile)) { -- int pos = strlen(line); -- if (pos < 2) continue; -+ int pos = strlen(line); -+ if (pos < 2) continue; -+ -+ /* drop trailing newline */ -+ if (line[pos-1] == '\n') { -+ pos--; -+ line[pos] = '\0'; -+ } - -- /* drop trailing newline */ -- if (line[pos-1] == '\n') { -- pos--; -- line[pos] = '\0'; -- } -- -- /* determine formatting boundary of limits report */ -- if (!maxlen && pam_str_skip_prefix(line, "Limit") != NULL) { -- maxlen = pos; -- continue; -- } -- -- if (pos == maxlen) { -- /* step backwards over "Units" name */ -- LIMITS_SKIP_WHITESPACE; -- LIMITS_MARK_ITEM(hard); /* not a typo, units unused */ -- } -- -- /* step backwards over "Hard Limit" value */ -- LIMITS_SKIP_WHITESPACE; -- LIMITS_MARK_ITEM(hard); -- -- /* step backwards over "Soft Limit" value */ -- LIMITS_SKIP_WHITESPACE; -- LIMITS_MARK_ITEM(soft); -- -- /* step backwards over name of limit */ -- LIMITS_SKIP_WHITESPACE; -- name = line; -- -- i = str2rlimit(name); -- if (i < 0 || i >= RLIM_NLIMITS) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name); -- continue; -- } -- pl->limits[i].limit.rlim_cur = str2rlim_t(soft); -- pl->limits[i].limit.rlim_max = str2rlim_t(hard); -- pl->limits[i].src_soft = LIMITS_DEF_KERNEL; -- pl->limits[i].src_hard = LIMITS_DEF_KERNEL; -+ /* determine formatting boundary of limits report */ -+ if (!maxlen && pam_str_skip_prefix(line, "Limit") != NULL) { -+ maxlen = pos; -+ continue; -+ } -+ -+ if (pos == maxlen) { -+ /* step backwards over "Units" name */ -+ LIMITS_SKIP_WHITESPACE; -+ LIMITS_MARK_ITEM(hard); /* not a typo, units unused */ -+ } -+ -+ /* step backwards over "Hard Limit" value */ -+ LIMITS_SKIP_WHITESPACE; -+ LIMITS_MARK_ITEM(hard); -+ -+ /* step backwards over "Soft Limit" value */ -+ LIMITS_SKIP_WHITESPACE; -+ LIMITS_MARK_ITEM(soft); -+ -+ /* step backwards over name of limit */ -+ LIMITS_SKIP_WHITESPACE; -+ name = line; -+ -+ i = str2rlimit(name); -+ if (i < 0 || i >= RLIM_NLIMITS) { -+ if (ctrl & PAM_DEBUG_ARG) -+ pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name); -+ continue; -+ } -+ pl->limits[i].limit.rlim_cur = str2rlim_t(soft); -+ pl->limits[i].limit.rlim_max = str2rlim_t(hard); -+ pl->limits[i].src_soft = LIMITS_DEF_KERNEL; -+ pl->limits[i].src_hard = LIMITS_DEF_KERNEL; - } - fclose(limitsfile); - } -@@ -486,6 +486,54 @@ static int init_limits(pam_handle_t *pam - - return retval; - } -+/* -+ * Read the contents of /proc/sys/fs/ -+ * return 1 if conversion succeeds, result is in *valuep -+ * return 0 if conversion fails. -+ */ -+static int -+value_from_proc_sys_fs(const pam_handle_t *pamh, const char *name, rlim_t *valuep) -+{ -+ char pathname[128]; -+ char buf[128]; -+ FILE *fp; -+ int retval; -+ -+ retval = 0; -+ -+ snprintf(pathname, sizeof(pathname), "/proc/sys/fs/%s", name); -+ -+ if ((fp = fopen(pathname, "r")) != NULL) { -+ if (fgets(buf, sizeof(buf), fp) != NULL) { -+ char *endptr; -+ -+#ifdef __USE_FILE_OFFSET64 -+ *valuep = strtoull(buf, &endptr, 10); -+#else -+ *valuep = strtoul(buf, &endptr, 10); -+#endif -+ -+ retval = (endptr != buf); -+ } -+ -+ fclose(fp); -+ } -+ -+ return retval; -+} -+ -+/* -+ * Check if the string passed as the argument corresponds to -+ * "unlimited" -+ */ -+static inline int -+is_unlimited(const char *lim_value) -+{ -+ return strcmp(lim_value, "-1") == 0 -+ || strcmp(lim_value, "-") == 0 -+ || strcmp(lim_value, "unlimited") == 0 -+ || strcmp(lim_value, "infinity") == 0; -+} - - static void - process_limit (const pam_handle_t *pamh, int source, const char *lim_type, -@@ -505,9 +553,9 @@ process_limit (const pam_handle_t *pamh, - limits_def_names[source]); - - if (strcmp(lim_item, "cpu") == 0) -- limit_item = RLIMIT_CPU; -+ limit_item = RLIMIT_CPU; - else if (strcmp(lim_item, "fsize") == 0) -- limit_item = RLIMIT_FSIZE; -+ limit_item = RLIMIT_FSIZE; - else if (strcmp(lim_item, "data") == 0) - limit_item = RLIMIT_DATA; - else if (strcmp(lim_item, "stack") == 0) -@@ -557,8 +605,8 @@ process_limit (const pam_handle_t *pamh, - } else if (strcmp(lim_item, "nonewprivs") == 0) { - limit_item = LIMIT_NONEWPRIVS; - } else { -- pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); -- return; -+ pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); -+ return; - } - - if (strcmp(lim_type,"soft")==0) -@@ -569,9 +617,10 @@ process_limit (const pam_handle_t *pamh, - limit_type=LIMIT_SOFT | LIMIT_HARD; - else if (limit_item != LIMIT_LOGIN && limit_item != LIMIT_NUMSYSLOGINS - && limit_item != LIMIT_NONEWPRIVS) { -- pam_syslog(pamh, LOG_DEBUG, "unknown limit type '%s'", lim_type); -- return; -+ pam_syslog(pamh, LOG_DEBUG, "unknown limit type '%s'", lim_type); -+ return; - } -+ - if (limit_item == LIMIT_NONEWPRIVS) { - /* just require a bool-style 0 or 1 */ - if (strcmp(lim_value, "0") == 0) { -@@ -587,9 +636,7 @@ process_limit (const pam_handle_t *pamh, - #ifdef RLIMIT_NICE - && limit_item != RLIMIT_NICE - #endif -- && (strcmp(lim_value, "-1") == 0 -- || strcmp(lim_value, "-") == 0 || strcmp(lim_value, "unlimited") == 0 -- || strcmp(lim_value, "infinity") == 0)) { -+ && is_unlimited(lim_value)) { - int_value = -1; - rlimit_value = RLIM_INFINITY; - } else if (limit_item == LIMIT_PRI || limit_item == LIMIT_LOGIN || -@@ -605,7 +652,7 @@ process_limit (const pam_handle_t *pamh, - pam_syslog(pamh, LOG_DEBUG, - "wrong limit value '%s' for limit type '%s'", - lim_value, lim_type); -- return; -+ return; - } - } else { - #ifdef __USE_FILE_OFFSET64 -@@ -631,7 +678,7 @@ process_limit (const pam_handle_t *pamh, - } - - switch(limit_item) { -- case RLIMIT_CPU: -+ case RLIMIT_CPU: - if (rlimit_value != RLIM_INFINITY) - { - if (rlimit_value >= RLIM_INFINITY/60) -@@ -639,17 +686,17 @@ process_limit (const pam_handle_t *pamh, - else - rlimit_value *= 60; - } -- break; -- case RLIMIT_FSIZE: -- case RLIMIT_DATA: -- case RLIMIT_STACK: -- case RLIMIT_CORE: -- case RLIMIT_RSS: -- case RLIMIT_MEMLOCK: -+ break; -+ case RLIMIT_FSIZE: -+ case RLIMIT_DATA: -+ case RLIMIT_STACK: -+ case RLIMIT_CORE: -+ case RLIMIT_RSS: -+ case RLIMIT_MEMLOCK: - #ifdef RLIMIT_AS -- case RLIMIT_AS: -+ case RLIMIT_AS: - #endif -- if (rlimit_value != RLIM_INFINITY) -+ if (rlimit_value != RLIM_INFINITY) - { - if (rlimit_value >= RLIM_INFINITY/1024) - rlimit_value = RLIM_INFINITY; -@@ -664,29 +711,42 @@ process_limit (const pam_handle_t *pamh, - if (int_value < -20) - int_value = -20; - rlimit_value = 20 - int_value; -- break; -+ break; - #endif -+ case RLIMIT_NOFILE: -+ /* -+ * If nofile is to be set to "unlimited", try to set it to -+ * the value in /proc/sys/fs/nr_open instead. -+ */ -+ if (rlimit_value == RLIM_INFINITY) { -+ if (!value_from_proc_sys_fs(pamh, "nr_open", &rlimit_value)) -+ pam_syslog(pamh, LOG_DEBUG, -+ "Cannot set \"nofile\" to a sensible value"); -+ else -+ pam_syslog(pamh, LOG_WARNING, "Setting \"nofile\" limit to %lu", (long unsigned) rlimit_value); -+ } -+ break; - } - - if ( (limit_item != LIMIT_LOGIN) - && (limit_item != LIMIT_NUMSYSLOGINS) - && (limit_item != LIMIT_PRI) - && (limit_item != LIMIT_NONEWPRIVS) ) { -- if (limit_type & LIMIT_SOFT) { -+ if (limit_type & LIMIT_SOFT) { - if (pl->limits[limit_item].src_soft < source) { -- return; -+ return; - } else { -- pl->limits[limit_item].limit.rlim_cur = rlimit_value; -- pl->limits[limit_item].src_soft = source; -- } -+ pl->limits[limit_item].limit.rlim_cur = rlimit_value; -+ pl->limits[limit_item].src_soft = source; -+ } - } -- if (limit_type & LIMIT_HARD) { -+ if (limit_type & LIMIT_HARD) { - if (pl->limits[limit_item].src_hard < source) { -- return; -- } else { -- pl->limits[limit_item].limit.rlim_max = rlimit_value; -- pl->limits[limit_item].src_hard = source; -- } -+ return; -+ } else { -+ pl->limits[limit_item].limit.rlim_max = rlimit_value; -+ pl->limits[limit_item].src_hard = source; -+ } - } - } else { - /* recent kernels support negative priority limits (=raise priority) */ -@@ -764,42 +824,42 @@ parse_config_file(pam_handle_t *pamh, co - - /* check for the LIMITS_FILE */ - if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); -+ pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); - fil = fopen(CONF_FILE, "r"); - if (fil == NULL) { -- pam_syslog (pamh, LOG_WARNING, -+ pam_syslog (pamh, LOG_WARNING, - "cannot read settings from %s: %m", CONF_FILE); -- return PAM_SERVICE_ERR; -+ return PAM_SERVICE_ERR; - } - - /* start the show */ - while (fgets(buf, LINE_LENGTH, fil) != NULL) { -- char domain[LINE_LENGTH]; -- char ltype[LINE_LENGTH]; -- char item[LINE_LENGTH]; -- char value[LINE_LENGTH]; -- int i; -- int rngtype; -- size_t j; -- char *tptr,*line; -- uid_t min_uid = (uid_t)-1, max_uid = (uid_t)-1; -- -- line = buf; -- /* skip the leading white space */ -- while (*line && isspace(*line)) -- line++; -- -- /* Rip off the comments */ -- tptr = strchr(line,'#'); -- if (tptr) -- *tptr = '\0'; -- /* Rip off the newline char */ -- tptr = strchr(line,'\n'); -- if (tptr) -- *tptr = '\0'; -- /* Anything left ? */ -- if (!strlen(line)) -- continue; -+ char domain[LINE_LENGTH]; -+ char ltype[LINE_LENGTH]; -+ char item[LINE_LENGTH]; -+ char value[LINE_LENGTH]; -+ int i; -+ int rngtype; -+ size_t j; -+ char *tptr,*line; -+ uid_t min_uid = (uid_t)-1, max_uid = (uid_t)-1; -+ -+ line = buf; -+ /* skip the leading white space */ -+ while (*line && isspace(*line)) -+ line++; -+ -+ /* Rip off the comments */ -+ tptr = strchr(line,'#'); -+ if (tptr) -+ *tptr = '\0'; -+ /* Rip off the newline char */ -+ tptr = strchr(line,'\n'); -+ if (tptr) -+ *tptr = '\0'; -+ /* Anything left ? */ -+ if (!strlen(line)) -+ continue; - - domain[0] = ltype[0] = item[0] = value[0] = '\0'; - -@@ -807,23 +867,23 @@ parse_config_file(pam_handle_t *pamh, co - D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]", - i, domain, ltype, item, value)); - -- for(j=0; j < strlen(ltype); j++) -- ltype[j]=tolower(ltype[j]); -+ for(j=0; j < strlen(ltype); j++) -+ ltype[j]=tolower(ltype[j]); - - if ((rngtype=parse_uid_range(pamh, domain, &min_uid, &max_uid)) < 0) { - pam_syslog(pamh, LOG_WARNING, "invalid uid range '%s' - skipped", domain); - continue; - } - -- if (i == 4) { /* a complete line */ -+ if (i == 4) { /* a complete line */ - for(j=0; j < strlen(item); j++) - item[j]=tolower(item[j]); - for(j=0; j < strlen(value); j++) - value[j]=tolower(value[j]); - -- if (strcmp(uname, domain) == 0) /* this user have a limit */ -- process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); -- else if (domain[0]=='@') { -+ if (strcmp(uname, domain) == 0) /* this user have a limit */ -+ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); -+ else if (domain[0]=='@') { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_DEBUG, - "checking if %s is in group %s", -@@ -849,7 +909,7 @@ parse_config_file(pam_handle_t *pamh, co - process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, - pl); - } -- } else if (domain[0]=='%') { -+ } else if (domain[0]=='%') { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_DEBUG, - "checking if %s is in group %s", -@@ -880,7 +940,7 @@ parse_config_file(pam_handle_t *pamh, co - case LIMIT_RANGE_MM: - pam_syslog(pamh, LOG_WARNING, "range unsupported for %%group matching - ignored"); - } -- } else { -+ } else { - switch(rngtype) { - case LIMIT_RANGE_NONE: - if (strcmp(domain, "*") == 0) -@@ -951,8 +1011,8 @@ parse_config_file(pam_handle_t *pamh, co - } - fclose(fil); - return PAM_IGNORE; -- } else { -- pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line); -+ } else { -+ pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line); - } - } - fclose(fil); -@@ -979,8 +1039,8 @@ static int setup_limits(pam_handle_t *pa - /* skip it if its not initialized */ - continue; - } -- if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) -- pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; -+ if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) -+ pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; - res = setrlimit(i, &pl->limits[i].limit); - if (res != 0) - pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", -@@ -989,30 +1049,30 @@ static int setup_limits(pam_handle_t *pa - } - - if (status) { -- retval = LIMIT_ERR; -+ retval = LIMIT_ERR; - } - - status = setpriority(PRIO_PROCESS, 0, pl->priority); - if (status != 0) { -- pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m"); -- retval = LIMIT_ERR; -+ pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m"); -+ retval = LIMIT_ERR; - } - - if (uid == 0) { - D(("skip login limit check for uid=0")); - } else if (pl->login_limit > 0) { -- if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { -+ if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { - #ifdef HAVE_LIBAUDIT - if (!(ctrl & PAM_NO_AUDIT)) { - pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS, - "pam_limits", PAM_PERM_DENIED); - /* ignore return value as we fail anyway */ -- } -+ } - #endif -- retval |= LOGIN_ERR; -+ retval |= LOGIN_ERR; - } - } else if (pl->login_limit == 0) { -- retval |= LOGIN_ERR; -+ retval |= LOGIN_ERR; - } - - if (pl->nonewprivs) { -@@ -1049,22 +1109,22 @@ pam_sm_open_session (pam_handle_t *pamh, - ctrl = _pam_parse(pamh, argc, argv, pl); - retval = pam_get_item( pamh, PAM_USER, (void*) &user_name ); - if ( user_name == NULL || retval != PAM_SUCCESS ) { -- pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); -- return PAM_SESSION_ERR; -+ pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); -+ return PAM_SESSION_ERR; - } - - pwd = pam_modutil_getpwnam(pamh, user_name); - if (!pwd) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_WARNING, -+ if (ctrl & PAM_DEBUG_ARG) -+ pam_syslog(pamh, LOG_WARNING, - "open_session username '%s' does not exist", user_name); -- return PAM_USER_UNKNOWN; -+ return PAM_USER_UNKNOWN; - } - - retval = init_limits(pamh, pl, ctrl); - if (retval != PAM_SUCCESS) { -- pam_syslog(pamh, LOG_ERR, "cannot initialize"); -- return PAM_ABORT; -+ pam_syslog(pamh, LOG_ERR, "cannot initialize"); -+ return PAM_ABORT; - } - - retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); -@@ -1099,7 +1159,7 @@ pam_sm_open_session (pam_handle_t *pamh, - } - if (retval != PAM_SUCCESS) - goto out; -- } -+ } - } - - out: -@@ -1115,7 +1175,7 @@ out: - pam_error(pamh, _("There were too many logins for '%s'."), - pwd->pw_name); - if (retval != LIMITED_OK) { -- return PAM_PERM_DENIED; -+ return PAM_PERM_DENIED; - } - - return PAM_SUCCESS; diff --git a/pam-pam_cracklib-add-usersubstr.patch b/pam-pam_cracklib-add-usersubstr.patch deleted file mode 100644 index 8478271..0000000 --- a/pam-pam_cracklib-add-usersubstr.patch +++ /dev/null @@ -1,81 +0,0 @@ -Index: Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_cracklib/pam_cracklib.c -+++ Linux-PAM-1.4.0/modules/pam_cracklib/pam_cracklib.c -@@ -88,6 +88,7 @@ struct cracklib_options { - int reject_user; - int gecos_check; - int enforce_for_root; -+ int user_substr; - const char *cracklib_dictpath; - }; - -@@ -185,6 +186,10 @@ _pam_parse (pam_handle_t *pamh, struct c - if (!*(opt->cracklib_dictpath)) { - opt->cracklib_dictpath = CRACKLIB_DICTS; - } -+ } else if ((str = pam_str_skip_prefix(*argv, "usersubstr=")) != NULL) { -+ opt->user_substr = strtol(str, &ep, 10); -+ if (ep == str) -+ opt->user_substr = 0; - } else { - pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); - } -@@ -525,13 +530,54 @@ static int wordcheck(const char *new, ch - return 0; - } - -+/* -+ * RETURNS: True if the password is unacceptable, else false -+ */ -+static int usersubstr(int len, const char *new, char *user) -+{ -+ int i, userlen; -+ int bad = 0; // Assume it's OK unless proven otherwise -+ char *subuser = calloc(len+1, sizeof(char)); -+ -+ if (subuser == NULL) { -+ return 1; -+ } -+ -+ userlen = strlen(user); -+ -+ if (len >= CO_MIN_WORD_LENGTH && -+ userlen > len) { -+ for(i = 0; !bad && (i <= userlen - len); i++) { -+ strncpy(subuser, user+i, len+1); -+ subuser[len] = '\0'; -+ bad = wordcheck(new, subuser); -+ } -+ } else { -+ // if we already tested substrings, there's no need to test -+ // the whole username; all substrings would've been found :) -+ if (!bad) -+ bad = wordcheck(new, user); -+ } -+ -+ free(subuser); -+ -+ return bad; -+} -+ -+/* -+ * RETURNS: True if the password is unacceptable, else false -+ */ - static int usercheck(struct cracklib_options *opt, const char *new, - char *user) - { -- if (!opt->reject_user) -- return 0; -+ int bad = 0; -+ -+ if (opt->reject_user) -+ bad = wordcheck(new, user); -+ if (!bad && opt->user_substr != 0) -+ bad = usersubstr(opt->user_substr, new, user); - -- return wordcheck(new, user); -+ return bad; - } - - static char * str_lower(char *string) diff --git a/pam.changes b/pam.changes index 37d3691..33c13c4 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + ------------------------------------------------------------------- Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 67dd4c8..f6d6d3e 100644 --- a/pam.spec +++ b/pam.spec @@ -31,7 +31,7 @@ # Name: pam # -Version: 1.5.1 +Version: 1.5.2 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -50,22 +50,17 @@ Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh Source13: motd.tmpfiles +Source14: Linux-PAM-%{version}-docs.tar.xz.asc +Source15: Linux-PAM-%{version}.tar.xz.asc Patch2: pam-limit-nproc.patch Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-xauth_ownership.patch -Patch6: pam_cracklib-removal.patch -Patch7: pam_tally2-removal.patch Patch8: pam-bsc1177858-dont-free-environment-string.patch -Patch9: pam-pam_cracklib-add-usersubstr.patch -Patch10: pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch -Patch11: bsc1184358-prevent-LOCAL-from-being-resolved.patch Patch12: pam_umask-usergroups-login_defs.patch # https://github.com/linux-pam/linux-pam/commit/e842a5fc075002f46672ebcd8e896624f1ec8068 -Patch100: pam_securetty-don-t-complain-about-missing-config.patch -Patch101: revert-check_shadow_expiry.diff +# Patch101: revert-check_shadow_expiry.diff BuildRequires: audit-devel BuildRequires: bison -BuildRequires: cracklib-devel BuildRequires: flex BuildRequires: libtool BuildRequires: xz @@ -146,39 +141,18 @@ having to recompile programs which do authentication. This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. -%package deprecated -Summary: Deprecated PAM Modules -Group: System/Libraries -Provides: pam:/%{_lib}/security/pam_cracklib.so -Provides: pam:/%{_lib}/security/pam_tally2.so - -%description deprecated -PAM (Pluggable Authentication Modules) is a system security tool that -allows system administrators to set authentication policies without -having to recompile programs that do authentication. - -This package contains deprecated extra modules like pam_cracklib and -pam_tally2, which are no longer supported upstream and will be completly -removed with one of the next releases. - %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . %patch2 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -R -p1 -%patch7 -R -p1 %patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 %patch12 -p1 -%patch100 -p1 -%patch101 -p1 +# %%patch101 -p1 %build -bash ./pam-login_defs-check.sh +# bash ./pam-login_defs-check.sh export CFLAGS="%{optflags}" %if !%{with debug} CFLAGS="$CFLAGS -DNDEBUG" @@ -192,9 +166,9 @@ CFLAGS="$CFLAGS -DNDEBUG" --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_distconfdir} \ %if %{with debug} - --enable-debug \ + --enable-debug %endif - --enable-tally2 --enable-cracklib + %make_build gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam @@ -436,12 +410,6 @@ done %{_pam_moduledir}/pam_userdb.so %{_mandir}/man8/pam_userdb.8%{?ext_man} -%files deprecated -%defattr(-,root,root,755) -%{_pam_moduledir}/pam_cracklib.so -%{_pam_moduledir}/pam_tally2.so -%{_sbindir}/pam_tally2 - %files doc %defattr(644,root,root,755) %dir %{_defaultdocdir}/pam @@ -460,5 +428,6 @@ done %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so %{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc %changelog diff --git a/pam_cracklib-removal.patch b/pam_cracklib-removal.patch deleted file mode 100644 index 22dbdcb..0000000 --- a/pam_cracklib-removal.patch +++ /dev/null @@ -1,1740 +0,0 @@ -From d702ff714c309069111899fd07c09e31c414c166 Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Thu, 29 Oct 2020 08:00:00 +0000 -Subject: [PATCH] Remove deprecated pam_cracklib module - -* ci/install-dependencies.sh: Remove libcrack2-dev. -* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove ---enable-cracklib=check. -* conf/pam.conf: Remove references to pam_cracklib.so. -* configure.ac: Remove --enable-cracklib option. -(AC_SUBST): Remove LIBCRACK. -(AM_CONDITIONAL): Remove COND_BUILD_PAM_CRACKLIB. -(AC_CONFIG_FILES): Remove modules/pam_cracklib/Makefile. -* doc/sag/pam_cracklib.xml: Remove. -* doc/sag/Linux-PAM_SAG.xml: Do not include pam_cracklib.xml. -* modules/Makefile.am (MAYBE_PAM_CRACKLIB): Remove. -(SUBDIRS): Remove MAYBE_PAM_CRACKLIB. -* modules/pam_cracklib/Makefile.am: Remove. -* modules/pam_cracklib/README.xml: Likewise. -* modules/pam_cracklib/pam_cracklib.8.xml: Likewise. -* modules/pam_cracklib/pam_cracklib.c: Likewise. -* modules/pam_cracklib/tst-pam_cracklib: Likewise. -* xtests/tst-pam_cracklib1.c: Likewise. -* xtests/tst-pam_cracklib1.pamd: Likewise. -* xtests/tst-pam_cracklib2.c: Likewise. -* xtests/tst-pam_cracklib2.pamd: Likewise. -* modules/pam_pwhistory/pam_pwhistory.8.xml: Replace pam_cracklib -in examples with pam_passwdqc. -* modules/pam_unix/pam_unix.8.xml: Likewise. -* po/POTFILES.in: Remove ./modules/pam_cracklib/pam_cracklib.c. -* xtests/.gitignore: Remove tst-pam_cracklib1 and tst-pam_cracklib2. -* xtests/Makefile.am (EXTRA_DIST): Remove tst-pam_cracklib1.pamd -and tst-pam_cracklib2.pamd. -(XTESTS): Remove tst-pam_cracklib1 and tst-pam_cracklib2. -* NEWS: Document this change. ---- - NEWS | 2 + - ci/install-dependencies.sh | 1 - - ci/run-build-and-tests.sh | 2 +- - conf/pam.conf | 5 - - configure.ac | 25 +- - doc/sag/Linux-PAM_SAG.xml | 2 - - doc/sag/pam_cracklib.xml | 34 - - modules/Makefile.am | 5 - - modules/pam_cracklib/Makefile.am | 33 - - modules/pam_cracklib/README.xml | 41 - - modules/pam_cracklib/pam_cracklib.8.xml | 592 -------------- - modules/pam_cracklib/pam_cracklib.c | 899 ---------------------- - modules/pam_cracklib/tst-pam_cracklib | 2 - - modules/pam_pwhistory/pam_pwhistory.8.xml | 6 +- - modules/pam_unix/pam_unix.8.xml | 6 +- - po/POTFILES.in | 1 - - xtests/.gitignore | 2 - - xtests/Makefile.am | 2 - - xtests/tst-pam_cracklib1.c | 135 ---- - xtests/tst-pam_cracklib1.pamd | 2 - - xtests/tst-pam_cracklib2.c | 143 ---- - xtests/tst-pam_cracklib2.pamd | 2 - - 22 files changed, 10 insertions(+), 1932 deletions(-) - delete mode 100644 doc/sag/pam_cracklib.xml - delete mode 100644 modules/pam_cracklib/Makefile.am - delete mode 100644 modules/pam_cracklib/README.xml - delete mode 100644 modules/pam_cracklib/pam_cracklib.8.xml - delete mode 100644 modules/pam_cracklib/pam_cracklib.c - delete mode 100755 modules/pam_cracklib/tst-pam_cracklib - delete mode 100644 xtests/tst-pam_cracklib1.c - delete mode 100644 xtests/tst-pam_cracklib1.pamd - delete mode 100644 xtests/tst-pam_cracklib2.c - delete mode 100644 xtests/tst-pam_cracklib2.pamd - -diff --git a/configure.ac b/configure.ac -index 59327a75..4397124d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -334,28 +334,6 @@ case "$ac_cv_search_dlopen" in - esac - AC_SUBST(LIBDL) - --AC_ARG_ENABLE([cracklib], -- [AS_HELP_STRING([--enable-cracklib], -- [build deprecated pam_cracklib module])], -- [], [enable_cracklib=no]) --LIBCRACK="" --case "$enable_cracklib" in -- no) ;; -- yes|check) -- dnl Check for cracklib -- AC_CHECK_HEADERS([crack.h], -- [AC_CHECK_LIB([crack], [FascistCheck], -- [LIBCRACK="-lcrack"])]) -- if test -z "$LIBCRACK"; then -- if test "$enable_cracklib" = yes; then -- AC_MSG_FAILURE([failed to find cracklib]) -- fi -- fi -- ;; -- *) AC_MSG_ERROR([bad value $enable_cracklib for --enable-cracklib option]) ;; --esac --AC_SUBST(LIBCRACK) -- - dnl Look for Linux Auditing library - see documentation - AC_ARG_ENABLE([audit], - AS_HELP_STRING([--disable-audit],[do not enable audit support]), -@@ -662,7 +640,6 @@ case "$enable_unix" in - *) AC_MSG_ERROR([bad value $enable_unix for --enable-unix option]) ;; - esac - --AM_CONDITIONAL([COND_BUILD_PAM_CRACKLIB], [test -n "$LIBCRACK"]) - AM_CONDITIONAL([COND_BUILD_PAM_KEYINIT], [test "$have_key_syscalls" = 1]) - AM_CONDITIONAL([COND_BUILD_PAM_LASTLOG], [test "$ac_cv_func_logwtmp" = yes]) - AM_CONDITIONAL([COND_BUILD_PAM_NAMESPACE], [test "$ac_cv_func_unshare" = yes]) -@@ -682,7 +659,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile - po/Makefile.in \ - Make.xml.rules \ - modules/Makefile \ -- modules/pam_access/Makefile modules/pam_cracklib/Makefile \ -+ modules/pam_access/Makefile \ - modules/pam_debug/Makefile modules/pam_deny/Makefile \ - modules/pam_echo/Makefile modules/pam_env/Makefile \ - modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \ -diff --git a/modules/Makefile.am b/modules/Makefile.am -index 641108dd..aa03e319 100644 ---- a/modules/Makefile.am -+++ b/modules/Makefile.am -@@ -2,10 +2,6 @@ - # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk - # - --if COND_BUILD_PAM_CRACKLIB -- MAYBE_PAM_CRACKLIB = pam_cracklib --endif -- - if COND_BUILD_PAM_KEYINIT - MAYBE_PAM_KEYINIT = pam_keyinit - endif -@@ -56,7 +52,6 @@ endif - - SUBDIRS := \ - pam_access \ -- $(MAYBE_PAM_CRACKLIB) \ - pam_debug \ - pam_deny \ - pam_echo \ -diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am -deleted file mode 100644 -index e11c42d7..00000000 ---- a/modules/pam_cracklib/Makefile.am -+++ /dev/null -@@ -1,33 +0,0 @@ --# --# Copyright (c) 2005, 2006, 2009 Thorsten Kukuk --# -- --CLEANFILES = *~ --MAINTAINERCLEANFILES = $(MANS) README -- --EXTRA_DIST = $(XMLS) -- --#if HAVE_DOC --#dist_man_MANS = pam_cracklib.8 --#endif --XMLS = README.xml pam_cracklib.8.xml --dist_check_SCRIPTS = tst-pam_cracklib --TESTS = $(dist_check_SCRIPTS) -- --securelibdir = $(SECUREDIR) --secureconfdir = $(SCONFIGDIR) -- --AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- $(WARN_CFLAGS) --AM_LDFLAGS = -no-undefined -avoid-version -module --if HAVE_VERSIONING -- AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map --endif --pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -- @LIBCRACK@ @LIBCRYPT@ --securelib_LTLIBRARIES = pam_cracklib.la -- --if ENABLE_REGENERATE_MAN --dist_noinst_DATA = README ---include $(top_srcdir)/Make.xml.rules --endif -diff --git a/modules/pam_cracklib/README.xml b/modules/pam_cracklib/README.xml -deleted file mode 100644 -index c4a7b54c..00000000 ---- a/modules/pam_cracklib/README.xml -+++ /dev/null -@@ -1,41 +0,0 @@ -- -- ----> --]> -- --

-- -- -- -- -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_cracklib.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_cracklib-name"]/*)'/> -- -- -- -- --
-- --
-- --
-- --
-- --
-- --
-- --
-- --
-- --
-diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml -deleted file mode 100644 -index 75e44e2d..00000000 ---- a/modules/pam_cracklib/pam_cracklib.8.xml -+++ /dev/null -@@ -1,592 +0,0 @@ -- -- -- -- -- -- -- pam_cracklib -- 8 -- Linux-PAM Manual -- -- -- -- pam_cracklib -- PAM module to check the password against dictionary words -- -- -- -- -- pam_cracklib.so -- -- ... -- -- -- -- -- -- -- DESCRIPTION -- -- -- This module can be plugged into the password stack of -- a given application to provide some plug-in strength-checking for passwords. -- -- -- -- The action of this module is to prompt the user for a password and -- check its strength against a system dictionary and a set of rules for -- identifying poor choices. -- -- -- -- The first action is to prompt for a single password, check its -- strength and then, if it is considered strong, prompt for the password -- a second time (to verify that it was typed correctly on the first -- occasion). All being well, the password is passed on to subsequent -- modules to be installed as the new authentication token. -- -- -- -- The strength checks works in the following manner: at first the -- Cracklib routine is called to check if the password -- is part of a dictionary; if this is not the case an additional set of -- strength checks is done. These checks are: -- -- -- -- -- Palindrome -- -- -- Is the new password a palindrome? -- -- -- -- -- Case Change Only -- -- -- Is the new password the old one with only a change of case? -- -- -- -- -- Similar -- -- -- Is the new password too much like the old one? -- This is primarily controlled by one argument, -- which is a number of character changes -- (inserts, removals, or replacements) between the old and new -- password that are enough to accept the new password. -- This defaults to 5 changes. -- -- -- -- -- Simple -- -- -- Is the new password too small? -- This is controlled by 6 arguments , -- , -- , , -- , and . See the section -- on the arguments for the details of how these work and there defaults. -- -- -- -- -- Rotated -- -- -- Is the new password a rotated version of the old password? -- -- -- -- -- Same consecutive characters -- -- -- Optional check for same consecutive characters. -- -- -- -- -- Too long monotonic character sequence -- -- -- Optional check for too long monotonic character sequence. -- -- -- -- -- Contains user name -- -- -- Optional check whether the password contains the user's name -- in some form. -- -- -- -- -- -- This module with no arguments will work well for standard unix -- password encryption. With md5 encryption, passwords can be longer -- than 8 characters and the default settings for this module can make it -- hard for the user to choose a satisfactory new password. Notably, the -- requirement that the new password contain no more than 1/2 of the -- characters in the old password becomes a non-trivial constraint. For -- example, an old password of the form "the quick brown fox jumped over -- the lazy dogs" would be difficult to change... In addition, the -- default action is to allow passwords as small as 5 characters in -- length. For a md5 systems it can be a good idea to increase the -- required minimum size of a password. One can then allow more credit -- for different kinds of characters but accept that the new password may -- share most of these characters with the old password. -- -- -- -- -- -- -- OPTIONS -- -- -- -- -- -- -- -- -- -- This option makes the module write information to -- -- syslog3 -- -- indicating the behavior of the module (this option does -- not write password information to the log file). -- -- -- -- -- -- -- -- -- -- -- The default action is for the module to use the -- following prompts when requesting passwords: -- "New UNIX password: " and "Retype UNIX password: ". -- The example word UNIX can -- be replaced with this option, by default it is empty. -- -- -- -- -- -- -- -- -- -- -- Prompt user at most N times -- before returning with error. The default is -- 1. -- -- -- -- -- -- -- -- -- -- -- This argument will change the default of -- 5 for the number of character -- changes in the new password that differentiate it -- from the old password. -- -- -- -- -- -- -- -- -- -- -- The minimum acceptable size for the new password (plus -- one if credits are not disabled which is the default). -- In addition to the number of characters in the new password, -- credit (of +1 in length) is given for each different kind -- of character (other, -- upper, lower and -- digit). The default for this parameter -- is 9 which is good for a old style UNIX -- password all of the same type of character but may be too low -- to exploit the added security of a md5 system. Note that -- there is a pair of length limits in -- Cracklib itself, a "way too short" limit -- of 4 which is hard coded in and a defined limit (6) that will -- be checked without reference to . -- If you want to allow passwords as short as 5 characters you -- should not use this module. -- -- -- -- -- -- -- -- -- -- -- (N >= 0) This is the maximum credit for having digits in -- the new password. If you have less than or -- N -- digits, each digit will count +1 towards meeting the current -- value. The default for -- is 1 which is the recommended -- value for less than 10. -- -- -- (N < 0) This is the minimum number of digits that must -- be met for a new password. -- -- -- -- -- -- -- -- -- -- -- (N >= 0) This is the maximum credit for having upper -- case letters in the new password. If you have less than -- or N upper case letters each -- letter will count +1 towards meeting the current -- value. The default for -- is 1 which -- is the recommended value for less -- than 10. -- -- -- (N < 0) This is the minimum number of upper -- case letters that must be met for a new password. -- -- -- -- -- -- -- -- -- -- -- (N >= 0) This is the maximum credit for having -- lower case letters in the new password. If you have -- less than or N lower case -- letters, each letter will count +1 towards meeting the -- current value. The default for -- is 1 which is the recommended -- value for less than 10. -- -- -- (N < 0) This is the minimum number of lower -- case letters that must be met for a new password. -- -- -- -- -- -- -- -- -- -- -- (N >= 0) This is the maximum credit for having other -- characters in the new password. If you have less than or -- N other characters, each -- character will count +1 towards meeting the current -- value. The default for -- is 1 which is the recommended -- value for less than 10. -- -- -- (N < 0) This is the minimum number of other -- characters that must be met for a new password. -- -- -- -- -- -- -- -- -- -- -- The minimum number of required classes of characters for -- the new password. The default number is zero. The four -- classes are digits, upper and lower letters and other -- characters. -- The difference to the check is -- that a specific class if of characters is not required. -- Instead N out of four of the -- classes are required. -- -- -- -- -- -- -- -- -- -- -- Reject passwords which contain more than N same consecutive -- characters. The default is 0 which means that this check -- is disabled. -- -- -- -- -- -- -- -- -- -- -- Reject passwords which contain monotonic character sequences -- longer than N. The default is 0 which means that this check -- is disabled. Examples of such sequence are '12345' or 'fedcb'. -- Note that most such passwords will not pass the simplicity -- check unless the sequence is only a minor part of the password. -- -- -- -- -- -- -- -- -- -- -- Reject passwords which contain more than N consecutive -- characters of the same class. The default is 0 which means -- that this check is disabled. -- -- -- -- -- -- -- -- -- -- -- Check whether the name of the user in straight or reversed -- form is contained in the new password. If it is found the -- new password is rejected. -- -- -- -- -- -- -- -- -- -- -- Check whether the words from the GECOS field (usually full name -- of the user) longer than 3 characters in straight or reversed -- form are contained in the new password. If any such word is -- found the new password is rejected. -- -- -- -- -- -- -- -- -- -- -- The module will return error on failed check also if the user -- changing the password is root. This option is off by default -- which means that just the message about the failed check is -- printed but root can change the password anyway. -- Note that root is not asked for an old password so the checks -- that compare the old and new password are not performed. -- -- -- -- -- -- -- -- -- -- -- This argument is used to force the -- module to not prompt the user for a new password but use -- the one provided by the previously stacked -- password module. -- -- -- -- -- -- -- -- -- -- -- Path to the cracklib dictionaries. -- -- -- -- -- -- -- -- -- -- MODULE TYPES PROVIDED -- -- Only the module type is provided. -- -- -- -- -- RETURN VALUES -- -- -- -- -- PAM_SUCCESS -- -- -- The new password passes all checks. -- -- -- -- -- -- PAM_AUTHTOK_ERR -- -- -- No new password was entered, -- the username could not be determined or the new -- password fails the strength checks. -- -- -- -- -- -- PAM_AUTHTOK_RECOVERY_ERR -- -- -- The old password was not supplied by a previous stacked -- module or got not requested from the user. -- The first error can happen if -- is specified. -- -- -- -- -- -- PAM_SERVICE_ERR -- -- -- A internal error occurred. -- -- -- -- -- -- -- -- -- -- EXAMPLES -- -- For an example of the use of this module, we show how it may be -- stacked with the password component of -- -- pam_unix8 -- -- --# --# These lines stack two password type modules. In this example the --# user is given 3 opportunities to enter a strong password. The --# "use_authtok" argument ensures that the pam_unix module does not --# prompt for a password, but instead uses the one provided by --# pam_cracklib. --# --passwd password required pam_cracklib.so retry=3 --passwd password required pam_unix.so use_authtok -- -- -- -- -- Another example (in the /etc/pam.d/passwd format) -- is for the case that you want to use md5 password encryption: -- --#%PAM-1.0 --# --# These lines allow a md5 systems to support passwords of at least 14 --# bytes with extra credit of 2 for digits and 2 for others the new --# password must have at least three bytes that are not present in the --# old password --# --password required pam_cracklib.so \ -- difok=3 minlen=15 dcredit= 2 ocredit=2 --password required pam_unix.so use_authtok nullok md5 -- -- -- -- -- And here is another example in case you don't want to use credits: -- --#%PAM-1.0 --# --# These lines require the user to select a password with a minimum --# length of 8 and with at least 1 digit number, 1 upper case letter, --# and 1 other character --# --password required pam_cracklib.so \ -- dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 --password required pam_unix.so use_authtok nullok md5 -- -- -- -- -- -- -- SEE ALSO -- -- -- pam.conf5 -- , -- -- pam.d5 -- , -- -- pam8 -- -- -- -- -- -- AUTHOR -- -- pam_cracklib was written by Cristian Gafton <gafton@redhat.com> -- -- -- -- -diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c -deleted file mode 100644 -index 01291305..00000000 ---- a/modules/pam_cracklib/pam_cracklib.c -+++ /dev/null -@@ -1,899 +0,0 @@ --/* -- * pam_cracklib module -- * -- * 0.9. switch to using a distance algorithm in similar() -- * 0.86. added support for setting minimum numbers of digits, uppers, -- * lowers, and others -- * 0.85. added six new options to use this with long passwords. -- * 0.8. tidied output and improved D(()) usage for debugging. -- * 0.7. added support for more obscure checks for new passwd. -- * 0.6. root can reset user passwd to any values (it's only warned) -- * 0.5. supports retries - 'retry=N' argument -- * 0.4. added argument 'type=XXX' for 'New XXX password' prompt -- * 0.3. Added argument 'debug' -- * 0.2. new password is fed to cracklib for verify after typed once -- * 0.1. First release -- * -- * Written by Cristian Gafton 1996/09/10 -- * Long password support by Philip W. Dalrymple 1997/07/18 -- * See the end of the file for Copyright Information -- * -- * Modification for long password systems (>8 chars). The original -- * module had problems when used in a md5 password system in that it -- * allowed too short passwords but required that at least half of the -- * bytes in the new password did not appear in the old one. this -- * action is still the default and the changes should not break any -- * current user. This modification adds 6 new options, one to set the -- * number of bytes in the new password that are not in the old one, -- * the other five to control the length checking, these are all -- * documented (or will be before anyone else sees this code) in the PAM -- * S.A.G. in the section on the cracklib module. -- */ -- --#include "config.h" -- --#include --#ifdef HAVE_LIBXCRYPT --# include --#elif defined(HAVE_CRYPT_H) --# include --#endif --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include -- --#ifdef HAVE_CRACK_H --#include --#else --extern char *FascistCheck(char *pw, const char *dictpath); --#endif -- --#ifndef CRACKLIB_DICTS --#define CRACKLIB_DICTS NULL --#endif -- --#ifdef MIN --#undef MIN --#endif --#define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b)) -- --#include --#include --#include --#include "pam_inline.h" -- --/* argument parsing */ --#define PAM_DEBUG_ARG 0x0001 -- --struct cracklib_options { -- int retry_times; -- int diff_ok; -- int min_length; -- int dig_credit; -- int up_credit; -- int low_credit; -- int oth_credit; -- int min_class; -- int max_repeat; -- int max_sequence; -- int max_class_repeat; -- int reject_user; -- int gecos_check; -- int enforce_for_root; -- const char *cracklib_dictpath; --}; -- --#define CO_RETRY_TIMES 1 --#define CO_DIFF_OK 5 --#define CO_MIN_LENGTH 9 --# define CO_MIN_LENGTH_BASE 5 --#define CO_DIG_CREDIT 1 --#define CO_UP_CREDIT 1 --#define CO_LOW_CREDIT 1 --#define CO_OTH_CREDIT 1 --#define CO_MIN_WORD_LENGTH 4 -- --static int --_pam_parse (pam_handle_t *pamh, struct cracklib_options *opt, -- int argc, const char **argv) --{ -- int ctrl=0; -- -- /* step through arguments */ -- for (ctrl=0; argc-- > 0; ++argv) { -- const char *str; -- char *ep = NULL; -- -- /* generic options */ -- -- if (!strcmp(*argv,"debug")) -- ctrl |= PAM_DEBUG_ARG; -- else if ((str = pam_str_skip_prefix(*argv, "type=")) != NULL) -- pam_set_item (pamh, PAM_AUTHTOK_TYPE, str); -- else if ((str = pam_str_skip_prefix(*argv, "retry=")) != NULL) { -- opt->retry_times = strtol(str, &ep, 10); -- if (!ep || (opt->retry_times < 1)) -- opt->retry_times = CO_RETRY_TIMES; -- } else if ((str = pam_str_skip_prefix(*argv, "difok=")) != NULL) { -- opt->diff_ok = strtol(str, &ep, 10); -- if (!ep || (opt->diff_ok < 0)) -- opt->diff_ok = CO_DIFF_OK; -- } else if (pam_str_skip_prefix(*argv, "difignore=") != NULL) { -- /* just ignore */ -- } else if ((str = pam_str_skip_prefix(*argv, "minlen=")) != NULL) { -- opt->min_length = strtol(str, &ep, 10); -- if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE)) -- opt->min_length = CO_MIN_LENGTH_BASE; -- } else if ((str = pam_str_skip_prefix(*argv, "dcredit=")) != NULL) { -- opt->dig_credit = strtol(str, &ep, 10); -- if (!ep) -- opt->dig_credit = 0; -- } else if ((str = pam_str_skip_prefix(*argv, "ucredit=")) != NULL) { -- opt->up_credit = strtol(str, &ep, 10); -- if (!ep) -- opt->up_credit = 0; -- } else if ((str = pam_str_skip_prefix(*argv, "lcredit=")) != NULL) { -- opt->low_credit = strtol(str, &ep, 10); -- if (!ep) -- opt->low_credit = 0; -- } else if ((str = pam_str_skip_prefix(*argv, "ocredit=")) != NULL) { -- opt->oth_credit = strtol(str, &ep, 10); -- if (!ep) -- opt->oth_credit = 0; -- } else if ((str = pam_str_skip_prefix(*argv, "minclass=")) != NULL) { -- opt->min_class = strtol(str, &ep, 10); -- if (!ep) -- opt->min_class = 0; -- if (opt->min_class > 4) -- opt->min_class = 4; -- } else if ((str = pam_str_skip_prefix(*argv, "maxrepeat=")) != NULL) { -- opt->max_repeat = strtol(str, &ep, 10); -- if (!ep) -- opt->max_repeat = 0; -- } else if ((str = pam_str_skip_prefix(*argv, "maxsequence=")) != NULL) { -- opt->max_sequence = strtol(str, &ep, 10); -- if (!ep) -- opt->max_sequence = 0; -- } else if ((str = pam_str_skip_prefix(*argv, "maxclassrepeat=")) != NULL) { -- opt->max_class_repeat = strtol(str, &ep, 10); -- if (!ep) -- opt->max_class_repeat = 0; -- } else if (!strcmp(*argv, "reject_username")) { -- opt->reject_user = 1; -- } else if (!strcmp(*argv, "gecoscheck")) { -- opt->gecos_check = 1; -- } else if (!strcmp(*argv, "enforce_for_root")) { -- opt->enforce_for_root = 1; -- } else if (pam_str_skip_prefix(*argv, "authtok_type=") != NULL) { -- /* for pam_get_authtok, ignore */; -- } else if (!strcmp(*argv, "use_authtok")) { -- /* for pam_get_authtok, ignore */; -- } else if (!strcmp(*argv, "use_first_pass")) { -- /* for pam_get_authtok, ignore */; -- } else if (!strcmp(*argv, "try_first_pass")) { -- /* for pam_get_authtok, ignore */; -- } else if ((str = pam_str_skip_prefix(*argv, "dictpath=")) != NULL) { -- opt->cracklib_dictpath = str; -- if (!*(opt->cracklib_dictpath)) { -- opt->cracklib_dictpath = CRACKLIB_DICTS; -- } -- } else { -- pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); -- } -- } -- -- return ctrl; --} -- --/* Helper functions */ -- --/* -- * can't be a palindrome - like `R A D A R' or `M A D A M' -- */ --static int palindrome(const char *new) --{ -- int i, j; -- -- i = strlen (new); -- -- for (j = 0;j < i;j++) -- if (new[i - j - 1] != new[j]) -- return 0; -- -- return 1; --} -- --/* -- * Calculate how different two strings are in terms of the number of -- * character removals, additions, and changes needed to go from one to -- * the other -- */ -- --static int distdifferent(const char *old, const char *new, -- size_t i, size_t j) --{ -- char c, d; -- -- if ((i == 0) || (strlen(old) < i)) { -- c = 0; -- } else { -- c = old[i - 1]; -- } -- if ((j == 0) || (strlen(new) < j)) { -- d = 0; -- } else { -- d = new[j - 1]; -- } -- return (c != d); --} -- --static int distcalculate(int **distances, const char *old, const char *new, -- size_t i, size_t j) --{ -- int tmp = 0; -- -- if (distances[i][j] != -1) { -- return distances[i][j]; -- } -- -- tmp = distcalculate(distances, old, new, i - 1, j - 1); -- tmp = MIN(tmp, distcalculate(distances, old, new, i, j - 1)); -- tmp = MIN(tmp, distcalculate(distances, old, new, i - 1, j)); -- tmp += distdifferent(old, new, i, j); -- -- distances[i][j] = tmp; -- -- return tmp; --} -- --static int distance(const char *old, const char *new) --{ -- int **distances = NULL; -- size_t m, n, i, j, r; -- -- m = strlen(old); -- n = strlen(new); -- distances = malloc(sizeof(int*) * (m + 1)); -- -- for (i = 0; i <= m; i++) { -- distances[i] = malloc(sizeof(int) * (n + 1)); -- for(j = 0; j <= n; j++) { -- distances[i][j] = -1; -- } -- } -- for (i = 0; i <= m; i++) { -- distances[i][0] = i; -- } -- for (j = 0; j <= n; j++) { -- distances[0][j] = j; -- } -- distances[0][0] = 0; -- -- r = distcalculate(distances, old, new, m, n); -- -- for (i = 0; i <= m; i++) { -- memset(distances[i], 0, sizeof(int) * (n + 1)); -- free(distances[i]); -- } -- free(distances); -- -- return r; --} -- --static int similar(struct cracklib_options *opt, -- const char *old, const char *new) --{ -- if (distance(old, new) >= opt->diff_ok) { -- return 0; -- } -- -- if (strlen(new) >= (strlen(old) * 2)) { -- return 0; -- } -- -- /* passwords are too similar */ -- return 1; --} -- --/* -- * enough classes of characters -- */ -- --static int minclass (struct cracklib_options *opt, -- const char *new) --{ -- int digits = 0; -- int uppers = 0; -- int lowers = 0; -- int others = 0; -- int total_class; -- int i; -- int retval; -- -- D(( "called" )); -- for (i = 0; new[i]; i++) -- { -- if (isdigit (new[i])) -- digits = 1; -- else if (isupper (new[i])) -- uppers = 1; -- else if (islower (new[i])) -- lowers = 1; -- else -- others = 1; -- } -- -- total_class = digits + uppers + lowers + others; -- -- D (("total class: %d\tmin_class: %d", total_class, opt->min_class)); -- -- if (total_class >= opt->min_class) -- retval = 0; -- else -- retval = 1; -- -- return retval; --} -- -- --/* -- * a nice mix of characters. -- */ --static int simple(struct cracklib_options *opt, const char *new) --{ -- int digits = 0; -- int uppers = 0; -- int lowers = 0; -- int others = 0; -- int size; -- int i; -- enum { NONE, DIGIT, UCASE, LCASE, OTHER } prevclass = NONE; -- int sameclass = 0; -- -- for (i = 0;new[i];i++) { -- if (isdigit (new[i])) { -- digits++; -- if (prevclass != DIGIT) { -- prevclass = DIGIT; -- sameclass = 1; -- } else -- sameclass++; -- } -- else if (isupper (new[i])) { -- uppers++; -- if (prevclass != UCASE) { -- prevclass = UCASE; -- sameclass = 1; -- } else -- sameclass++; -- } -- else if (islower (new[i])) { -- lowers++; -- if (prevclass != LCASE) { -- prevclass = LCASE; -- sameclass = 1; -- } else -- sameclass++; -- } -- else { -- others++; -- if (prevclass != OTHER) { -- prevclass = OTHER; -- sameclass = 1; -- } else -- sameclass++; -- } -- if (opt->max_class_repeat > 0 && sameclass > opt->max_class_repeat) { -- return 1; -- } -- } -- -- /* -- * The scam was this - a password of only one character type -- * must be 8 letters long. Two types, 7, and so on. -- * This is now changed, the base size and the credits or defaults -- * see the docs on the module for info on these parameters, the -- * defaults cause the effect to be the same as before the change -- */ -- -- if ((opt->dig_credit >= 0) && (digits > opt->dig_credit)) -- digits = opt->dig_credit; -- -- if ((opt->up_credit >= 0) && (uppers > opt->up_credit)) -- uppers = opt->up_credit; -- -- if ((opt->low_credit >= 0) && (lowers > opt->low_credit)) -- lowers = opt->low_credit; -- -- if ((opt->oth_credit >= 0) && (others > opt->oth_credit)) -- others = opt->oth_credit; -- -- size = opt->min_length; -- -- if (opt->dig_credit >= 0) -- size -= digits; -- else if (digits < opt->dig_credit * -1) -- return 1; -- -- if (opt->up_credit >= 0) -- size -= uppers; -- else if (uppers < opt->up_credit * -1) -- return 1; -- -- if (opt->low_credit >= 0) -- size -= lowers; -- else if (lowers < opt->low_credit * -1) -- return 1; -- -- if (opt->oth_credit >= 0) -- size -= others; -- else if (others < opt->oth_credit * -1) -- return 1; -- -- if (size <= i) -- return 0; -- -- return 1; --} -- --static int consecutive(struct cracklib_options *opt, const char *new) --{ -- char c; -- int i; -- int same; -- -- if (opt->max_repeat == 0) -- return 0; -- -- for (i = 0; new[i]; i++) { -- if (i > 0 && new[i] == c) { -- ++same; -- if (same > opt->max_repeat) -- return 1; -- } else { -- c = new[i]; -- same = 1; -- } -- } -- return 0; --} -- --static int sequence(struct cracklib_options *opt, const char *new) --{ -- char c; -- int i; -- int sequp = 1; -- int seqdown = 1; -- -- if (opt->max_sequence == 0) -- return 0; -- -- if (new[0] == '\0') -- return 0; -- -- for (i = 1; new[i]; i++) { -- c = new[i-1]; -- if (new[i] == c+1) { -- ++sequp; -- if (sequp > opt->max_sequence) -- return 1; -- seqdown = 1; -- } else if (new[i] == c-1) { -- ++seqdown; -- if (seqdown > opt->max_sequence) -- return 1; -- sequp = 1; -- } else { -- sequp = 1; -- seqdown = 1; -- } -- } -- return 0; --} -- --static int wordcheck(const char *new, char *word) --{ -- char *f, *b; -- -- if (strstr(new, word) != NULL) -- return 1; -- -- /* now reverse the word, we can do that in place -- as it is strdup-ed */ -- f = word; -- b = word+strlen(word)-1; -- while (f < b) { -- char c; -- -- c = *f; -- *f = *b; -- *b = c; -- --b; -- ++f; -- } -- -- if (strstr(new, word) != NULL) -- return 1; -- return 0; --} -- --static int usercheck(struct cracklib_options *opt, const char *new, -- char *user) --{ -- if (!opt->reject_user) -- return 0; -- -- return wordcheck(new, user); --} -- --static char * str_lower(char *string) --{ -- char *cp; -- -- if (!string) -- return NULL; -- -- for (cp = string; *cp; cp++) -- *cp = tolower(*cp); -- return string; --} -- --static int gecoscheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new, -- const char *user) --{ -- struct passwd *pwd; -- char *list; -- char *p; -- char *next; -- -- if (!opt->gecos_check) -- return 0; -- -- if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) { -- return 0; -- } -- -- list = strdup(pwd->pw_gecos); -- -- if (list == NULL || *list == '\0') { -- free(list); -- return 0; -- } -- -- for (p = list;;p = next + 1) { -- next = strchr(p, ' '); -- if (next) -- *next = '\0'; -- -- if (strlen(p) >= CO_MIN_WORD_LENGTH) { -- str_lower(p); -- if (wordcheck(new, p)) { -- free(list); -- return 1; -- } -- } -- -- if (!next) -- break; -- } -- -- free(list); -- return 0; --} -- --static const char *password_check(pam_handle_t *pamh, struct cracklib_options *opt, -- const char *old, const char *new, -- const char *user) --{ -- const char *msg = NULL; -- char *oldmono = NULL, *newmono, *wrapped = NULL; -- char *usermono = NULL; -- -- if (old && strcmp(new, old) == 0) { -- msg = _("is the same as the old one"); -- return msg; -- } -- -- newmono = str_lower(strdup(new)); -- if (!newmono) -- msg = _("memory allocation error"); -- -- usermono = str_lower(strdup(user)); -- if (!usermono) -- msg = _("memory allocation error"); -- -- if (!msg && old) { -- oldmono = str_lower(strdup(old)); -- if (oldmono) -- wrapped = malloc(strlen(oldmono) * 2 + 1); -- if (wrapped) { -- strcpy (wrapped, oldmono); -- strcat (wrapped, oldmono); -- } else { -- msg = _("memory allocation error"); -- } -- } -- -- if (!msg && palindrome(newmono)) -- msg = _("is a palindrome"); -- -- if (!msg && oldmono && strcmp(oldmono, newmono) == 0) -- msg = _("case changes only"); -- -- if (!msg && oldmono && similar(opt, oldmono, newmono)) -- msg = _("is too similar to the old one"); -- -- if (!msg && simple(opt, new)) -- msg = _("is too simple"); -- -- if (!msg && wrapped && strstr(wrapped, newmono)) -- msg = _("is rotated"); -- -- if (!msg && minclass (opt, new)) -- msg = _("not enough character classes"); -- -- if (!msg && consecutive(opt, new)) -- msg = _("contains too many same characters consecutively"); -- -- if (!msg && sequence(opt, new)) -- msg = _("contains too long of a monotonic character sequence"); -- -- if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user))) -- msg = _("contains the user name in some form"); -- -- free(usermono); -- if (newmono) { -- memset(newmono, 0, strlen(newmono)); -- free(newmono); -- } -- if (oldmono) { -- memset(oldmono, 0, strlen(oldmono)); -- free(oldmono); -- } -- if (wrapped) { -- memset(wrapped, 0, strlen(wrapped)); -- free(wrapped); -- } -- -- return msg; --} -- -- --static int _pam_unix_approve_pass(pam_handle_t *pamh, -- unsigned int ctrl, -- struct cracklib_options *opt, -- const char *pass_old, -- const char *pass_new) --{ -- const char *msg = NULL; -- const char *user; -- int retval; -- -- if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_DEBUG, "bad authentication token"); -- pam_error(pamh, "%s", pass_new == NULL ? -- _("No password has been supplied.") : -- _("The password has not been changed.")); -- return PAM_AUTHTOK_ERR; -- } -- -- retval = pam_get_user(pamh, &user, NULL); -- if (retval != PAM_SUCCESS) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s", -- pam_strerror(pamh, retval)); -- return PAM_AUTHTOK_ERR; -- } -- /* -- * if one wanted to hardwire authentication token strength -- * checking this would be the place -- */ -- msg = password_check(pamh, opt, pass_old, pass_new, user); -- -- if (msg) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_NOTICE, -- "new passwd fails strength check: %s", msg); -- pam_error(pamh, _("BAD PASSWORD: %s"), msg); -- return PAM_AUTHTOK_ERR; -- }; -- return PAM_SUCCESS; -- --} -- --/* The Main Thing (by Cristian Gafton, CEO at this module :-) -- * (stolen from http://home.netscape.com) -- */ --int --pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) --{ -- unsigned int ctrl; -- struct cracklib_options options; -- -- D(("called.")); -- -- memset(&options, 0, sizeof(options)); -- options.retry_times = CO_RETRY_TIMES; -- options.diff_ok = CO_DIFF_OK; -- options.min_length = CO_MIN_LENGTH; -- options.dig_credit = CO_DIG_CREDIT; -- options.up_credit = CO_UP_CREDIT; -- options.low_credit = CO_LOW_CREDIT; -- options.oth_credit = CO_OTH_CREDIT; -- options.cracklib_dictpath = CRACKLIB_DICTS; -- -- ctrl = _pam_parse(pamh, &options, argc, argv); -- -- if (flags & PAM_PRELIM_CHECK) { -- /* Check for passwd dictionary */ -- /* We cannot do that, since the original path is compiled -- into the cracklib library and we don't know it. */ -- return PAM_SUCCESS; -- } else if (flags & PAM_UPDATE_AUTHTOK) { -- int retval; -- const void *oldtoken; -- int tries; -- -- D(("do update")); -- -- -- retval = pam_get_item (pamh, PAM_OLDAUTHTOK, &oldtoken); -- if (retval != PAM_SUCCESS) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh,LOG_ERR,"Can not get old passwd"); -- oldtoken = NULL; -- } -- -- tries = 0; -- while (tries < options.retry_times) { -- const char *crack_msg; -- const char *newtoken = NULL; -- -- -- tries++; -- -- /* Planned modus operandi: -- * Get a passwd. -- * Verify it against cracklib. -- * If okay get it a second time. -- * Check to be the same with the first one. -- * set PAM_AUTHTOK and return -- */ -- -- retval = pam_get_authtok_noverify (pamh, &newtoken, NULL); -- if (retval != PAM_SUCCESS) { -- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s", -- pam_strerror (pamh, retval)); -- continue; -- } else if (newtoken == NULL) { /* user aborted password change, quit */ -- return PAM_AUTHTOK_ERR; -- } -- -- D(("testing password")); -- /* now test this passwd against cracklib */ -- -- D(("against cracklib")); -- if ((crack_msg = FascistCheck (newtoken, options.cracklib_dictpath))) { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg); -- pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg); -- if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) -- { -- pam_set_item (pamh, PAM_AUTHTOK, NULL); -- retval = PAM_AUTHTOK_ERR; -- continue; -- } -- } -- -- /* check it for strength too... */ -- D(("for strength")); -- retval = _pam_unix_approve_pass (pamh, ctrl, &options, -- oldtoken, newtoken); -- if (retval != PAM_SUCCESS) { -- if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) -- { -- pam_set_item(pamh, PAM_AUTHTOK, NULL); -- retval = PAM_AUTHTOK_ERR; -- continue; -- } -- } -- -- retval = pam_get_authtok_verify (pamh, &newtoken, NULL); -- if (retval != PAM_SUCCESS) { -- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s", -- pam_strerror (pamh, retval)); -- pam_set_item(pamh, PAM_AUTHTOK, NULL); -- continue; -- } else if (newtoken == NULL) { /* user aborted password change, quit */ -- return PAM_AUTHTOK_ERR; -- } -- -- return PAM_SUCCESS; -- } -- -- D(("returning because maxtries reached")); -- -- pam_set_item (pamh, PAM_AUTHTOK, NULL); -- -- /* if we have only one try, we can use the real reason, -- else say that there were too many tries. */ -- if (options.retry_times > 1) -- return PAM_MAXTRIES; -- else -- return retval; -- -- } else { -- if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_NOTICE, "UNKNOWN flags setting %02X",flags); -- return PAM_SERVICE_ERR; -- } -- -- /* Not reached */ -- return PAM_SERVICE_ERR; --} -- -- -- --/* -- * Copyright (c) Cristian Gafton , 1996. -- * All rights reserved -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, and the entire permission notice in its entirety, -- * including the disclaimer of warranties. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. The name of the author may not be used to endorse or promote -- * products derived from this software without specific prior -- * written permission. -- * -- * ALTERNATIVELY, this product may be distributed under the terms of -- * the GNU Public License, in which case the provisions of the GPL are -- * required INSTEAD OF the above restrictions. (This clause is -- * necessary due to a potential bad interaction between the GPL and -- * the restrictions contained in a BSD-style copyright.) -- * -- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- * -- * The following copyright was appended for the long password support -- * added with the libpam 0.58 release: -- * -- * Modificaton Copyright (c) Philip W. Dalrymple III -- * 1997. All rights reserved -- * -- * THE MODIFICATION THAT PROVIDES SUPPORT FOR LONG PASSWORD TYPE CHECKING TO -- * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -diff --git a/modules/pam_cracklib/tst-pam_cracklib b/modules/pam_cracklib/tst-pam_cracklib -deleted file mode 100755 -index 46a7060d..00000000 ---- a/modules/pam_cracklib/tst-pam_cracklib -+++ /dev/null -@@ -1,2 +0,0 @@ --#!/bin/sh --../../tests/tst-dlopen .libs/pam_cracklib.so diff --git a/pam_securetty-don-t-complain-about-missing-config.patch b/pam_securetty-don-t-complain-about-missing-config.patch deleted file mode 100644 index 60d93e8..0000000 --- a/pam_securetty-don-t-complain-about-missing-config.patch +++ /dev/null @@ -1,40 +0,0 @@ -From e842a5fc075002f46672ebcd8e896624f1ec8068 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Tue, 26 Jan 2021 13:07:20 +0100 -Subject: [PATCH] pam_securetty: don't complain about missing config - -Not shipping a config file should be perfectly valid for distros while -still having eg login pre-configured to honor securetty when present. -PAM itself doesn't ship any template either. So avoid spamming the log -file if /etc/securetty wasn't found. ---- - modules/pam_securetty/pam_securetty.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c -index b4d71751..47a5cd9f 100644 ---- a/modules/pam_securetty/pam_securetty.c -+++ b/modules/pam_securetty/pam_securetty.c -@@ -111,7 +111,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, - #ifdef VENDORDIR - if (errno == ENOENT) { - if (stat(SECURETTY2_FILE, &ttyfileinfo)) { -- pam_syslog(pamh, LOG_NOTICE, -+ if (ctrl & PAM_DEBUG_ARG) -+ pam_syslog(pamh, LOG_DEBUG, - "Couldn't open %s: %m", SECURETTY2_FILE); - return PAM_SUCCESS; /* for compatibility with old securetty handling, - this needs to succeed. But we still log the -@@ -120,7 +121,8 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, - securettyfile = SECURETTY2_FILE; - } else { - #endif -- pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); -+ if (ctrl & PAM_DEBUG_ARG) -+ pam_syslog(pamh, LOG_DEBUG, "Couldn't open %s: %m", SECURETTY_FILE); - return PAM_SUCCESS; /* for compatibility with old securetty handling, - this needs to succeed. But we still log the - error. */ --- -2.26.2 - diff --git a/pam_umask-usergroups-login_defs.patch b/pam_umask-usergroups-login_defs.patch index cb3b2c2..75ac27a 100644 --- a/pam_umask-usergroups-login_defs.patch +++ b/pam_umask-usergroups-login_defs.patch @@ -4,9 +4,72 @@ Deprecate pam_umask explicit "usergroups" option and instead read it from /etc/l Original Author: Martin Pitt Bug-Debian: http://bugs.debian.org/583958 -diff -urN Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.8.xml Linux-PAM-1.5.1/modules/pam_umask/pam_umask.8.xml ---- Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.8.xml 2020-11-25 17:57:02.000000000 +0100 -+++ Linux-PAM-1.5.1/modules/pam_umask/pam_umask.8.xml 2021-08-12 16:02:56.108249895 +0200 +Index: Linux-PAM-1.5.2/modules/pam_umask/README +=================================================================== +--- Linux-PAM-1.5.2.orig/modules/pam_umask/README ++++ Linux-PAM-1.5.2/modules/pam_umask/README +@@ -15,7 +15,7 @@ following order: + + • umask= argument + +- • UMASK entry from /etc/login.defs ++ • UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB) + + • UMASK= entry from /etc/default/login + +@@ -38,7 +38,10 @@ usergroups + + If the user is not root and the username is the same as primary group name, + the umask group bits are set to be the same as owner bits (examples: 022 -> +- 002, 077 -> 007). ++ 002, 077 -> 007). Note that using this option explicitly is discouraged. ++ pam_umask enables this functionality by default if /etc/login.defs enables ++ USERGROUPS_ENAB, and the umask is not set explicitly in other places than / ++ etc/login.defs. + + nousergroups + +Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8 +=================================================================== +--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8 ++++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8 +@@ -68,7 +68,9 @@ umask= argument + .sp -1 + .IP \(bu 2.3 + .\} +-UMASK entry from /etc/login\&.defs ++UMASK entry from ++/etc/login\&.defs ++(influenced by USERGROUPS_ENAB) + .RE + .sp + .RS 4 +@@ -79,7 +81,8 @@ UMASK entry from /etc/login\&.defs + .sp -1 + .IP \(bu 2.3 + .\} +-UMASK= entry from /etc/default/login ++UMASK= entry from ++/etc/default/login + .RE + .PP + The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. +@@ -98,7 +101,10 @@ Don\*(Aqt print informative messages\&. + .PP + \fBusergroups\fR + .RS 4 +-If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. ++If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. Note that using this option explicitly is discouraged\&. pam_umask enables this functionality by default if ++/etc/login\&.defs ++enables USERGROUPS_ENAB, and the umask is not set explicitly in other places than ++/etc/login\&.defs\&. + .RE + .PP + \fBnousergroups\fR +Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml +=================================================================== +--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8.xml ++++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml @@ -61,12 +61,13 @@ @@ -35,14 +98,15 @@ diff -urN Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.8.xml Linux-PAM-1.5.1/ -diff -urN Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.c Linux-PAM-1.5.1/modules/pam_umask/pam_umask.c ---- Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.c 2020-11-25 17:57:02.000000000 +0100 -+++ Linux-PAM-1.5.1/modules/pam_umask/pam_umask.c 2021-08-12 16:14:40.505589328 +0200 -@@ -103,7 +103,23 @@ +Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c +=================================================================== +--- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.c ++++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c +@@ -104,7 +104,23 @@ get_options (pam_handle_t *pamh, options parse_option (pamh, *argv, options); - if (options->umask == NULL) -- options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK"); + if (options->umask == NULL) { +- options->login_umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK"); + { + options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK"); + /* login.defs' USERGROUPS_ENAB will modify the UMASK setting there by way @@ -51,73 +115,15 @@ diff -urN Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.c Linux-PAM-1.5.1/modu + */ + if (options->umask != NULL) + { -+ char *result = pam_modutil_search_key (pamh, LOGIN_DEFS, ++ char *result = pam_modutil_search_key (pamh, LOGIN_DEFS, + "USERGROUPS_ENAB"); -+ if (result != NULL) -+ { -+ options->usergroups = (strcasecmp (result, "yes") == 0); -+ free (result); -+ } ++ if (result != NULL) ++ { ++ options->usergroups = (strcasecmp (result, "yes") == 0); ++ free (result); ++ } + } + } - if (options->umask == NULL) - options->umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK"); - ---- Linux-PAM-1.5.1.pre/modules/pam_umask/pam_umask.8 2021-08-12 16:34:08.314505891 +0200 -+++ Linux-PAM-1.5.1/modules/pam_umask/pam_umask.8 2021-08-12 16:14:43.969615764 +0200 -@@ -68,7 +68,9 @@ - .sp -1 - .IP \(bu 2.3 - .\} --UMASK entry from /etc/login\&.defs -+UMASK entry from -+/etc/login\&.defs -+(influenced by USERGROUPS_ENAB) - .RE - .sp - .RS 4 -@@ -79,7 +81,8 @@ - .sp -1 - .IP \(bu 2.3 - .\} --UMASK= entry from /etc/default/login -+UMASK= entry from -+/etc/default/login - .RE - .PP - The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. -@@ -98,7 +101,10 @@ - .PP - \fBusergroups\fR - .RS 4 --If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. -+If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. Note that using this option explicitly is discouraged\&. pam_umask enables this functionality by default if -+/etc/login\&.defs -+enables USERGROUPS_ENAB, and the umask is not set explicitly in other places than -+/etc/login\&.defs\&. - .RE - .PP - \fBnousergroups\fR ---- Linux-PAM-1.5.1.pre/modules/pam_umask/README 2021-08-12 16:34:08.638508373 +0200 -+++ Linux-PAM-1.5.1/modules/pam_umask/README 2021-08-12 16:14:44.241617840 +0200 -@@ -15,7 +15,7 @@ - - • umask= argument - -- • UMASK entry from /etc/login.defs -+ • UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB) - - • UMASK= entry from /etc/default/login - -@@ -38,7 +38,10 @@ - - If the user is not root and the username is the same as primary group name, - the umask group bits are set to be the same as owner bits (examples: 022 -> -- 002, 077 -> 007). -+ 002, 077 -> 007). Note that using this option explicitly is discouraged. -+ pam_umask enables this functionality by default if /etc/login.defs enables -+ USERGROUPS_ENAB, and the umask is not set explicitly in other places than / -+ etc/login.defs. - - nousergroups - + if (options->login_umask == NULL) + options->login_umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK"); + options->umask = options->login_umask; diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec index dd8a6c1..c9d194d 100644 --- a/pam_unix-nis.spec +++ b/pam_unix-nis.spec @@ -70,7 +70,7 @@ export CFLAGS="%{optflags} -DNDEBUG" --enable-isadir=../..%{_pam_moduledir} \ --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_distconfdir} \ - --enable-tally2 --enable-cracklib + --enable-tally2 make -C modules/pam_unix %install diff --git a/revert-check_shadow_expiry.diff b/revert-check_shadow_expiry.diff deleted file mode 100644 index ef87ed9..0000000 --- a/revert-check_shadow_expiry.diff +++ /dev/null @@ -1,31 +0,0 @@ -pam_unix: do not use crypt_checksalt when checking for password expiration - -According to Zack Weinberg, the intended meaning of -CRYPT_SALT_METHOD_LEGACY is "passwd(1) should not use this hashing -method", it is not supposed to mean "force a password change on next -login for any user with an existing stored hash using this method". - -This reverts commit 4da9feb. - -* modules/pam_unix/passverify.c (check_shadow_expiry) -[CRYPT_CHECKSALT_AVAILABLE]: Remove. - - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index f6132f805..5a19ed856 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -289,13 +289,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, - D(("account expired")); - return PAM_ACCT_EXPIRED; - } --#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE -- if (spent->sp_lstchg == 0 || -- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY || -- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) { --#else - if (spent->sp_lstchg == 0) { --#endif - D(("need a new password")); - *daysleft = 0; - return PAM_NEW_AUTHTOK_REQD; -- 2.51.1 From 3aaba5773b58a31952c3ab5defede06bd0b152e7f08cd0ab9fc169b813e97d4b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 10 Sep 2021 10:28:05 +0000 Subject: [PATCH 163/226] - pam-login_defs-check.sh: adjust for new login.defs variable usages pam_tally2 has been removed upstream, remove pam_tally2-removal.patch - Update to version 1.5.2 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=247 --- pam-login_defs-check.sh | 2 +- pam.changes | 7 + pam.spec | 8 +- pam_tally2-removal.patch | 1332 -------------------------------------- pam_unix-nis.changes | 5 + pam_unix-nis.spec | 7 +- 6 files changed, 16 insertions(+), 1345 deletions(-) delete mode 100644 pam_tally2-removal.patch diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh index b559d79..b7b7532 100644 --- a/pam-login_defs-check.sh +++ b/pam-login_defs-check.sh @@ -12,7 +12,7 @@ grep -rh LOGIN_DEFS . | sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | LC_ALL=C sort -u >pam-login_defs-vars.lst -if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 3c6e0020c31609690b69ef391654df930b74151d ; then +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != e9750fd874b9b55fc151d424ae048050e3858d57 ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/pam.changes b/pam.changes index 33c13c4..06cf8de 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + ------------------------------------------------------------------- Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers @@ -19,6 +24,8 @@ Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers * Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + pam_cracklib has been removed from the upstream sources. This obsoletes pam-pam_cracklib-add-usersubstr.patch and pam_cracklib-removal.patch. diff --git a/pam.spec b/pam.spec index f6d6d3e..b662e81 100644 --- a/pam.spec +++ b/pam.spec @@ -57,8 +57,6 @@ Patch4: pam-hostnames-in-access_conf.patch Patch5: pam-xauth_ownership.patch Patch8: pam-bsc1177858-dont-free-environment-string.patch Patch12: pam_umask-usergroups-login_defs.patch -# https://github.com/linux-pam/linux-pam/commit/e842a5fc075002f46672ebcd8e896624f1ec8068 -# Patch101: revert-check_shadow_expiry.diff BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -116,9 +114,7 @@ a Berkeley DB database. %package doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML -%if 0%{?suse_version} >= 1140 BuildArch: noarch -%endif %description doc PAM (Pluggable Authentication Modules) is a system security tool that @@ -149,10 +145,9 @@ cp -a %{SOURCE12} . %patch5 -p1 %patch8 -p1 %patch12 -p1 -# %%patch101 -p1 %build -# bash ./pam-login_defs-check.sh +bash ./pam-login_defs-check.sh export CFLAGS="%{optflags}" %if !%{with debug} CFLAGS="$CFLAGS -DNDEBUG" @@ -253,7 +248,6 @@ done %dir %{_pam_secconfdir} %dir %{_pam_secconfdir}/limits.d %dir %{_prefix}/lib/motd.d -%ghost %dir %{_rundir}/motd.d %if %{defined config_noreplace} %config(noreplace) %{_pam_confdir}/other %config(noreplace) %{_pam_confdir}/common-* diff --git a/pam_tally2-removal.patch b/pam_tally2-removal.patch deleted file mode 100644 index 59fc8dc..0000000 --- a/pam_tally2-removal.patch +++ /dev/null @@ -1,1332 +0,0 @@ -From 709e37b7e131d35b0ec30d31f858bc6917dd2b2e Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Thu, 29 Oct 2020 08:00:00 +0000 -Subject: [PATCH] Remove deprecated pam_tally and pam_tally2 modules - -* ci/run-build-and-tests.sh (DISTCHECK_CONFIGURE_FLAGS): Remove ---enable-tally --enable-tally2. -* configure.ac: Remove --enable-tally and --enable-tally2 options. -(AM_CONDITIONAL): Remove COND_BUILD_PAM_TALLY and COND_BUILD_PAM_TALLY2. -(AC_CONFIG_FILES): Remove modules/pam_tally/Makefile and -modules/pam_tally2/Makefile. -* doc/sag/pam_tally.xml: Remove. -* doc/sag/pam_tally2.xml: Likewise. -* doc/sag/Linux-PAM_SAG.xml: Do not include pam_tally.xml and -pam_tally2.xml. -* modules/Makefile.am (MAYBE_PAM_TALLY, MAYBE_PAM_TALLY2): Remove. -(SUBDIRS): Remove MAYBE_PAM_TALLY and MAYBE_PAM_TALLY2. -* modules/pam_tally/.gitignore: Remove. -* modules/pam_tally/Makefile.am: Likewise. -* modules/pam_tally/README.xml: Likewise. -* modules/pam_tally/faillog.h: Likewise. -* modules/pam_tally/pam_tally.8.xml: Likewise. -* modules/pam_tally/pam_tally.c: Likewise. -* modules/pam_tally/pam_tally_app.c: Likewise. -* modules/pam_tally/tst-pam_tally: Likewise. -* modules/pam_tally2/.gitignore: Likewise. -* modules/pam_tally2/Makefile.am: Likewise. -* modules/pam_tally2/README.xml: Likewise. -* modules/pam_tally2/pam_tally2.8.xml: Likewise. -* modules/pam_tally2/pam_tally2.c: Likewise. -* modules/pam_tally2/pam_tally2_app.c: Likewise. -* modules/pam_tally2/tallylog.h: Likewise. -* modules/pam_tally2/tst-pam_tally2: Likewise. -* modules/pam_timestamp/pam_timestamp_check.8.xml: Fix typo by replacing -pam_tally with pam_timestamp. -* po/POTFILES.in: Remove ./modules/pam_tally/pam_tally_app.c, -./modules/pam_tally/pam_tally.c, ./modules/pam_tally2/pam_tally2_app.c, -and ./modules/pam_tally2/pam_tally2.c. -* NEWS: Document this change. ---- - NEWS | 1 + - ci/run-build-and-tests.sh | 2 +- - configure.ac | 23 +- - doc/sag/Linux-PAM_SAG.xml | 4 - - doc/sag/pam_tally.xml | 38 - - doc/sag/pam_tally2.xml | 46 - - modules/Makefile.am | 10 - - modules/pam_tally/.gitignore | 1 - - modules/pam_tally/Makefile.am | 41 - - modules/pam_tally/README.xml | 41 - - modules/pam_tally/faillog.h | 55 - - modules/pam_tally/pam_tally.8.xml | 459 -------- - modules/pam_tally/pam_tally.c | 854 -------------- - modules/pam_tally/pam_tally_app.c | 6 - - modules/pam_tally/tst-pam_tally | 2 - - modules/pam_tally2/.gitignore | 1 - - modules/pam_tally2/Makefile.am | 45 - - modules/pam_tally2/README.xml | 46 - - modules/pam_tally2/pam_tally2.8.xml | 450 ------- - modules/pam_tally2/pam_tally2.c | 1036 ----------------- - modules/pam_tally2/pam_tally2_app.c | 6 - - modules/pam_tally2/tallylog.h | 52 - - modules/pam_tally2/tst-pam_tally2 | 2 - - .../pam_timestamp/pam_timestamp_check.8.xml | 2 +- - po/POTFILES.in | 4 - - 25 files changed, 4 insertions(+), 3223 deletions(-) - delete mode 100644 doc/sag/pam_tally.xml - delete mode 100644 doc/sag/pam_tally2.xml - delete mode 100644 modules/pam_tally/.gitignore - delete mode 100644 modules/pam_tally/Makefile.am - delete mode 100644 modules/pam_tally/README.xml - delete mode 100644 modules/pam_tally/faillog.h - delete mode 100644 modules/pam_tally/pam_tally.8.xml - delete mode 100644 modules/pam_tally/pam_tally.c - delete mode 100644 modules/pam_tally/pam_tally_app.c - delete mode 100755 modules/pam_tally/tst-pam_tally - delete mode 100644 modules/pam_tally2/.gitignore - delete mode 100644 modules/pam_tally2/Makefile.am - delete mode 100644 modules/pam_tally2/README.xml - delete mode 100644 modules/pam_tally2/pam_tally2.8.xml - delete mode 100644 modules/pam_tally2/pam_tally2.c - delete mode 100644 modules/pam_tally2/pam_tally2_app.c - delete mode 100644 modules/pam_tally2/tallylog.h - delete mode 100755 modules/pam_tally2/tst-pam_tally2 - -diff --git a/configure.ac b/configure.ac -index 4397124d..ad36a6bc 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -613,24 +613,6 @@ test -n "$opt_kerneloverflowuid" || - opt_kerneloverflowuid=65534 - AC_DEFINE_UNQUOTED(PAM_USERTYPE_OVERFLOW_UID, $opt_kerneloverflowuid, [Kernel overflow uid.]) - --#AC_ARG_ENABLE([tally], --# [AS_HELP_STRING([--enable-tally], --# [build deprecated pam_tally module])], --# [], [enable_tally=no]) --#case "$enable_tally" in --# yes|no) ;; --# *) AC_MSG_ERROR([bad value $enable_tally for --enable-tally option]) ;; --#esac -- --AC_ARG_ENABLE([tally2], -- [AS_HELP_STRING([--enable-tally2], -- [build deprecated pam_tally2 module])], -- [], [enable_tally2=no]) --case "$enable_tally2" in -- yes|no) ;; -- *) AC_MSG_ERROR([bad value $enable_tally2 for --enable-tally2 option]) ;; --esac -- - AC_ARG_ENABLE([unix], - [AS_HELP_STRING([--disable-unix], - [do not build pam_unix module])], -@@ -647,8 +629,6 @@ AM_CONDITIONAL([COND_BUILD_PAM_RHOSTS], [test "$ac_cv_func_ruserok_af" = yes -o - AM_CONDITIONAL([COND_BUILD_PAM_SELINUX], [test -n "$LIBSELINUX"]) - AM_CONDITIONAL([COND_BUILD_PAM_SEPERMIT], [test -n "$LIBSELINUX"]) - AM_CONDITIONAL([COND_BUILD_PAM_SETQUOTA], [test "$ac_cv_func_quotactl" = yes]) --#AM_CONDITIONAL([COND_BUILD_PAM_TALLY], [test "$enable_tally" = yes]) --AM_CONDITIONAL([COND_BUILD_PAM_TALLY2], [test "$enable_tally2" = yes]) - AM_CONDITIONAL([COND_BUILD_PAM_TTY_AUDIT], [test "$HAVE_AUDIT_TTY_STATUS" = yes]) - AM_CONDITIONAL([COND_BUILD_PAM_UNIX], [test "$enable_unix" = yes]) - AM_CONDITIONAL([COND_BUILD_PAM_USERDB], [test -n "$LIBDB"]) -@@ -678,8 +658,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile - modules/pam_securetty/Makefile modules/pam_selinux/Makefile \ - modules/pam_sepermit/Makefile modules/pam_setquota/Makefile \ - modules/pam_shells/Makefile modules/pam_stress/Makefile \ -- modules/pam_succeed_if/Makefile \ -- modules/pam_tally2/Makefile modules/pam_time/Makefile \ -+ modules/pam_succeed_if/Makefile modules/pam_time/Makefile \ - modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \ - modules/pam_umask/Makefile \ - modules/pam_unix/Makefile modules/pam_userdb/Makefile \ -diff --git a/modules/Makefile.am b/modules/Makefile.am -index aa03e319..8da46410 100644 ---- a/modules/Makefile.am -+++ b/modules/Makefile.am -@@ -30,14 +30,6 @@ if COND_BUILD_PAM_SETQUOTA - MAYBE_PAM_SETQUOTA = pam_setquota - endif - --#if COND_BUILD_PAM_TALLY --# MAYBE_PAM_TALLY = pam_tally --#endif -- --if COND_BUILD_PAM_TALLY2 -- MAYBE_PAM_TALLY2 = pam_tally2 --endif -- - if COND_BUILD_PAM_TTY_AUDIT - MAYBE_PAM_TTY_AUDIT = pam_tty_audit - endif -@@ -85,8 +77,6 @@ SUBDIRS := \ - pam_shells \ - pam_stress \ - pam_succeed_if \ -- $(MAYBE_PAM_TALLY) \ -- $(MAYBE_PAM_TALLY2) \ - pam_time \ - pam_timestamp \ - $(MAYBE_PAM_TTY_AUDIT) \ -diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am -deleted file mode 100644 -index 9ca7eabf..00000000 ---- a/modules/pam_tally2/Makefile.am -+++ /dev/null -@@ -1,45 +0,0 @@ --# --# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk --# Copyright (c) 2008 Red Hat, Inc. --# -- --CLEANFILES = *~ --MAINTAINERCLEANFILES = $(MANS) README -- --EXTRA_DIST = $(XMLS) -- --#if HAVE_DOC --#dist_man_MANS = pam_tally2.8 --#endif --XMLS = README.xml pam_tally2.8.xml --dist_check_SCRIPTS = tst-pam_tally2 --TESTS = $(dist_check_SCRIPTS) -- --securelibdir = $(SECUREDIR) --secureconfdir = $(SCONFIGDIR) -- --noinst_HEADERS = tallylog.h -- --AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- $(WARN_CFLAGS) -- --pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module --pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) --if HAVE_VERSIONING -- pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map --endif -- --pam_tally2_CFLAGS = $(AM_CFLAGS) @EXE_CFLAGS@ --pam_tally2_LDFLAGS = @EXE_LDFLAGS@ --pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) -- --securelib_LTLIBRARIES = pam_tally2.la --sbin_PROGRAMS = pam_tally2 -- --pam_tally2_la_SOURCES = pam_tally2.c --pam_tally2_SOURCES = pam_tally2_app.c -- --if ENABLE_REGENERATE_MAN --dist_noinst_DATA = README ---include $(top_srcdir)/Make.xml.rules --endif -diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c -deleted file mode 100644 -index bcf3188c..00000000 ---- a/modules/pam_tally2/pam_tally2.c -+++ /dev/null -@@ -1,1036 +0,0 @@ --/* -- * pam_tally2 module -- * -- * By Tim Baverstock , Multi Media Machine Ltd. -- * 5 March 1997 -- * -- * Stuff stolen from pam_rootok and pam_listfile -- * -- * Changes by Tomas Mraz 5 January 2005, 26 January 2006 -- * Audit option added for Tomas patch by Sebastien Tricaud 13 January 2005 -- * Portions Copyright 2006, Red Hat, Inc. -- * Portions Copyright 1989 - 1993, Julianne Frances Haugh -- * All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. Neither the name of Julianne F. Haugh nor the names of its contributors -- * may be used to endorse or promote products derived from this software -- * without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --#include "config.h" -- --#if defined(MAIN) && defined(MEMORY_DEBUG) --# undef exit --#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */ -- --#include --#include --#include --#include --#include --#include --#include --#include --#include --#include --#ifdef HAVE_LIBAUDIT --#include --#endif -- --#include --#include --#include --#include --#include --#include "tallylog.h" -- --#ifndef TRUE --#define TRUE 1L --#define FALSE 0L --#endif -- --#ifndef HAVE_FSEEKO --#define fseeko fseek --#endif -- --#ifndef MAIN --#include --#endif --#include --#include --#include "pam_inline.h" -- --/*---------------------------------------------------------------------*/ -- --#define DEFAULT_LOGFILE "/var/log/tallylog" --#define MODULE_NAME "pam_tally2" -- --#define tally_t uint16_t --#define TALLY_HI ((tally_t)~0L) -- --struct tally_options { -- const char *filename; -- tally_t deny; -- long lock_time; -- long unlock_time; -- long root_unlock_time; -- unsigned int ctrl; --}; -- --#define PHASE_UNKNOWN 0 --#define PHASE_AUTH 1 --#define PHASE_ACCOUNT 2 --#define PHASE_SESSION 3 -- --#define OPT_MAGIC_ROOT 01 --#define OPT_FAIL_ON_ERROR 02 --#define OPT_DENY_ROOT 04 --#define OPT_QUIET 040 --#define OPT_AUDIT 0100 --#define OPT_NOLOGNOTICE 0400 --#define OPT_SERIALIZE 01000 --#define OPT_DEBUG 02000 -- --#define MAX_LOCK_WAITING_TIME 10 -- --/*---------------------------------------------------------------------*/ -- --/* some syslogging */ -- --#ifdef MAIN --#define pam_syslog tally_log --static void --PAM_FORMAT((printf, 3, 4)) --tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED, -- const char *fmt, ...) --{ -- va_list args; -- -- va_start(args, fmt); -- fprintf(stderr, "%s: ", MODULE_NAME); -- vfprintf(stderr, fmt, args); -- fprintf(stderr,"\n"); -- va_end(args); --} -- --#define pam_modutil_getpwnam(pamh, user) getpwnam(user) --#endif -- --/*---------------------------------------------------------------------*/ -- --/* --- Support function: parse arguments --- */ -- --#ifndef MAIN -- --static void --log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) --{ -- if ( phase != PHASE_AUTH ) { -- pam_syslog(pamh, LOG_ERR, -- "option %s allowed in auth phase only", argv); -- } --} -- --static int --tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, -- int phase, int argc, const char **argv) --{ -- memset(opts, 0, sizeof(*opts)); -- opts->filename = DEFAULT_LOGFILE; -- opts->ctrl = OPT_FAIL_ON_ERROR; -- opts->root_unlock_time = -1; -- -- for ( ; argc-- > 0; ++argv ) { -- const char *str; -- -- if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) { -- const char *from = str; -- if ( *from!='/' ) { -- pam_syslog(pamh, LOG_ERR, -- "filename not /rooted; %s", *argv); -- return PAM_AUTH_ERR; -- } -- opts->filename = from; -- } -- else if ( ! strcmp( *argv, "onerr=fail" ) ) { -- opts->ctrl |= OPT_FAIL_ON_ERROR; -- } -- else if ( ! strcmp( *argv, "onerr=succeed" ) ) { -- opts->ctrl &= ~OPT_FAIL_ON_ERROR; -- } -- else if ( ! strcmp( *argv, "magic_root" ) ) { -- opts->ctrl |= OPT_MAGIC_ROOT; -- } -- else if ( ! strcmp( *argv, "serialize" ) ) { -- opts->ctrl |= OPT_SERIALIZE; -- } -- else if ( ! strcmp( *argv, "debug" ) ) { -- opts->ctrl |= OPT_DEBUG; -- } -- else if ( ! strcmp( *argv, "even_deny_root_account" ) || -- ! strcmp( *argv, "even_deny_root" ) ) { -- log_phase_no_auth(pamh, phase, *argv); -- opts->ctrl |= OPT_DENY_ROOT; -- } -- else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) { -- log_phase_no_auth(pamh, phase, *argv); -- if (sscanf(str, "%hu", &opts->deny) != 1) { -- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -- return PAM_AUTH_ERR; -- } -- } -- else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) { -- log_phase_no_auth(pamh, phase, *argv); -- if (sscanf(str, "%ld", &opts->lock_time) != 1) { -- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -- return PAM_AUTH_ERR; -- } -- } -- else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) { -- log_phase_no_auth(pamh, phase, *argv); -- if (sscanf(str, "%ld", &opts->unlock_time) != 1) { -- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -- return PAM_AUTH_ERR; -- } -- } -- else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) { -- log_phase_no_auth(pamh, phase, *argv); -- if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) { -- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); -- return PAM_AUTH_ERR; -- } -- opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */ -- } -- else if ( ! strcmp( *argv, "quiet" ) || -- ! strcmp ( *argv, "silent")) { -- opts->ctrl |= OPT_QUIET; -- } -- else if ( ! strcmp ( *argv, "no_log_info") ) { -- opts->ctrl |= OPT_NOLOGNOTICE; -- } -- else if ( ! strcmp ( *argv, "audit") ) { -- opts->ctrl |= OPT_AUDIT; -- } -- else { -- pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); -- } -- } -- -- if (opts->root_unlock_time == -1) -- opts->root_unlock_time = opts->unlock_time; -- -- return PAM_SUCCESS; --} -- --#endif /* #ifndef MAIN */ -- --/*---------------------------------------------------------------------*/ -- --/* --- Support function: get uid (and optionally username) from PAM or -- cline_user --- */ -- --#ifdef MAIN --static const char *cline_user=0; /* cline_user is used in the administration prog */ --#endif -- --static int --pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) --{ -- const char *user = NULL; -- struct passwd *pw; -- --#ifdef MAIN -- user = cline_user; -- -- if ( !user ) { -- pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); -- return PAM_AUTH_ERR; -- } --#else -- if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { -- user = NULL; -- } --#endif -- -- if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { -- opts->ctrl & OPT_AUDIT ? -- pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) : -- pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user"); -- return PAM_USER_UNKNOWN; -- } -- -- if ( uid ) *uid = pw->pw_uid; -- if ( userp ) *userp = user; -- return PAM_SUCCESS; --} -- --/*---------------------------------------------------------------------*/ -- --/* --- Support functions: set/get tally data --- */ -- --#ifndef MAIN -- --struct tally_data { -- time_t time; -- int tfile; --}; -- --static void --_cleanup(pam_handle_t *pamh UNUSED, void *void_data, int error_status UNUSED) --{ -- struct tally_data *data = void_data; -- if (data->tfile != -1) -- close(data->tfile); -- free(data); --} -- --static void --tally_set_data( pam_handle_t *pamh, time_t oldtime, int tfile ) --{ -- struct tally_data *data; -- -- if ( (data=malloc(sizeof(*data))) != NULL ) { -- data->time = oldtime; -- data->tfile = tfile; -- pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); -- } --} -- --static int --tally_get_data( pam_handle_t *pamh, time_t *oldtime, int *tfile ) --{ -- int rv; -- const void *void_data; -- const struct tally_data *data; -- -- rv = pam_get_data(pamh, MODULE_NAME, &void_data); -- if ( rv == PAM_SUCCESS && void_data != NULL && oldtime != NULL ) { -- data = void_data; -- *oldtime = data->time; -- *tfile = data->tfile; -- } -- else { -- rv = -1; -- *oldtime = 0; -- } -- return rv; --} --#endif /* #ifndef MAIN */ -- --/*---------------------------------------------------------------------*/ -- --/* --- Support function: open/create tallyfile and return tally for uid --- */ -- --/* If on entry tallyfile doesn't exist, creation is attempted. */ -- --static void --alarm_handler(int sig UNUSED) --{ /* we just need to ignore it */ --} -- --static int --get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, -- int *tfile, struct tallylog *tally, unsigned int ctrl) --{ -- struct stat fileinfo; -- int lstat_ret; -- void *void_tally = tally; -- int preopened = 0; -- -- if (*tfile != -1) { -- preopened = 1; -- goto skip_open; -- } -- -- lstat_ret = lstat(filename, &fileinfo); -- if (lstat_ret) { -- *tfile=open(filename, O_APPEND|O_CREAT, S_IRUSR|S_IWUSR); -- /* Create file, or append-open in pathological case. */ -- if (*tfile == -1) { --#ifndef MAIN -- if (errno == EACCES) { -- return PAM_IGNORE; /* called with insufficient access rights */ -- } --#endif -- pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename); -- return PAM_AUTH_ERR; -- } -- lstat_ret = fstat(*tfile, &fileinfo); -- close(*tfile); -- } -- -- *tfile = -1; -- -- if ( lstat_ret ) { -- pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); -- return PAM_AUTH_ERR; -- } -- -- if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) { -- /* If the file is world writable or is not a -- normal file, return error */ -- pam_syslog(pamh, LOG_ALERT, -- "%s is either world writable or not a normal file", -- filename); -- return PAM_AUTH_ERR; -- } -- -- if ((*tfile = open(filename, O_RDWR)) == -1) { --#ifndef MAIN -- if (errno == EACCES) /* called with insufficient access rights */ -- return PAM_IGNORE; --#endif -- pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename); -- -- return PAM_AUTH_ERR; -- } -- --skip_open: -- if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) { -- pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); -- if (!preopened) { -- close(*tfile); -- *tfile = -1; -- } -- return PAM_AUTH_ERR; -- } -- -- if (!preopened && (ctrl & OPT_SERIALIZE)) { -- /* this code is not thread safe as it uses fcntl locks and alarm() -- so never use serialize with multithreaded services */ -- struct sigaction newsa, oldsa; -- unsigned int oldalarm; -- int rv; -- -- memset(&newsa, '\0', sizeof(newsa)); -- newsa.sa_handler = alarm_handler; -- sigaction(SIGALRM, &newsa, &oldsa); -- oldalarm = alarm(MAX_LOCK_WAITING_TIME); -- -- rv = lockf(*tfile, F_LOCK, sizeof(*tally)); -- /* lock failure is not fatal, we attempt to read the tally anyway */ -- -- /* reinstate the eventual old alarm handler */ -- if (rv == -1 && errno == EINTR) { -- if (oldalarm > MAX_LOCK_WAITING_TIME) { -- oldalarm -= MAX_LOCK_WAITING_TIME; -- } else if (oldalarm > 0) { -- oldalarm = 1; -- } -- } -- sigaction(SIGALRM, &oldsa, NULL); -- alarm(oldalarm); -- } -- -- if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { -- memset(tally, 0, sizeof(*tally)); -- } -- -- tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; -- -- return PAM_SUCCESS; --} -- --/*---------------------------------------------------------------------*/ -- --/* --- Support function: update tallyfile with tally!=TALLY_HI --- */ -- --static int --set_tally(pam_handle_t *pamh, uid_t uid, -- const char *filename, int *tfile, struct tallylog *tally) --{ -- void *void_tally = tally; -- if (tally->fail_cnt != TALLY_HI) { -- if (lseek(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET) == (off_t)-1) { -- pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); -- return PAM_AUTH_ERR; -- } -- if (pam_modutil_write(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { -- pam_syslog(pamh, LOG_ALERT, "update (write) failed for %s: %m", filename); -- return PAM_AUTH_ERR; -- } -- } -- -- return PAM_SUCCESS; --} -- --/*---------------------------------------------------------------------*/ -- --/* --- PAM bits --- */ -- --#ifndef MAIN -- --#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS)) -- --/*---------------------------------------------------------------------*/ -- --static int --tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, -- const char *user, struct tally_options *opts, -- struct tallylog *tally) --{ -- int rv = PAM_SUCCESS; -- int loglevel = LOG_DEBUG; --#ifdef HAVE_LIBAUDIT -- char buf[64]; -- int audit_fd = -1; -- const void *rhost = NULL, *tty = NULL; --#endif -- -- if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { -- return PAM_SUCCESS; -- } -- /* magic_root skips tally check */ --#ifdef HAVE_LIBAUDIT -- audit_fd = audit_open(); -- /* If there is an error & audit support is in the kernel report error */ -- if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || -- errno == EAFNOSUPPORT)) -- return PAM_SYSTEM_ERR; -- (void)pam_get_item(pamh, PAM_TTY, &tty); -- (void)pam_get_item(pamh, PAM_RHOST, &rhost); --#endif -- if (opts->deny != 0 && /* deny==0 means no deny */ -- tally->fail_cnt > opts->deny && /* tally>deny means exceeded */ -- ((opts->ctrl & OPT_DENY_ROOT) || uid)) { /* even_deny stops uid check */ --#ifdef HAVE_LIBAUDIT -- if (tally->fail_cnt == opts->deny+1) { -- /* First say that max number was hit. */ -- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); -- audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf, -- rhost, NULL, tty, 1); -- } --#endif -- if (uid) { -- /* Unlock time check */ -- if (opts->unlock_time && oldtime) { -- if (opts->unlock_time + oldtime <= time(NULL)) { -- /* ignore deny check after unlock_time elapsed */ --#ifdef HAVE_LIBAUDIT -- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); -- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, -- rhost, NULL, tty, 1); --#endif -- rv = PAM_SUCCESS; -- goto cleanup; -- } -- } -- } else { -- /* Root unlock time check */ -- if (opts->root_unlock_time && oldtime) { -- if (opts->root_unlock_time + oldtime <= time(NULL)) { -- /* ignore deny check after unlock_time elapsed */ --#ifdef HAVE_LIBAUDIT -- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); -- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, -- rhost, NULL, tty, 1); --#endif -- rv = PAM_SUCCESS; -- goto cleanup; -- } -- } -- } -- --#ifdef HAVE_LIBAUDIT -- if (tally->fail_cnt == opts->deny+1) { -- /* First say that max number was hit. */ -- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf, -- rhost, NULL, tty, 1); -- } --#endif -- -- if (!(opts->ctrl & OPT_QUIET)) { -- pam_info(pamh, _("The account is locked due to %u failed logins."), -- (unsigned int)tally->fail_cnt); -- } -- loglevel = LOG_NOTICE; -- rv = PAM_AUTH_ERR; /* Only unconditional failure */ -- goto cleanup; -- } -- -- /* Lock time check */ -- if (opts->lock_time && oldtime) { -- if (opts->lock_time + oldtime > time(NULL)) { -- /* don't increase fail_cnt or update fail_time when -- lock_time applies */ -- tally->fail_cnt = oldcnt; -- tally->fail_time = oldtime; -- -- if (!(opts->ctrl & OPT_QUIET)) { -- pam_info(pamh, -- _("The account is temporarily locked (%ld seconds left)."), -- (long int) (oldtime+opts->lock_time-time(NULL))); -- } -- if (!(opts->ctrl & OPT_NOLOGNOTICE)) { -- pam_syslog(pamh, LOG_NOTICE, -- "user %s (%lu) has time limit [%lds left]" -- " since last failure.", -- user, (unsigned long)uid, -- (long int) (oldtime+opts->lock_time-time(NULL))); -- } -- rv = PAM_AUTH_ERR; -- goto cleanup; -- } -- } -- --cleanup: -- if (!(opts->ctrl & OPT_NOLOGNOTICE) && (loglevel != LOG_DEBUG || opts->ctrl & OPT_DEBUG)) { -- pam_syslog(pamh, loglevel, -- "user %s (%lu) tally %hu, deny %hu", -- user, (unsigned long)uid, tally->fail_cnt, opts->deny); -- } --#ifdef HAVE_LIBAUDIT -- if (audit_fd != -1) { -- close(audit_fd); -- } --#endif -- return rv; --} -- --/* --- tally bump function: bump tally for uid by (signed) inc --- */ -- --static int --tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, -- uid_t uid, const char *user, struct tally_options *opts, int *tfile) --{ -- struct tallylog tally; -- tally_t oldcnt; -- const void *remote_host = NULL; -- int i, rv; -- -- tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ -- -- i = get_tally(pamh, uid, opts->filename, tfile, &tally, opts->ctrl); -- if (i != PAM_SUCCESS) { -- if (*tfile != -1) { -- close(*tfile); -- *tfile = -1; -- } -- RETURN_ERROR(i); -- } -- -- /* to remember old fail time (for locktime) */ -- if (oldtime) { -- *oldtime = (time_t)tally.fail_time; -- } -- -- tally.fail_time = time(NULL); -- -- (void) pam_get_item(pamh, PAM_RHOST, &remote_host); -- if (!remote_host) { -- (void) pam_get_item(pamh, PAM_TTY, &remote_host); -- if (!remote_host) { -- remote_host = "unknown"; -- } -- } -- -- strncpy(tally.fail_line, remote_host, -- sizeof(tally.fail_line)-1); -- tally.fail_line[sizeof(tally.fail_line)-1] = 0; -- -- oldcnt = tally.fail_cnt; -- -- if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) { -- /* magic_root doesn't change tally */ -- tally.fail_cnt += inc; -- -- if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */ -- tally.fail_cnt -= inc; -- pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s", -- (inc<0)?"under":"over",user); -- } -- } -- -- rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally); -- -- i = set_tally(pamh, uid, opts->filename, tfile, &tally); -- if (i != PAM_SUCCESS) { -- if (*tfile != -1) { -- close(*tfile); -- *tfile = -1; -- } -- if (rv == PAM_SUCCESS) -- RETURN_ERROR( i ); -- /* fallthrough */ -- } else if (!(opts->ctrl & OPT_SERIALIZE)) { -- close(*tfile); -- *tfile = -1; -- } -- -- return rv; --} -- --static int --tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_tfile) --{ -- struct tallylog tally; -- int tfile = old_tfile; -- int i; -- -- /* resets only if not magic root */ -- -- if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { -- return PAM_SUCCESS; -- } -- -- tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ -- -- i=get_tally(pamh, uid, opts->filename, &tfile, &tally, opts->ctrl); -- if (i != PAM_SUCCESS) { -- if (tfile != old_tfile) /* the descriptor is not owned by pam data */ -- close(tfile); -- RETURN_ERROR(i); -- } -- -- memset(&tally, 0, sizeof(tally)); -- -- i=set_tally(pamh, uid, opts->filename, &tfile, &tally); -- if (i != PAM_SUCCESS) { -- if (tfile != old_tfile) /* the descriptor is not owned by pam data */ -- close(tfile); -- RETURN_ERROR(i); -- } -- -- if (tfile != old_tfile) -- close(tfile); -- -- return PAM_SUCCESS; --} -- --/*---------------------------------------------------------------------*/ -- --/* --- authentication management functions (only) --- */ -- --int --pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, -- int argc, const char **argv) --{ -- int -- rv, tfile = -1; -- time_t -- oldtime = 0; -- struct tally_options -- options, *opts = &options; -- uid_t -- uid; -- const char -- *user; -- -- rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); -- if (rv != PAM_SUCCESS) -- RETURN_ERROR(rv); -- -- if (flags & PAM_SILENT) -- opts->ctrl |= OPT_QUIET; -- -- rv = pam_get_uid(pamh, &uid, &user, opts); -- if (rv != PAM_SUCCESS) -- RETURN_ERROR(rv); -- -- rv = tally_bump(1, &oldtime, pamh, uid, user, opts, &tfile); -- -- tally_set_data(pamh, oldtime, tfile); -- -- return rv; --} -- --int --pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, -- int argc, const char **argv) --{ -- int -- rv, tfile = -1; -- time_t -- oldtime = 0; -- struct tally_options -- options, *opts = &options; -- uid_t -- uid; -- const char -- *user; -- -- rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); -- if ( rv != PAM_SUCCESS ) -- RETURN_ERROR( rv ); -- -- rv = pam_get_uid(pamh, &uid, &user, opts); -- if ( rv != PAM_SUCCESS ) -- RETURN_ERROR( rv ); -- -- if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) -- /* no data found */ -- return PAM_SUCCESS; -- -- rv = tally_reset(pamh, uid, opts, tfile); -- -- pam_set_data(pamh, MODULE_NAME, NULL, NULL); -- -- return rv; --} -- --/*---------------------------------------------------------------------*/ -- --/* --- authentication management functions (only) --- */ -- --/* To reset failcount of user on successful login */ -- --int --pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, -- int argc, const char **argv) --{ -- int -- rv, tfile = -1; -- time_t -- oldtime = 0; -- struct tally_options -- options, *opts = &options; -- uid_t -- uid; -- const char -- *user; -- -- rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); -- if ( rv != PAM_SUCCESS ) -- RETURN_ERROR( rv ); -- -- rv = pam_get_uid(pamh, &uid, &user, opts); -- if ( rv != PAM_SUCCESS ) -- RETURN_ERROR( rv ); -- -- if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) -- /* no data found */ -- return PAM_SUCCESS; -- -- rv = tally_reset(pamh, uid, opts, tfile); -- -- pam_set_data(pamh, MODULE_NAME, NULL, NULL); -- -- return rv; --} -- --/*-----------------------------------------------------------------------*/ -- --#else /* #ifndef MAIN */ -- --static const char *cline_filename = DEFAULT_LOGFILE; --static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */ --static int cline_quiet = 0; -- --/* -- * Not going to link with pamlib just for these.. :) -- */ -- --static const char * --pam_errors( int i ) --{ -- switch (i) { -- case PAM_AUTH_ERR: return _("Authentication error"); -- case PAM_SERVICE_ERR: return _("Service error"); -- case PAM_USER_UNKNOWN: return _("Unknown user"); -- default: return _("Unknown error"); -- } --} -- --static int --getopts( char **argv ) --{ -- const char *pname = *argv; -- for ( ; *argv ; (void)(*argv && ++argv) ) { -- const char *str; -- if ( !strcmp (*argv,"--file") ) cline_filename=*++argv; -- else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv; -- else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL) -- cline_filename = str; -- else if ( !strcmp (*argv,"--user") ) cline_user=*++argv; -- else if ( !strcmp (*argv,"-u") ) cline_user=*++argv; -- else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL) -- cline_user = str; -- else if ( !strcmp (*argv,"--reset") ) cline_reset=0; -- else if ( !strcmp (*argv,"-r") ) cline_reset=0; -- else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) { -- if (sscanf(str, "%hu", &cline_reset) != 1) -- fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0); -- } -- else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1; -- else { -- fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv); -- return FALSE; -- } -- } -- return TRUE; --} -- --static void --print_one(const struct tallylog *tally, uid_t uid) --{ -- static int once; -- const char *cp = "[UNKNOWN]"; -- time_t fail_time; -- struct tm *tm; -- struct passwd *pwent; -- const char *username = "[NONAME]"; -- char ptime[80]; -- -- pwent = getpwuid(uid); -- fail_time = tally->fail_time; -- if ((tm = localtime(&fail_time)) != NULL) { -- strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm); -- cp = ptime; -- } -- if (pwent) { -- username = pwent->pw_name; -- } -- if (!once) { -- printf (_("Login Failures Latest failure From\n")); -- once++; -- } -- printf ("%-15.15s %5hu ", username, tally->fail_cnt); -- if (tally->fail_time) { -- printf ("%-17.17s %s", cp, tally->fail_line); -- } -- putchar ('\n'); --} -- --int --main( int argc UNUSED, char **argv ) --{ -- struct tallylog tally; -- -- if ( ! getopts( argv+1 ) ) { -- printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n" -- " [-u username] [--user username]\n" -- " [-r] [--reset[=n]] [--quiet]\n"), -- *argv); -- exit(2); -- } -- -- umask(077); -- -- /* -- * Major difference between individual user and all users: -- * --user just handles one user, just like PAM. -- * without --user it handles all users, sniffing cline_filename for nonzeros -- */ -- -- if ( cline_user ) { -- uid_t uid; -- int tfile = -1; -- struct tally_options opts; -- int i; -- -- memset(&opts, 0, sizeof(opts)); -- opts.ctrl = OPT_AUDIT; -- i=pam_get_uid(NULL, &uid, NULL, &opts); -- if ( i != PAM_SUCCESS ) { -- fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); -- exit(1); -- } -- -- if (cline_reset == 0) { -- struct stat st; -- -- if (stat(cline_filename, &st) && errno == ENOENT) { -- if (!cline_quiet) { -- memset(&tally, 0, sizeof(tally)); -- print_one(&tally, uid); -- } -- return 0; /* no file => nothing to reset */ -- } -- } -- -- i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0); -- if ( i != PAM_SUCCESS ) { -- if (tfile != -1) -- close(tfile); -- fprintf(stderr, "%s: %s\n", *argv, pam_errors(i)); -- exit(1); -- } -- -- if ( !cline_quiet ) -- print_one(&tally, uid); -- -- if (cline_reset != TALLY_HI) { --#ifdef HAVE_LIBAUDIT -- char buf[64]; -- int audit_fd = audit_open(); -- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); -- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); -- if (audit_fd >=0) -- close(audit_fd); --#endif -- if (cline_reset == 0) { -- memset(&tally, 0, sizeof(tally)); -- } else { -- tally.fail_cnt = cline_reset; -- } -- i=set_tally(NULL, uid, cline_filename, &tfile, &tally); -- close(tfile); -- if (i != PAM_SUCCESS) { -- fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); -- exit(1); -- } -- } else { -- close(tfile); -- } -- } -- else /* !cline_user (ie, operate on all users) */ { -- FILE *tfile=fopen(cline_filename, "r"); -- uid_t uid=0; -- if (!tfile && cline_reset != 0) { -- perror(*argv); -- exit(1); -- } -- -- for ( ; tfile && !feof(tfile); uid++ ) { -- if ( !fread(&tally, sizeof(tally), 1, tfile) -- || !tally.fail_cnt ) { -- continue; -- } -- print_one(&tally, uid); -- } -- if (tfile) -- fclose(tfile); -- if ( cline_reset!=0 && cline_reset!=TALLY_HI ) { -- fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv); -- } -- else if ( !cline_reset ) { --#ifdef HAVE_LIBAUDIT -- char buf[64]; -- int audit_fd = audit_open(); -- snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); -- audit_log_user_message(audit_fd, AUDIT_USER_ACCT, -- buf, NULL, NULL, ttyname(STDIN_FILENO), 1); -- if (audit_fd >=0) -- close(audit_fd); --#endif -- tfile=fopen(cline_filename, "w"); -- if ( !tfile ) perror(*argv), exit(0); -- fclose(tfile); -- } -- } -- return 0; --} -- -- --#endif /* #ifndef MAIN */ -diff --git a/modules/pam_tally2/pam_tally2_app.c b/modules/pam_tally2/pam_tally2_app.c -deleted file mode 100644 -index b72e9bfd..00000000 ---- a/modules/pam_tally2/pam_tally2_app.c -+++ /dev/null -@@ -1,6 +0,0 @@ --/* -- # This seemed like such a good idea at the time. :) -- */ -- --#define MAIN --#include "pam_tally2.c" -diff --git a/modules/pam_tally2/tallylog.h b/modules/pam_tally2/tallylog.h -deleted file mode 100644 -index 596b1dac..00000000 ---- a/modules/pam_tally2/tallylog.h -+++ /dev/null -@@ -1,52 +0,0 @@ --/* -- * Copyright 2006, Red Hat, Inc. -- * All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. Neither the name of Red Hat, Inc. nor the names of its contributors -- * may be used to endorse or promote products derived from this software -- * without specific prior written permission. -- * -- * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- */ -- --/* -- * tallylog.h - login failure data file format -- * -- * The new login failure file is not compatible with the old faillog(8) format -- * Each record in the file represents a separate UID and the file -- * is indexed in that fashion. -- */ -- -- --#ifndef _TALLYLOG_H --#define _TALLYLOG_H -- --#include -- --struct tallylog { -- char fail_line[52]; /* rhost or tty of last failure */ -- uint16_t reserved; /* reserved for future use */ -- uint16_t fail_cnt; /* failures since last success */ -- uint64_t fail_time; /* time of last failure */ --}; --/* 64 bytes / entry */ -- --#endif -diff --git a/modules/pam_tally2/tst-pam_tally2 b/modules/pam_tally2/tst-pam_tally2 -deleted file mode 100755 -index 83c71f41..00000000 ---- a/modules/pam_tally2/tst-pam_tally2 -+++ /dev/null -@@ -1,2 +0,0 @@ --#!/bin/sh --../../tests/tst-dlopen .libs/pam_tally2.so diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes index ebba241..cfe83cc 100644 --- a/pam_unix-nis.changes +++ b/pam_unix-nis.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Sep 10 10:23:13 UTC 2021 - Thorsten Kukuk + +- Update to version 1.5.2 + ------------------------------------------------------------------- Tue Jul 13 13:40:54 UTC 2021 - Thorsten Kukuk diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec index c9d194d..50f4fac 100644 --- a/pam_unix-nis.spec +++ b/pam_unix-nis.spec @@ -27,7 +27,7 @@ %endif Name: pam_unix-nis # -Version: 1.5.1 +Version: 1.5.2 Release: 0 Summary: PAM module for standard UNIX and NIS authentication License: GPL-2.0-or-later OR BSD-3-Clause @@ -36,7 +36,6 @@ URL: http://www.linux-pam.org/ Source: Linux-PAM-%{version}.tar.xz Source9: baselibs.conf Patch: Makefile-pam_unix-nis.diff -Patch1: revert-check_shadow_expiry.diff BuildRequires: pam-devel %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) @@ -58,7 +57,6 @@ module has NIS support. %prep %setup -q -n Linux-PAM-%{version} %patch -p1 -%patch1 -p1 %build export CFLAGS="%{optflags} -DNDEBUG" @@ -69,8 +67,7 @@ export CFLAGS="%{optflags} -DNDEBUG" --pdfdir=%{_docdir}/pam/pdf \ --enable-isadir=../..%{_pam_moduledir} \ --enable-securedir=%{_pam_moduledir} \ - --enable-vendordir=%{_distconfdir} \ - --enable-tally2 + --enable-vendordir=%{_distconfdir} make -C modules/pam_unix %install -- 2.51.1 From b84cd6c705766f9bad95b40c6f36995d9f1dd99b7e2cb3196b5bad8eaf424bfa Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 10 Sep 2021 11:49:52 +0000 Subject: [PATCH 164/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=248 --- baselibs.conf | 1 - openSUSE_Tumbleweed-x86_64.bl | 4980 --------------------------------- 2 files changed, 4981 deletions(-) delete mode 100644 openSUSE_Tumbleweed-x86_64.bl diff --git a/baselibs.conf b/baselibs.conf index 568a1c2..7c3bca9 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,7 +1,6 @@ pam requires "(systemd- if systemd)" pam-extra -pam-deprecated pam-devel pam_unix conflicts "pam_unix-nis-" diff --git a/openSUSE_Tumbleweed-x86_64.bl b/openSUSE_Tumbleweed-x86_64.bl deleted file mode 100644 index 20407e7..0000000 --- a/openSUSE_Tumbleweed-x86_64.bl +++ /dev/null @@ -1,4980 +0,0 @@ -[ 0s] Using BUILD_ROOT=/var/cache/obs/worker/root_4/.mount -[ 0s] Using BUILD_ARCH=x86_64:i686:i586:i486:i386 -[ 0s] Doing kvm build in /var/cache/obs/worker/root_4/root -[ 0s] -[ 0s] -[ 0s] goat01 started "build pam.spec" at Wed May 19 09:35:36 UTC 2021. -[ 0s] -[ 0s] Building pam for project 'home:jmoellers:branches:Linux-PAM' repository 'openSUSE_Tumbleweed' arch 'x86_64' srcmd5 '83207f1f0c181b7e3f3c5becb047aaec' -[ 0s] -[ 0s] processing recipe /var/cache/obs/worker/root_4/.build-srcdir/pam.spec ... -[ 0s] running changelog2spec --target rpm --file /var/cache/obs/worker/root_4/.build-srcdir/pam.spec -[ 0s] init_buildsystem --configdir /var/run/obs/worker/4/build/configs --cachedir /var/cache/build --prepare --clean --rpmlist /var/cache/obs/worker/root_4/.build.rpmlist /var/cache/obs/worker/root_4/.build-srcdir/pam.spec build ... -[ 1s] cycle: rpm-config-SUSE -> rpm -[ 1s] breaking dependency rpm-config-SUSE -> rpm -[ 1s] [1/33] preinstalling filesystem... -[ 1s] [2/33] preinstalling permissions... -[ 1s] [3/33] preinstalling glibc... -[ 1s] [4/33] preinstalling fillup... -[ 1s] [5/33] preinstalling libacl1... -[ 1s] [6/33] preinstalling libattr1... -[ 1s] [7/33] preinstalling libbz2-1... -[ 1s] [8/33] preinstalling libcap2... -[ 1s] [9/33] preinstalling libgcc_s1... -[ 1s] [10/33] preinstalling libgpg-error0... -[ 1s] [11/33] preinstalling liblua5_4-5... -[ 1s] [12/33] preinstalling liblzma5... -[ 1s] [13/33] preinstalling libpcre1... -[ 1s] [14/33] preinstalling libpcre2-8-0... -[ 2s] [15/33] preinstalling libpopt0... -[ 2s] [16/33] preinstalling libz1... -[ 2s] [17/33] preinstalling libzstd1... -[ 2s] [18/33] preinstalling attr... -[ 2s] [19/33] preinstalling libelf1... -[ 2s] [20/33] preinstalling libgcrypt20... -[ 2s] [21/33] preinstalling libncurses6... -[ 2s] [22/33] preinstalling libselinux1... -[ 2s] [23/33] preinstalling libreadline8... -[ 2s] [24/33] preinstalling tar... -[ 2s] [25/33] preinstalling bash... -[ 2s] [26/33] preinstalling diffutils... -[ 2s] [27/33] preinstalling grep... -[ 2s] [28/33] preinstalling pam... -[ 2s] [29/33] preinstalling sed... -[ 2s] [30/33] preinstalling coreutils... -[ 2s] [31/33] preinstalling aaa_base... -[ 2s] [32/33] preinstalling rpm-config-SUSE... -[ 2s] [33/33] preinstalling rpm... -[ 2s] -[ 2s] [1/11] preinstalling kernel-obs-build... -[ 3s] [2/11] preinstalling libblkid1... -[ 3s] [3/11] preinstalling libcrypt1... -[ 3s] [4/11] preinstalling libdb-4_8... -[ 3s] [5/11] preinstalling libmnl0... -[ 3s] [6/11] preinstalling libsmartcols1... -[ 3s] [7/11] preinstalling libuuid1... -[ 3s] [8/11] preinstalling iproute2... -[ 3s] [9/11] preinstalling libmount1... -[ 3s] [10/11] preinstalling perl-base... -[ 3s] [11/11] preinstalling util-linux... -[ 3s] copying packages... -[ 4s] reordering...cycle: libncurses6 -> terminfo-base -[ 4s] breaking dependency terminfo-base -> libncurses6 -[ 4s] cycle: binutils -> libctf0 -[ 4s] breaking dependency binutils -> libctf0 -[ 4s] cycle: rpm -> rpm-config-SUSE -[ 4s] breaking dependency rpm -> rpm-config-SUSE -[ 4s] cycle: libcrack2 -> cracklib -[ 4s] breaking dependency cracklib -> libcrack2 -[ 4s] cycle: pam -> pam_unix -[ 4s] breaking dependency pam -> pam_unix -[ 4s] done -[ 4s] booting kvm... -[ 4s] ### VM INTERACTION START ### -[ 4s] Using UART console -[ 4s] /usr/bin/qemu-kvm -nodefaults -no-reboot -nographic -vga none -cpu host -object rng-random,filename=/dev/random,id=rng0 -device virtio-rng-pci,rng=rng0 -runas qemu -net none -kernel /var/cache/obs/worker/root_4/.mount/boot/kernel -initrd /var/cache/obs/worker/root_4/.mount/boot/initrd -append root=/dev/disk/by-id/virtio-0 rootfstype=ext4 rootflags=noatime ext4.allow_unsupported=1 mitigations=off panic=1 quiet no-kvmclock elevator=noop nmi_watchdog=0 rw rd.driver.pre=binfmt_misc console=ttyS0 init=/.build/build -m 10240 -drive file=/var/cache/obs/worker/root_4/root,format=raw,if=none,id=disk,cache=unsafe -device virtio-blk-pci,drive=disk,serial=0 -drive file=/var/cache/obs/worker/root_4/swap,format=raw,if=none,id=swap,cache=unsafe -device virtio-blk-pci,drive=swap,serial=1 -serial stdio -chardev socket,id=monitor,server,nowait,path=/var/cache/obs/worker/root_4/root.qemu/monitor -mon chardev=monitor,mode=readline -smp 8 -[ 4s] c[?7l[2J[0mSeaBIOS (version rel-1.14.0-0-g155821a-rebuilt.opensuse.org) -[ 8s] Booting from ROM..c[?7l[2J### VM INTERACTION END ### -[ 8s] 2nd stage started in virtual machine -[ 8s] machine type: x86_64 -[ 8s] [ 4.242868] sysrq: Changing Loglevel -[ 8s] Linux version: 5[ 4.243314] sysrq: Loglevel set to 4 -[ 8s] .12.3-1-default #1 SMP Wed May 12 09:01:49 UTC 2021 (25d4ec7) -[ 8s] Increasing log level from now on... -[ 8s] Enable sysrq operations -[ 8s] Setting up swapspace version 1, size = 2 GiB (2147479552 bytes) -[ 8s] no label, UUID=a142abc4-28c5-4bc5-b535-58e167a82a53 -[ 8s] swapon: /dev/vdb: found signature [pagesize=4096, signature=swap] -[ 8s] swapon: /dev/vdb: pagesize=4096, swapsize=2147483648, devsize=2147483648 -[ 8s] swapon /dev/vdb -[ 8s] WARNING: udev not running, creating extra device nodes -[ 9s] logging output to //.build.log... -[ 9s] processing recipe /.build-srcdir/pam.spec ... -[ 9s] init_buildsystem --configdir /.build/configs --cachedir /var/cache/build /.build-srcdir/pam.spec build ... -[ 9s] initializing rpm db... -[ 9s] querying package ids... -[ 9s] [1/151] cumulate file-magic-5.40-1.1 -[ 9s] [2/151] cumulate kernel-obs-build-5.12.3-1.1 -[ 9s] [3/151] cumulate libsemanage-conf-3.2-1.3 -[ 9s] [4/151] cumulate pkgconf-m4-1.7.3-3.1 -[ 9s] [5/151] cumulate system-user-root-20190513-1.24 -[ 9s] [6/151] cumulate filesystem-15.5-39.1 -[ 9s] [7/151] cumulate glibc-2.33-6.1 -[ 9s] [8/151] cumulate fillup-1.42-276.4 -[ 9s] [9/151] cumulate libacl1-2.2.53-5.5 -[ 9s] [10/151] cumulate libatomic1-11.0.0+git183291-1.5 -[ 9s] [11/151] cumulate libattr1-2.5.1-1.1 -[ 9s] [12/151] cumulate libaudit1-2.8.5-5.3 -[ 9s] [13/151] cumulate libblkid1-2.36.2-1.5 -[ 9s] [14/151] cumulate libbz2-1-1.0.8-2.22 -[ 9s] [15/151] cumulate libcap-ng0-0.7.10-1.18 -[ 9s] [16/151] cumulate libcap2-2.49-2.1 -[ 9s] [17/151] cumulate libcrypt1-4.4.19-1.1 -[ 9s] [18/151] cumulate libeconf0-0.4.0+git20210413.fdb8025-1.1 -[ 9s] [19/151] cumulate libexpat1-2.3.0-1.1 -[ 9s] [20/151] cumulate libfl2-2.6.4-6.1 -[ 9s] [21/151] cumulate libgcc_s1-11.0.0+git183291-1.5 -[ 9s] [22/151] cumulate libgdbm6-1.19-1.3 -[ 9s] [23/151] cumulate libgmp10-6.2.1-3.1 -[ 9s] [24/151] cumulate libgomp1-11.0.0+git183291-1.5 -[ 9s] [25/151] cumulate libgpg-error0-1.42-1.1 -[ 9s] [26/151] cumulate libitm1-11.0.0+git183291-1.5 -[ 9s] [27/151] cumulate libltdl7-2.4.6-8.22 -[ 9s] [28/151] cumulate liblua5_4-5-5.4.3-2.1 -[ 9s] [29/151] cumulate liblzma5-5.2.5-1.18 -[ 9s] [30/151] cumulate libmnl0-1.0.4-2.5 -[ 9s] [31/151] cumulate libpcre1-8.44-3.2 -[ 9s] [32/151] cumulate libpcre2-16-0-10.36-2.1 -[ 9s] [33/151] cumulate libpcre2-32-0-10.36-2.1 -[ 9s] [34/151] cumulate libpcre2-8-0-10.36-2.1 -[ 9s] [35/151] cumulate libpkgconf3-1.7.3-3.1 -[ 9s] [36/151] cumulate libpopt0-1.18-2.4 -[ 9s] [37/151] cumulate libsepol2-3.2-1.1 -[ 9s] [38/151] cumulate libsmartcols1-2.36.2-1.5 -[ 9s] [39/151] cumulate libtextstyle0-0.21-2.4 -[ 9s] [40/151] cumulate libuuid1-2.36.2-1.5 -[ 9s] [41/151] cumulate libz1-1.2.11-18.3 -[ 9s] [42/151] cumulate libzstd1-1.4.9-1.2 -[ 9s] [43/151] cumulate patch-2.7.6-3.31 -[ 9s] [44/151] cumulate update-alternatives-1.19.0.5-8.1 -[ 9s] [45/151] cumulate libfl-devel-2.6.4-6.1 -[ 9s] [46/151] cumulate attr-2.5.1-1.1 -[ 9s] [47/151] cumulate libauparse0-2.8.5-5.3 -[ 9s] [48/151] cumulate libctf-nobfd0-2.36-4.1 -[ 9s] [49/151] cumulate libelf1-0.184-1.1 -[ 9s] [50/151] cumulate libgcrypt20-1.9.3-1.1 -[ 9s] [51/151] cumulate libgdbm_compat4-1.19-1.3 -[ 9s] [52/151] cumulate libisl23-0.23-2.3 -[ 9s] [53/151] cumulate libmpfr6-4.1.0-2.2 -[ 9s] [54/151] cumulate libpcre2-posix2-10.36-2.1 -[ 9s] [55/151] cumulate libselinux1-3.2-2.1 -[ 9s] [56/151] cumulate libstdc++6-11.0.0+git183291-1.5 -[ 9s] [57/151] cumulate perl-base-5.32.1-1.1 -[ 9s] [58/151] cumulate pkgconf-1.7.3-3.1 -[ 9s] [59/151] cumulate chkstat-1550_20210125-27.3 -[ 9s] [60/151] cumulate libfdisk1-2.36.2-1.5 -[ 9s] [61/151] cumulate libxml2-2-2.9.10-11.1 -[ 9s] [62/151] cumulate libmagic1-5.40-1.1 -[ 9s] [63/151] cumulate build-mkbaselibs-20210120-1.4 -[ 9s] [64/151] cumulate rpm-build-perl-4.16.1.3-2.1 -[ 9s] [65/151] cumulate dwz-0.14-1.1 -[ 9s] [66/151] cumulate file-5.40-1.1 -[ 9s] [67/151] cumulate findutils-4.8.0-2.1 -[ 9s] [68/151] cumulate libasan6-11.0.0+git183291-1.5 -[ 9s] [69/151] cumulate libdb-4_8-4.8.30-38.25 -[ 9s] [70/151] cumulate liblsan0-11.0.0+git183291-1.5 -[ 9s] [71/151] cumulate libmount1-2.36.2-1.5 -[ 9s] [72/151] cumulate libmpc3-1.2.1-1.3 -[ 9s] [73/151] cumulate libtsan0-11.0.0+git183291-1.5 -[ 9s] [74/151] cumulate libubsan1-11.0.0+git183291-1.5 -[ 9s] [75/151] cumulate tar-1.34-1.4 -[ 9s] [76/151] cumulate libdw1-0.184-1.1 -[ 9s] [77/151] cumulate libsemanage2-3.2-1.3 -[ 9s] [78/151] cumulate cpp10-10.3.0+git1587-1.2 -[ 9s] [79/151] cumulate perl-5.32.1-1.1 -[ 9s] [80/151] cumulate brp-check-suse-84.87+git20210420.a4765d7-1.1 -[ 9s] [81/151] cumulate terminfo-base-6.2.20210501-19.1 -[ 9s] [82/151] cumulate libncurses6-6.2.20210501-19.1 -[ 9s] [83/151] cumulate libreadline8-8.1-2.1 -[ 9s] [84/151] cumulate ncurses-utils-6.2.20210501-19.1 -[ 9s] [85/151] cumulate bash-5.1.4-2.1 -[ 9s] [86/151] cumulate login_defs-4.8.1-6.2 -[ 9s] [87/151] cumulate sysuser-shadow-3.0-11.1 -[ 9s] [88/151] cumulate cpio-2.13-2.4 -[ 9s] [89/151] cumulate cpp-10-3.3 -[ 9s] [90/151] cumulate diffutils-3.7-4.4 -[ 9s] [91/151] cumulate gzip-1.10-8.1 -[ 9s] [92/151] cumulate hostname-3.23-2.4 -[ 9s] [93/151] cumulate m4-1.4.18-5.19 -[ 9s] [94/151] cumulate make-4.3-2.22 -[ 9s] [95/151] cumulate which-2.21-4.33 -[ 9s] [96/151] cumulate bzip2-1.0.8-2.22 -[ 9s] [97/151] cumulate cracklib-2.9.7-1.8 -[ 9s] [98/151] cumulate gawk-5.1.0-2.5 -[ 9s] [99/151] cumulate grep-3.6-2.4 -[ 9s] [100/151] cumulate pkgconf-pkg-config-1.7.3-3.1 -[ 9s] [101/151] cumulate xz-5.2.5-1.18 -[ 9s] [102/151] cumulate sed-4.8-3.5 -[ 9s] [103/151] cumulate gettext-runtime-0.21-2.4 -[ 9s] [104/151] cumulate iproute2-5.12-1.1 -[ 9s] [105/151] cumulate coreutils-8.32-8.1 -[ 9s] [106/151] cumulate binutils-2.36-4.1 -[ 9s] [107/151] cumulate systemd-rpm-macros-11-1.1 -[ 9s] [108/151] cumulate libeconf-devel-0.4.0+git20210413.fdb8025-1.1 -[ 9s] [109/151] cumulate libxcrypt-devel-4.4.19-1.1 -[ 9s] [110/151] cumulate linux-glibc-devel-5.11-1.2 -[ 9s] [111/151] cumulate system-group-hardware-20170617-21.2 -[ 9s] [112/151] cumulate audit-devel-2.8.5-5.3 -[ 9s] [113/151] cumulate autoconf-2.69-17.18 -[ 9s] [114/151] cumulate bison-3.7.6-3.1 -[ 9s] [115/151] cumulate glibc-locale-base-2.33-6.1 -[ 9s] [116/151] cumulate libcrack2-2.9.7-1.8 -[ 9s] [117/151] cumulate libctf0-2.36-4.1 -[ 9s] [118/151] cumulate flex-2.6.4-6.1 -[ 9s] [119/151] cumulate permissions-config-1550_20210125-27.3 -[ 9s] [120/151] cumulate gettext-tools-0.21-2.4 -[ 9s] [121/151] cumulate aaa_base-84.87+git20210317.2c04190-1.1 -[ 9s] [122/151] cumulate rpm-4.16.1.3-2.1 -[ 9s] [123/151] cumulate aaa_base-malloccheck-84.87+git20210317.2c04190-1.1 -[ 9s] [124/151] cumulate glibc-locale-2.33-6.1 -[ 9s] [125/151] cumulate permissions-20210125.1550-27.3 -[ 9s] [126/151] cumulate rpm-config-SUSE-0.g76-1.1 -[ 9s] [127/151] cumulate automake-1.16.3-3.1 -[ 9s] [128/151] cumulate glibc-devel-2.33-6.1 -[ 9s] [129/151] cumulate librpmbuild9-4.16.1.3-2.1 -[ 9s] [130/151] cumulate build-compare-20200727T175347.d95eb35-1.6 -[ 9s] [131/151] cumulate cracklib-devel-2.9.7-1.8 -[ 9s] [132/151] cumulate libdb-4_8-devel-4.8.30-38.25 -[ 9s] [133/151] cumulate libstdc++6-devel-gcc10-10.3.0+git1587-1.2 -[ 9s] [134/151] cumulate libsepol-devel-3.2-1.1 -[ 9s] [135/151] cumulate libutempter0-1.2.0-3.3 -[ 9s] [136/151] cumulate libtool-2.4.6-8.22 -[ 9s] [137/151] cumulate post-build-checks-84.87+git20210304.df696a0-1.1 -[ 9s] [138/151] cumulate pam-1.5.1-10.1 -[ 9s] [139/151] cumulate rpmlint-mini-1.10-23.12 -[ 9s] [140/151] cumulate gcc10-10.3.0+git1587-1.2 -[ 9s] [141/151] cumulate libstdc++-devel-10-3.3 -[ 9s] [142/151] cumulate rpmlint-Factory-1.0-99.1 -[ 9s] [143/151] cumulate gcc-10-3.3 -[ 9s] [144/151] cumulate pam-devel-1.5.1-10.1 -[ 9s] [145/151] cumulate pam_unix-1.5.1-10.1 -[ 9s] [146/151] cumulate shadow-4.8.1-6.2 -[ 9s] [147/151] cumulate util-linux-2.36.2-1.5 -[ 9s] [148/151] cumulate gcc-PIE-10-3.3 -[ 9s] [149/151] cumulate pcre2-devel-10.36-2.1 -[ 9s] [150/151] cumulate rpm-build-4.16.1.3-2.1 -[ 9s] [151/151] cumulate libselinux-devel-3.2-2.1 -[ 9s] now installing cumulated packages -[ 9s] Preparing... ######################################## -[ 9s] Updating / installing... -[ 9s] system-user-root-20190513-1.24 ######################################## -[ 9s] filesystem-15.5-39.1 ######################################## -[ 9s] glibc-2.33-6.1 ######################################## -[ 9s] libz1-1.2.11-18.3 ######################################## -[ 9s] libgcc_s1-11.0.0+git183291-1.5 ######################################## -[ 9s] libstdc++6-11.0.0+git183291-1.5 ######################################## -[ 9s] libcrypt1-4.4.19-1.1 ######################################## -[ 9s] perl-base-5.32.1-1.1 ######################################## -[ 9s] libaudit1-2.8.5-5.3 ######################################## -[ 9s] libbz2-1-1.0.8-2.22 ######################################## -[ 9s] libgmp10-6.2.1-3.1 ######################################## -[ 9s] terminfo-base-6.2.20210501-19.1 ######################################## -[ 9s] libncurses6-6.2.20210501-19.1 ######################################## -[ 9s] ncurses-utils-6.2.20210501-19.1 ######################################## -[ 9s] libelf1-0.184-1.1 ######################################## -[ 9s] libacl1-2.2.53-5.5 ######################################## -[ 9s] liblzma5-5.2.5-1.18 ######################################## -[ 9s] libcap2-2.49-2.1 ######################################## -[ 9s] libeconf0-0.4.0+git20210413.fdb8025-1.######################################## -[ 9s] libpcre2-8-0-10.36-2.1 ######################################## -[ 9s] libselinux1-3.2-2.1 ######################################## -[ 9s] libmpfr6-4.1.0-2.2 ######################################## -[ 9s] fillup-1.42-276.4 ######################################## -[ 9s] libattr1-2.5.1-1.1 ######################################## -[ 9s] libblkid1-2.36.2-1.5 ######################################## -[ 9s] libgomp1-11.0.0+git183291-1.5 ######################################## -[ 9s] libpopt0-1.18-2.4 ######################################## -[ 9s] libzstd1-1.4.9-1.2 ######################################## -[ 9s] update-alternatives-1.19.0.5-8.1 ######################################## -[ 9s] libmpc3-1.2.1-1.3 ######################################## -[ 9s] chkstat-1550_20210125-27.3 ######################################## -[ 9s] libxml2-2-2.9.10-11.1 ######################################## -[ 9s] libdw1-0.184-1.1 ######################################## -[ 9s] libreadline8-8.1-2.1 ######################################## -[ 9s] bash-5.1.4-2.1 ######################################## -[ 9s] coreutils-8.32-8.1 ######################################## -[ 9s] m4-1.4.18-5.19 ######################################## -[ 9s] gawk-5.1.0-2.5 ######################################## -[ 9s] update-alternatives: using /usr/bin/gawk to provide /bin/awk (awk) in auto mode -[ 9s] xz-5.2.5-1.18 ######################################## -[ 9s] sed-4.8-3.5 ######################################## -[ 9s] login_defs-4.8.1-6.2 ######################################## -[ 9s] cpio-2.13-2.4 ######################################## -[ 10s] tar-1.34-1.4 ######################################## -[ 10s] diffutils-3.7-4.4 ######################################## -[ 10s] which-2.21-4.33 ######################################## -[ 10s] libisl23-0.23-2.3 ######################################## -[ 10s] cpp10-10.3.0+git1587-1.2 ######################################## -[ 10s] libdb-4_8-4.8.30-38.25 ######################################## -[ 10s] libgdbm6-1.19-1.3 ######################################## -[ 10s] libsepol2-3.2-1.1 ######################################## -[ 10s] libtextstyle0-0.21-2.4 ######################################## -[ 10s] libuuid1-2.36.2-1.5 ######################################## -[ 10s] libfdisk1-2.36.2-1.5 ######################################## -[ 10s] gettext-runtime-0.21-2.4 ######################################## -[ 10s] gettext-tools-0.21-2.4 ######################################## -[ 10s] libgdbm_compat4-1.19-1.3 ######################################## -[ 10s] perl-5.32.1-1.1 ######################################## -[ 10s] cpp-10-3.3 ######################################## -[ 10s] autoconf-2.69-17.18 ######################################## -[ 10s] automake-1.16.3-3.1 ######################################## -[ 10s] systemd-rpm-macros-11-1.1 ######################################## -[ 10s] linux-glibc-devel-5.11-1.2 ######################################## -[ 11s] glibc-locale-base-2.33-6.1 ######################################## -[ 12s] glibc-locale-2.33-6.1 ######################################## -[ 12s] permissions-config-1550_20210125-27.3 ######################################## -[ 12s] Updating /etc/sysconfig/security ... -[ 12s] Checking permissions and ownerships - using the permissions files -[ 12s] /usr/share/permissions/permissions -[ 12s] /usr/share/permissions/permissions.easy -[ 12s] /etc/permissions.local -[ 12s] /sbin/unix2_chkpwd: setting to root:shadow 4755 (wrong owner/group root:root) -[ 12s] /sbin/unix_chkpwd: setting to root:shadow 4755 (wrong owner/group root:root) -[ 12s] /usr/bin/mount: setting to root:root 4755 (wrong permissions 0755) -[ 12s] /usr/bin/su: setting to root:root 4755 (wrong permissions 0755) -[ 12s] /usr/bin/umount: setting to root:root 4755 (wrong permissions 0755) -[ 12s] permissions-20210125.1550-27.3 ######################################## -[ 12s] pam_unix-1.5.1-10.1 ######################################## -[ 12s] pam-1.5.1-10.1 ######################################## -[ 12s] gzip-1.10-8.1 ######################################## -[ 12s] make-4.3-2.22 ######################################## -[ 12s] bzip2-1.0.8-2.22 ######################################## -[ 12s] cracklib-2.9.7-1.8 ######################################## -[ 12s] libcrack2-2.9.7-1.8 ######################################## -[ 12s] libmount1-2.36.2-1.5 ######################################## -[ 12s] findutils-4.8.0-2.1 ######################################## -[ 12s] libpcre2-posix2-10.36-2.1 ######################################## -[ 12s] dwz-0.14-1.1 ######################################## -[ 12s] libauparse0-2.8.5-5.3 ######################################## -[ 12s] rpm-build-perl-4.16.1.3-2.1 ######################################## -[ 12s] libasan6-11.0.0+git183291-1.5 ######################################## -[ 12s] liblsan0-11.0.0+git183291-1.5 ######################################## -[ 12s] libtsan0-11.0.0+git183291-1.5 ######################################## -[ 12s] libubsan1-11.0.0+git183291-1.5 ######################################## -[ 12s] libctf-nobfd0-2.36-4.1 ######################################## -[ 12s] binutils-2.36-4.1 ######################################## -[ 12s] update-alternatives: using /usr/bin/ld.bfd to provide /usr/bin/ld (ld) in auto mode -[ 12s] libctf0-2.36-4.1 ######################################## -[ 12s] libatomic1-11.0.0+git183291-1.5 ######################################## -[ 12s] libcap-ng0-0.7.10-1.18 ######################################## -[ 12s] libexpat1-2.3.0-1.1 ######################################## -[ 12s] libfl2-2.6.4-6.1 ######################################## -[ 12s] libfl-devel-2.6.4-6.1 ######################################## -[ 12s] libgpg-error0-1.42-1.1 ######################################## -[ 12s] libgcrypt20-1.9.3-1.1 ######################################## -[ 12s] libitm1-11.0.0+git183291-1.5 ######################################## -[ 12s] libltdl7-2.4.6-8.22 ######################################## -[ 12s] liblua5_4-5-5.4.3-2.1 ######################################## -[ 12s] rpm-config-SUSE-0.g76-1.1 ######################################## -[ 13s] rpm-4.16.1.3-2.1 ######################################## -[ 13s] Updating /etc/sysconfig/services ... -[ 13s] libmnl0-1.0.4-2.5 ######################################## -[ 13s] iproute2-5.12-1.1 ######################################## -[ 13s] libpcre1-8.44-3.2 ######################################## -[ 13s] grep-3.6-2.4 ######################################## -[ 13s] aaa_base-84.87+git20210317.2c04190-1.1######################################## -[ 13s] Updating /etc/sysconfig/language ... -[ 13s] Updating /etc/sysconfig/proxy ... -[ 13s] Updating /etc/sysconfig/windowmanager ... -[ 13s] aaa_base-malloccheck-84.87+git20210317######################################## -[ 13s] libpcre2-16-0-10.36-2.1 ######################################## -[ 13s] libpcre2-32-0-10.36-2.1 ######################################## -[ 13s] libpkgconf3-1.7.3-3.1 ######################################## -[ 13s] pkgconf-1.7.3-3.1 ######################################## -[ 13s] libsmartcols1-2.36.2-1.5 ######################################## -[ 13s] patch-2.7.6-3.31 ######################################## -[ 13s] pkgconf-m4-1.7.3-3.1 ######################################## -[ 13s] pkgconf-pkg-config-1.7.3-3.1 ######################################## -[ 13s] libxcrypt-devel-4.4.19-1.1 ######################################## -[ 13s] glibc-devel-2.33-6.1 ######################################## -[ 13s] libstdc++6-devel-gcc10-10.3.0+git1587-######################################## -[ 13s] libstdc++-devel-10-3.3 ######################################## -[ 13s] pcre2-devel-10.36-2.1 ######################################## -[ 13s] libsepol-devel-3.2-1.1 ######################################## -[ 13s] gcc10-10.3.0+git1587-1.2 ######################################## -[ 13s] gcc-10-3.3 ######################################## -[ 13s] libsemanage-conf-3.2-1.3 ######################################## -[ 13s] libsemanage2-3.2-1.3 ######################################## -[ 13s] shadow-4.8.1-6.2 ######################################## -[ 14s] sysuser-shadow-3.0-11.1 ######################################## -[ 14s] /usr/sbin/groupadd -r kmem -[ 14s] /usr/sbin/groupadd -r lock -[ 14s] /usr/sbin/groupadd -r -g 5 tty -[ 14s] /usr/sbin/groupadd -r utmp -[ 14s] /usr/sbin/groupadd -r audio -[ 14s] /usr/sbin/groupadd -r cdrom -[ 14s] /usr/sbin/groupadd -r dialout -[ 14s] /usr/sbin/groupadd -r disk -[ 14s] /usr/sbin/groupadd -r input -[ 14s] /usr/sbin/groupadd -r lp -[ 14s] /usr/sbin/groupadd -r render -[ 14s] /usr/sbin/groupadd -r tape -[ 14s] /usr/sbin/groupadd -r video -[ 14s] system-group-hardware-20170617-21.2 ######################################## -[ 14s] libutempter0-1.2.0-3.3 ######################################## -[ 14s] util-linux-2.36.2-1.5 ######################################## -[ 14s] /usr/bin/mount: setting to root:root 4755 (wrong permissions 0755) -[ 14s] /usr/bin/umount: setting to root:root 4755 (wrong permissions 0755) -[ 14s] /usr/bin/wall: setting to root:tty 2755 (wrong permissions 0755) -[ 14s] /usr/bin/write: setting to root:tty 2755 (wrong permissions 0755) -[ 14s] /usr/bin/su: setting to root:root 4755 (wrong permissions 0755) -[ 14s] file-magic-5.40-1.1 ######################################## -[ 14s] libmagic1-5.40-1.1 ######################################## -[ 14s] file-5.40-1.1 ######################################## -[ 14s] librpmbuild9-4.16.1.3-2.1 ######################################## -[ 14s] rpmlint-mini-1.10-23.12 ######################################## -[ 14s] rpmlint-Factory-1.0-99.1 ######################################## -[ 14s] rpm-build-4.16.1.3-2.1 ######################################## -[ 14s] build-compare-20200727T175347.d95eb35-######################################## -[ 14s] gcc-PIE-10-3.3 ######################################## -[ 14s] libselinux-devel-3.2-2.1 ######################################## -[ 14s] cracklib-devel-2.9.7-1.8 ######################################## -[ 14s] libdb-4_8-devel-4.8.30-38.25 ######################################## -[ 14s] pam-devel-1.5.1-10.1 ######################################## -[ 14s] libeconf-devel-0.4.0+git20210413.fdb80######################################## -[ 14s] audit-devel-2.8.5-5.3 ######################################## -[ 14s] post-build-checks-84.87+git20210304.df######################################## -[ 14s] libtool-2.4.6-8.22 ######################################## -[ 14s] flex-2.6.4-6.1 ######################################## -[ 14s] brp-check-suse-84.87+git20210420.a4765######################################## -[ 14s] bison-3.7.6-3.1 ######################################## -[ 14s] hostname-3.23-2.4 ######################################## -[ 14s] attr-2.5.1-1.1 ######################################## -[ 14s] build-mkbaselibs-20210120-1.4 ######################################## -[ 14s] kernel-obs-build-5.12.3-1.1 ######################################## -[ 15s] now finalizing build dir... -[ 15s] ... running 01-add_abuild_user_to_trusted_group -[ 15s] ... running 02-set_timezone_to_utc -[ 15s] ... running 11-hack_uname_version_to_kernel_version -[ 15s] RTNETLINK answers: File exists -[ 15s] RTNETLINK answers: File exists -[ 15s] ----------------------------------------------------------------- -[ 15s] I have the following modifications for pam.spec: -[ 15s] 44c44 -[ 15s] < Release: 0 -[ 15s] --- -[ 15s] > Release: 11.1 -[ 15s] ----------------------------------------------------------------- -[ 15s] ----- building pam.spec (user abuild) -[ 15s] ----------------------------------------------------------------- -[ 15s] ----------------------------------------------------------------- -[ 15s] + exec rpmbuild -ba --define '_srcdefattr (-,root,root)' --nosignature --define 'disturl obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/83207f1f0c181b7e3f3c5becb047aaec-pam' /home/abuild/rpmbuild/SOURCES/pam.spec -[ 15s] setting SOURCE_DATE_EPOCH=1620604800 -[ 15s] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.cjs8Eb -[ 15s] + umask 022 -[ 15s] + cd /home/abuild/rpmbuild/BUILD -[ 15s] + cd /home/abuild/rpmbuild/BUILD -[ 15s] + rm -rf Linux-PAM-1.5.1 -[ 15s] + /usr/bin/xz -dc /home/abuild/rpmbuild/SOURCES/Linux-PAM-1.5.1-docs.tar.xz -[ 15s] + /usr/bin/tar -xof - -[ 15s] + STATUS=0 -[ 15s] + '[' 0 -ne 0 ']' -[ 15s] + /usr/bin/xz -dc /home/abuild/rpmbuild/SOURCES/Linux-PAM-1.5.1.tar.xz -[ 15s] + /usr/bin/tar -xof - -[ 15s] + STATUS=0 -[ 15s] + '[' 0 -ne 0 ']' -[ 15s] + cd Linux-PAM-1.5.1 -[ 15s] + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . -[ 15s] + cp -a /home/abuild/rpmbuild/SOURCES/pam-login_defs-check.sh . -[ 15s] + echo 'Patch #2 (pam-limit-nproc.patch):' -[ 15s] Patch #2 (pam-limit-nproc.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -[ 15s] patching file modules/pam_limits/limits.conf -[ 15s] Hunk #1 succeeded at 58 (offset 11 lines). -[ 15s] + echo 'Patch #4 (pam-hostnames-in-access_conf.patch):' -[ 15s] Patch #4 (pam-hostnames-in-access_conf.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -[ 15s] patching file modules/pam_access/pam_access.c -[ 15s] + echo 'Patch #5 (pam-xauth_ownership.patch):' -[ 15s] Patch #5 (pam-xauth_ownership.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -[ 15s] patching file modules/pam_xauth/pam_xauth.c -[ 15s] + echo 'Patch #6 (pam_cracklib-removal.patch):' -[ 15s] Patch #6 (pam_cracklib-removal.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -R -[ 15s] patching file configure.ac -[ 15s] Hunk #2 succeeded at 644 (offset -18 lines). -[ 15s] Hunk #3 succeeded at 662 (offset -20 lines). -[ 15s] patching file modules/Makefile.am -[ 15s] Hunk #2 succeeded at 48 (offset -8 lines). -[ 15s] patching file modules/pam_cracklib/Makefile.am -[ 15s] patching file modules/pam_cracklib/README.xml -[ 15s] patching file modules/pam_cracklib/pam_cracklib.8.xml -[ 15s] patching file modules/pam_cracklib/pam_cracklib.c -[ 15s] patching file modules/pam_cracklib/tst-pam_cracklib -[ 15s] + echo 'Patch #7 (pam_tally2-removal.patch):' -[ 15s] Patch #7 (pam_tally2-removal.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -R -[ 15s] patching file configure.ac -[ 15s] Hunk #1 succeeded at 635 (offset 22 lines). -[ 15s] Hunk #2 succeeded at 670 (offset 23 lines). -[ 15s] Hunk #3 succeeded at 701 (offset 23 lines). -[ 15s] patching file modules/Makefile.am -[ 15s] Hunk #1 succeeded at 34 (offset 4 lines). -[ 15s] Hunk #2 succeeded at 90 (offset 5 lines). -[ 15s] patching file modules/pam_tally2/Makefile.am -[ 15s] patching file modules/pam_tally2/pam_tally2.c -[ 15s] patching file modules/pam_tally2/pam_tally2_app.c -[ 15s] patching file modules/pam_tally2/tallylog.h -[ 15s] patching file modules/pam_tally2/tst-pam_tally2 -[ 15s] + echo 'Patch #8 (pam-bsc1177858-dont-free-environment-string.patch):' -[ 15s] Patch #8 (pam-bsc1177858-dont-free-environment-string.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -[ 15s] patching file modules/pam_xauth/pam_xauth.c -[ 15s] + echo 'Patch #9 (pam-pam_cracklib-add-usersubstr.patch):' -[ 15s] Patch #9 (pam-pam_cracklib-add-usersubstr.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -[ 15s] patching file modules/pam_cracklib/pam_cracklib.c -[ 15s] + echo 'Patch #10 (pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch):' -[ 15s] Patch #10 (pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -[ 15s] patching file doc/sag/Linux-PAM_SAG.txt -[ 15s] patching file doc/sag/html/sag-pam_limits.html -[ 15s] patching file modules/pam_limits/limits.conf.5 -[ 15s] patching file modules/pam_limits/limits.conf.5.xml -[ 15s] patching file modules/pam_limits/pam_limits.c -[ 15s] + echo 'Patch #11 (bsc1184358-prevent-LOCAL-from-being-resolved.patch):' -[ 15s] Patch #11 (bsc1184358-prevent-LOCAL-from-being-resolved.patch): -[ 15s] + /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 -[ 15s] patching file modules/pam_access/pam_access.c -[ 15s] + RPM_EC=0 -[ 15s] ++ jobs -p -[ 15s] + exit 0 -[ 15s] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Cepyvj -[ 15s] + umask 022 -[ 15s] + cd /home/abuild/rpmbuild/BUILD -[ 15s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 15s] ++ dirname /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 15s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT -[ 15s] + /usr/bin/mkdir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 15s] + cd Linux-PAM-1.5.1 -[ 15s] + bash ./pam-login_defs-check.sh -[ 15s] Checking login.defs variables in pam... OK -[ 15s] + export 'CFLAGS=-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG' -[ 15s] + CFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG' -[ 15s] + CFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG' -[ 15s] + export CFLAGS -[ 15s] + CXXFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto' -[ 15s] + export CXXFLAGS -[ 15s] + FFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto ' -[ 15s] + export FFLAGS -[ 15s] + FCFLAGS='-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto ' -[ 15s] + export FCFLAGS -[ 15s] + LDFLAGS=-flto=auto -[ 15s] + export LDFLAGS -[ 15s] + ./configure --host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --includedir=/usr/include/security --docdir=/usr/share/doc/packages/pam --htmldir=/usr/share/doc/packages/pam/html --pdfdir=/usr/share/doc/packages/pam/pdf --sbindir=/sbin --libdir=/lib64 --enable-isadir=../../lib64/security --enable-securedir=/lib64/security --enable-vendordir=/usr/etc --enable-tally2 --enable-cracklib -[ 16s] configure: WARNING: unrecognized options: --enable-tally2, --enable-cracklib -[ 16s] checking for a BSD-compatible install... /usr/bin/install -c -[ 16s] checking whether build environment is sane... yes -[ 16s] checking for a thread-safe mkdir -p... /usr/bin/mkdir -p -[ 16s] checking for gawk... gawk -[ 16s] checking whether make sets $(MAKE)... yes -[ 16s] checking whether make supports nested variables... yes -[ 16s] checking build system type... x86_64-suse-linux-gnu -[ 16s] checking host system type... x86_64-suse-linux-gnu -[ 16s] checking whether make supports the include directive... yes (GNU style) -[ 16s] checking for x86_64-suse-linux-gnu-gcc... no -[ 16s] checking for gcc... gcc -[ 16s] checking whether the C compiler works... yes -[ 16s] checking for C compiler default output file name... a.out -[ 16s] checking for suffix of executables... -[ 16s] checking whether we are cross compiling... no -[ 16s] checking for suffix of object files... o -[ 16s] checking whether we are using the GNU C compiler... yes -[ 16s] checking whether gcc accepts -g... yes -[ 16s] checking for gcc option to accept ISO C89... none needed -[ 16s] checking whether gcc understands -c and -o together... yes -[ 16s] checking dependency style of gcc... none -[ 16s] checking how to run the C preprocessor... gcc -E -[ 16s] checking for grep that handles long lines and -e... /usr/bin/grep -[ 16s] checking for egrep... /usr/bin/grep -E -[ 16s] checking for ANSI C header files... yes -[ 16s] checking for sys/types.h... yes -[ 16s] checking for sys/stat.h... yes -[ 16s] checking for stdlib.h... yes -[ 16s] checking for string.h... yes -[ 16s] checking for memory.h... yes -[ 16s] checking for strings.h... yes -[ 16s] checking for inttypes.h... yes -[ 17s] checking for stdint.h... yes -[ 17s] checking for unistd.h... yes -[ 17s] checking minix/config.h usability... no -[ 17s] checking minix/config.h presence... no -[ 17s] checking for minix/config.h... no -[ 17s] checking whether it is safe to define __EXTENSIONS__... yes -[ 17s] checking how to print strings... printf -[ 17s] checking for a sed that does not truncate output... /usr/bin/sed -[ 17s] checking for fgrep... /usr/bin/grep -F -[ 17s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld -[ 17s] checking if the linker (/usr/x86_64-suse-linux/bin/ld) is GNU ld... yes -[ 17s] checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B -[ 17s] checking the name lister (/usr/bin/nm -B) interface... BSD nm -[ 17s] checking whether ln -s works... yes -[ 17s] checking the maximum length of command line arguments... 1572864 -[ 17s] checking how to convert x86_64-suse-linux-gnu file names to x86_64-suse-linux-gnu format... func_convert_file_noop -[ 17s] checking how to convert x86_64-suse-linux-gnu file names to toolchain format... func_convert_file_noop -[ 17s] checking for /usr/x86_64-suse-linux/bin/ld option to reload object files... -r -[ 17s] checking for x86_64-suse-linux-gnu-objdump... no -[ 17s] checking for objdump... objdump -[ 17s] checking how to recognize dependent libraries... pass_all -[ 17s] checking for x86_64-suse-linux-gnu-dlltool... no -[ 17s] checking for dlltool... no -[ 17s] checking how to associate runtime and link libraries... printf %s\n -[ 17s] checking for x86_64-suse-linux-gnu-ar... no -[ 17s] checking for ar... ar -[ 17s] checking for archiver @FILE support... @ -[ 17s] checking for x86_64-suse-linux-gnu-strip... no -[ 17s] checking for strip... strip -[ 17s] checking for x86_64-suse-linux-gnu-ranlib... no -[ 17s] checking for ranlib... ranlib -[ 17s] checking command to parse /usr/bin/nm -B output from gcc object... ok -[ 17s] checking for sysroot... no -[ 17s] checking for a working dd... /usr/bin/dd -[ 17s] checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1 -[ 17s] checking for x86_64-suse-linux-gnu-mt... no -[ 17s] checking for mt... no -[ 17s] checking if : is a manifest tool... no -[ 17s] checking for dlfcn.h... yes -[ 17s] checking for objdir... .libs -[ 17s] checking if gcc supports -fno-rtti -fno-exceptions... no -[ 17s] checking for gcc option to produce PIC... -fPIC -DPIC -[ 17s] checking if gcc PIC flag -fPIC -DPIC works... yes -[ 17s] checking if gcc static flag -static works... no -[ 17s] checking if gcc supports -c -o file.o... yes -[ 17s] checking if gcc supports -c -o file.o... (cached) yes -[ 17s] checking whether the gcc linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) supports shared libraries... yes -[ 17s] checking whether -lc should be explicitly linked in... no -[ 17s] checking dynamic linker characteristics... GNU/Linux ld.so -[ 17s] checking how to hardcode library paths into programs... immediate -[ 17s] checking whether stripping libraries is possible... yes -[ 17s] checking if libtool supports shared libraries... yes -[ 17s] checking whether to build shared libraries... yes -[ 17s] checking whether to build static libraries... no -[ 17s] checking for x86_64-suse-linux-gnu-gcc... gcc -[ 17s] checking whether we are using the GNU C compiler... (cached) yes -[ 17s] checking whether gcc accepts -g... (cached) yes -[ 17s] checking for gcc option to accept ISO C89... (cached) none needed -[ 17s] checking whether gcc understands -c and -o together... (cached) yes -[ 17s] checking dependency style of gcc... (cached) none -[ 17s] checking for bison... bison -y -[ 17s] checking for flex... flex -[ 17s] checking lex output file root... lex.yy -[ 18s] checking lex library... -lfl -[ 18s] checking whether yytext is a pointer... yes -[ 18s] checking whether ln -s works... yes -[ 18s] checking whether make sets $(MAKE)... (cached) yes -[ 18s] checking whether ld supports --as-needed... yes -[ 18s] checking whether ld supports --no-undefined... yes -[ 18s] checking whether ld supports -O1... yes -[ 18s] checking whether ld supports "-z now"... yes -[ 18s] checking for special C compiler options needed for large files... no -[ 18s] checking for _FILE_OFFSET_BITS value needed for large files... no -[ 18s] checking whether gcc handles -Werror -Wunknown-warning-option... no -[ 18s] checking whether gcc handles -W... yes -[ 19s] checking whether gcc handles -Wall... yes -[ 19s] checking whether gcc handles -Wbad-function-cast... yes -[ 19s] checking whether gcc handles -Wcast-align... yes -[ 19s] checking whether gcc handles -Wcast-align=strict... yes -[ 19s] checking whether gcc handles -Wcast-qual... yes -[ 19s] checking whether gcc handles -Wdeprecated... yes -[ 19s] checking whether gcc handles -Winline... yes -[ 19s] checking whether gcc handles -Wmain... yes -[ 19s] checking whether gcc handles -Wmissing-declarations... yes -[ 19s] checking whether gcc handles -Wmissing-format-attribute... yes -[ 19s] checking whether gcc handles -Wmissing-prototypes... yes -[ 19s] checking whether gcc handles -Wp64... no -[ 19s] checking whether gcc handles -Wpointer-arith... yes -[ 19s] checking whether gcc handles -Wreturn-type... yes -[ 19s] checking whether gcc handles -Wshadow... yes -[ 20s] checking whether gcc handles -Wstrict-prototypes... yes -[ 20s] checking whether gcc handles -Wuninitialized... yes -[ 20s] checking whether gcc handles -Wwrite-strings... yes -[ 20s] checking for CC_FOR_BUILD... gcc -[ 20s] checking for __attribute__((unused))... yes -[ 20s] checking for .symver assembler directive... yes -[ 20s] checking for ld --version-script... yes -[ 20s] checking for -fpie/-pie support... yes -[ 20s] checking for libprelude-config... no -[ 20s] checking for libprelude - version >= 0.9.0... no -[ 20s] Defining $ISA to "../../lib64/security" -[ 20s] checking paths.h usability... yes -[ 20s] checking paths.h presence... yes -[ 20s] checking for paths.h... yes -[ 20s] checking for xauth... no -[ 20s] checking for library containing dlopen... -ldl -[ 20s] checking libaudit.h usability... yes -[ 20s] checking libaudit.h presence... yes -[ 20s] checking for libaudit.h... yes -[ 20s] checking for audit_log_acct_message in -laudit... yes -[ 20s] checking for struct audit_tty_status... yes -[ 20s] checking for struct audit_tty_status.log_passwd... yes -[ 20s] checking xcrypt.h usability... yes -[ 20s] checking xcrypt.h presence... yes -[ 20s] checking for xcrypt.h... yes -[ 20s] checking crypt.h usability... yes -[ 20s] checking crypt.h presence... yes -[ 20s] checking for crypt.h... yes -[ 20s] checking for library containing crypt... -lxcrypt -[ 21s] checking for crypt_r... yes -[ 21s] checking for crypt_gensalt_r... no -[ 21s] checking for db_create... yes -[ 21s] checking db.h usability... yes -[ 21s] checking db.h presence... yes -[ 21s] checking for db.h... yes -[ 21s] checking for x86_64-suse-linux-gnu-pkg-config... /usr/bin/x86_64-suse-linux-gnu-pkg-config -[ 21s] checking pkg-config is at least version 0.9.0... yes -[ 21s] checking for libtirpc... no -[ 21s] checking for libnsl... no -[ 21s] checking for yp_match in -lnsl... no -[ 21s] checking for yp_get_default_domain... no -[ 21s] checking for yperr_string... no -[ 21s] checking for yp_master... no -[ 21s] checking for yp_bind... no -[ 21s] checking for yp_match... no -[ 21s] checking for yp_unbind... no -[ 21s] checking for getrpcport... no -[ 22s] checking for rpcb_getaddr... no -[ 22s] checking rpc/rpc.h usability... no -[ 22s] checking rpc/rpc.h presence... no -[ 22s] checking for rpc/rpc.h... no -[ 22s] checking rpcsvc/ypclnt.h usability... no -[ 22s] checking rpcsvc/ypclnt.h presence... no -[ 22s] checking for rpcsvc/ypclnt.h... no -[ 22s] checking rpcsvc/yp_prot.h usability... no -[ 22s] checking rpcsvc/yp_prot.h presence... no -[ 22s] checking for rpcsvc/yp_prot.h... no -[ 22s] checking whether getrpcport is declared... no -[ 22s] checking for getfilecon in -lselinux... yes -[ 22s] checking for setkeycreatecon... yes -[ 22s] checking for getseuser... yes -[ 22s] checking for libeconf... yes -[ 22s] checking for dirent.h that defines DIR... yes -[ 22s] checking for library containing opendir... none required -[ 22s] checking for ANSI C header files... (cached) yes -[ 22s] checking for sys/wait.h that is POSIX.1 compatible... yes -[ 22s] checking fcntl.h usability... yes -[ 22s] checking fcntl.h presence... yes -[ 22s] checking for fcntl.h... yes -[ 22s] checking limits.h usability... yes -[ 22s] checking limits.h presence... yes -[ 22s] checking for limits.h... yes -[ 22s] checking malloc.h usability... yes -[ 22s] checking malloc.h presence... yes -[ 22s] checking for malloc.h... yes -[ 22s] checking sys/file.h usability... yes -[ 22s] checking sys/file.h presence... yes -[ 22s] checking for sys/file.h... yes -[ 22s] checking sys/ioctl.h usability... yes -[ 22s] checking sys/ioctl.h presence... yes -[ 22s] checking for sys/ioctl.h... yes -[ 22s] checking sys/time.h usability... yes -[ 22s] checking sys/time.h presence... yes -[ 22s] checking for sys/time.h... yes -[ 22s] checking syslog.h usability... yes -[ 22s] checking syslog.h presence... yes -[ 22s] checking for syslog.h... yes -[ 23s] checking net/if.h usability... yes -[ 23s] checking net/if.h presence... yes -[ 23s] checking for net/if.h... yes -[ 23s] checking termio.h usability... yes -[ 23s] checking termio.h presence... yes -[ 23s] checking for termio.h... yes -[ 23s] checking for unistd.h... (cached) yes -[ 23s] checking sys/fsuid.h usability... yes -[ 23s] checking sys/fsuid.h presence... yes -[ 23s] checking for sys/fsuid.h... yes -[ 23s] checking inittypes.h usability... no -[ 23s] checking inittypes.h presence... no -[ 23s] checking for inittypes.h... no -[ 23s] checking lastlog.h usability... yes -[ 23s] checking lastlog.h presence... yes -[ 23s] checking for lastlog.h... yes -[ 23s] checking utmp.h usability... yes -[ 23s] checking utmp.h presence... yes -[ 23s] checking for utmp.h... yes -[ 23s] checking utmpx.h usability... yes -[ 23s] checking utmpx.h presence... yes -[ 23s] checking for utmpx.h... yes -[ 23s] checking whether byte ordering is bigendian... no -[ 23s] checking for an ANSI C-conforming const... yes -[ 23s] checking for uid_t in sys/types.h... yes -[ 23s] checking for off_t... yes -[ 23s] checking for pid_t... yes -[ 23s] checking for size_t... yes -[ 23s] checking whether time.h and sys/time.h may both be included... yes -[ 23s] checking whether struct tm is in sys/time.h or time.h... time.h -[ 23s] checking type of array argument to getgroups... gid_t -[ 23s] checking whether gcc needs -traditional... no -[ 23s] checking for working memcmp... yes -[ 24s] checking for vprintf... yes -[ 24s] checking for _doprnt... no -[ 24s] checking for fseeko... yes -[ 24s] checking for getdomainname... yes -[ 24s] checking for gethostname... yes -[ 24s] checking for gettimeofday... yes -[ 24s] checking for lckpwdf... yes -[ 24s] checking for mkdir... yes -[ 24s] checking for select... yes -[ 24s] checking for strcspn... yes -[ 24s] checking for strdup... yes -[ 24s] checking for strspn... yes -[ 25s] checking for strstr... yes -[ 25s] checking for strtol... yes -[ 25s] checking for uname... yes -[ 25s] checking for getutent_r... yes -[ 25s] checking for getpwnam_r... yes -[ 25s] checking for getpwuid_r... yes -[ 25s] checking for getgrnam_r... yes -[ 25s] checking for getgrgid_r... yes -[ 25s] checking for getspnam_r... yes -[ 25s] checking for getmntent_r... yes -[ 25s] checking for getgrouplist... yes -[ 25s] checking for getline... yes -[ 25s] checking for getdelim... yes -[ 26s] checking for inet_ntop... yes -[ 26s] checking for inet_pton... yes -[ 26s] checking for innetgr... yes -[ 26s] checking for quotactl... yes -[ 26s] checking for unshare... yes -[ 26s] checking for ruserok_af... yes -[ 26s] checking for logwtmp... yes -[ 26s] checking for xsltproc... no -[ 26s] checking for xmllint... /bin/true -[ 26s] checking for XML catalog (/etc/xml/catalog)... not found -[ 26s] checking for xmlcatalog... no -[ 26s] checking for DocBook XML DTD V4.4 in XML catalog... not found -[ 26s] checking for DocBook XSL Stylesheets in XML catalog... not found -[ 26s] checking for w3m... no -[ 26s] checking for elinks... no -[ 26s] checking for fop... no -[ 26s] checking whether NLS is requested... yes -[ 26s] checking for msgfmt... /usr/bin/msgfmt -[ 26s] checking for gmsgfmt... /usr/bin/msgfmt -[ 26s] checking for xgettext... /usr/bin/xgettext -[ 26s] checking for msgmerge... /usr/bin/msgmerge -[ 26s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld -m elf_x86_64 -[ 26s] checking if the linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) is GNU ld... yes -[ 26s] checking for shared library run path origin... done -[ 26s] checking for CFPreferencesCopyAppValue... no -[ 26s] checking for CFLocaleCopyCurrent... no -[ 26s] checking for GNU gettext in libc... yes -[ 26s] checking whether to use NLS... yes -[ 26s] checking where the gettext function comes from... libc -[ 26s] checking for dngettext... yes -[ 26s] checking whether __NR_keyctl is declared... yes -[ 26s] checking that generated files are newer than configure... done -[ 26s] configure: creating ./config.status -[ 27s] config.status: creating Makefile -[ 27s] config.status: creating libpam/Makefile -[ 27s] config.status: creating libpamc/Makefile -[ 27s] config.status: creating libpamc/test/Makefile -[ 27s] config.status: creating libpam_misc/Makefile -[ 27s] config.status: creating conf/Makefile -[ 27s] config.status: creating conf/pam_conv1/Makefile -[ 27s] config.status: creating po/Makefile.in -[ 27s] config.status: creating Make.xml.rules -[ 27s] config.status: creating modules/Makefile -[ 27s] config.status: creating modules/pam_access/Makefile -[ 27s] config.status: creating modules/pam_debug/Makefile -[ 27s] config.status: creating modules/pam_deny/Makefile -[ 27s] config.status: creating modules/pam_echo/Makefile -[ 27s] config.status: creating modules/pam_env/Makefile -[ 27s] config.status: creating modules/pam_faildelay/Makefile -[ 27s] config.status: creating modules/pam_faillock/Makefile -[ 27s] config.status: creating modules/pam_filter/Makefile -[ 27s] config.status: creating modules/pam_filter/upperLOWER/Makefile -[ 27s] config.status: creating modules/pam_ftp/Makefile -[ 27s] config.status: creating modules/pam_group/Makefile -[ 27s] config.status: creating modules/pam_issue/Makefile -[ 27s] config.status: creating modules/pam_keyinit/Makefile -[ 27s] config.status: creating modules/pam_lastlog/Makefile -[ 27s] config.status: creating modules/pam_limits/Makefile -[ 27s] config.status: creating modules/pam_listfile/Makefile -[ 27s] config.status: creating modules/pam_localuser/Makefile -[ 27s] config.status: creating modules/pam_loginuid/Makefile -[ 27s] config.status: creating modules/pam_mail/Makefile -[ 27s] config.status: creating modules/pam_mkhomedir/Makefile -[ 27s] config.status: creating modules/pam_motd/Makefile -[ 27s] config.status: creating modules/pam_namespace/Makefile -[ 27s] config.status: creating modules/pam_namespace/pam_namespace_helper -[ 27s] config.status: creating modules/pam_namespace/pam_namespace.service -[ 27s] config.status: creating modules/pam_nologin/Makefile -[ 27s] config.status: creating modules/pam_permit/Makefile -[ 27s] config.status: creating modules/pam_pwhistory/Makefile -[ 27s] config.status: creating modules/pam_rhosts/Makefile -[ 27s] config.status: creating modules/pam_rootok/Makefile -[ 27s] config.status: creating modules/pam_exec/Makefile -[ 27s] config.status: creating modules/pam_securetty/Makefile -[ 27s] config.status: creating modules/pam_selinux/Makefile -[ 27s] config.status: creating modules/pam_sepermit/Makefile -[ 28s] config.status: creating modules/pam_setquota/Makefile -[ 28s] config.status: creating modules/pam_shells/Makefile -[ 28s] config.status: creating modules/pam_stress/Makefile -[ 28s] config.status: creating modules/pam_succeed_if/Makefile -[ 28s] config.status: creating modules/pam_time/Makefile -[ 28s] config.status: creating modules/pam_timestamp/Makefile -[ 28s] config.status: creating modules/pam_tty_audit/Makefile -[ 28s] config.status: creating modules/pam_umask/Makefile -[ 28s] config.status: creating modules/pam_unix/Makefile -[ 28s] config.status: creating modules/pam_userdb/Makefile -[ 28s] config.status: creating modules/pam_usertype/Makefile -[ 28s] config.status: creating modules/pam_warn/Makefile -[ 28s] config.status: creating modules/pam_wheel/Makefile -[ 28s] config.status: creating modules/pam_xauth/Makefile -[ 28s] config.status: creating doc/Makefile -[ 28s] config.status: creating doc/specs/Makefile -[ 28s] config.status: creating doc/man/Makefile -[ 28s] config.status: creating doc/sag/Makefile -[ 28s] config.status: creating doc/adg/Makefile -[ 28s] config.status: creating doc/mwg/Makefile -[ 28s] config.status: creating examples/Makefile -[ 28s] config.status: creating tests/Makefile -[ 28s] config.status: creating xtests/Makefile -[ 28s] config.status: creating config.h -[ 28s] config.status: executing depfiles commands -[ 28s] config.status: executing libtool commands -[ 28s] config.status: executing po-directories commands -[ 28s] config.status: creating po/POTFILES -[ 28s] config.status: creating po/Makefile -[ 28s] configure: WARNING: unrecognized options: --enable-tally2, --enable-cracklib -[ 28s] + make -j8 -[ 28s] CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing aclocal-1.16 -I m4 -[ 29s] CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing autoconf -[ 29s] cd . && /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing automake-1.16 --gnu -[ 30s] /bin/sh ./config.status --recheck -[ 30s] running CONFIG_SHELL=/bin/sh /bin/sh ./configure --host=x86_64-suse-linux-gnu --build=x86_64-suse-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --includedir=/usr/include/security --docdir=/usr/share/doc/packages/pam --htmldir=/usr/share/doc/packages/pam/html --pdfdir=/usr/share/doc/packages/pam/pdf --sbindir=/sbin --libdir=/lib64 --enable-isadir=../../lib64/security --enable-securedir=/lib64/security --enable-vendordir=/usr/etc --enable-tally2 --enable-cracklib build_alias=x86_64-suse-linux-gnu host_alias=x86_64-suse-linux-gnu CFLAGS=-O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG LDFLAGS=-flto=auto PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig --no-create --no-recursion -[ 30s] checking for a BSD-compatible install... /usr/bin/install -c -[ 30s] checking whether build environment is sane... yes -[ 30s] checking for a thread-safe mkdir -p... /usr/bin/mkdir -p -[ 30s] checking for gawk... gawk -[ 30s] checking whether make sets $(MAKE)... yes -[ 30s] checking whether make supports nested variables... yes -[ 30s] checking build system type... x86_64-suse-linux-gnu -[ 30s] checking host system type... x86_64-suse-linux-gnu -[ 30s] checking whether make supports the include directive... yes (GNU style) -[ 30s] checking for x86_64-suse-linux-gnu-gcc... no -[ 30s] checking for gcc... gcc -[ 30s] checking whether the C compiler works... yes -[ 30s] checking for C compiler default output file name... a.out -[ 30s] checking for suffix of executables... -[ 30s] checking whether we are cross compiling... no -[ 30s] checking for suffix of object files... o -[ 30s] checking whether we are using the GNU C compiler... yes -[ 30s] checking whether gcc accepts -g... yes -[ 30s] checking for gcc option to accept ISO C89... none needed -[ 30s] checking whether gcc understands -c and -o together... doc/specs/Makefile.am:16: warning: 'CFLAGS' is a user variable, you should not override it; -[ 30s] doc/specs/Makefile.am:16: use 'AM_CFLAGS' instead -[ 30s] doc/specs/Makefile.am:15: warning: 'CPPFLAGS' is a user variable, you should not override it; -[ 30s] doc/specs/Makefile.am:15: use 'AM_CPPFLAGS' instead -[ 30s] doc/specs/Makefile.am:17: warning: 'LDFLAGS' is a user variable, you should not override it; -[ 30s] doc/specs/Makefile.am:17: use 'AM_LDFLAGS' instead -[ 30s] yes -[ 30s] checking dependency style of gcc... none -[ 30s] checking how to run the C preprocessor... gcc -E -[ 30s] checking for grep that handles long lines and -e... /usr/bin/grep -[ 30s] checking for egrep... /usr/bin/grep -E -[ 30s] checking for ANSI C header files... yes -[ 31s] checking for sys/types.h... yes -[ 31s] checking for sys/stat.h... yes -[ 31s] checking for stdlib.h... yes -[ 31s] checking for string.h... yes -[ 31s] checking for memory.h... yes -[ 31s] checking for strings.h... yes -[ 31s] checking for inttypes.h... yes -[ 31s] checking for stdint.h... yes -[ 31s] checking for unistd.h... yes -[ 31s] checking minix/config.h usability... no -[ 31s] checking minix/config.h presence... no -[ 31s] checking for minix/config.h... no -[ 31s] checking whether it is safe to define __EXTENSIONS__... yes -[ 31s] checking how to print strings... printf -[ 31s] checking for a sed that does not truncate output... /usr/bin/sed -[ 31s] checking for fgrep... /usr/bin/grep -F -[ 31s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld -[ 31s] checking if the linker (/usr/x86_64-suse-linux/bin/ld) is GNU ld... yes -[ 31s] checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B -[ 31s] checking the name lister (/usr/bin/nm -B) interface... BSD nm -[ 31s] checking whether ln -s works... yes -[ 31s] checking the maximum length of command line arguments... 1572864 -[ 31s] checking how to convert x86_64-suse-linux-gnu file names to x86_64-suse-linux-gnu format... func_convert_file_noop -[ 31s] checking how to convert x86_64-suse-linux-gnu file names to toolchain format... func_convert_file_noop -[ 31s] checking for /usr/x86_64-suse-linux/bin/ld option to reload object files... -r -[ 31s] checking for x86_64-suse-linux-gnu-objdump... no -[ 31s] checking for objdump... objdump -[ 31s] checking how to recognize dependent libraries... pass_all -[ 31s] checking for x86_64-suse-linux-gnu-dlltool... no -[ 31s] checking for dlltool... no -[ 31s] checking how to associate runtime and link libraries... printf %s\n -[ 31s] checking for x86_64-suse-linux-gnu-ar... no -[ 31s] checking for ar... ar -[ 31s] checking for archiver @FILE support... @ -[ 31s] checking for x86_64-suse-linux-gnu-strip... no -[ 31s] checking for strip... strip -[ 31s] checking for x86_64-suse-linux-gnu-ranlib... no -[ 31s] checking for ranlib... ranlib -[ 31s] checking command to parse /usr/bin/nm -B output from gcc object... ok -[ 31s] checking for sysroot... no -[ 31s] checking for a working dd... /usr/bin/dd -[ 31s] checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1 -[ 31s] checking for x86_64-suse-linux-gnu-mt... no -[ 31s] checking for mt... no -[ 31s] checking if : is a manifest tool... no -[ 31s] checking for dlfcn.h... yes -[ 31s] checking for objdir... .libs -[ 31s] checking if gcc supports -fno-rtti -fno-exceptions... no -[ 31s] checking for gcc option to produce PIC... -fPIC -DPIC -[ 31s] checking if gcc PIC flag -fPIC -DPIC works... yes -[ 31s] checking if gcc static flag -static works... no -[ 31s] checking if gcc supports -c -o file.o... yes -[ 31s] checking if gcc supports -c -o file.o... (cached) yes -[ 31s] checking whether the gcc linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) supports shared libraries... yes -[ 31s] checking whether -lc should be explicitly linked in... no -[ 31s] checking dynamic linker characteristics... GNU/Linux ld.so -[ 31s] checking how to hardcode library paths into programs... immediate -[ 31s] checking whether stripping libraries is possible... yes -[ 31s] checking if libtool supports shared libraries... yes -[ 31s] checking whether to build shared libraries... yes -[ 31s] checking whether to build static libraries... no -[ 31s] checking for x86_64-suse-linux-gnu-gcc... gcc -[ 32s] checking whether we are using the GNU C compiler... (cached) yes -[ 32s] checking whether gcc accepts -g... (cached) yes -[ 32s] checking for gcc option to accept ISO C89... (cached) none needed -[ 32s] checking whether gcc understands -c and -o together... (cached) yes -[ 32s] checking dependency style of gcc... (cached) none -[ 32s] checking for bison... bison -y -[ 32s] checking for flex... flex -[ 32s] checking lex output file root... lex.yy -[ 32s] checking lex library... -lfl -[ 32s] checking whether yytext is a pointer... yes -[ 32s] checking whether ln -s works... yes -[ 32s] checking whether make sets $(MAKE)... (cached) yes -[ 32s] checking whether ld supports --as-needed... yes -[ 32s] checking whether ld supports --no-undefined... yes -[ 32s] checking whether ld supports -O1... yes -[ 32s] checking whether ld supports "-z now"... yes -[ 32s] checking for special C compiler options needed for large files... no -[ 33s] checking for _FILE_OFFSET_BITS value needed for large files... no -[ 33s] checking whether gcc handles -Werror -Wunknown-warning-option... no -[ 33s] checking whether gcc handles -W... yes -[ 33s] checking whether gcc handles -Wall... yes -[ 33s] checking whether gcc handles -Wbad-function-cast... yes -[ 33s] checking whether gcc handles -Wcast-align... yes -[ 33s] checking whether gcc handles -Wcast-align=strict... yes -[ 33s] checking whether gcc handles -Wcast-qual... yes -[ 33s] checking whether gcc handles -Wdeprecated... yes -[ 33s] checking whether gcc handles -Winline... yes -[ 33s] checking whether gcc handles -Wmain... yes -[ 33s] checking whether gcc handles -Wmissing-declarations... yes -[ 33s] checking whether gcc handles -Wmissing-format-attribute... yes -[ 33s] checking whether gcc handles -Wmissing-prototypes... yes -[ 33s] checking whether gcc handles -Wp64... no -[ 33s] checking whether gcc handles -Wpointer-arith... yes -[ 34s] checking whether gcc handles -Wreturn-type... yes -[ 34s] checking whether gcc handles -Wshadow... yes -[ 34s] checking whether gcc handles -Wstrict-prototypes... yes -[ 34s] checking whether gcc handles -Wuninitialized... yes -[ 34s] checking whether gcc handles -Wwrite-strings... yes -[ 34s] checking for CC_FOR_BUILD... gcc -[ 34s] checking for __attribute__((unused))... yes -[ 34s] checking for .symver assembler directive... yes -[ 34s] checking for ld --version-script... yes -[ 34s] checking for -fpie/-pie support... yes -[ 34s] checking for libprelude-config... no -[ 34s] checking for libprelude - version >= 0.9.0... no -[ 34s] Defining $ISA to "../../lib64/security" -[ 34s] checking paths.h usability... yes -[ 34s] checking paths.h presence... yes -[ 34s] checking for paths.h... yes -[ 34s] checking for xauth... no -[ 34s] checking for library containing dlopen... -ldl -[ 34s] checking crack.h usability... yes -[ 34s] checking crack.h presence... yes -[ 34s] checking for crack.h... yes -[ 34s] checking for FascistCheck in -lcrack... yes -[ 34s] checking libaudit.h usability... yes -[ 34s] checking libaudit.h presence... yes -[ 34s] checking for libaudit.h... yes -[ 34s] checking for audit_log_acct_message in -laudit... yes -[ 35s] checking for struct audit_tty_status... yes -[ 35s] checking for struct audit_tty_status.log_passwd... yes -[ 35s] checking xcrypt.h usability... yes -[ 35s] checking xcrypt.h presence... yes -[ 35s] checking for xcrypt.h... yes -[ 35s] checking crypt.h usability... yes -[ 35s] checking crypt.h presence... yes -[ 35s] checking for crypt.h... yes -[ 35s] checking for library containing crypt... -lxcrypt -[ 35s] checking for crypt_r... yes -[ 35s] checking for crypt_gensalt_r... no -[ 35s] checking for db_create... yes -[ 35s] checking db.h usability... yes -[ 35s] checking db.h presence... yes -[ 35s] checking for db.h... yes -[ 35s] checking for x86_64-suse-linux-gnu-pkg-config... /usr/bin/x86_64-suse-linux-gnu-pkg-config -[ 35s] checking pkg-config is at least version 0.9.0... yes -[ 35s] checking for TIRPC... no -[ 35s] checking for NSL... no -[ 35s] checking for yp_match in -lnsl... no -[ 35s] checking for yp_get_default_domain... no -[ 35s] checking for yperr_string... no -[ 35s] checking for yp_master... no -[ 36s] checking for yp_bind... no -[ 36s] checking for yp_match... no -[ 36s] checking for yp_unbind... no -[ 36s] checking for getrpcport... no -[ 36s] checking for rpcb_getaddr... no -[ 36s] checking rpc/rpc.h usability... no -[ 36s] checking rpc/rpc.h presence... no -[ 36s] checking for rpc/rpc.h... no -[ 36s] checking rpcsvc/ypclnt.h usability... no -[ 36s] checking rpcsvc/ypclnt.h presence... no -[ 36s] checking for rpcsvc/ypclnt.h... no -[ 36s] checking rpcsvc/yp_prot.h usability... no -[ 36s] checking rpcsvc/yp_prot.h presence... no -[ 36s] checking for rpcsvc/yp_prot.h... no -[ 36s] checking whether getrpcport is declared... no -[ 36s] checking for getfilecon in -lselinux... yes -[ 36s] checking for setkeycreatecon... yes -[ 36s] checking for getseuser... yes -[ 36s] checking for ECONF... yes -[ 36s] checking for dirent.h that defines DIR... yes -[ 36s] checking for library containing opendir... none required -[ 36s] checking for ANSI C header files... (cached) yes -[ 36s] checking for sys/wait.h that is POSIX.1 compatible... yes -[ 36s] checking fcntl.h usability... yes -[ 36s] checking fcntl.h presence... yes -[ 36s] checking for fcntl.h... yes -[ 36s] checking limits.h usability... yes -[ 36s] checking limits.h presence... yes -[ 36s] checking for limits.h... yes -[ 37s] checking malloc.h usability... yes -[ 37s] checking malloc.h presence... yes -[ 37s] checking for malloc.h... yes -[ 37s] checking sys/file.h usability... yes -[ 37s] checking sys/file.h presence... yes -[ 37s] checking for sys/file.h... yes -[ 37s] checking sys/ioctl.h usability... yes -[ 37s] checking sys/ioctl.h presence... yes -[ 37s] checking for sys/ioctl.h... yes -[ 37s] checking sys/time.h usability... yes -[ 37s] checking sys/time.h presence... yes -[ 37s] checking for sys/time.h... yes -[ 37s] checking syslog.h usability... yes -[ 37s] checking syslog.h presence... yes -[ 37s] checking for syslog.h... yes -[ 37s] checking net/if.h usability... yes -[ 37s] checking net/if.h presence... yes -[ 37s] checking for net/if.h... yes -[ 37s] checking termio.h usability... yes -[ 37s] checking termio.h presence... yes -[ 37s] checking for termio.h... yes -[ 37s] checking for unistd.h... (cached) yes -[ 37s] checking sys/fsuid.h usability... yes -[ 37s] checking sys/fsuid.h presence... yes -[ 37s] checking for sys/fsuid.h... yes -[ 37s] checking inittypes.h usability... no -[ 37s] checking inittypes.h presence... no -[ 37s] checking for inittypes.h... no -[ 37s] checking lastlog.h usability... yes -[ 37s] checking lastlog.h presence... yes -[ 37s] checking for lastlog.h... yes -[ 37s] checking utmp.h usability... yes -[ 37s] checking utmp.h presence... yes -[ 37s] checking for utmp.h... yes -[ 37s] checking utmpx.h usability... yes -[ 37s] checking utmpx.h presence... yes -[ 37s] checking for utmpx.h... yes -[ 37s] checking whether byte ordering is bigendian... no -[ 37s] checking for an ANSI C-conforming const... yes -[ 37s] checking for uid_t in sys/types.h... yes -[ 37s] checking for off_t... yes -[ 37s] checking for pid_t... yes -[ 37s] checking for size_t... yes -[ 37s] checking whether time.h and sys/time.h may both be included... yes -[ 38s] checking whether struct tm is in sys/time.h or time.h... time.h -[ 38s] checking type of array argument to getgroups... gid_t -[ 38s] checking whether gcc needs -traditional... no -[ 38s] checking for working memcmp... yes -[ 38s] checking for vprintf... yes -[ 38s] checking for _doprnt... no -[ 38s] checking for fseeko... yes -[ 38s] checking for getdomainname... yes -[ 38s] checking for gethostname... yes -[ 38s] checking for gettimeofday... yes -[ 38s] checking for lckpwdf... yes -[ 38s] checking for mkdir... yes -[ 38s] checking for select... yes -[ 39s] checking for strcspn... yes -[ 39s] checking for strdup... yes -[ 39s] checking for strspn... yes -[ 39s] checking for strstr... yes -[ 39s] checking for strtol... yes -[ 39s] checking for uname... yes -[ 39s] checking for getutent_r... yes -[ 39s] checking for getpwnam_r... yes -[ 39s] checking for getpwuid_r... yes -[ 39s] checking for getgrnam_r... yes -[ 39s] checking for getgrgid_r... yes -[ 39s] checking for getspnam_r... yes -[ 40s] checking for getmntent_r... yes -[ 40s] checking for getgrouplist... yes -[ 40s] checking for getline... yes -[ 40s] checking for getdelim... yes -[ 40s] checking for inet_ntop... yes -[ 40s] checking for inet_pton... yes -[ 40s] checking for innetgr... yes -[ 40s] checking for quotactl... yes -[ 40s] checking for unshare... yes -[ 40s] checking for ruserok_af... yes -[ 40s] checking for logwtmp... yes -[ 40s] checking for xsltproc... no -[ 40s] checking for xmllint... /bin/true -[ 40s] checking for XML catalog (/etc/xml/catalog)... not found -[ 40s] checking for xmlcatalog... no -[ 40s] checking for DocBook XML DTD V4.4 in XML catalog... not found -[ 40s] checking for DocBook XSL Stylesheets in XML catalog... not found -[ 40s] checking for w3m... no -[ 40s] checking for elinks... no -[ 40s] checking for fop... no -[ 40s] checking whether NLS is requested... yes -[ 40s] checking for msgfmt... /usr/bin/msgfmt -[ 40s] checking for gmsgfmt... /usr/bin/msgfmt -[ 40s] checking for xgettext... /usr/bin/xgettext -[ 40s] checking for msgmerge... /usr/bin/msgmerge -[ 40s] checking for ld used by gcc... /usr/x86_64-suse-linux/bin/ld -m elf_x86_64 -[ 40s] checking if the linker (/usr/x86_64-suse-linux/bin/ld -m elf_x86_64) is GNU ld... yes -[ 40s] checking for shared library run path origin... done -[ 40s] checking for CFPreferencesCopyAppValue... no -[ 40s] checking for CFLocaleCopyCurrent... no -[ 41s] checking for GNU gettext in libc... yes -[ 41s] checking whether to use NLS... yes -[ 41s] checking where the gettext function comes from... libc -[ 41s] checking for dngettext... yes -[ 41s] checking whether __NR_keyctl is declared... yes -[ 41s] checking that generated files are newer than configure... done -[ 41s] configure: creating ./config.status -[ 41s] /bin/sh ./config.status -[ 41s] config.status: creating Makefile -[ 41s] config.status: creating libpam/Makefile -[ 41s] config.status: creating libpamc/Makefile -[ 41s] config.status: creating libpamc/test/Makefile -[ 41s] config.status: creating libpam_misc/Makefile -[ 41s] config.status: creating conf/Makefile -[ 41s] config.status: creating conf/pam_conv1/Makefile -[ 41s] config.status: creating po/Makefile.in -[ 41s] config.status: creating Make.xml.rules -[ 41s] config.status: creating modules/Makefile -[ 41s] config.status: creating modules/pam_access/Makefile -[ 41s] config.status: creating modules/pam_cracklib/Makefile -[ 41s] config.status: creating modules/pam_debug/Makefile -[ 41s] config.status: creating modules/pam_deny/Makefile -[ 41s] config.status: creating modules/pam_echo/Makefile -[ 41s] config.status: creating modules/pam_env/Makefile -[ 41s] config.status: creating modules/pam_faildelay/Makefile -[ 41s] config.status: creating modules/pam_faillock/Makefile -[ 41s] config.status: creating modules/pam_filter/Makefile -[ 41s] config.status: creating modules/pam_filter/upperLOWER/Makefile -[ 41s] config.status: creating modules/pam_ftp/Makefile -[ 42s] config.status: creating modules/pam_group/Makefile -[ 42s] config.status: creating modules/pam_issue/Makefile -[ 42s] config.status: creating modules/pam_keyinit/Makefile -[ 42s] config.status: creating modules/pam_lastlog/Makefile -[ 42s] config.status: creating modules/pam_limits/Makefile -[ 42s] config.status: creating modules/pam_listfile/Makefile -[ 42s] config.status: creating modules/pam_localuser/Makefile -[ 42s] config.status: creating modules/pam_loginuid/Makefile -[ 42s] config.status: creating modules/pam_mail/Makefile -[ 42s] config.status: creating modules/pam_mkhomedir/Makefile -[ 42s] config.status: creating modules/pam_motd/Makefile -[ 42s] config.status: creating modules/pam_namespace/Makefile -[ 42s] config.status: creating modules/pam_namespace/pam_namespace_helper -[ 42s] config.status: creating modules/pam_namespace/pam_namespace.service -[ 42s] config.status: creating modules/pam_nologin/Makefile -[ 42s] config.status: creating modules/pam_permit/Makefile -[ 42s] config.status: creating modules/pam_pwhistory/Makefile -[ 42s] config.status: creating modules/pam_rhosts/Makefile -[ 42s] config.status: creating modules/pam_rootok/Makefile -[ 42s] config.status: creating modules/pam_exec/Makefile -[ 42s] config.status: creating modules/pam_securetty/Makefile -[ 42s] config.status: creating modules/pam_selinux/Makefile -[ 42s] config.status: creating modules/pam_sepermit/Makefile -[ 42s] config.status: creating modules/pam_setquota/Makefile -[ 42s] config.status: creating modules/pam_shells/Makefile -[ 42s] config.status: creating modules/pam_stress/Makefile -[ 42s] config.status: creating modules/pam_succeed_if/Makefile -[ 42s] config.status: creating modules/pam_tally2/Makefile -[ 42s] config.status: creating modules/pam_time/Makefile -[ 42s] config.status: creating modules/pam_timestamp/Makefile -[ 42s] config.status: creating modules/pam_tty_audit/Makefile -[ 42s] config.status: creating modules/pam_umask/Makefile -[ 42s] config.status: creating modules/pam_unix/Makefile -[ 42s] config.status: creating modules/pam_userdb/Makefile -[ 42s] config.status: creating modules/pam_usertype/Makefile -[ 42s] config.status: creating modules/pam_warn/Makefile -[ 42s] config.status: creating modules/pam_wheel/Makefile -[ 42s] config.status: creating modules/pam_xauth/Makefile -[ 42s] config.status: creating doc/Makefile -[ 42s] config.status: creating doc/specs/Makefile -[ 42s] config.status: creating doc/man/Makefile -[ 42s] config.status: creating doc/sag/Makefile -[ 42s] config.status: creating doc/adg/Makefile -[ 42s] config.status: creating doc/mwg/Makefile -[ 42s] config.status: creating examples/Makefile -[ 42s] config.status: creating tests/Makefile -[ 42s] config.status: creating xtests/Makefile -[ 42s] config.status: creating config.h -[ 42s] config.status: config.h is unchanged -[ 42s] config.status: executing depfiles commands -[ 42s] config.status: executing libtool commands -[ 42s] config.status: executing po-directories commands -[ 42s] config.status: creating po/POTFILES -[ 42s] config.status: creating po/Makefile -[ 42s] (CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/missing' autoheader) -[ 42s] rm -f stamp-h1 -[ 42s] touch config.h.in -[ 43s] cd . && /bin/sh ./config.status config.h -[ 43s] config.status: creating config.h -[ 43s] make all-recursive -[ 43s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 43s] Making all in libpam -[ 43s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_account.lo pam_account.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_auth.lo pam_auth.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_data.lo pam_data.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_delay.lo pam_delay.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_dispatch.lo pam_dispatch.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_end.lo pam_end.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_env.lo pam_env.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_get_authtok.lo pam_get_authtok.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_account.c -fPIC -DPIC -o .libs/pam_account.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_dispatch.c -fPIC -DPIC -o .libs/pam_dispatch.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_end.c -fPIC -DPIC -o .libs/pam_end.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_env.c -fPIC -DPIC -o .libs/pam_env.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_data.c -fPIC -DPIC -o .libs/pam_data.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_get_authtok.c -fPIC -DPIC -o .libs/pam_get_authtok.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_delay.c -fPIC -DPIC -o .libs/pam_delay.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_handlers.lo pam_handlers.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_item.lo pam_item.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_misc.lo pam_misc.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_password.lo pam_password.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_prelude.lo pam_prelude.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_session.lo pam_session.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_start.lo pam_start.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_item.c -fPIC -DPIC -o .libs/pam_item.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_misc.c -fPIC -DPIC -o .libs/pam_misc.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_handlers.c -fPIC -DPIC -o .libs/pam_handlers.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_password.c -fPIC -DPIC -o .libs/pam_password.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_prelude.c -fPIC -DPIC -o .libs/pam_prelude.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_strerror.lo pam_strerror.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_vprompt.lo pam_vprompt.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_start.c -fPIC -DPIC -o .libs/pam_start.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_syslog.lo pam_syslog.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_session.c -fPIC -DPIC -o .libs/pam_session.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_dynamic.lo pam_dynamic.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_auth.c -fPIC -DPIC -o .libs/pam_auth.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_audit.lo pam_audit.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_syslog.c -fPIC -DPIC -o .libs/pam_syslog.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_check_user.lo pam_modutil_check_user.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_cleanup.lo pam_modutil_cleanup.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getpwnam.lo pam_modutil_getpwnam.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_vprompt.c -fPIC -DPIC -o .libs/pam_vprompt.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_strerror.c -fPIC -DPIC -o .libs/pam_strerror.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_dynamic.c -fPIC -DPIC -o .libs/pam_dynamic.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_audit.c -fPIC -DPIC -o .libs/pam_audit.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_ioloop.lo pam_modutil_ioloop.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_check_user.c -fPIC -DPIC -o .libs/pam_modutil_check_user.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getpwnam.c -fPIC -DPIC -o .libs/pam_modutil_getpwnam.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getgrgid.lo pam_modutil_getgrgid.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_cleanup.c -fPIC -DPIC -o .libs/pam_modutil_cleanup.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getpwuid.lo pam_modutil_getpwuid.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getgrnam.lo pam_modutil_getgrnam.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getspnam.lo pam_modutil_getspnam.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_getlogin.lo pam_modutil_getlogin.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_ingroup.lo pam_modutil_ingroup.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_ioloop.c -fPIC -DPIC -o .libs/pam_modutil_ioloop.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_priv.lo pam_modutil_priv.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getgrgid.c -fPIC -DPIC -o .libs/pam_modutil_getgrgid.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getgrnam.c -fPIC -DPIC -o .libs/pam_modutil_getgrnam.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getpwuid.c -fPIC -DPIC -o .libs/pam_modutil_getpwuid.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getlogin.c -fPIC -DPIC -o .libs/pam_modutil_getlogin.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_getspnam.c -fPIC -DPIC -o .libs/pam_modutil_getspnam.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_sanitize.lo pam_modutil_sanitize.c -[ 43s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_modutil_searchkey.lo pam_modutil_searchkey.c -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_priv.c -fPIC -DPIC -o .libs/pam_modutil_priv.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_ingroup.c -fPIC -DPIC -o .libs/pam_modutil_ingroup.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_sanitize.c -fPIC -DPIC -o .libs/pam_modutil_sanitize.o -[ 43s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_modutil_searchkey.c -fPIC -DPIC -o .libs/pam_modutil_searchkey.o -[ 43s] /bin/sh ../libtool --tag=CC --mode=link gcc -DDEFAULT_MODULE_PATH=\"/lib64/security/\" -DLIBPAM_COMPILE -I./include -DUSE_ECONF=1 -DPAM_VERSION=\"1.5.1\" -DSYSCONFDIR=\"/etc\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 85:1:85 -Wl,--version-script=./libpam.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpam.la -rpath /lib64 pam_account.lo pam_auth.lo pam_data.lo pam_delay.lo pam_dispatch.lo pam_end.lo pam_env.lo pam_get_authtok.lo pam_handlers.lo pam_item.lo pam_misc.lo pam_password.lo pam_prelude.lo pam_session.lo pam_start.lo pam_strerror.lo pam_vprompt.lo pam_syslog.lo pam_dynamic.lo pam_audit.lo pam_modutil_check_user.lo pam_modutil_cleanup.lo pam_modutil_getpwnam.lo pam_modutil_ioloop.lo pam_modutil_getgrgid.lo pam_modutil_getpwuid.lo pam_modutil_getgrnam.lo pam_modutil_getspnam.lo pam_modutil_getlogin.lo pam_modutil_ingroup.lo pam_modutil_priv.lo pam_modutil_sanitize.lo pam_modutil_searchkey.lo -laudit -leconf -ldl -[ 43s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_account.o .libs/pam_auth.o .libs/pam_data.o .libs/pam_delay.o .libs/pam_dispatch.o .libs/pam_end.o .libs/pam_env.o .libs/pam_get_authtok.o .libs/pam_handlers.o .libs/pam_item.o .libs/pam_misc.o .libs/pam_password.o .libs/pam_prelude.o .libs/pam_session.o .libs/pam_start.o .libs/pam_strerror.o .libs/pam_vprompt.o .libs/pam_syslog.o .libs/pam_dynamic.o .libs/pam_audit.o .libs/pam_modutil_check_user.o .libs/pam_modutil_cleanup.o .libs/pam_modutil_getpwnam.o .libs/pam_modutil_ioloop.o .libs/pam_modutil_getgrgid.o .libs/pam_modutil_getpwuid.o .libs/pam_modutil_getgrnam.o .libs/pam_modutil_getspnam.o .libs/pam_modutil_getlogin.o .libs/pam_modutil_ingroup.o .libs/pam_modutil_priv.o .libs/pam_modutil_sanitize.o .libs/pam_modutil_searchkey.o -laudit -leconf -ldl -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpam.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpam.so.0 -o .libs/libpam.so.0.85.1 -[ 44s] libtool: link: (cd ".libs" && rm -f "libpam.so.0" && ln -s "libpam.so.0.85.1" "libpam.so.0") -[ 44s] libtool: link: (cd ".libs" && rm -f "libpam.so" && ln -s "libpam.so.0.85.1" "libpam.so") -[ 44s] libtool: link: ( cd ".libs" && rm -f "libpam.la" && ln -s "../libpam.la" "libpam.la" ) -[ 44s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' -[ 44s] Making all in tests -[ 44s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 44s] make[2]: Nothing to be done for 'all'. -[ 44s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 44s] Making all in libpamc -[ 44s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 44s] Making all in test -[ 44s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' -[ 44s] make[3]: Nothing to be done for 'all'. -[ 44s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' -[ 44s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pamc_client.lo pamc_client.c -[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pamc_converse.lo pamc_converse.c -[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pamc_load.lo pamc_load.c -[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pamc_client.c -fPIC -DPIC -o .libs/pamc_client.o -[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pamc_load.c -fPIC -DPIC -o .libs/pamc_load.o -[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pamc_converse.c -fPIC -DPIC -o .libs/pamc_converse.o -[ 44s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 82:1:82 -Wl,--version-script=./libpamc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpamc.la -rpath /lib64 pamc_client.lo pamc_converse.lo pamc_load.lo -[ 44s] libtool: link: gcc -shared -fPIC -DPIC .libs/pamc_client.o .libs/pamc_converse.o .libs/pamc_load.o -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpamc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpamc.so.0 -o .libs/libpamc.so.0.82.1 -[ 44s] libtool: link: (cd ".libs" && rm -f "libpamc.so.0" && ln -s "libpamc.so.0.82.1" "libpamc.so.0") -[ 44s] libtool: link: (cd ".libs" && rm -f "libpamc.so" && ln -s "libpamc.so.0.82.1" "libpamc.so") -[ 44s] libtool: link: ( cd ".libs" && rm -f "libpamc.la" && ln -s "../libpamc.la" "libpamc.la" ) -[ 44s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 44s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 44s] Making all in libpam_misc -[ 44s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' -[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o help_env.lo help_env.c -[ 44s] /bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o misc_conv.lo misc_conv.c -[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c help_env.c -fPIC -DPIC -o .libs/help_env.o -[ 44s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c misc_conv.c -fPIC -DPIC -o .libs/misc_conv.o -[ 45s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 82:1:82 -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpam_misc.la -rpath /lib64 help_env.lo misc_conv.lo ../libpam/libpam.la -[ 45s] libtool: link: gcc -shared -fPIC -DPIC .libs/help_env.o .libs/misc_conv.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpam_misc.so.0 -o .libs/libpam_misc.so.0.82.1 -[ 45s] libtool: link: (cd ".libs" && rm -f "libpam_misc.so.0" && ln -s "libpam_misc.so.0.82.1" "libpam_misc.so.0") -[ 45s] libtool: link: (cd ".libs" && rm -f "libpam_misc.so" && ln -s "libpam_misc.so.0.82.1" "libpam_misc.so") -[ 45s] libtool: link: ( cd ".libs" && rm -f "libpam_misc.la" && ln -s "../libpam_misc.la" "libpam_misc.la" ) -[ 45s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' -[ 45s] Making all in modules -[ 45s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 45s] Making all in pam_access -[ 45s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 45s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" -DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_access.lo pam_access.c -[ 45s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" "-DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\"" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_access.c -fPIC -DPIC -o .libs/pam_access.o -[ 45s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" -DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_access.la -rpath /lib64/security pam_access.lo ../../libpam/libpam.la -[ 45s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_access.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_access.so -o .libs/pam_access.so -[ 45s] libtool: link: ( cd ".libs" && rm -f "pam_access.la" && ln -s "../pam_access.la" "pam_access.la" ) -[ 45s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 45s] Making all in pam_cracklib -[ 45s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 45s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_cracklib.lo pam_cracklib.c -[ 45s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_cracklib.c -fPIC -DPIC -o .libs/pam_cracklib.o -[ 45s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_cracklib.la -rpath /lib64/security pam_cracklib.lo ../../libpam/libpam.la -lcrack -lxcrypt -[ 45s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_cracklib.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lcrack -lxcrypt -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_cracklib.so -o .libs/pam_cracklib.so -[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_cracklib.la" && ln -s "../pam_cracklib.la" "pam_cracklib.la" ) -[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 46s] Making all in pam_debug -[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_debug.lo pam_debug.c -[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_debug.c -fPIC -DPIC -o .libs/pam_debug.o -[ 46s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_debug.la -rpath /lib64/security pam_debug.lo ../../libpam/libpam.la -[ 46s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_debug.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_debug.so -o .libs/pam_debug.so -[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_debug.la" && ln -s "../pam_debug.la" "pam_debug.la" ) -[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 46s] Making all in pam_deny -[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_deny.lo pam_deny.c -[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_deny.c -fPIC -DPIC -o .libs/pam_deny.o -[ 46s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_deny.la -rpath /lib64/security pam_deny.lo ../../libpam/libpam.la -[ 46s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_deny.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_deny.so -o .libs/pam_deny.so -[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_deny.la" && ln -s "../pam_deny.la" "pam_deny.la" ) -[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 46s] Making all in pam_echo -[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_echo.lo pam_echo.c -[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_echo.c -fPIC -DPIC -o .libs/pam_echo.o -[ 46s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_echo.la -rpath /lib64/security pam_echo.lo ../../libpam/libpam.la -[ 46s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_echo.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_echo.so -o .libs/pam_echo.so -[ 46s] libtool: link: ( cd ".libs" && rm -f "pam_echo.la" && ln -s "../pam_echo.la" "pam_echo.la" ) -[ 46s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 46s] Making all in pam_env -[ 46s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 46s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_env.lo pam_env.c -[ 46s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_env.c -fPIC -DPIC -o .libs/pam_env.o -[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_env.la -rpath /lib64/security pam_env.lo ../../libpam/libpam.la -[ 47s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_env.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_env.so -o .libs/pam_env.so -[ 47s] libtool: link: ( cd ".libs" && rm -f "pam_env.la" && ln -s "../pam_env.la" "pam_env.la" ) -[ 47s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 47s] Making all in pam_exec -[ 47s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_exec.lo pam_exec.c -[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_exec.c -fPIC -DPIC -o .libs/pam_exec.o -[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_exec.la -rpath /lib64/security pam_exec.lo ../../libpam/libpam.la -[ 47s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_exec.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_exec.so -o .libs/pam_exec.so -[ 47s] libtool: link: ( cd ".libs" && rm -f "pam_exec.la" && ln -s "../pam_exec.la" "pam_exec.la" ) -[ 47s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 47s] Making all in pam_faildelay -[ 47s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_faildelay.lo pam_faildelay.c -[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_faildelay.c -fPIC -DPIC -o .libs/pam_faildelay.o -[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faildelay.la -rpath /lib64/security pam_faildelay.lo ../../libpam/libpam.la -[ 47s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_faildelay.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faildelay.so -o .libs/pam_faildelay.so -[ 47s] libtool: link: ( cd ".libs" && rm -f "pam_faildelay.la" && ln -s "../pam_faildelay.la" "pam_faildelay.la" ) -[ 47s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 47s] Making all in pam_faillock -[ 47s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 47s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o faillock-main.o `test -f 'main.c' || echo './'`main.c -[ 47s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o faillock-faillock.o `test -f 'faillock.c' || echo './'`faillock.c -[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_faillock.lo pam_faillock.c -[ 47s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o faillock.lo faillock.c -[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c faillock.c -fPIC -DPIC -o .libs/faillock.o -[ 47s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_faillock.c -fPIC -DPIC -o .libs/pam_faillock.o -[ 47s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o faillock faillock-main.o faillock-faillock.o ../../libpam/libpam.la -laudit -[ 48s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faillock.la -rpath /lib64/security pam_faillock.lo faillock.lo ../../libpam/libpam.la -laudit -[ 48s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/faillock faillock-main.o faillock-faillock.o ../../libpam/.libs/libpam.so -laudit -[ 48s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_faillock.o .libs/faillock.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faillock.so -o .libs/pam_faillock.so -[ 48s] libtool: link: ( cd ".libs" && rm -f "pam_faillock.la" && ln -s "../pam_faillock.la" "pam_faillock.la" ) -[ 48s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 48s] Making all in pam_filter -[ 48s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 48s] Making all in upperLOWER -[ 48s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' -[ 48s] gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../../libpam/include -I../../../libpamc/include -I./.. -fpie -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o upperLOWER.o upperLOWER.c -[ 48s] /bin/sh ../../../libtool --tag=CC --mode=link gcc -I../../../libpam/include -I../../../libpamc/include -I./.. -fpie -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o upperLOWER upperLOWER.o ../../../libpam/libpam.la -[ 48s] libtool: link: gcc -I../../../libpam/include -I../../../libpamc/include -I./.. -fpie -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/upperLOWER upperLOWER.o ../../../libpam/.libs/libpam.so -[ 48s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' -[ 48s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 48s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_filter.lo pam_filter.c -[ 48s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_filter.c -fPIC -DPIC -o .libs/pam_filter.o -[ 48s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_filter.la -rpath /lib64/security pam_filter.lo ../../libpam/libpam.la -[ 48s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_filter.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_filter.so -o .libs/pam_filter.so -[ 48s] libtool: link: ( cd ".libs" && rm -f "pam_filter.la" && ln -s "../pam_filter.la" "pam_filter.la" ) -[ 48s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 48s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 48s] Making all in pam_ftp -[ 48s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 48s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_ftp.lo pam_ftp.c -[ 48s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_ftp.c -fPIC -DPIC -o .libs/pam_ftp.o -[ 49s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_ftp.la -rpath /lib64/security pam_ftp.lo ../../libpam/libpam.la -[ 49s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_ftp.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_ftp.so -o .libs/pam_ftp.so -[ 49s] libtool: link: ( cd ".libs" && rm -f "pam_ftp.la" && ln -s "../pam_ftp.la" "pam_ftp.la" ) -[ 49s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 49s] Making all in pam_group -[ 49s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 49s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_group.lo pam_group.c -[ 49s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_group.c -fPIC -DPIC -o .libs/pam_group.o -[ 49s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_group.la -rpath /lib64/security pam_group.lo ../../libpam/libpam.la -[ 49s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_group.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_group.so -o .libs/pam_group.so -[ 49s] libtool: link: ( cd ".libs" && rm -f "pam_group.la" && ln -s "../pam_group.la" "pam_group.la" ) -[ 49s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 49s] Making all in pam_issue -[ 49s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 49s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_issue.lo pam_issue.c -[ 49s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_issue.c -fPIC -DPIC -o .libs/pam_issue.o -[ 49s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_issue.la -rpath /lib64/security pam_issue.lo ../../libpam/libpam.la -[ 49s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_issue.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_issue.so -o .libs/pam_issue.so -[ 49s] libtool: link: ( cd ".libs" && rm -f "pam_issue.la" && ln -s "../pam_issue.la" "pam_issue.la" ) -[ 49s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 49s] Making all in pam_keyinit -[ 49s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 49s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_keyinit.lo pam_keyinit.c -[ 49s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_keyinit.c -fPIC -DPIC -o .libs/pam_keyinit.o -[ 50s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_keyinit.la -rpath /lib64/security pam_keyinit.lo ../../libpam/libpam.la -[ 50s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_keyinit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_keyinit.so -o .libs/pam_keyinit.so -[ 50s] libtool: link: ( cd ".libs" && rm -f "pam_keyinit.la" && ln -s "../pam_keyinit.la" "pam_keyinit.la" ) -[ 50s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 50s] Making all in pam_lastlog -[ 50s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 50s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_lastlog.lo pam_lastlog.c -[ 50s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_lastlog.c -fPIC -DPIC -o .libs/pam_lastlog.o -[ 50s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_lastlog.la -rpath /lib64/security pam_lastlog.lo ../../libpam/libpam.la -lutil -[ 50s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_lastlog.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lutil -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_lastlog.so -o .libs/pam_lastlog.so -[ 50s] libtool: link: ( cd ".libs" && rm -f "pam_lastlog.la" && ln -s "../pam_lastlog.la" "pam_lastlog.la" ) -[ 50s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 50s] Making all in pam_limits -[ 50s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 50s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_limits.lo pam_limits.c -[ 50s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include "-DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\"" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_limits.c -fPIC -DPIC -o .libs/pam_limits.o -[ 50s] pam_limits.c: In function 'value_from_proc_sys_fs': -[ 50s] pam_limits.c:495:44: warning: unused parameter 'pamh' [-Wunused-parameter] -[ 50s] 495 | value_from_proc_sys_fs(const pam_handle_t *pamh, const char *name, rlim_t *valuep) -[ 50s] | ~~~~~~~~~~~~~~~~~~~~^~~~ -[ 50s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_limits.la -rpath /lib64/security pam_limits.lo ../../libpam/libpam.la -[ 50s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_limits.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_limits.so -o .libs/pam_limits.so -[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_limits.la" && ln -s "../pam_limits.la" "pam_limits.la" ) -[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 51s] Making all in pam_listfile -[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_listfile.lo pam_listfile.c -[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_listfile.c -fPIC -DPIC -o .libs/pam_listfile.o -[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_listfile.la -rpath /lib64/security pam_listfile.lo ../../libpam/libpam.la -[ 51s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_listfile.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_listfile.so -o .libs/pam_listfile.so -[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_listfile.la" && ln -s "../pam_listfile.la" "pam_listfile.la" ) -[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 51s] Making all in pam_localuser -[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_localuser.lo pam_localuser.c -[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_localuser.c -fPIC -DPIC -o .libs/pam_localuser.o -[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_localuser.la -rpath /lib64/security pam_localuser.lo ../../libpam/libpam.la -[ 51s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_localuser.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_localuser.so -o .libs/pam_localuser.so -[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_localuser.la" && ln -s "../pam_localuser.la" "pam_localuser.la" ) -[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 51s] Making all in pam_loginuid -[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_loginuid.lo pam_loginuid.c -[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_loginuid.c -fPIC -DPIC -o .libs/pam_loginuid.o -[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_loginuid.la -rpath /lib64/security pam_loginuid.lo ../../libpam/libpam.la -laudit -[ 51s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_loginuid.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_loginuid.so -o .libs/pam_loginuid.so -[ 51s] libtool: link: ( cd ".libs" && rm -f "pam_loginuid.la" && ln -s "../pam_loginuid.la" "pam_loginuid.la" ) -[ 51s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 51s] Making all in pam_mail -[ 51s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 51s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_mail.lo pam_mail.c -[ 51s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_mail.c -fPIC -DPIC -o .libs/pam_mail.o -[ 51s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mail.la -rpath /lib64/security pam_mail.lo ../../libpam/libpam.la -[ 52s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_mail.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mail.so -o .libs/pam_mail.so -[ 52s] libtool: link: ( cd ".libs" && rm -f "pam_mail.la" && ln -s "../pam_mail.la" "pam_mail.la" ) -[ 52s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 52s] Making all in pam_mkhomedir -[ 52s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 52s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o mkhomedir_helper-mkhomedir_helper.o `test -f 'mkhomedir_helper.c' || echo './'`mkhomedir_helper.c -[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_mkhomedir.lo pam_mkhomedir.c -[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_mkhomedir.c -fPIC -DPIC -o .libs/pam_mkhomedir.o -[ 52s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o mkhomedir_helper mkhomedir_helper-mkhomedir_helper.o ../../libpam/libpam.la -[ 52s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mkhomedir.la -rpath /lib64/security pam_mkhomedir.lo ../../libpam/libpam.la -[ 52s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/mkhomedir_helper mkhomedir_helper-mkhomedir_helper.o ../../libpam/.libs/libpam.so -[ 52s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_mkhomedir.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mkhomedir.so -o .libs/pam_mkhomedir.so -[ 52s] libtool: link: ( cd ".libs" && rm -f "pam_mkhomedir.la" && ln -s "../pam_mkhomedir.la" "pam_mkhomedir.la" ) -[ 52s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 52s] Making all in pam_motd -[ 52s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_motd.lo pam_motd.c -[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_motd.c -fPIC -DPIC -o .libs/pam_motd.o -[ 52s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_motd.la -rpath /lib64/security pam_motd.lo ../../libpam/libpam.la -[ 52s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_motd.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_motd.so -o .libs/pam_motd.so -[ 52s] libtool: link: ( cd ".libs" && rm -f "pam_motd.la" && ln -s "../pam_motd.la" "pam_motd.la" ) -[ 52s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 52s] Making all in pam_namespace -[ 52s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_namespace.lo pam_namespace.c -[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o md5.lo md5.c -[ 52s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o argv_parse.lo argv_parse.c -[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c md5.c -fPIC -DPIC -o .libs/md5.o -[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_namespace.c -fPIC -DPIC -o .libs/pam_namespace.o -[ 52s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c argv_parse.c -fPIC -DPIC -o .libs/argv_parse.o -[ 53s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_namespace.la -rpath /lib64/security pam_namespace.lo md5.lo argv_parse.lo ../../libpam/libpam.la -lselinux -[ 53s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_namespace.o .libs/md5.o .libs/argv_parse.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_namespace.so -o .libs/pam_namespace.so -[ 53s] libtool: link: ( cd ".libs" && rm -f "pam_namespace.la" && ln -s "../pam_namespace.la" "pam_namespace.la" ) -[ 53s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 53s] Making all in pam_nologin -[ 53s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 53s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_nologin.lo pam_nologin.c -[ 53s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_nologin.c -fPIC -DPIC -o .libs/pam_nologin.o -[ 53s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_nologin.la -rpath /lib64/security pam_nologin.lo ../../libpam/libpam.la -[ 53s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_nologin.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_nologin.so -o .libs/pam_nologin.so -[ 53s] libtool: link: ( cd ".libs" && rm -f "pam_nologin.la" && ln -s "../pam_nologin.la" "pam_nologin.la" ) -[ 53s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 53s] Making all in pam_permit -[ 53s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 53s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_permit.lo pam_permit.c -[ 53s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_permit.c -fPIC -DPIC -o .libs/pam_permit.o -[ 53s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_permit.la -rpath /lib64/security pam_permit.lo ../../libpam/libpam.la -[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_permit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_permit.so -o .libs/pam_permit.so -[ 54s] libtool: link: ( cd ".libs" && rm -f "pam_permit.la" && ln -s "../pam_permit.la" "pam_permit.la" ) -[ 54s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 54s] Making all in pam_pwhistory -[ 54s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 54s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pwhistory_helper-pwhistory_helper.o `test -f 'pwhistory_helper.c' || echo './'`pwhistory_helper.c -[ 54s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pwhistory_helper-opasswd.o `test -f 'opasswd.c' || echo './'`opasswd.c -[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_pwhistory_la-pam_pwhistory.lo `test -f 'pam_pwhistory.c' || echo './'`pam_pwhistory.c -[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_pwhistory_la-opasswd.lo `test -f 'opasswd.c' || echo './'`opasswd.c -[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c opasswd.c -fPIC -DPIC -o .libs/pam_pwhistory_la-opasswd.o -[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pwhistory_helper pwhistory_helper-pwhistory_helper.o pwhistory_helper-opasswd.o ../../libpam/libpam.la -lxcrypt -[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_pwhistory.c -fPIC -DPIC -o .libs/pam_pwhistory_la-pam_pwhistory.o -[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_pwhistory.la -rpath /lib64/security pam_pwhistory_la-pam_pwhistory.lo pam_pwhistory_la-opasswd.lo ../../libpam/libpam.la -lxcrypt -lselinux -[ 54s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -DHELPER_COMPILE=\"pwhistory_helper\" -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pwhistory_helper pwhistory_helper-pwhistory_helper.o pwhistory_helper-opasswd.o ../../libpam/.libs/libpam.so -lxcrypt -[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_pwhistory_la-pam_pwhistory.o .libs/pam_pwhistory_la-opasswd.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_pwhistory.so -o .libs/pam_pwhistory.so -[ 54s] libtool: link: ( cd ".libs" && rm -f "pam_pwhistory.la" && ln -s "../pam_pwhistory.la" "pam_pwhistory.la" ) -[ 54s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 54s] Making all in pam_rhosts -[ 54s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_rhosts.lo pam_rhosts.c -[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_rhosts.c -fPIC -DPIC -o .libs/pam_rhosts.o -[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rhosts.la -rpath /lib64/security pam_rhosts.lo ../../libpam/libpam.la -[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_rhosts.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rhosts.so -o .libs/pam_rhosts.so -[ 54s] libtool: link: ( cd ".libs" && rm -f "pam_rhosts.la" && ln -s "../pam_rhosts.la" "pam_rhosts.la" ) -[ 54s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 54s] Making all in pam_rootok -[ 54s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 54s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_rootok.lo pam_rootok.c -[ 54s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_rootok.c -fPIC -DPIC -o .libs/pam_rootok.o -[ 54s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rootok.la -rpath /lib64/security pam_rootok.lo ../../libpam/libpam.la -lselinux -laudit -[ 54s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_rootok.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rootok.so -o .libs/pam_rootok.so -[ 55s] libtool: link: ( cd ".libs" && rm -f "pam_rootok.la" && ln -s "../pam_rootok.la" "pam_rootok.la" ) -[ 55s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 55s] Making all in pam_securetty -[ 55s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 55s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_securetty.lo pam_securetty.c -[ 55s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_securetty.c -fPIC -DPIC -o .libs/pam_securetty.o -[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_securetty.la -rpath /lib64/security pam_securetty.lo ../../libpam/libpam.la -[ 55s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_securetty.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_securetty.so -o .libs/pam_securetty.so -[ 55s] libtool: link: ( cd ".libs" && rm -f "pam_securetty.la" && ln -s "../pam_securetty.la" "pam_securetty.la" ) -[ 55s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 55s] Making all in pam_selinux -[ 55s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 55s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_selinux_check.o pam_selinux_check.c -[ 55s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_selinux.lo pam_selinux.c -[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_selinux_check pam_selinux_check.o ../../libpam/libpam.la ../../libpam_misc/libpam_misc.la -[ 55s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_selinux.c -fPIC -DPIC -o .libs/pam_selinux.o -[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_selinux.la -rpath /lib64/security pam_selinux.lo ../../libpam/libpam.la -lselinux -laudit -[ 55s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pam_selinux_check pam_selinux_check.o ../../libpam/.libs/libpam.so ../../libpam_misc/.libs/libpam_misc.so -[ 55s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_selinux.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_selinux.so -o .libs/pam_selinux.so -[ 55s] libtool: link: ( cd ".libs" && rm -f "pam_selinux.la" && ln -s "../pam_selinux.la" "pam_selinux.la" ) -[ 55s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 55s] Making all in pam_sepermit -[ 55s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 55s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_sepermit.lo pam_sepermit.c -[ 55s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_sepermit.c -fPIC -DPIC -o .libs/pam_sepermit.o -[ 55s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_sepermit.la -rpath /lib64/security pam_sepermit.lo ../../libpam/libpam.la -lselinux -[ 56s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_sepermit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_sepermit.so -o .libs/pam_sepermit.so -[ 56s] libtool: link: ( cd ".libs" && rm -f "pam_sepermit.la" && ln -s "../pam_sepermit.la" "pam_sepermit.la" ) -[ 56s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 56s] Making all in pam_setquota -[ 56s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 56s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_setquota.lo pam_setquota.c -[ 56s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_setquota.c -fPIC -DPIC -o .libs/pam_setquota.o -[ 56s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_setquota.la -rpath /lib64/security pam_setquota.lo ../../libpam/libpam.la -[ 56s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_setquota.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_setquota.so -o .libs/pam_setquota.so -[ 56s] libtool: link: ( cd ".libs" && rm -f "pam_setquota.la" && ln -s "../pam_setquota.la" "pam_setquota.la" ) -[ 56s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 56s] Making all in pam_shells -[ 56s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 56s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_shells.lo pam_shells.c -[ 56s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_shells.c -fPIC -DPIC -o .libs/pam_shells.o -[ 56s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_shells.la -rpath /lib64/security pam_shells.lo ../../libpam/libpam.la -[ 56s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_shells.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_shells.so -o .libs/pam_shells.so -[ 56s] libtool: link: ( cd ".libs" && rm -f "pam_shells.la" && ln -s "../pam_shells.la" "pam_shells.la" ) -[ 56s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 56s] Making all in pam_stress -[ 56s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 56s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_stress.lo pam_stress.c -[ 56s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_stress.c -fPIC -DPIC -o .libs/pam_stress.o -[ 56s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_stress.la -rpath /lib64/security pam_stress.lo ../../libpam/libpam.la -[ 57s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_stress.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_stress.so -o .libs/pam_stress.so -[ 57s] libtool: link: ( cd ".libs" && rm -f "pam_stress.la" && ln -s "../pam_stress.la" "pam_stress.la" ) -[ 57s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 57s] Making all in pam_succeed_if -[ 57s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 57s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_succeed_if.lo pam_succeed_if.c -[ 57s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_succeed_if.c -fPIC -DPIC -o .libs/pam_succeed_if.o -[ 57s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_succeed_if.la -rpath /lib64/security pam_succeed_if.lo ../../libpam/libpam.la -[ 57s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_succeed_if.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_succeed_if.so -o .libs/pam_succeed_if.so -[ 57s] libtool: link: ( cd ".libs" && rm -f "pam_succeed_if.la" && ln -s "../pam_succeed_if.la" "pam_succeed_if.la" ) -[ 57s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 57s] Making all in pam_tally2 -[ 57s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 57s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_tally2-pam_tally2_app.o `test -f 'pam_tally2_app.c' || echo './'`pam_tally2_app.c -[ 57s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_tally2.lo pam_tally2.c -[ 57s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_tally2.c -fPIC -DPIC -o .libs/pam_tally2.o -[ 57s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tally2 pam_tally2-pam_tally2_app.o ../../libpam/libpam.la -laudit -[ 57s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tally2.la -rpath /lib64/security pam_tally2.lo ../../libpam/libpam.la -laudit -[ 57s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pam_tally2 pam_tally2-pam_tally2_app.o ../../libpam/.libs/libpam.so -laudit -[ 57s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_tally2.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tally2.so -o .libs/pam_tally2.so -[ 57s] libtool: link: ( cd ".libs" && rm -f "pam_tally2.la" && ln -s "../pam_tally2.la" "pam_tally2.la" ) -[ 57s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 57s] Making all in pam_time -[ 57s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 57s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_time.lo pam_time.c -[ 57s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_time.c -fPIC -DPIC -o .libs/pam_time.o -[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_time.la -rpath /lib64/security pam_time.lo ../../libpam/libpam.la -[ 58s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_time.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_time.so -o .libs/pam_time.so -[ 58s] libtool: link: ( cd ".libs" && rm -f "pam_time.la" && ln -s "../pam_time.la" "pam_time.la" ) -[ 58s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 58s] Making all in pam_timestamp -[ 58s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 58s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_check-pam_timestamp_check.o `test -f 'pam_timestamp_check.c' || echo './'`pam_timestamp_check.c -[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_la-pam_timestamp.lo `test -f 'pam_timestamp.c' || echo './'`pam_timestamp.c -[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_la-hmacsha1.lo `test -f 'hmacsha1.c' || echo './'`hmacsha1.c -[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_timestamp_la-sha1.lo `test -f 'sha1.c' || echo './'`sha1.c -[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c hmacsha1.c -fPIC -DPIC -o .libs/pam_timestamp_la-hmacsha1.o -[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_timestamp.c -fPIC -DPIC -o .libs/pam_timestamp_la-pam_timestamp.o -[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_timestamp_check pam_timestamp_check-pam_timestamp_check.o ../../libpam/libpam.la -[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c sha1.c -fPIC -DPIC -o .libs/pam_timestamp_la-sha1.o -[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_timestamp.la -rpath /lib64/security pam_timestamp_la-pam_timestamp.lo pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo ../../libpam/libpam.la -[ 58s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/pam_timestamp_check pam_timestamp_check-pam_timestamp_check.o ../../libpam/.libs/libpam.so -[ 58s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_timestamp_la-pam_timestamp.o .libs/pam_timestamp_la-hmacsha1.o .libs/pam_timestamp_la-sha1.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_timestamp.so -o .libs/pam_timestamp.so -[ 58s] libtool: link: ( cd ".libs" && rm -f "pam_timestamp.la" && ln -s "../pam_timestamp.la" "pam_timestamp.la" ) -[ 58s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 58s] Making all in pam_tty_audit -[ 58s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 58s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_tty_audit.lo pam_tty_audit.c -[ 58s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_tty_audit.c -fPIC -DPIC -o .libs/pam_tty_audit.o -[ 58s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tty_audit.la -rpath /lib64/security pam_tty_audit.lo ../../libpam/libpam.la -[ 58s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_tty_audit.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tty_audit.so -o .libs/pam_tty_audit.so -[ 59s] libtool: link: ( cd ".libs" && rm -f "pam_tty_audit.la" && ln -s "../pam_tty_audit.la" "pam_tty_audit.la" ) -[ 59s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 59s] Making all in pam_umask -[ 59s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_umask.lo pam_umask.c -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_umask.c -fPIC -DPIC -o .libs/pam_umask.o -[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_umask.la -rpath /lib64/security pam_umask.lo ../../libpam/libpam.la -[ 59s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_umask.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_umask.so -o .libs/pam_umask.so -[ 59s] libtool: link: ( cd ".libs" && rm -f "pam_umask.la" && ln -s "../pam_umask.la" "pam_umask.la" ) -[ 59s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 59s] Making all in pam_unix -[ 59s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o bigcrypt-bigcrypt.o `test -f 'bigcrypt.c' || echo './'`bigcrypt.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o bigcrypt-bigcrypt_main.o `test -f 'bigcrypt_main.c' || echo './'`bigcrypt_main.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-unix_chkpwd.o `test -f 'unix_chkpwd.c' || echo './'`unix_chkpwd.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-md5_good.o `test -f 'md5_good.c' || echo './'`md5_good.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-md5_broken.o `test -f 'md5_broken.c' || echo './'`md5_broken.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-bigcrypt.o `test -f 'bigcrypt.c' || echo './'`bigcrypt.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_chkpwd-passverify.o `test -f 'passverify.c' || echo './'`passverify.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-unix_update.o `test -f 'unix_update.c' || echo './'`unix_update.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-md5_good.o `test -f 'md5_good.c' || echo './'`md5_good.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-md5_broken.o `test -f 'md5_broken.c' || echo './'`md5_broken.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-bigcrypt.o `test -f 'bigcrypt.c' || echo './'`bigcrypt.c -[ 59s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o unix_update-passverify.o `test -f 'passverify.c' || echo './'`passverify.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o bigcrypt.lo bigcrypt.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_acct.lo pam_unix_acct.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_auth.lo pam_unix_auth.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_passwd.lo pam_unix_passwd.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_unix_sess.lo pam_unix_sess.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o support.lo support.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o passverify.lo passverify.c -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_passwd.c -fPIC -DPIC -o .libs/pam_unix_passwd.o -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_acct.c -fPIC -DPIC -o .libs/pam_unix_acct.o -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_auth.c -fPIC -DPIC -o .libs/pam_unix_auth.o -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o yppasswd_xdr.lo yppasswd_xdr.c -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c passverify.c -fPIC -DPIC -o .libs/passverify.o -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c support.c -fPIC -DPIC -o .libs/support.o -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c bigcrypt.c -fPIC -DPIC -o .libs/bigcrypt.o -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o md5_good.lo md5_good.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o md5_broken.lo md5_broken.c -[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o bigcrypt bigcrypt-bigcrypt.o bigcrypt-bigcrypt_main.o -lxcrypt -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c yppasswd_xdr.c -fPIC -DPIC -o .libs/yppasswd_xdr.o -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_unix_sess.c -fPIC -DPIC -o .libs/pam_unix_sess.o -[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_chkpwd unix_chkpwd-unix_chkpwd.o unix_chkpwd-md5_good.o unix_chkpwd-md5_broken.o unix_chkpwd-bigcrypt.o unix_chkpwd-passverify.o -lxcrypt -lselinux -laudit -[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_update unix_update-unix_update.o unix_update-md5_good.o unix_update-md5_broken.o unix_update-bigcrypt.o unix_update-passverify.o -lxcrypt -lselinux -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c md5_broken.c -fPIC -DPIC -o .libs/md5_broken.o -[ 59s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c md5_good.c -fPIC -DPIC -o .libs/md5_good.o -[ 59s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o bigcrypt bigcrypt-bigcrypt.o bigcrypt-bigcrypt_main.o -lxcrypt -[ 59s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_chkpwd\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_chkpwd unix_chkpwd-unix_chkpwd.o unix_chkpwd-md5_good.o unix_chkpwd-md5_broken.o unix_chkpwd-bigcrypt.o unix_chkpwd-passverify.o -lxcrypt -lselinux -laudit -[ 59s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_unix.la -rpath /lib64/security bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo yppasswd_xdr.lo md5_good.lo md5_broken.lo ../../libpam/libpam.la -lxcrypt -lselinux -[ 59s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -fpie -DHELPER_COMPILE=\"unix_update\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -pie -Wl,-z -Wl,now -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o unix_update unix_update-unix_update.o unix_update-md5_good.o unix_update-md5_broken.o unix_update-bigcrypt.o unix_update-passverify.o -lxcrypt -lselinux -[ 59s] libtool: link: gcc -shared -fPIC -DPIC .libs/bigcrypt.o .libs/pam_unix_acct.o .libs/pam_unix_auth.o .libs/pam_unix_passwd.o .libs/pam_unix_sess.o .libs/support.o .libs/passverify.o .libs/yppasswd_xdr.o .libs/md5_good.o .libs/md5_broken.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_unix.so -o .libs/pam_unix.so -[ 60s] libtool: link: ( cd ".libs" && rm -f "pam_unix.la" && ln -s "../pam_unix.la" "pam_unix.la" ) -[ 60s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 60s] Making all in pam_userdb -[ 60s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 60s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_userdb.lo pam_userdb.c -[ 60s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_userdb.c -fPIC -DPIC -o .libs/pam_userdb.o -[ 60s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -ldb -lxcrypt -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_userdb.la -rpath /lib64/security pam_userdb.lo ../../libpam/libpam.la -[ 60s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_userdb.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs -ldb -lxcrypt ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_userdb.so -o .libs/pam_userdb.so -[ 60s] libtool: link: ( cd ".libs" && rm -f "pam_userdb.la" && ln -s "../pam_userdb.la" "pam_userdb.la" ) -[ 60s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 60s] Making all in pam_usertype -[ 60s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 60s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_usertype.lo pam_usertype.c -[ 60s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_usertype.c -fPIC -DPIC -o .libs/pam_usertype.o -[ 60s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_usertype.la -rpath /lib64/security pam_usertype.lo ../../libpam/libpam.la -[ 60s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_usertype.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_usertype.so -o .libs/pam_usertype.so -[ 61s] libtool: link: ( cd ".libs" && rm -f "pam_usertype.la" && ln -s "../pam_usertype.la" "pam_usertype.la" ) -[ 61s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 61s] Making all in pam_warn -[ 61s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 61s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_warn.lo pam_warn.c -[ 61s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_warn.c -fPIC -DPIC -o .libs/pam_warn.o -[ 61s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_warn.la -rpath /lib64/security pam_warn.lo ../../libpam/libpam.la -[ 61s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_warn.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_warn.so -o .libs/pam_warn.so -[ 61s] libtool: link: ( cd ".libs" && rm -f "pam_warn.la" && ln -s "../pam_warn.la" "pam_warn.la" ) -[ 61s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 61s] Making all in pam_wheel -[ 61s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 61s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_wheel.lo pam_wheel.c -[ 61s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_wheel.c -fPIC -DPIC -o .libs/pam_wheel.o -[ 61s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_wheel.la -rpath /lib64/security pam_wheel.lo ../../libpam/libpam.la -[ 61s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_wheel.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_wheel.so -o .libs/pam_wheel.so -[ 61s] libtool: link: ( cd ".libs" && rm -f "pam_wheel.la" && ln -s "../pam_wheel.la" "pam_wheel.la" ) -[ 61s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 61s] Making all in pam_xauth -[ 61s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 61s] /bin/sh ../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_xauth.lo pam_xauth.c -[ 61s] libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c pam_xauth.c -fPIC -DPIC -o .libs/pam_xauth.o -[ 61s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_xauth.la -rpath /lib64/security pam_xauth.lo ../../libpam/libpam.la -lselinux -[ 61s] libtool: link: gcc -shared -fPIC -DPIC .libs/pam_xauth.o -Wl,-rpath -Wl,/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs ../../libpam/.libs/libpam.so -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_xauth.so -o .libs/pam_xauth.so -[ 62s] libtool: link: ( cd ".libs" && rm -f "pam_xauth.la" && ln -s "../pam_xauth.la" "pam_xauth.la" ) -[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 62s] make[3]: Nothing to be done for 'all-am'. -[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 62s] Making all in po -[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' -[ 62s] make[2]: Nothing to be done for 'all'. -[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' -[ 62s] Making all in conf -[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 62s] Making all in pam_conv1 -[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 62s] make all-am -[ 62s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_conv1-pam_conv_l.o `test -f 'pam_conv_l.c' || echo './'`pam_conv_l.c -[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o pam_conv1-pam_conv_y.o `test -f 'pam_conv_y.c' || echo './'`pam_conv_y.c -[ 62s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_conv1 pam_conv1-pam_conv_l.o pam_conv1-pam_conv_y.o -[ 62s] libtool: link: gcc -I../../libpam/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_conv1 pam_conv1-pam_conv_l.o pam_conv1-pam_conv_y.o -[ 62s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 62s] make[3]: Nothing to be done for 'all-am'. -[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 62s] Making all in examples -[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' -[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o xsh.o xsh.c -[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o vpass.o vpass.c -[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o blank.o blank.c -[ 62s] gcc -DHAVE_CONFIG_H -I. -I.. -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o check_user.o check_user.c -[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o check_user check_user.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la -[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o vpass vpass.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la -[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o blank blank.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la -[ 62s] /bin/sh ../libtool --tag=CC --mode=link gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o xsh xsh.o ../libpam/libpam.la ../libpam_misc/libpam_misc.la -[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/vpass vpass.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so -[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/check_user check_user.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so -[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/xsh xsh.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so -[ 62s] libtool: link: gcc -I../libpam/include -I../libpamc/include -I../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/blank blank.o ../libpam/.libs/libpam.so ../libpam_misc/.libs/libpam_misc.so -[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' -[ 62s] Making all in xtests -[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' -[ 62s] make[2]: Nothing to be done for 'all'. -[ 62s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' -[ 62s] Making all in doc -[ 62s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 62s] Making all in man -[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 62s] make[3]: Nothing to be done for 'all'. -[ 62s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 62s] Making all in specs -[ 62s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 62s] make all-am -[ 62s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o padout-parse_l.o `test -f 'parse_l.c' || echo './'`parse_l.c -[ 62s] gcc -DHAVE_CONFIG_H -I. -I../.. -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o padout-parse_y.o `test -f 'parse_y.c' || echo './'`parse_y.c -[ 62s] /bin/sh ../../libtool --tag=CC --mode=link gcc -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o padout padout-parse_l.o padout-parse_y.o -[ 62s] libtool: link: gcc -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -Wno-unused-function -Wno-sign-compare -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o padout padout-parse_l.o padout-parse_y.o -[ 63s] ./padout < ./draft-morgan-pam.raw > draft-morgan-pam-current.txt -[ 63s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 63s] Making all in sag -[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 63s] make[3]: Nothing to be done for 'all'. -[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 63s] Making all in adg -[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 63s] make[3]: Nothing to be done for 'all'. -[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 63s] Making all in mwg -[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 63s] make[3]: Nothing to be done for 'all'. -[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 63s] make[3]: Nothing to be done for 'all-am'. -[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 63s] + gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -I/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/include /home/abuild/rpmbuild/SOURCES/unix2_chkpwd.c -o /home/abuild/rpmbuild/BUILD/unix2_chkpwd -L/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam/.libs -lpam -[ 63s] + RPM_EC=0 -[ 63s] ++ jobs -p -[ 63s] + exit 0 -[ 63s] Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.81ucSl -[ 63s] + umask 022 -[ 63s] + cd /home/abuild/rpmbuild/BUILD -[ 63s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 63s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT -[ 63s] + /usr/bin/mkdir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 63s] + cd Linux-PAM-1.5.1 -[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/pam.d -[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d -[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security -[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security -[ 63s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin -[ 63s] + mkdir -p -m 755 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64 -[ 63s] + make install DESTDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 63s] Making install in libpam -[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' -[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' -[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' -[ 63s] /bin/sh ../libtool --mode=install /usr/bin/install -c libpam.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' -[ 63s] libtool: install: /usr/bin/install -c .libs/libpam.so.0.85.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.so.0.85.1 -[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam.so.0.85.1 libpam.so.0 || { rm -f libpam.so.0 && ln -s libpam.so.0.85.1 libpam.so.0; }; }) -[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam.so.0.85.1 libpam.so || { rm -f libpam.so && ln -s libpam.so.0.85.1 libpam.so; }; }) -[ 63s] libtool: install: /usr/bin/install -c .libs/libpam.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.la -[ 63s] libtool: warning: remember to run 'libtool --finish /lib64' -[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 63s] /usr/bin/install -c -m 644 include/security/_pam_compat.h include/security/_pam_macros.h include/security/_pam_types.h include/security/pam_appl.h include/security/pam_modules.h include/security/pam_ext.h include/security/pam_modutil.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' -[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam' -[ 63s] Making install in tests -[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 63s] make[2]: Nothing to be done for 'install-exec-am'. -[ 63s] make[2]: Nothing to be done for 'install-data-am'. -[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 63s] Making install in libpamc -[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 63s] Making install in test -[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' -[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' -[ 63s] make[3]: Nothing to be done for 'install-exec-am'. -[ 63s] make[3]: Nothing to be done for 'install-data-am'. -[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' -[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc/test' -[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 63s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' -[ 63s] /bin/sh ../libtool --mode=install /usr/bin/install -c libpamc.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' -[ 63s] libtool: install: /usr/bin/install -c .libs/libpamc.so.0.82.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.so.0.82.1 -[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpamc.so.0.82.1 libpamc.so.0 || { rm -f libpamc.so.0 && ln -s libpamc.so.0.82.1 libpamc.so.0; }; }) -[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpamc.so.0.82.1 libpamc.so || { rm -f libpamc.so && ln -s libpamc.so.0.82.1 libpamc.so; }; }) -[ 63s] libtool: install: /usr/bin/install -c .libs/libpamc.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.la -[ 63s] libtool: warning: remember to run 'libtool --finish /lib64' -[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 63s] /usr/bin/install -c -m 644 include/security/pam_client.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 63s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 63s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 63s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpamc' -[ 63s] Making install in libpam_misc -[ 63s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' -[ 63s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' -[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' -[ 63s] /bin/sh ../libtool --mode=install /usr/bin/install -c libpam_misc.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64' -[ 63s] libtool: warning: relinking 'libpam_misc.la' -[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../libpam/include -I../libpamc/include -I./include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -version-info 82:1:82 -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o libpam_misc.la -rpath /lib64 help_env.lo misc_conv.lo ../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 63s] libtool: relink: gcc -shared -fPIC -DPIC .libs/help_env.o .libs/misc_conv.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./libpam_misc.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,libpam_misc.so.0 -o .libs/libpam_misc.so.0.82.1 -[ 63s] libtool: install: /usr/bin/install -c .libs/libpam_misc.so.0.82.1T /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.so.0.82.1 -[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam_misc.so.0.82.1 libpam_misc.so.0 || { rm -f libpam_misc.so.0 && ln -s libpam_misc.so.0.82.1 libpam_misc.so.0; }; }) -[ 63s] libtool: install: (cd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 && { ln -s -f libpam_misc.so.0.82.1 libpam_misc.so || { rm -f libpam_misc.so && ln -s libpam_misc.so.0.82.1 libpam_misc.so; }; }) -[ 63s] libtool: install: /usr/bin/install -c .libs/libpam_misc.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.la -[ 63s] libtool: warning: remember to run 'libtool --finish /lib64' -[ 63s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 63s] /usr/bin/install -c -m 644 include/security/pam_misc.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 64s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' -[ 64s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libpam_misc' -[ 64s] Making install in modules -[ 64s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 64s] Making install in pam_access -[ 64s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 64s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 64s] make[3]: Nothing to be done for 'install-exec-am'. -[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 64s] /usr/bin/install -c -m 644 access.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 64s] /usr/bin/install -c -m 644 access.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 64s] /usr/bin/install -c -m 644 pam_access.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 64s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_access.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 64s] libtool: warning: relinking 'pam_access.la' -[ 64s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DPAM_ACCESS_CONFIG=\"/etc/security/access.conf\" "-DACCESS_CONF_GLOB=\"/etc/security/access.d/*.conf\"" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_access.la -rpath /lib64/security pam_access.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 64s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_access.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_access.so -o .libs/pam_access.so -[ 64s] libtool: install: /usr/bin/install -c .libs/pam_access.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_access.so -[ 64s] libtool: install: /usr/bin/install -c .libs/pam_access.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_access.la -[ 64s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 64s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 64s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 64s] Making install in pam_cracklib -[ 64s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 64s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 64s] make[3]: Nothing to be done for 'install-exec-am'. -[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 64s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_cracklib.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 64s] libtool: warning: relinking 'pam_cracklib.la' -[ 64s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_cracklib.la -rpath /lib64/security pam_cracklib.lo ../../libpam/libpam.la -lcrack -lxcrypt -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 64s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_cracklib.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lcrack -lxcrypt -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_cracklib.so -o .libs/pam_cracklib.so -[ 64s] libtool: install: /usr/bin/install -c .libs/pam_cracklib.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_cracklib.so -[ 64s] libtool: install: /usr/bin/install -c .libs/pam_cracklib.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_cracklib.la -[ 64s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 64s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 64s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 64s] Making install in pam_debug -[ 64s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 64s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 64s] make[3]: Nothing to be done for 'install-exec-am'. -[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 64s] /usr/bin/install -c -m 644 pam_debug.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 64s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 64s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_debug.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 64s] libtool: warning: relinking 'pam_debug.la' -[ 64s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_debug.la -rpath /lib64/security pam_debug.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_debug.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_debug.so -o .libs/pam_debug.so -[ 65s] libtool: install: /usr/bin/install -c .libs/pam_debug.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_debug.so -[ 65s] libtool: install: /usr/bin/install -c .libs/pam_debug.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_debug.la -[ 65s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 65s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 65s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 65s] Making install in pam_deny -[ 65s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 65s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 65s] make[3]: Nothing to be done for 'install-exec-am'. -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 65s] /usr/bin/install -c -m 644 pam_deny.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 65s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_deny.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 65s] libtool: warning: relinking 'pam_deny.la' -[ 65s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_deny.la -rpath /lib64/security pam_deny.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_deny.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_deny.so -o .libs/pam_deny.so -[ 65s] libtool: install: /usr/bin/install -c .libs/pam_deny.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_deny.so -[ 65s] libtool: install: /usr/bin/install -c .libs/pam_deny.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_deny.la -[ 65s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 65s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 65s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 65s] Making install in pam_echo -[ 65s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 65s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 65s] make[3]: Nothing to be done for 'install-exec-am'. -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 65s] /usr/bin/install -c -m 644 pam_echo.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 65s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_echo.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 65s] libtool: warning: relinking 'pam_echo.la' -[ 65s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_echo.la -rpath /lib64/security pam_echo.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_echo.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_echo.so -o .libs/pam_echo.so -[ 65s] libtool: install: /usr/bin/install -c .libs/pam_echo.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_echo.so -[ 65s] libtool: install: /usr/bin/install -c .libs/pam_echo.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_echo.la -[ 65s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 65s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 65s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 65s] Making install in pam_env -[ 65s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 65s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc' -[ 65s] /usr/bin/install -c -m 644 environment '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc' -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 65s] /usr/bin/install -c -m 644 pam_env.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 65s] /usr/bin/install -c -m 644 pam_env.conf.5 environment.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 65s] /usr/bin/install -c -m 644 pam_env.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 65s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 65s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_env.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 65s] libtool: warning: relinking 'pam_env.la' -[ 65s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DDEFAULT_CONF_FILE=\"/etc/security/pam_env.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_env.la -rpath /lib64/security pam_env.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 65s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_env.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_env.so -o .libs/pam_env.so -[ 66s] libtool: install: /usr/bin/install -c .libs/pam_env.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_env.so -[ 66s] libtool: install: /usr/bin/install -c .libs/pam_env.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_env.la -[ 66s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 66s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 66s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 66s] Making install in pam_exec -[ 66s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 66s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 66s] make[3]: Nothing to be done for 'install-exec-am'. -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 66s] /usr/bin/install -c -m 644 pam_exec.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_exec.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 66s] libtool: warning: relinking 'pam_exec.la' -[ 66s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_exec.la -rpath /lib64/security pam_exec.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 66s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_exec.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_exec.so -o .libs/pam_exec.so -[ 66s] libtool: install: /usr/bin/install -c .libs/pam_exec.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_exec.so -[ 66s] libtool: install: /usr/bin/install -c .libs/pam_exec.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_exec.la -[ 66s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 66s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 66s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 66s] Making install in pam_faildelay -[ 66s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 66s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 66s] make[3]: Nothing to be done for 'install-exec-am'. -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 66s] /usr/bin/install -c -m 644 pam_faildelay.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_faildelay.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 66s] libtool: warning: relinking 'pam_faildelay.la' -[ 66s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faildelay.la -rpath /lib64/security pam_faildelay.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 66s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_faildelay.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faildelay.so -o .libs/pam_faildelay.so -[ 66s] libtool: install: /usr/bin/install -c .libs/pam_faildelay.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faildelay.so -[ 66s] libtool: install: /usr/bin/install -c .libs/pam_faildelay.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faildelay.la -[ 66s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 66s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 66s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 66s] Making install in pam_faillock -[ 66s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 66s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c faillock '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 66s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' -[ 66s] libtool: install: /usr/bin/install -c .libs/faillock /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/faillock -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 66s] /usr/bin/install -c -m 644 faillock.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 66s] /usr/bin/install -c -m 644 faillock.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 66s] /usr/bin/install -c -m 644 pam_faillock.8 faillock.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 66s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 66s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_faillock.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 66s] libtool: warning: relinking 'pam_faillock.la' -[ 66s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_faillock.la -rpath /lib64/security pam_faillock.lo faillock.lo ../../libpam/libpam.la -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 67s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_faillock.o .libs/faillock.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_faillock.so -o .libs/pam_faillock.so -[ 67s] libtool: install: /usr/bin/install -c .libs/pam_faillock.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faillock.so -[ 67s] libtool: install: /usr/bin/install -c .libs/pam_faillock.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faillock.la -[ 67s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 67s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 67s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 67s] Making install in pam_filter -[ 67s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 67s] Making install in upperLOWER -[ 67s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' -[ 67s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' -[ 67s] make[4]: Nothing to be done for 'install-exec-am'. -[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter' -[ 67s] /bin/sh ../../../libtool --mode=install /usr/bin/install -c upperLOWER '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter' -[ 67s] libtool: warning: '../../../libpam/libpam.la' has not been installed in '/lib64' -[ 67s] libtool: install: /usr/bin/install -c .libs/upperLOWER /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter/upperLOWER -[ 67s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' -[ 67s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter/upperLOWER' -[ 67s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 67s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 67s] make[4]: Nothing to be done for 'install-exec-am'. -[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 67s] /usr/bin/install -c -m 644 pam_filter.h '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/include/security' -[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 67s] /usr/bin/install -c -m 644 pam_filter.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 67s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_filter.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 67s] libtool: warning: relinking 'pam_filter.la' -[ 67s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_filter.la -rpath /lib64/security pam_filter.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 67s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_filter.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_filter.so -o .libs/pam_filter.so -[ 67s] libtool: install: /usr/bin/install -c .libs/pam_filter.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter.so -[ 67s] libtool: install: /usr/bin/install -c .libs/pam_filter.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter.la -[ 67s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 67s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 67s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 67s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 67s] Making install in pam_ftp -[ 67s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 67s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 67s] make[3]: Nothing to be done for 'install-exec-am'. -[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 67s] /usr/bin/install -c -m 644 pam_ftp.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 67s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 67s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_ftp.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 67s] libtool: warning: relinking 'pam_ftp.la' -[ 67s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_ftp.la -rpath /lib64/security pam_ftp.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 67s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_ftp.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_ftp.so -o .libs/pam_ftp.so -[ 68s] libtool: install: /usr/bin/install -c .libs/pam_ftp.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_ftp.so -[ 68s] libtool: install: /usr/bin/install -c .libs/pam_ftp.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_ftp.la -[ 68s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 68s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 68s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 68s] Making install in pam_group -[ 68s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 68s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 68s] make[3]: Nothing to be done for 'install-exec-am'. -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 68s] /usr/bin/install -c -m 644 group.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 68s] /usr/bin/install -c -m 644 group.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 68s] /usr/bin/install -c -m 644 pam_group.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 68s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_group.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 68s] libtool: warning: relinking 'pam_group.la' -[ 68s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DPAM_GROUP_CONF=\"/etc/security/group.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_group.la -rpath /lib64/security pam_group.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 68s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_group.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_group.so -o .libs/pam_group.so -[ 68s] libtool: install: /usr/bin/install -c .libs/pam_group.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_group.so -[ 68s] libtool: install: /usr/bin/install -c .libs/pam_group.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_group.la -[ 68s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 68s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 68s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 68s] Making install in pam_issue -[ 68s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 68s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 68s] make[3]: Nothing to be done for 'install-exec-am'. -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 68s] /usr/bin/install -c -m 644 pam_issue.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 68s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_issue.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 68s] libtool: warning: relinking 'pam_issue.la' -[ 68s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_issue.la -rpath /lib64/security pam_issue.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 68s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_issue.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_issue.so -o .libs/pam_issue.so -[ 68s] libtool: install: /usr/bin/install -c .libs/pam_issue.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_issue.so -[ 68s] libtool: install: /usr/bin/install -c .libs/pam_issue.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_issue.la -[ 68s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 68s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 68s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 68s] Making install in pam_keyinit -[ 68s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 68s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 68s] make[3]: Nothing to be done for 'install-exec-am'. -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 68s] /usr/bin/install -c -m 644 pam_keyinit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 68s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 68s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_keyinit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 68s] libtool: warning: relinking 'pam_keyinit.la' -[ 68s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_keyinit.la -rpath /lib64/security pam_keyinit.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 68s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_keyinit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_keyinit.so -o .libs/pam_keyinit.so -[ 69s] libtool: install: /usr/bin/install -c .libs/pam_keyinit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_keyinit.so -[ 69s] libtool: install: /usr/bin/install -c .libs/pam_keyinit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_keyinit.la -[ 69s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 69s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 69s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 69s] Making install in pam_lastlog -[ 69s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 69s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 69s] make[3]: Nothing to be done for 'install-exec-am'. -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 69s] /usr/bin/install -c -m 644 pam_lastlog.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 69s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_lastlog.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 69s] libtool: warning: relinking 'pam_lastlog.la' -[ 69s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_lastlog.la -rpath /lib64/security pam_lastlog.lo ../../libpam/libpam.la -lutil -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 69s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_lastlog.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lutil -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_lastlog.so -o .libs/pam_lastlog.so -[ 69s] libtool: install: /usr/bin/install -c .libs/pam_lastlog.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_lastlog.so -[ 69s] libtool: install: /usr/bin/install -c .libs/pam_lastlog.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_lastlog.la -[ 69s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 69s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 69s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 69s] Making install in pam_limits -[ 69s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 69s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 69s] make[3]: Nothing to be done for 'install-exec-am'. -[ 69s] mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security/limits.d -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 69s] /usr/bin/install -c -m 644 limits.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 69s] /usr/bin/install -c -m 644 limits.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 69s] /usr/bin/install -c -m 644 pam_limits.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 69s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_limits.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 69s] libtool: warning: relinking 'pam_limits.la' -[ 69s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include "-DLIMITS_FILE_DIR=\"/etc/security/limits.d/*.conf\"" -DLIMITS_FILE=\"/etc/security/limits.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_limits.la -rpath /lib64/security pam_limits.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 69s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_limits.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_limits.so -o .libs/pam_limits.so -[ 69s] libtool: install: /usr/bin/install -c .libs/pam_limits.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_limits.so -[ 69s] libtool: install: /usr/bin/install -c .libs/pam_limits.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_limits.la -[ 69s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 69s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 69s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 69s] Making install in pam_listfile -[ 69s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 69s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 69s] make[3]: Nothing to be done for 'install-exec-am'. -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 69s] /usr/bin/install -c -m 644 pam_listfile.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 69s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 69s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_listfile.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 70s] libtool: warning: relinking 'pam_listfile.la' -[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_listfile.la -rpath /lib64/security pam_listfile.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 70s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_listfile.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_listfile.so -o .libs/pam_listfile.so -[ 70s] libtool: install: /usr/bin/install -c .libs/pam_listfile.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_listfile.so -[ 70s] libtool: install: /usr/bin/install -c .libs/pam_listfile.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_listfile.la -[ 70s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 70s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 70s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 70s] Making install in pam_localuser -[ 70s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 70s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 70s] make[3]: Nothing to be done for 'install-exec-am'. -[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 70s] /usr/bin/install -c -m 644 pam_localuser.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 70s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_localuser.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 70s] libtool: warning: relinking 'pam_localuser.la' -[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_localuser.la -rpath /lib64/security pam_localuser.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 70s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_localuser.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_localuser.so -o .libs/pam_localuser.so -[ 70s] libtool: install: /usr/bin/install -c .libs/pam_localuser.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_localuser.so -[ 70s] libtool: install: /usr/bin/install -c .libs/pam_localuser.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_localuser.la -[ 70s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 70s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 70s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 70s] Making install in pam_loginuid -[ 70s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 70s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 70s] make[3]: Nothing to be done for 'install-exec-am'. -[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 70s] /usr/bin/install -c -m 644 pam_loginuid.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 70s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_loginuid.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 70s] libtool: warning: relinking 'pam_loginuid.la' -[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_loginuid.la -rpath /lib64/security pam_loginuid.lo ../../libpam/libpam.la -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 70s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_loginuid.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_loginuid.so -o .libs/pam_loginuid.so -[ 70s] libtool: install: /usr/bin/install -c .libs/pam_loginuid.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_loginuid.so -[ 70s] libtool: install: /usr/bin/install -c .libs/pam_loginuid.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_loginuid.la -[ 70s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 70s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 70s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 70s] Making install in pam_mail -[ 70s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 70s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 70s] make[3]: Nothing to be done for 'install-exec-am'. -[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 70s] /usr/bin/install -c -m 644 pam_mail.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 70s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 70s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_mail.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 70s] libtool: warning: relinking 'pam_mail.la' -[ 70s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mail.la -rpath /lib64/security pam_mail.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 71s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_mail.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mail.so -o .libs/pam_mail.so -[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mail.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mail.so -[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mail.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mail.la -[ 71s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 71s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 71s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 71s] Making install in pam_mkhomedir -[ 71s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 71s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 71s] /bin/sh ../../libtool --mode=install /usr/bin/install -c mkhomedir_helper '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 71s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' -[ 71s] libtool: install: /usr/bin/install -c .libs/mkhomedir_helper /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/mkhomedir_helper -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 71s] /usr/bin/install -c -m 644 pam_mkhomedir.8 mkhomedir_helper.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 71s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_mkhomedir.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 71s] libtool: warning: relinking 'pam_mkhomedir.la' -[ 71s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_mkhomedir.la -rpath /lib64/security pam_mkhomedir.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 71s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_mkhomedir.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_mkhomedir.so -o .libs/pam_mkhomedir.so -[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mkhomedir.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mkhomedir.so -[ 71s] libtool: install: /usr/bin/install -c .libs/pam_mkhomedir.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mkhomedir.la -[ 71s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 71s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 71s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 71s] Making install in pam_motd -[ 71s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 71s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 71s] make[3]: Nothing to be done for 'install-exec-am'. -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 71s] /usr/bin/install -c -m 644 pam_motd.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 71s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_motd.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 71s] libtool: warning: relinking 'pam_motd.la' -[ 71s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_motd.la -rpath /lib64/security pam_motd.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 71s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_motd.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_motd.so -o .libs/pam_motd.so -[ 71s] libtool: install: /usr/bin/install -c .libs/pam_motd.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_motd.so -[ 71s] libtool: install: /usr/bin/install -c .libs/pam_motd.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_motd.la -[ 71s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 71s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 71s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 71s] Making install in pam_namespace -[ 71s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 71s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 71s] /usr/bin/install -c pam_namespace_helper '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 71s] mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security/namespace.d -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 71s] /usr/bin/install -c -m 644 namespace.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 71s] /usr/bin/install -c namespace.init '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 71s] /usr/bin/install -c -m 644 namespace.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 71s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 71s] /usr/bin/install -c -m 644 pam_namespace.8 pam_namespace_helper.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 72s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_namespace.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 72s] libtool: warning: relinking 'pam_namespace.la' -[ 72s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DSECURECONF_DIR=\"/etc/security/\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_namespace.la -rpath /lib64/security pam_namespace.lo md5.lo argv_parse.lo ../../libpam/libpam.la -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 72s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_namespace.o .libs/md5.o .libs/argv_parse.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_namespace.so -o .libs/pam_namespace.so -[ 72s] libtool: install: /usr/bin/install -c .libs/pam_namespace.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_namespace.so -[ 72s] libtool: install: /usr/bin/install -c .libs/pam_namespace.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_namespace.la -[ 72s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/systemd/system' -[ 72s] /usr/bin/install -c -m 644 pam_namespace.service '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/systemd/system' -[ 72s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 72s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 72s] Making install in pam_nologin -[ 72s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 72s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 72s] make[3]: Nothing to be done for 'install-exec-am'. -[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 72s] /usr/bin/install -c -m 644 pam_nologin.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 72s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 72s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_nologin.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 72s] libtool: warning: relinking 'pam_nologin.la' -[ 72s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_nologin.la -rpath /lib64/security pam_nologin.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 72s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_nologin.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_nologin.so -o .libs/pam_nologin.so -[ 73s] libtool: install: /usr/bin/install -c .libs/pam_nologin.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_nologin.so -[ 73s] libtool: install: /usr/bin/install -c .libs/pam_nologin.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_nologin.la -[ 73s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 73s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 73s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 73s] Making install in pam_permit -[ 73s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 73s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 73s] make[3]: Nothing to be done for 'install-exec-am'. -[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 73s] /usr/bin/install -c -m 644 pam_permit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_permit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 73s] libtool: warning: relinking 'pam_permit.la' -[ 73s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_permit.la -rpath /lib64/security pam_permit.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 73s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_permit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_permit.so -o .libs/pam_permit.so -[ 73s] libtool: install: /usr/bin/install -c .libs/pam_permit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_permit.so -[ 73s] libtool: install: /usr/bin/install -c .libs/pam_permit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_permit.la -[ 73s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 73s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 73s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 73s] Making install in pam_pwhistory -[ 73s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 73s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pwhistory_helper '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 73s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' -[ 73s] libtool: install: /usr/bin/install -c .libs/pwhistory_helper /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/pwhistory_helper -[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 73s] /usr/bin/install -c -m 644 pam_pwhistory.8 pwhistory_helper.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_pwhistory.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 73s] libtool: warning: relinking 'pam_pwhistory.la' -[ 73s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -DPWHISTORY_HELPER=\"/sbin/pwhistory_helper\" -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_pwhistory.la -rpath /lib64/security pam_pwhistory_la-pam_pwhistory.lo pam_pwhistory_la-opasswd.lo ../../libpam/libpam.la -lxcrypt -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 73s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_pwhistory_la-pam_pwhistory.o .libs/pam_pwhistory_la-opasswd.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_pwhistory.so -o .libs/pam_pwhistory.so -[ 73s] libtool: install: /usr/bin/install -c .libs/pam_pwhistory.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_pwhistory.so -[ 73s] libtool: install: /usr/bin/install -c .libs/pam_pwhistory.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_pwhistory.la -[ 73s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 73s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 73s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 73s] Making install in pam_rhosts -[ 73s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 73s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 73s] make[3]: Nothing to be done for 'install-exec-am'. -[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 73s] /usr/bin/install -c -m 644 pam_rhosts.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 73s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 73s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_rhosts.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 73s] libtool: warning: relinking 'pam_rhosts.la' -[ 73s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rhosts.la -rpath /lib64/security pam_rhosts.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 73s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_rhosts.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rhosts.so -o .libs/pam_rhosts.so -[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rhosts.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rhosts.so -[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rhosts.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rhosts.la -[ 74s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 74s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 74s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 74s] Making install in pam_rootok -[ 74s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 74s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 74s] make[3]: Nothing to be done for 'install-exec-am'. -[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 74s] /usr/bin/install -c -m 644 pam_rootok.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 74s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_rootok.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 74s] libtool: warning: relinking 'pam_rootok.la' -[ 74s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_rootok.la -rpath /lib64/security pam_rootok.lo ../../libpam/libpam.la -lselinux -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 74s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_rootok.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_rootok.so -o .libs/pam_rootok.so -[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rootok.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rootok.so -[ 74s] libtool: install: /usr/bin/install -c .libs/pam_rootok.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rootok.la -[ 74s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 74s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 74s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 74s] Making install in pam_securetty -[ 74s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 74s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 74s] make[3]: Nothing to be done for 'install-exec-am'. -[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 74s] /usr/bin/install -c -m 644 pam_securetty.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 74s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_securetty.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 74s] libtool: warning: relinking 'pam_securetty.la' -[ 74s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_securetty.la -rpath /lib64/security pam_securetty.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 74s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_securetty.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_securetty.so -o .libs/pam_securetty.so -[ 74s] libtool: install: /usr/bin/install -c .libs/pam_securetty.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_securetty.so -[ 74s] libtool: install: /usr/bin/install -c .libs/pam_securetty.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_securetty.la -[ 74s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 74s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 74s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 74s] Making install in pam_selinux -[ 74s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 74s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 74s] make[3]: Nothing to be done for 'install-exec-am'. -[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 74s] /usr/bin/install -c -m 644 pam_selinux.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 74s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 74s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_selinux.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 74s] libtool: warning: relinking 'pam_selinux.la' -[ 74s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_selinux.la -rpath /lib64/security pam_selinux.lo ../../libpam/libpam.la -lselinux -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 74s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_selinux.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_selinux.so -o .libs/pam_selinux.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_selinux.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_selinux.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_selinux.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_selinux.la -[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 75s] Making install in pam_sepermit -[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 75s] make[3]: Nothing to be done for 'install-exec-am'. -[ 75s] mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/var/run/sepermit -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 75s] /usr/bin/install -c -m 644 sepermit.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 75s] /usr/bin/install -c -m 644 sepermit.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 75s] /usr/bin/install -c -m 644 pam_sepermit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 75s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_sepermit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 75s] libtool: warning: relinking 'pam_sepermit.la' -[ 75s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -I../../libpam_misc/include -D SEPERMIT_CONF_FILE=\"/etc/security/sepermit.conf\" -D SEPERMIT_LOCKDIR=\"/var/run/sepermit\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_sepermit.la -rpath /lib64/security pam_sepermit.lo ../../libpam/libpam.la -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 75s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_sepermit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_sepermit.so -o .libs/pam_sepermit.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_sepermit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_sepermit.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_sepermit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_sepermit.la -[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 75s] Making install in pam_setquota -[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 75s] make[3]: Nothing to be done for 'install-exec-am'. -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 75s] /usr/bin/install -c -m 644 pam_setquota.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 75s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_setquota.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 75s] libtool: warning: relinking 'pam_setquota.la' -[ 75s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_setquota.la -rpath /lib64/security pam_setquota.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 75s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_setquota.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_setquota.so -o .libs/pam_setquota.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_setquota.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_setquota.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_setquota.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_setquota.la -[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 75s] Making install in pam_shells -[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 75s] make[3]: Nothing to be done for 'install-exec-am'. -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 75s] /usr/bin/install -c -m 644 pam_shells.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 75s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 75s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_shells.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 75s] libtool: warning: relinking 'pam_shells.la' -[ 75s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_shells.la -rpath /lib64/security pam_shells.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 75s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_shells.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_shells.so -o .libs/pam_shells.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_shells.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_shells.so -[ 75s] libtool: install: /usr/bin/install -c .libs/pam_shells.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_shells.la -[ 75s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 75s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 75s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 75s] Making install in pam_stress -[ 75s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 75s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 75s] make[3]: Nothing to be done for 'install-exec-am'. -[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 76s] /usr/bin/install -c -m 644 pam_stress.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_stress.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 76s] libtool: warning: relinking 'pam_stress.la' -[ 76s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_stress.la -rpath /lib64/security pam_stress.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 76s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_stress.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_stress.so -o .libs/pam_stress.so -[ 76s] libtool: install: /usr/bin/install -c .libs/pam_stress.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_stress.so -[ 76s] libtool: install: /usr/bin/install -c .libs/pam_stress.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_stress.la -[ 76s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 76s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 76s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 76s] Making install in pam_succeed_if -[ 76s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 76s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 76s] make[3]: Nothing to be done for 'install-exec-am'. -[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 76s] /usr/bin/install -c -m 644 pam_succeed_if.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_succeed_if.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 76s] libtool: warning: relinking 'pam_succeed_if.la' -[ 76s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_succeed_if.la -rpath /lib64/security pam_succeed_if.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 76s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_succeed_if.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_succeed_if.so -o .libs/pam_succeed_if.so -[ 76s] libtool: install: /usr/bin/install -c .libs/pam_succeed_if.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_succeed_if.so -[ 76s] libtool: install: /usr/bin/install -c .libs/pam_succeed_if.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_succeed_if.la -[ 76s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 76s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 76s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 76s] Making install in pam_tally2 -[ 76s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 76s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_tally2 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 76s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' -[ 76s] libtool: install: /usr/bin/install -c .libs/pam_tally2 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/pam_tally2 -[ 76s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 76s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_tally2.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 76s] libtool: warning: relinking 'pam_tally2.la' -[ 76s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tally2.la -rpath /lib64/security pam_tally2.lo ../../libpam/libpam.la -laudit -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 76s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_tally2.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -laudit -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tally2.so -o .libs/pam_tally2.so -[ 77s] libtool: install: /usr/bin/install -c .libs/pam_tally2.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tally2.so -[ 77s] libtool: install: /usr/bin/install -c .libs/pam_tally2.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tally2.la -[ 77s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 77s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 77s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 77s] Making install in pam_time -[ 77s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 77s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 77s] make[3]: Nothing to be done for 'install-exec-am'. -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 77s] /usr/bin/install -c -m 644 time.conf '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security' -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 77s] /usr/bin/install -c -m 644 time.conf.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 77s] /usr/bin/install -c -m 644 pam_time.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_time.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 77s] libtool: warning: relinking 'pam_time.la' -[ 77s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DPAM_TIME_CONF=\"/etc/security/time.conf\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_time.la -rpath /lib64/security pam_time.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 77s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_time.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_time.so -o .libs/pam_time.so -[ 77s] libtool: install: /usr/bin/install -c .libs/pam_time.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_time.so -[ 77s] libtool: install: /usr/bin/install -c .libs/pam_time.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_time.la -[ 77s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 77s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 77s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 77s] Making install in pam_timestamp -[ 77s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 77s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_timestamp_check '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 77s] libtool: warning: '../../libpam/libpam.la' has not been installed in '/lib64' -[ 77s] libtool: install: /usr/bin/install -c .libs/pam_timestamp_check /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/pam_timestamp_check -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 77s] /usr/bin/install -c -m 644 pam_timestamp.8 pam_timestamp_check.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_timestamp.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 77s] libtool: warning: relinking 'pam_timestamp.la' -[ 77s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_timestamp.la -rpath /lib64/security pam_timestamp_la-pam_timestamp.lo pam_timestamp_la-hmacsha1.lo pam_timestamp_la-sha1.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 77s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_timestamp_la-pam_timestamp.o .libs/pam_timestamp_la-hmacsha1.o .libs/pam_timestamp_la-sha1.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_timestamp.so -o .libs/pam_timestamp.so -[ 77s] libtool: install: /usr/bin/install -c .libs/pam_timestamp.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_timestamp.so -[ 77s] libtool: install: /usr/bin/install -c .libs/pam_timestamp.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_timestamp.la -[ 77s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 77s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 77s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 77s] Making install in pam_tty_audit -[ 77s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 77s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 77s] make[3]: Nothing to be done for 'install-exec-am'. -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 77s] /usr/bin/install -c -m 644 pam_tty_audit.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 77s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 77s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_tty_audit.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 78s] libtool: warning: relinking 'pam_tty_audit.la' -[ 78s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_tty_audit.la -rpath /lib64/security pam_tty_audit.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 78s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_tty_audit.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_tty_audit.so -o .libs/pam_tty_audit.so -[ 78s] libtool: install: /usr/bin/install -c .libs/pam_tty_audit.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tty_audit.so -[ 78s] libtool: install: /usr/bin/install -c .libs/pam_tty_audit.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tty_audit.la -[ 78s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 78s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 78s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 78s] Making install in pam_umask -[ 78s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 78s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 78s] make[3]: Nothing to be done for 'install-exec-am'. -[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 78s] /usr/bin/install -c -m 644 pam_umask.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 78s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_umask.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 78s] libtool: warning: relinking 'pam_umask.la' -[ 78s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_umask.la -rpath /lib64/security pam_umask.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 78s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_umask.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_umask.so -o .libs/pam_umask.so -[ 78s] libtool: install: /usr/bin/install -c .libs/pam_umask.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_umask.so -[ 78s] libtool: install: /usr/bin/install -c .libs/pam_umask.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_umask.la -[ 78s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 78s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 78s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 78s] Making install in pam_unix -[ 78s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 78s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 78s] /bin/sh ../../libtool --mode=install /usr/bin/install -c unix_chkpwd unix_update '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin' -[ 78s] libtool: install: /usr/bin/install -c unix_chkpwd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/unix_chkpwd -[ 78s] libtool: install: /usr/bin/install -c unix_update /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin/unix_update -[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 78s] /usr/bin/install -c -m 644 pam_unix.8 unix_chkpwd.8 unix_update.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 78s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 78s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_unix.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 78s] libtool: warning: relinking 'pam_unix.la' -[ 78s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -DCHKPWD_HELPER=\"/sbin/unix_chkpwd\" -DUPDATE_HELPER=\"/sbin/unix_update\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_unix.la -rpath /lib64/security bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo yppasswd_xdr.lo md5_good.lo md5_broken.lo ../../libpam/libpam.la -lxcrypt -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 78s] libtool: relink: gcc -shared -fPIC -DPIC .libs/bigcrypt.o .libs/pam_unix_acct.o .libs/pam_unix_auth.o .libs/pam_unix_passwd.o .libs/pam_unix_sess.o .libs/support.o .libs/passverify.o .libs/yppasswd_xdr.o .libs/md5_good.o .libs/md5_broken.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lxcrypt -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_unix.so -o .libs/pam_unix.so -[ 79s] libtool: install: /usr/bin/install -c .libs/pam_unix.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so -[ 79s] libtool: install: /usr/bin/install -c .libs/pam_unix.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.la -[ 79s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 79s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 79s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 79s] Making install in pam_userdb -[ 79s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 79s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 79s] make[3]: Nothing to be done for 'install-exec-am'. -[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 79s] /usr/bin/install -c -m 644 pam_userdb.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 79s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_userdb.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 79s] libtool: warning: relinking 'pam_userdb.la' -[ 79s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -ldb -lxcrypt -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_userdb.la -rpath /lib64/security pam_userdb.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 79s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_userdb.o -ldb -lxcrypt -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_userdb.so -o .libs/pam_userdb.so -[ 79s] libtool: install: /usr/bin/install -c .libs/pam_userdb.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_userdb.so -[ 79s] libtool: install: /usr/bin/install -c .libs/pam_userdb.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_userdb.la -[ 79s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 79s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 79s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 79s] Making install in pam_usertype -[ 79s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 79s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 79s] make[3]: Nothing to be done for 'install-exec-am'. -[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 79s] /usr/bin/install -c -m 644 pam_usertype.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 79s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 79s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_usertype.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 79s] libtool: warning: relinking 'pam_usertype.la' -[ 79s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_usertype.la -rpath /lib64/security pam_usertype.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 79s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_usertype.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_usertype.so -o .libs/pam_usertype.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_usertype.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_usertype.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_usertype.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_usertype.la -[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 80s] Making install in pam_warn -[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 80s] make[3]: Nothing to be done for 'install-exec-am'. -[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 80s] /usr/bin/install -c -m 644 pam_warn.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 80s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_warn.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 80s] libtool: warning: relinking 'pam_warn.la' -[ 80s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_warn.la -rpath /lib64/security pam_warn.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 80s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_warn.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_warn.so -o .libs/pam_warn.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_warn.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_warn.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_warn.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_warn.la -[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 80s] Making install in pam_wheel -[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 80s] make[3]: Nothing to be done for 'install-exec-am'. -[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 80s] /usr/bin/install -c -m 644 pam_wheel.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 80s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_wheel.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 80s] libtool: warning: relinking 'pam_wheel.la' -[ 80s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_wheel.la -rpath /lib64/security pam_wheel.lo ../../libpam/libpam.la -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 80s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_wheel.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_wheel.so -o .libs/pam_wheel.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_wheel.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_wheel.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_wheel.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_wheel.la -[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 80s] Making install in pam_xauth -[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 80s] make[3]: Nothing to be done for 'install-exec-am'. -[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 80s] /usr/bin/install -c -m 644 pam_xauth.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 80s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 80s] /bin/sh ../../libtool --mode=install /usr/bin/install -c pam_xauth.la '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security' -[ 80s] libtool: warning: relinking 'pam_xauth.la' -[ 80s] libtool: install: (cd /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth; /bin/sh "/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/libtool" --tag CC --mode=relink gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o pam_xauth.la -rpath /lib64/security pam_xauth.lo ../../libpam/libpam.la -lselinux -inst-prefix-dir /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64) -[ 80s] libtool: relink: gcc -shared -fPIC -DPIC .libs/pam_xauth.o -L/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -L/lib64 -lpam -lselinux -O2 -fstack-protector-strong -flto=auto -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -Wl,-soname -Wl,pam_xauth.so -o .libs/pam_xauth.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_xauth.soT /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_xauth.so -[ 80s] libtool: install: /usr/bin/install -c .libs/pam_xauth.lai /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_xauth.la -[ 80s] libtool: warning: remember to run 'libtool --finish /lib64/security' -[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 80s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 80s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 80s] make[3]: Nothing to be done for 'install-exec-am'. -[ 80s] make[3]: Nothing to be done for 'install-data-am'. -[ 80s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 80s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 80s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules' -[ 80s] Making install in po -[ 80s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' -[ 80s] installing af.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo -[ 80s] installing am.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo -[ 80s] installing ar.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo -[ 80s] installing as.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo -[ 80s] installing be.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing bg.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing bn_IN.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing bn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing bs.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ca.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing cs.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing cy.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing da.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing de_CH.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing de.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing el.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing eo.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing es.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing et.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing eu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing fa.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing fi.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing fr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ga.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing gl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing gu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing he.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing hi.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing hr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing hu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ia.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing id.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing is.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing it.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ja.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ka.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing kk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing km.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing kn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ko.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing kw_GB.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ky.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing lt.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing lv.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing mk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ml.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing mn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing mr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ms.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing my.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing nb.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ne.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing nl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing nn.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing or.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing pa.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing pl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing pt_BR.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing pt.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ro.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ru.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing si.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing sk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing sl.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing sq.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing sr@latin.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing sr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing sv.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ta.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing te.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing tg.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing th.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing tr.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing uk.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing ur.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing vi.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing yo.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing zh_CN.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing zh_HK.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing zh_TW.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing zu.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo -[ 81s] installing az.gmo as /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo -[ 81s] if test "Linux-PAM" = "gettext-tools"; then \ -[ 81s] /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/gettext/po; \ -[ 81s] for file in Makefile.in.in remove-potcdate.sin quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot Makevars.template; do \ -[ 81s] /usr/bin/install -c -m 644 ./$file \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/gettext/po/$file; \ -[ 81s] done; \ -[ 81s] for file in Makevars; do \ -[ 81s] rm -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/gettext/po/$file; \ -[ 81s] done; \ -[ 81s] else \ -[ 81s] : ; \ -[ 81s] fi -[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/po' -[ 81s] Making install in conf -[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 81s] Making install in pam_conv1 -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 81s] make install-am -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 81s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 81s] make[4]: Nothing to be done for 'install-exec-am'. -[ 81s] make[4]: Nothing to be done for 'install-data-am'. -[ 81s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf/pam_conv1' -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 81s] make[3]: Nothing to be done for 'install-exec-am'. -[ 81s] make[3]: Nothing to be done for 'install-data-am'. -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/conf' -[ 81s] Making install in examples -[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' -[ 81s] make[2]: Nothing to be done for 'install-exec-am'. -[ 81s] make[2]: Nothing to be done for 'install-data-am'. -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' -[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/examples' -[ 81s] Making install in xtests -[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' -[ 81s] make[2]: Nothing to be done for 'install-exec-am'. -[ 81s] make[2]: Nothing to be done for 'install-data-am'. -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' -[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/xtests' -[ 81s] Making install in doc -[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 81s] Making install in man -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 81s] make[3]: Nothing to be done for 'install-exec-am'. -[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' -[ 81s] /usr/bin/install -c -m 644 pam.3 pam_acct_mgmt.3 pam_authenticate.3 pam_chauthtok.3 pam_close_session.3 pam_conv.3 pam_end.3 pam_error.3 pam_fail_delay.3 pam_xauth_data.3 pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 pam_getenvlist.3 pam_info.3 pam_open_session.3 pam_prompt.3 pam_putenv.3 pam_set_data.3 pam_set_item.3 pam_syslog.3 pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 misc_conv.3 pam_misc_paste_env.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' -[ 81s] /usr/bin/install -c -m 644 pam_misc_drop_env.3 pam_misc_setenv.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' -[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 81s] /usr/bin/install -c -m 644 pam.conf.5 pam.d.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 81s] /usr/bin/install -c -m 644 PAM.8 pam.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 81s] Making install in specs -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 81s] make install-am -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 81s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 81s] make[4]: Nothing to be done for 'install-exec-am'. -[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' -[ 81s] /usr/bin/install -c -m 644 draft-morgan-pam-current.txt rfc86.0.txt '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' -[ 81s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 81s] Making install in sag -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 81s] make[3]: Nothing to be done for 'install-exec-am'. -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html -[ 81s] if test -f html/Linux-PAM_SAG.html; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_SAG.html html/sag-*.html \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 81s] elif test -f ./html/Linux-PAM_SAG.html; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_SAG.html \ -[ 81s] ./html/sag-*.html \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 81s] fi -[ 81s] if test -f Linux-PAM_SAG.txt; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 81s] elif test -f ./Linux-PAM_SAG.txt; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.txt \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 81s] fi -[ 81s] if test -f Linux-PAM_SAG.pdf; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 81s] elif test -f ./Linux-PAM_SAG.pdf; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.pdf \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 81s] fi -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 81s] Making install in adg -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 81s] make[3]: Nothing to be done for 'install-exec-am'. -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html -[ 81s] if test -f html/Linux-PAM_ADG.html; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_ADG.html html/adg-*.html \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 81s] elif test -f ./html/Linux-PAM_ADG.html; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_ADG.html \ -[ 81s] ./html/adg-*.html \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 81s] fi -[ 81s] if test -f Linux-PAM_ADG.txt; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 81s] elif test -f ./Linux-PAM_ADG.txt; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.txt \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 81s] fi -[ 81s] if test -f Linux-PAM_ADG.pdf; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 81s] elif test -f ./Linux-PAM_ADG.pdf; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.pdf \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 81s] fi -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 81s] Making install in mwg -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 81s] make[3]: Nothing to be done for 'install-exec-am'. -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html -[ 81s] if test -f html/Linux-PAM_MWG.html; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_MWG.html html/mwg-*.html \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 81s] elif test -f ./html/Linux-PAM_MWG.html; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_MWG.html \ -[ 81s] ./html/mwg-*.html \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 81s] fi -[ 81s] if test -f Linux-PAM_MWG.txt; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 81s] elif test -f ./Linux-PAM_MWG.txt; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.txt \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 81s] fi -[ 81s] if test -f Linux-PAM_MWG.pdf; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 81s] elif test -f ./Linux-PAM_MWG.pdf; then \ -[ 81s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.pdf \ -[ 81s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 81s] fi -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 81s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 81s] make[3]: Nothing to be done for 'install-exec-am'. -[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' -[ 81s] /usr/bin/install -c -m 644 index.html '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' -[ 81s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 81s] make[2]: Nothing to be done for 'install-exec-am'. -[ 81s] make[2]: Nothing to be done for 'install-data-am'. -[ 81s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 81s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1' -[ 81s] + /sbin/ldconfig -n /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64 -[ 81s] + make install DESTDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -C doc -[ 81s] make: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 81s] Making install in man -[ 81s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 81s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 81s] make[2]: Nothing to be done for 'install-exec-am'. -[ 81s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' -[ 82s] /usr/bin/install -c -m 644 pam.3 pam_acct_mgmt.3 pam_authenticate.3 pam_chauthtok.3 pam_close_session.3 pam_conv.3 pam_end.3 pam_error.3 pam_fail_delay.3 pam_xauth_data.3 pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 pam_get_data.3 pam_get_item.3 pam_get_user.3 pam_getenv.3 pam_getenvlist.3 pam_info.3 pam_open_session.3 pam_prompt.3 pam_putenv.3 pam_set_data.3 pam_set_item.3 pam_syslog.3 pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 misc_conv.3 pam_misc_paste_env.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' -[ 82s] /usr/bin/install -c -m 644 pam_misc_drop_env.3 pam_misc_setenv.3 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man3' -[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 82s] /usr/bin/install -c -m 644 pam.conf.5 pam.d.5 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man5' -[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 82s] /usr/bin/install -c -m 644 PAM.8 pam.8 '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/man/man8' -[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/man' -[ 82s] Making install in specs -[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 82s] make install-am -[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 82s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 82s] make[3]: Nothing to be done for 'install-exec-am'. -[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' -[ 82s] /usr/bin/install -c -m 644 draft-morgan-pam-current.txt rfc86.0.txt '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam' -[ 82s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/specs' -[ 82s] Making install in sag -[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 82s] make[2]: Nothing to be done for 'install-exec-am'. -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html -[ 82s] if test -f html/Linux-PAM_SAG.html; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_SAG.html html/sag-*.html \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 82s] elif test -f ./html/Linux-PAM_SAG.html; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_SAG.html \ -[ 82s] ./html/sag-*.html \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 82s] fi -[ 82s] if test -f Linux-PAM_SAG.txt; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 82s] elif test -f ./Linux-PAM_SAG.txt; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.txt \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 82s] fi -[ 82s] if test -f Linux-PAM_SAG.pdf; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_SAG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 82s] elif test -f ./Linux-PAM_SAG.pdf; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_SAG.pdf \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 82s] fi -[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/sag' -[ 82s] Making install in adg -[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 82s] make[2]: Nothing to be done for 'install-exec-am'. -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html -[ 82s] if test -f html/Linux-PAM_ADG.html; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_ADG.html html/adg-*.html \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 82s] elif test -f ./html/Linux-PAM_ADG.html; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_ADG.html \ -[ 82s] ./html/adg-*.html \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 82s] fi -[ 82s] if test -f Linux-PAM_ADG.txt; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 82s] elif test -f ./Linux-PAM_ADG.txt; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.txt \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 82s] fi -[ 82s] if test -f Linux-PAM_ADG.pdf; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_ADG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 82s] elif test -f ./Linux-PAM_ADG.pdf; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_ADG.pdf \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 82s] fi -[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/adg' -[ 82s] Making install in mwg -[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 82s] make[2]: Nothing to be done for 'install-exec-am'. -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html -[ 82s] if test -f html/Linux-PAM_MWG.html; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 html/Linux-PAM_MWG.html html/mwg-*.html \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 82s] elif test -f ./html/Linux-PAM_MWG.html; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./html/Linux-PAM_MWG.html \ -[ 82s] ./html/mwg-*.html \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html/; \ -[ 82s] fi -[ 82s] if test -f Linux-PAM_MWG.txt; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.txt /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 82s] elif test -f ./Linux-PAM_MWG.txt; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.txt \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/; \ -[ 82s] fi -[ 82s] if test -f Linux-PAM_MWG.pdf; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 Linux-PAM_MWG.pdf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 82s] elif test -f ./Linux-PAM_MWG.pdf; then \ -[ 82s] /bin/sh /home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/build-aux/install-sh -c -m 644 ./Linux-PAM_MWG.pdf \ -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/pdf/; \ -[ 82s] fi -[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc/mwg' -[ 82s] make[1]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 82s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 82s] make[2]: Nothing to be done for 'install-exec-am'. -[ 82s] /usr/bin/mkdir -p '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' -[ 82s] /usr/bin/install -c -m 644 index.html '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/html' -[ 82s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 82s] make[1]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 82s] make: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/doc' -[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/securetty /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc -[ 82s] + install -d /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/etc/security/namespace.d -[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/other.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/other -[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-auth.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-auth -[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-account.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-account -[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-password.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-password -[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/common-session.pamd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/etc/pam.d/common-session -[ 82s] + rm /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.so -[ 82s] + ln -sf ../../lib64/libpam.so.0.85.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64/libpam.so -[ 82s] + rm /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.so -[ 82s] + ln -sf ../../lib64/libpamc.so.0.82.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64/libpamc.so -[ 82s] + rm /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.so -[ 82s] + ln -sf ../../lib64/libpam_misc.so.0.82.1 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib64/libpam_misc.so -[ 82s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/motd.d -[ 82s] + find /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -type f -name '*.la' -delete -print -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_access.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_cracklib.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_debug.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_deny.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_echo.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_env.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_exec.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faildelay.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_faillock.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_filter.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_ftp.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_group.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_issue.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_keyinit.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_lastlog.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_limits.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_listfile.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_localuser.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_loginuid.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mail.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_mkhomedir.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_motd.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_namespace.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_nologin.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_permit.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_pwhistory.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rhosts.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_rootok.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_securetty.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_selinux.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_sepermit.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_setquota.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_shells.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_stress.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_succeed_if.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tally2.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_time.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_timestamp.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_tty_audit.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_umask.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_userdb.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_usertype.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_warn.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_wheel.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_xauth.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpamc.la -[ 82s] /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/libpam_misc.la -[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session -[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_auth.so -[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session -[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_acct.so -[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session -[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_passwd.so -[ 82s] + for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session -[ 82s] + ln -f /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix.so /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/lib64/security/pam_unix_session.so -[ 82s] + DOC=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 82s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules -[ 82s] + pushd modules -[ 82s] ~/rpmbuild/BUILD/Linux-PAM-1.5.1/modules ~/rpmbuild/BUILD/Linux-PAM-1.5.1 -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_access/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_access -[ 82s] 'pam_access/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_access' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_debug/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_debug -[ 82s] 'pam_debug/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_debug' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_deny/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_deny -[ 82s] 'pam_deny/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_deny' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_echo/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_echo -[ 82s] 'pam_echo/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_echo' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_env/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_env -[ 82s] 'pam_env/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_env' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_exec/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_exec -[ 82s] 'pam_exec/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_exec' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_faildelay/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faildelay -[ 82s] 'pam_faildelay/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faildelay' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_faillock/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faillock -[ 82s] 'pam_faillock/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_faillock' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_filter/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_filter -[ 82s] 'pam_filter/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_filter' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_ftp/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_ftp -[ 82s] 'pam_ftp/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_ftp' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_group/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_group -[ 82s] 'pam_group/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_group' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_issue/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_issue -[ 82s] 'pam_issue/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_issue' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_keyinit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_keyinit -[ 82s] 'pam_keyinit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_keyinit' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_lastlog/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_lastlog -[ 82s] 'pam_lastlog/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_lastlog' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_limits/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_limits -[ 82s] 'pam_limits/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_limits' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_listfile/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_listfile -[ 82s] 'pam_listfile/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_listfile' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_localuser/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_localuser -[ 82s] 'pam_localuser/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_localuser' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_loginuid/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_loginuid -[ 82s] 'pam_loginuid/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_loginuid' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_mail/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mail -[ 82s] 'pam_mail/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mail' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_mkhomedir/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mkhomedir -[ 82s] 'pam_mkhomedir/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_mkhomedir' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_motd/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_motd -[ 82s] 'pam_motd/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_motd' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_namespace/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_namespace -[ 82s] 'pam_namespace/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_namespace' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_nologin/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_nologin -[ 82s] 'pam_nologin/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_nologin' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_permit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_permit -[ 82s] 'pam_permit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_permit' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_pwhistory/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_pwhistory -[ 82s] 'pam_pwhistory/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_pwhistory' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_rhosts/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rhosts -[ 82s] 'pam_rhosts/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rhosts' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_rootok/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rootok -[ 82s] 'pam_rootok/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_rootok' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_securetty/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_securetty -[ 82s] 'pam_securetty/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_securetty' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_selinux/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_selinux -[ 82s] 'pam_selinux/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_selinux' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_sepermit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_sepermit -[ 82s] 'pam_sepermit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_sepermit' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_setquota/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_setquota -[ 82s] 'pam_setquota/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_setquota' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_shells/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_shells -[ 82s] 'pam_shells/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_shells' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_stress/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_stress -[ 82s] 'pam_stress/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_stress' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_succeed_if/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_succeed_if -[ 82s] 'pam_succeed_if/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_succeed_if' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_time/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_time -[ 82s] 'pam_time/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_time' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_timestamp/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_timestamp -[ 82s] 'pam_timestamp/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_timestamp' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_tty_audit/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_tty_audit -[ 82s] 'pam_tty_audit/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_tty_audit' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_umask/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_umask -[ 82s] 'pam_umask/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_umask' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_unix/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_unix -[ 82s] 'pam_unix/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_unix' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_userdb/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_userdb -[ 82s] 'pam_userdb/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_userdb' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_usertype/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_usertype -[ 82s] 'pam_usertype/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_usertype' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_warn/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_warn -[ 82s] 'pam_warn/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_warn' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_wheel/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_wheel -[ 82s] 'pam_wheel/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_wheel' -[ 82s] + for i in pam_*/README -[ 82s] + cp -fpv pam_xauth/README /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_xauth -[ 82s] 'pam_xauth/README' -> '/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam/modules/README.pam_xauth' -[ 82s] + popd -[ 82s] ~/rpmbuild/BUILD/Linux-PAM-1.5.1 -[ 82s] + install -m 755 /home/abuild/rpmbuild/BUILD/unix2_chkpwd /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/sbin -[ 82s] + install -m 644 /home/abuild/rpmbuild/SOURCES/unix2_chkpwd.8 /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64//usr/share/man/man8/ -[ 82s] + mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/lib/rpm/macros.d -[ 82s] + echo '%_pamdir /lib64/security' -[ 82s] + /usr/lib/rpm/find-lang.sh /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 Linux-PAM -[ 82s] removing translation /usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 82s] removing translation /usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 82s] removing translation /usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 82s] removing translation /usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 82s] removing translation /usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo: 23 translated messages. -[ 82s] removing translation /usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 82s] removing translation /usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 82s] removing translation /usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 82s] removing translation /usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo: 1 translated message. -[ 82s] removing translation /usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 83s] removing translation /usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo: 64 translated messages. -[ 83s] removing translation /usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 83s] removing translation /usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 83s] removing translation /usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo: 0 translated messages. -[ 83s] removing translation /usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo: 61 translated messages. -[ 83s] removing translation /usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo: 19 translated messages. -[ 83s] + /usr/lib/rpm/brp-compress -[ 83s] + /usr/lib/rpm/brp-suse -[ 83s] calling /usr/lib/rpm/brp-suse.d/brp-05-permissions -[ 83s] calling /usr/lib/rpm/brp-suse.d/brp-15-strip-debug -[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-25-symlink -[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-40-rootfs -[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-45-tcl -[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-50-generate-fips-hmac -[ 84s] calling /usr/lib/rpm/brp-suse.d/brp-75-ar -[ 84s] Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.gLO8R7 -[ 84s] + umask 022 -[ 84s] + cd /home/abuild/rpmbuild/BUILD -[ 84s] + cd Linux-PAM-1.5.1 -[ 84s] + /usr/bin/make -O -j8 V=1 VERBOSE=1 check -[ 84s] Making check in libpam -[ 84s] make[1]: Nothing to be done for 'check'. -[ 84s] Making check in tests -[ 84s] /usr/bin/make tst-pam_start tst-pam_end tst-pam_fail_delay tst-pam_open_session tst-pam_close_session tst-pam_acct_mgmt tst-pam_authenticate tst-pam_chauthtok tst-pam_setcred tst-pam_get_item tst-pam_set_item tst-pam_getenvlist tst-pam_get_user tst-pam_set_data tst-pam_mkargv tst-pam_start_confdir tst-dlopen -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_open_session.o tst-pam_open_session.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_start.o tst-pam_start.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_fail_delay.o tst-pam_fail_delay.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_close_session.o tst-pam_close_session.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_acct_mgmt.o tst-pam_acct_mgmt.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_authenticate.o tst-pam_authenticate.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_chauthtok.o tst-pam_chauthtok.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_end.o tst-pam_end.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_get_item.o tst-pam_get_item.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_set_item.o tst-pam_set_item.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_get_user.o tst-pam_get_user.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_getenvlist.o tst-pam_getenvlist.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_mkargv.o tst-pam_mkargv.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-dlopen.o tst-dlopen.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_start_confdir.o tst-pam_start_confdir.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_set_data.o tst-pam_set_data.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] gcc -DHAVE_CONFIG_H -I. -I.. -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_setcred.o tst-pam_setcred.c -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_end tst-pam_end.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_end tst-pam_end.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_start tst-pam_start.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_start tst-pam_start.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_authenticate tst-pam_authenticate.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_authenticate tst-pam_authenticate.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_chauthtok tst-pam_chauthtok.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_chauthtok tst-pam_chauthtok.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_fail_delay tst-pam_fail_delay.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_fail_delay tst-pam_fail_delay.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_close_session tst-pam_close_session.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_close_session tst-pam_close_session.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_acct_mgmt tst-pam_acct_mgmt.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_acct_mgmt tst-pam_acct_mgmt.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_open_session tst-pam_open_session.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_open_session tst-pam_open_session.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_setcred tst-pam_setcred.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_setcred tst-pam_setcred.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_get_item tst-pam_get_item.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_get_item tst-pam_get_item.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_getenvlist tst-pam_getenvlist.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_getenvlist tst-pam_getenvlist.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_mkargv tst-pam_mkargv.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_mkargv tst-pam_mkargv.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_set_item tst-pam_set_item.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_set_item tst-pam_set_item.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_get_user tst-pam_get_user.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_get_user tst-pam_get_user.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_set_data tst-pam_set_data.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_set_data tst-pam_set_data.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-dlopen tst-dlopen.o -ldl -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-dlopen tst-dlopen.o -ldl -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[2]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /bin/sh ../libtool --tag=CC --mode=link gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_start_confdir tst-pam_start_confdir.o ../libpam/libpam.la -[ 84s] libtool: link: gcc -DLIBPAM_COMPILE -I../libpam/include -I../libpam -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_start_confdir tst-pam_start_confdir.o ../libpam/.libs/libpam.so -[ 84s] make[2]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] /usr/bin/make check-TESTS -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_start -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_open_session -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_close_session -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_authenticate -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_acct_mgmt -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_chauthtok -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_end -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_fail_delay -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_setcred -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_getenvlist -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_get_item -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_set_item -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 84s] PASS: tst-pam_get_user -[ 84s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] PASS: tst-pam_set_data -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] PASS: tst-pam_mkargv -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] PASS: tst-pam_start_confdir -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] ============================================================================ -[ 85s] Testsuite summary for Linux-PAM 1.5.1 -[ 85s] ============================================================================ -[ 85s] # TOTAL: 16 -[ 85s] # PASS: 16 -[ 85s] # SKIP: 0 -[ 85s] # XFAIL: 0 -[ 85s] # FAIL: 0 -[ 85s] # XPASS: 0 -[ 85s] # ERROR: 0 -[ 85s] ============================================================================ -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/tests' -[ 85s] Making check in libpamc -[ 85s] Making check in test -[ 85s] make[2]: Nothing to be done for 'check'. -[ 85s] make[2]: Nothing to be done for 'check-am'. -[ 85s] Making check in libpam_misc -[ 85s] make[1]: Nothing to be done for 'check'. -[ 85s] Making check in modules -[ 85s] Making check in pam_access -[ 85s] /usr/bin/make tst-pam_access -[ 85s] make[3]: Nothing to be done for 'tst-pam_access'. -[ 85s] /usr/bin/make check-TESTS -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 85s] PASS: tst-pam_access -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 85s] ============================================================================ -[ 85s] Testsuite summary for Linux-PAM 1.5.1 -[ 85s] ============================================================================ -[ 85s] # TOTAL: 1 -[ 85s] # PASS: 1 -[ 85s] # SKIP: 0 -[ 85s] # XFAIL: 0 -[ 85s] # FAIL: 0 -[ 85s] # XPASS: 0 -[ 85s] # ERROR: 0 -[ 85s] ============================================================================ -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_access' -[ 85s] Making check in pam_cracklib -[ 85s] /usr/bin/make tst-pam_cracklib -[ 85s] make[3]: Nothing to be done for 'tst-pam_cracklib'. -[ 85s] /usr/bin/make check-TESTS -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 85s] PASS: tst-pam_cracklib -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 85s] ============================================================================ -[ 85s] Testsuite summary for Linux-PAM 1.5.1 -[ 85s] ============================================================================ -[ 85s] # TOTAL: 1 -[ 85s] # PASS: 1 -[ 85s] # SKIP: 0 -[ 85s] # XFAIL: 0 -[ 85s] # FAIL: 0 -[ 85s] # XPASS: 0 -[ 85s] # ERROR: 0 -[ 85s] ============================================================================ -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_cracklib' -[ 85s] Making check in pam_debug -[ 85s] /usr/bin/make tst-pam_debug-retval \ -[ 85s] tst-pam_debug -[ 85s] make[3]: Nothing to be done for 'tst-pam_debug'. -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_debug-retval.o tst-pam_debug-retval.c -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_debug-retval tst-pam_debug-retval.o ../../libpam/libpam.la -[ 85s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_debug-retval tst-pam_debug-retval.o ../../libpam/.libs/libpam.so -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] /usr/bin/make check-TESTS -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] PASS: tst-pam_debug -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] PASS: tst-pam_debug-retval -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] ============================================================================ -[ 85s] Testsuite summary for Linux-PAM 1.5.1 -[ 85s] ============================================================================ -[ 85s] # TOTAL: 2 -[ 85s] # PASS: 2 -[ 85s] # SKIP: 0 -[ 85s] # XFAIL: 0 -[ 85s] # FAIL: 0 -[ 85s] # XPASS: 0 -[ 85s] # ERROR: 0 -[ 85s] ============================================================================ -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_debug' -[ 85s] Making check in pam_deny -[ 85s] /usr/bin/make tst-pam_deny-retval \ -[ 85s] tst-pam_deny -[ 85s] make[3]: Nothing to be done for 'tst-pam_deny'. -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_deny-retval.o tst-pam_deny-retval.c -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_deny-retval tst-pam_deny-retval.o ../../libpam/libpam.la -[ 85s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_deny-retval tst-pam_deny-retval.o ../../libpam/.libs/libpam.so -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] /usr/bin/make check-TESTS -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] PASS: tst-pam_deny -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] PASS: tst-pam_deny-retval -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] ============================================================================ -[ 85s] Testsuite summary for Linux-PAM 1.5.1 -[ 85s] ============================================================================ -[ 85s] # TOTAL: 2 -[ 85s] # PASS: 2 -[ 85s] # SKIP: 0 -[ 85s] # XFAIL: 0 -[ 85s] # FAIL: 0 -[ 85s] # XPASS: 0 -[ 85s] # ERROR: 0 -[ 85s] ============================================================================ -[ 85s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_deny' -[ 85s] Making check in pam_echo -[ 85s] /usr/bin/make tst-pam_echo-retval \ -[ 85s] tst-pam_echo -[ 85s] make[3]: Nothing to be done for 'tst-pam_echo'. -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 85s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_echo-retval.o tst-pam_echo-retval.c -[ 85s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 85s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 85s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_echo-retval tst-pam_echo-retval.o ../../libpam/libpam.la -[ 85s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_echo-retval tst-pam_echo-retval.o ../../libpam/.libs/libpam.so -[ 86s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 86s] PASS: tst-pam_echo -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 86s] PASS: tst-pam_echo-retval -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 2 -[ 86s] # PASS: 2 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_echo' -[ 86s] Making check in pam_env -[ 86s] /usr/bin/make tst-pam_env -[ 86s] make[3]: Nothing to be done for 'tst-pam_env'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 86s] PASS: tst-pam_env -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_env' -[ 86s] Making check in pam_exec -[ 86s] /usr/bin/make tst-pam_exec -[ 86s] make[3]: Nothing to be done for 'tst-pam_exec'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 86s] PASS: tst-pam_exec -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_exec' -[ 86s] Making check in pam_faildelay -[ 86s] /usr/bin/make tst-pam_faildelay-retval \ -[ 86s] tst-pam_faildelay -[ 86s] make[3]: Nothing to be done for 'tst-pam_faildelay'. -[ 86s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_faildelay-retval.o tst-pam_faildelay-retval.c -[ 86s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_faildelay-retval tst-pam_faildelay-retval.o ../../libpam/libpam.la -[ 86s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_faildelay-retval tst-pam_faildelay-retval.o ../../libpam/.libs/libpam.so -[ 86s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] PASS: tst-pam_faildelay -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] PASS: tst-pam_faildelay-retval -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 2 -[ 86s] # PASS: 2 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faildelay' -[ 86s] Making check in pam_faillock -[ 86s] /usr/bin/make tst-pam_faillock -[ 86s] make[3]: Nothing to be done for 'tst-pam_faillock'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 86s] PASS: tst-pam_faillock -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_faillock' -[ 86s] Making check in pam_filter -[ 86s] Making check in upperLOWER -[ 86s] make[3]: Nothing to be done for 'check'. -[ 86s] /usr/bin/make tst-pam_filter -[ 86s] make[4]: Nothing to be done for 'tst-pam_filter'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[5]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 86s] PASS: tst-pam_filter -[ 86s] make[5]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 86s] make[5]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[5]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_filter' -[ 86s] Making check in pam_ftp -[ 86s] /usr/bin/make tst-pam_ftp -[ 86s] make[3]: Nothing to be done for 'tst-pam_ftp'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 86s] PASS: tst-pam_ftp -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_ftp' -[ 86s] Making check in pam_group -[ 86s] /usr/bin/make tst-pam_group -[ 86s] make[3]: Nothing to be done for 'tst-pam_group'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 86s] PASS: tst-pam_group -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_group' -[ 86s] Making check in pam_issue -[ 86s] /usr/bin/make tst-pam_issue -[ 86s] make[3]: Nothing to be done for 'tst-pam_issue'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 86s] PASS: tst-pam_issue -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_issue' -[ 86s] Making check in pam_keyinit -[ 86s] /usr/bin/make tst-pam_keyinit -[ 86s] make[3]: Nothing to be done for 'tst-pam_keyinit'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 86s] PASS: tst-pam_keyinit -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_keyinit' -[ 86s] Making check in pam_lastlog -[ 86s] /usr/bin/make tst-pam_lastlog -[ 86s] make[3]: Nothing to be done for 'tst-pam_lastlog'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 86s] PASS: tst-pam_lastlog -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_lastlog' -[ 86s] Making check in pam_limits -[ 86s] /usr/bin/make tst-pam_limits -[ 86s] make[3]: Nothing to be done for 'tst-pam_limits'. -[ 86s] /usr/bin/make check-TESTS -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 86s] PASS: tst-pam_limits -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 86s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 86s] ============================================================================ -[ 86s] Testsuite summary for Linux-PAM 1.5.1 -[ 86s] ============================================================================ -[ 86s] # TOTAL: 1 -[ 86s] # PASS: 1 -[ 86s] # SKIP: 0 -[ 86s] # XFAIL: 0 -[ 86s] # FAIL: 0 -[ 86s] # XPASS: 0 -[ 86s] # ERROR: 0 -[ 86s] ============================================================================ -[ 86s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_limits' -[ 86s] Making check in pam_listfile -[ 86s] /usr/bin/make tst-pam_listfile -[ 86s] make[3]: Nothing to be done for 'tst-pam_listfile'. -[ 86s] /usr/bin/make check-TESTS -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 87s] PASS: tst-pam_listfile -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 87s] ============================================================================ -[ 87s] Testsuite summary for Linux-PAM 1.5.1 -[ 87s] ============================================================================ -[ 87s] # TOTAL: 1 -[ 87s] # PASS: 1 -[ 87s] # SKIP: 0 -[ 87s] # XFAIL: 0 -[ 87s] # FAIL: 0 -[ 87s] # XPASS: 0 -[ 87s] # ERROR: 0 -[ 87s] ============================================================================ -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_listfile' -[ 87s] Making check in pam_localuser -[ 87s] /usr/bin/make tst-pam_localuser-retval \ -[ 87s] tst-pam_localuser -[ 87s] make[3]: Nothing to be done for 'tst-pam_localuser'. -[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_localuser-retval.o tst-pam_localuser-retval.c -[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_localuser-retval tst-pam_localuser-retval.o ../../libpam/libpam.la -[ 87s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_localuser-retval tst-pam_localuser-retval.o ../../libpam/.libs/libpam.so -[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] /usr/bin/make check-TESTS -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] PASS: tst-pam_localuser -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] PASS: tst-pam_localuser-retval -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] ============================================================================ -[ 87s] Testsuite summary for Linux-PAM 1.5.1 -[ 87s] ============================================================================ -[ 87s] # TOTAL: 2 -[ 87s] # PASS: 2 -[ 87s] # SKIP: 0 -[ 87s] # XFAIL: 0 -[ 87s] # FAIL: 0 -[ 87s] # XPASS: 0 -[ 87s] # ERROR: 0 -[ 87s] ============================================================================ -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_localuser' -[ 87s] Making check in pam_loginuid -[ 87s] /usr/bin/make tst-pam_loginuid -[ 87s] make[3]: Nothing to be done for 'tst-pam_loginuid'. -[ 87s] /usr/bin/make check-TESTS -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 87s] PASS: tst-pam_loginuid -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 87s] ============================================================================ -[ 87s] Testsuite summary for Linux-PAM 1.5.1 -[ 87s] ============================================================================ -[ 87s] # TOTAL: 1 -[ 87s] # PASS: 1 -[ 87s] # SKIP: 0 -[ 87s] # XFAIL: 0 -[ 87s] # FAIL: 0 -[ 87s] # XPASS: 0 -[ 87s] # ERROR: 0 -[ 87s] ============================================================================ -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_loginuid' -[ 87s] Making check in pam_mail -[ 87s] /usr/bin/make tst-pam_mail -[ 87s] make[3]: Nothing to be done for 'tst-pam_mail'. -[ 87s] /usr/bin/make check-TESTS -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 87s] PASS: tst-pam_mail -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 87s] ============================================================================ -[ 87s] Testsuite summary for Linux-PAM 1.5.1 -[ 87s] ============================================================================ -[ 87s] # TOTAL: 1 -[ 87s] # PASS: 1 -[ 87s] # SKIP: 0 -[ 87s] # XFAIL: 0 -[ 87s] # FAIL: 0 -[ 87s] # XPASS: 0 -[ 87s] # ERROR: 0 -[ 87s] ============================================================================ -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mail' -[ 87s] Making check in pam_mkhomedir -[ 87s] /usr/bin/make tst-pam_mkhomedir-retval \ -[ 87s] tst-pam_mkhomedir -[ 87s] make[3]: Nothing to be done for 'tst-pam_mkhomedir'. -[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_mkhomedir-retval.o tst-pam_mkhomedir-retval.c -[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_mkhomedir-retval tst-pam_mkhomedir-retval.o ../../libpam/libpam.la -[ 87s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -DMKHOMEDIR_HELPER=\"/sbin/mkhomedir_helper\" -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_mkhomedir-retval tst-pam_mkhomedir-retval.o ../../libpam/.libs/libpam.so -[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] /usr/bin/make check-TESTS -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] PASS: tst-pam_mkhomedir -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] PASS: tst-pam_mkhomedir-retval -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] ============================================================================ -[ 87s] Testsuite summary for Linux-PAM 1.5.1 -[ 87s] ============================================================================ -[ 87s] # TOTAL: 2 -[ 87s] # PASS: 2 -[ 87s] # SKIP: 0 -[ 87s] # XFAIL: 0 -[ 87s] # FAIL: 0 -[ 87s] # XPASS: 0 -[ 87s] # ERROR: 0 -[ 87s] ============================================================================ -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_mkhomedir' -[ 87s] Making check in pam_motd -[ 87s] /usr/bin/make tst-pam_motd -[ 87s] make[3]: Nothing to be done for 'tst-pam_motd'. -[ 87s] /usr/bin/make check-TESTS -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 87s] PASS: tst-pam_motd -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 87s] ============================================================================ -[ 87s] Testsuite summary for Linux-PAM 1.5.1 -[ 87s] ============================================================================ -[ 87s] # TOTAL: 1 -[ 87s] # PASS: 1 -[ 87s] # SKIP: 0 -[ 87s] # XFAIL: 0 -[ 87s] # FAIL: 0 -[ 87s] # XPASS: 0 -[ 87s] # ERROR: 0 -[ 87s] ============================================================================ -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_motd' -[ 87s] Making check in pam_namespace -[ 87s] /usr/bin/make tst-pam_namespace -[ 87s] make[3]: Nothing to be done for 'tst-pam_namespace'. -[ 87s] /usr/bin/make check-TESTS -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 87s] PASS: tst-pam_namespace -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 87s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 87s] ============================================================================ -[ 87s] Testsuite summary for Linux-PAM 1.5.1 -[ 87s] ============================================================================ -[ 87s] # TOTAL: 1 -[ 87s] # PASS: 1 -[ 87s] # SKIP: 0 -[ 87s] # XFAIL: 0 -[ 87s] # FAIL: 0 -[ 87s] # XPASS: 0 -[ 87s] # ERROR: 0 -[ 87s] ============================================================================ -[ 87s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_namespace' -[ 87s] Making check in pam_nologin -[ 87s] /usr/bin/make tst-pam_nologin-retval \ -[ 87s] tst-pam_nologin -[ 87s] make[3]: Nothing to be done for 'tst-pam_nologin'. -[ 87s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 87s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_nologin-retval.o tst-pam_nologin-retval.c -[ 87s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_nologin-retval tst-pam_nologin-retval.o ../../libpam/libpam.la -[ 88s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_nologin-retval tst-pam_nologin-retval.o ../../libpam/.libs/libpam.so -[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] /usr/bin/make check-TESTS -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] PASS: tst-pam_nologin -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] PASS: tst-pam_nologin-retval -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] ============================================================================ -[ 88s] Testsuite summary for Linux-PAM 1.5.1 -[ 88s] ============================================================================ -[ 88s] # TOTAL: 2 -[ 88s] # PASS: 2 -[ 88s] # SKIP: 0 -[ 88s] # XFAIL: 0 -[ 88s] # FAIL: 0 -[ 88s] # XPASS: 0 -[ 88s] # ERROR: 0 -[ 88s] ============================================================================ -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_nologin' -[ 88s] Making check in pam_permit -[ 88s] /usr/bin/make tst-pam_permit-retval \ -[ 88s] tst-pam_permit -[ 88s] make[3]: Nothing to be done for 'tst-pam_permit'. -[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_permit-retval.o tst-pam_permit-retval.c -[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_permit-retval tst-pam_permit-retval.o ../../libpam/libpam.la -[ 88s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_permit-retval tst-pam_permit-retval.o ../../libpam/.libs/libpam.so -[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] /usr/bin/make check-TESTS -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] PASS: tst-pam_permit -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] PASS: tst-pam_permit-retval -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] ============================================================================ -[ 88s] Testsuite summary for Linux-PAM 1.5.1 -[ 88s] ============================================================================ -[ 88s] # TOTAL: 2 -[ 88s] # PASS: 2 -[ 88s] # SKIP: 0 -[ 88s] # XFAIL: 0 -[ 88s] # FAIL: 0 -[ 88s] # XPASS: 0 -[ 88s] # ERROR: 0 -[ 88s] ============================================================================ -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_permit' -[ 88s] Making check in pam_pwhistory -[ 88s] /usr/bin/make tst-pam_pwhistory -[ 88s] make[3]: Nothing to be done for 'tst-pam_pwhistory'. -[ 88s] /usr/bin/make check-TESTS -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 88s] PASS: tst-pam_pwhistory -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 88s] ============================================================================ -[ 88s] Testsuite summary for Linux-PAM 1.5.1 -[ 88s] ============================================================================ -[ 88s] # TOTAL: 1 -[ 88s] # PASS: 1 -[ 88s] # SKIP: 0 -[ 88s] # XFAIL: 0 -[ 88s] # FAIL: 0 -[ 88s] # XPASS: 0 -[ 88s] # ERROR: 0 -[ 88s] ============================================================================ -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_pwhistory' -[ 88s] Making check in pam_rhosts -[ 88s] /usr/bin/make tst-pam_rhosts -[ 88s] make[3]: Nothing to be done for 'tst-pam_rhosts'. -[ 88s] /usr/bin/make check-TESTS -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 88s] PASS: tst-pam_rhosts -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 88s] ============================================================================ -[ 88s] Testsuite summary for Linux-PAM 1.5.1 -[ 88s] ============================================================================ -[ 88s] # TOTAL: 1 -[ 88s] # PASS: 1 -[ 88s] # SKIP: 0 -[ 88s] # XFAIL: 0 -[ 88s] # FAIL: 0 -[ 88s] # XPASS: 0 -[ 88s] # ERROR: 0 -[ 88s] ============================================================================ -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rhosts' -[ 88s] Making check in pam_rootok -[ 88s] /usr/bin/make tst-pam_rootok-retval \ -[ 88s] tst-pam_rootok -[ 88s] make[3]: Nothing to be done for 'tst-pam_rootok'. -[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_rootok-retval.o tst-pam_rootok-retval.c -[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_rootok-retval tst-pam_rootok-retval.o ../../libpam/libpam.la -[ 88s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_rootok-retval tst-pam_rootok-retval.o ../../libpam/.libs/libpam.so -[ 88s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] /usr/bin/make check-TESTS -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] PASS: tst-pam_rootok -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] PASS: tst-pam_rootok-retval -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] ============================================================================ -[ 88s] Testsuite summary for Linux-PAM 1.5.1 -[ 88s] ============================================================================ -[ 88s] # TOTAL: 2 -[ 88s] # PASS: 2 -[ 88s] # SKIP: 0 -[ 88s] # XFAIL: 0 -[ 88s] # FAIL: 0 -[ 88s] # XPASS: 0 -[ 88s] # ERROR: 0 -[ 88s] ============================================================================ -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_rootok' -[ 88s] Making check in pam_securetty -[ 88s] /usr/bin/make tst-pam_securetty -[ 88s] make[3]: Nothing to be done for 'tst-pam_securetty'. -[ 88s] /usr/bin/make check-TESTS -[ 88s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 88s] PASS: tst-pam_securetty -[ 88s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_securetty' -[ 89s] Making check in pam_selinux -[ 89s] /usr/bin/make tst-pam_selinux -[ 89s] make[3]: Nothing to be done for 'tst-pam_selinux'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 89s] PASS: tst-pam_selinux -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_selinux' -[ 89s] Making check in pam_sepermit -[ 89s] /usr/bin/make tst-pam_sepermit -[ 89s] make[3]: Nothing to be done for 'tst-pam_sepermit'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 89s] PASS: tst-pam_sepermit -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_sepermit' -[ 89s] Making check in pam_setquota -[ 89s] /usr/bin/make tst-pam_setquota -[ 89s] make[3]: Nothing to be done for 'tst-pam_setquota'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 89s] PASS: tst-pam_setquota -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_setquota' -[ 89s] Making check in pam_shells -[ 89s] /usr/bin/make tst-pam_shells -[ 89s] make[3]: Nothing to be done for 'tst-pam_shells'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 89s] PASS: tst-pam_shells -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_shells' -[ 89s] Making check in pam_stress -[ 89s] /usr/bin/make tst-pam_stress -[ 89s] make[3]: Nothing to be done for 'tst-pam_stress'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 89s] PASS: tst-pam_stress -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_stress' -[ 89s] Making check in pam_succeed_if -[ 89s] /usr/bin/make tst-pam_succeed_if -[ 89s] make[3]: Nothing to be done for 'tst-pam_succeed_if'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 89s] PASS: tst-pam_succeed_if -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_succeed_if' -[ 89s] Making check in pam_tally2 -[ 89s] /usr/bin/make tst-pam_tally2 -[ 89s] make[3]: Nothing to be done for 'tst-pam_tally2'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 89s] PASS: tst-pam_tally2 -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tally2' -[ 89s] Making check in pam_time -[ 89s] /usr/bin/make tst-pam_time -[ 89s] make[3]: Nothing to be done for 'tst-pam_time'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 89s] PASS: tst-pam_time -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_time' -[ 89s] Making check in pam_timestamp -[ 89s] /usr/bin/make hmacfile \ -[ 89s] tst-pam_timestamp -[ 89s] make[3]: Nothing to be done for 'tst-pam_timestamp'. -[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o hmacsha1.o hmacsha1.c -[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o hmacfile.o hmacfile.c -[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o sha1.o sha1.c -[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o hmacfile hmacfile.o hmacsha1.o sha1.o ../../libpam/libpam.la -[ 89s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/hmacfile hmacfile.o hmacsha1.o sha1.o ../../libpam/.libs/libpam.so -[ 89s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] PASS: tst-pam_timestamp -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] PASS: hmacfile -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 2 -[ 89s] # PASS: 2 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_timestamp' -[ 89s] Making check in pam_tty_audit -[ 89s] /usr/bin/make tst-pam_tty_audit -[ 89s] make[3]: Nothing to be done for 'tst-pam_tty_audit'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 89s] PASS: tst-pam_tty_audit -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_tty_audit' -[ 89s] Making check in pam_umask -[ 89s] /usr/bin/make tst-pam_umask -[ 89s] make[3]: Nothing to be done for 'tst-pam_umask'. -[ 89s] /usr/bin/make check-TESTS -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 89s] PASS: tst-pam_umask -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 89s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 89s] ============================================================================ -[ 89s] Testsuite summary for Linux-PAM 1.5.1 -[ 89s] ============================================================================ -[ 89s] # TOTAL: 1 -[ 89s] # PASS: 1 -[ 89s] # SKIP: 0 -[ 89s] # XFAIL: 0 -[ 89s] # FAIL: 0 -[ 89s] # XPASS: 0 -[ 89s] # ERROR: 0 -[ 89s] ============================================================================ -[ 89s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_umask' -[ 89s] Making check in pam_unix -[ 89s] /usr/bin/make tst-pam_unix -[ 89s] make[3]: Nothing to be done for 'tst-pam_unix'. -[ 89s] /usr/bin/make check-TESTS -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 90s] PASS: tst-pam_unix -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 90s] ============================================================================ -[ 90s] Testsuite summary for Linux-PAM 1.5.1 -[ 90s] ============================================================================ -[ 90s] # TOTAL: 1 -[ 90s] # PASS: 1 -[ 90s] # SKIP: 0 -[ 90s] # XFAIL: 0 -[ 90s] # FAIL: 0 -[ 90s] # XPASS: 0 -[ 90s] # ERROR: 0 -[ 90s] ============================================================================ -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_unix' -[ 90s] Making check in pam_userdb -[ 90s] /usr/bin/make tst-pam_userdb -[ 90s] make[3]: Nothing to be done for 'tst-pam_userdb'. -[ 90s] /usr/bin/make check-TESTS -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 90s] PASS: tst-pam_userdb -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 90s] ============================================================================ -[ 90s] Testsuite summary for Linux-PAM 1.5.1 -[ 90s] ============================================================================ -[ 90s] # TOTAL: 1 -[ 90s] # PASS: 1 -[ 90s] # SKIP: 0 -[ 90s] # XFAIL: 0 -[ 90s] # FAIL: 0 -[ 90s] # XPASS: 0 -[ 90s] # ERROR: 0 -[ 90s] ============================================================================ -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_userdb' -[ 90s] Making check in pam_usertype -[ 90s] /usr/bin/make tst-pam_usertype -[ 90s] make[3]: Nothing to be done for 'tst-pam_usertype'. -[ 90s] /usr/bin/make check-TESTS -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 90s] PASS: tst-pam_usertype -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 90s] ============================================================================ -[ 90s] Testsuite summary for Linux-PAM 1.5.1 -[ 90s] ============================================================================ -[ 90s] # TOTAL: 1 -[ 90s] # PASS: 1 -[ 90s] # SKIP: 0 -[ 90s] # XFAIL: 0 -[ 90s] # FAIL: 0 -[ 90s] # XPASS: 0 -[ 90s] # ERROR: 0 -[ 90s] ============================================================================ -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_usertype' -[ 90s] Making check in pam_warn -[ 90s] /usr/bin/make tst-pam_warn-retval \ -[ 90s] tst-pam_warn -[ 90s] make[3]: Nothing to be done for 'tst-pam_warn'. -[ 90s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] gcc -DHAVE_CONFIG_H -I. -I../.. -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -c -o tst-pam_warn-retval.o tst-pam_warn-retval.c -[ 90s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] make[3]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] /bin/sh ../../libtool --tag=CC --mode=link gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -no-undefined -avoid-version -module -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o tst-pam_warn-retval tst-pam_warn-retval.o ../../libpam/libpam.la -[ 90s] libtool: link: gcc -I../../libpam/include -I../../libpamc/include -W -Wall -Wbad-function-cast -Wcast-align -Wcast-align=strict -Wcast-qual -Wdeprecated -Winline -Wmain -Wmissing-declarations -Wmissing-format-attribute -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wshadow -Wstrict-prototypes -Wuninitialized -Wwrite-strings -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -Werror=return-type -flto=auto -DNDEBUG -Wl,--version-script=./../modules.map -flto=auto -Wl,--as-needed -Wl,--no-undefined -Wl,-O1 -o .libs/tst-pam_warn-retval tst-pam_warn-retval.o ../../libpam/.libs/libpam.so -[ 90s] make[3]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] /usr/bin/make check-TESTS -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] PASS: tst-pam_warn -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] PASS: tst-pam_warn-retval -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] ============================================================================ -[ 90s] Testsuite summary for Linux-PAM 1.5.1 -[ 90s] ============================================================================ -[ 90s] # TOTAL: 2 -[ 90s] # PASS: 2 -[ 90s] # SKIP: 0 -[ 90s] # XFAIL: 0 -[ 90s] # FAIL: 0 -[ 90s] # XPASS: 0 -[ 90s] # ERROR: 0 -[ 90s] ============================================================================ -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_warn' -[ 90s] Making check in pam_wheel -[ 90s] /usr/bin/make tst-pam_wheel -[ 90s] make[3]: Nothing to be done for 'tst-pam_wheel'. -[ 90s] /usr/bin/make check-TESTS -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 90s] PASS: tst-pam_wheel -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 90s] ============================================================================ -[ 90s] Testsuite summary for Linux-PAM 1.5.1 -[ 90s] ============================================================================ -[ 90s] # TOTAL: 1 -[ 90s] # PASS: 1 -[ 90s] # SKIP: 0 -[ 90s] # XFAIL: 0 -[ 90s] # FAIL: 0 -[ 90s] # XPASS: 0 -[ 90s] # ERROR: 0 -[ 90s] ============================================================================ -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_wheel' -[ 90s] Making check in pam_xauth -[ 90s] /usr/bin/make tst-pam_xauth -[ 90s] make[3]: Nothing to be done for 'tst-pam_xauth'. -[ 90s] /usr/bin/make check-TESTS -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 90s] PASS: tst-pam_xauth -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 90s] make[4]: Entering directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 90s] ============================================================================ -[ 90s] Testsuite summary for Linux-PAM 1.5.1 -[ 90s] ============================================================================ -[ 90s] # TOTAL: 1 -[ 90s] # PASS: 1 -[ 90s] # SKIP: 0 -[ 90s] # XFAIL: 0 -[ 90s] # FAIL: 0 -[ 90s] # XPASS: 0 -[ 90s] # ERROR: 0 -[ 90s] ============================================================================ -[ 90s] make[4]: Leaving directory '/home/abuild/rpmbuild/BUILD/Linux-PAM-1.5.1/modules/pam_xauth' -[ 90s] make[2]: Nothing to be done for 'check-am'. -[ 90s] Making check in po -[ 90s] make[1]: Nothing to be done for 'check'. -[ 90s] Making check in conf -[ 90s] Making check in pam_conv1 -[ 90s] /usr/bin/make check-am -[ 90s] make[3]: Nothing to be done for 'check-am'. -[ 90s] make[2]: Nothing to be done for 'check-am'. -[ 90s] Making check in examples -[ 90s] make[1]: Nothing to be done for 'check'. -[ 90s] Making check in xtests -[ 90s] make[1]: Nothing to be done for 'check'. -[ 90s] Making check in doc -[ 90s] Making check in man -[ 90s] make[2]: Nothing to be done for 'check'. -[ 90s] Making check in specs -[ 90s] /usr/bin/make check-am -[ 90s] make[3]: Nothing to be done for 'check-am'. -[ 90s] Making check in sag -[ 90s] make[2]: Nothing to be done for 'check'. -[ 90s] Making check in adg -[ 90s] make[2]: Nothing to be done for 'check'. -[ 90s] Making check in mwg -[ 90s] make[2]: Nothing to be done for 'check'. -[ 90s] make[2]: Nothing to be done for 'check-am'. -[ 90s] + RPM_EC=0 -[ 90s] ++ jobs -p -[ 90s] + exit 0 -[ 90s] Processing files: pam-1.5.1-11.1.x86_64 -[ 90s] Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.1Rcggb -[ 90s] + umask 022 -[ 90s] + cd /home/abuild/rpmbuild/BUILD -[ 90s] + cd Linux-PAM-1.5.1 -[ 90s] + DOCDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 90s] + export LC_ALL=C -[ 90s] + LC_ALL=C -[ 90s] + export DOCDIR -[ 90s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 90s] + cp -pr NEWS /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/doc/packages/pam -[ 90s] + RPM_EC=0 -[ 90s] ++ jobs -p -[ 90s] + exit 0 -[ 90s] Executing(%license): /bin/sh -e /var/tmp/rpm-tmp.lBPyEI -[ 90s] + umask 022 -[ 90s] + cd /home/abuild/rpmbuild/BUILD -[ 90s] + cd Linux-PAM-1.5.1 -[ 90s] + LICENSEDIR=/home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/licenses/pam -[ 90s] + export LC_ALL=C -[ 90s] + LC_ALL=C -[ 90s] + export LICENSEDIR -[ 90s] + /usr/bin/mkdir -p /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/licenses/pam -[ 90s] + cp -pr COPYING /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64/usr/share/licenses/pam -[ 90s] + RPM_EC=0 -[ 90s] ++ jobs -p -[ 90s] + exit 0 -[ 92s] Provides: config(pam) = 1.5.1-11.1 libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_1.4)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.3)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.9)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.3.2)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.4.1)(64bit) libpam_misc.so.0()(64bit) libpam_misc.so.0(LIBPAM_MISC_1.0)(64bit) libpamc.so.0()(64bit) libpamc.so.0(LIBPAMC_1.0)(64bit) pam = 1.5.1-11.1 pam(x86-64) = 1.5.1-11.1 -[ 92s] Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh /sbin/ldconfig -[ 92s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 -[ 92s] Requires(verify): /bin/sh -[ 92s] Requires(pre): /bin/sh group(shadow) user(root) -[ 92s] Requires(post): /bin/sh permissions -[ 92s] Requires(postun): /sbin/ldconfig -[ 92s] Requires(posttrans): /bin/sh -[ 92s] Requires: /bin/sh libaudit.so.1()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.15)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.27)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.33)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(XCRYPT_2.0)(64bit) libcrypt.so.1(XCRYPT_4.3)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libeconf.so.0()(64bit) libeconf.so.0(LIBECONF_0.2)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.3)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.9)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.3.2)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.4.1)(64bit) libselinux.so.1()(64bit) libselinux.so.1(LIBSELINUX_1.0)(64bit) libutil.so.1()(64bit) libutil.so.1(GLIBC_2.2.5)(64bit) -[ 92s] Recommends: login_defs-support-for-pam >= 1.3.1 -[ 92s] Suggests: pam_unix -[ 92s] Processing files: pam_unix-1.5.1-11.1.x86_64 -[ 92s] Provides: pam_unix = 1.5.1-11.1 pam_unix(x86-64) = 1.5.1-11.1 pam_unix.so -[ 92s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 -[ 92s] Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.33)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(XCRYPT_2.0)(64bit) libcrypt.so.1(XCRYPT_4.3)(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.1.9)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.3.2)(64bit) libselinux.so.1()(64bit) libselinux.so.1(LIBSELINUX_1.0)(64bit) -[ 92s] Conflicts: pam_unix-nis -[ 92s] Processing files: pam-extra-1.5.1-11.1.x86_64 -[ 92s] Provides: pam-extra = 1.5.1-11.1 pam-extra(x86-64) = 1.5.1-11.1 -[ 92s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 -[ 92s] Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.8)(64bit) libcrypt.so.1()(64bit) libcrypt.so.1(XCRYPT_2.0)(64bit) libdb-4.8.so()(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) -[ 92s] Processing files: pam-doc-1.5.1-11.1.noarch -[ 94s] Provides: pam-doc = 1.5.1-11.1 -[ 94s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 -[ 94s] Processing files: pam-devel-1.5.1-11.1.x86_64 -[ 94s] Provides: pam-devel = 1.5.1-11.1 pam-devel(x86-64) = 1.5.1-11.1 -[ 94s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 -[ 94s] Processing files: pam-deprecated-1.5.1-11.1.x86_64 -[ 94s] Provides: pam-deprecated = 1.5.1-11.1 pam-deprecated(x86-64) = 1.5.1-11.1 pam:/lib64/security/pam_cracklib.so pam:/lib64/security/pam_tally2.so -[ 94s] Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 -[ 94s] Requires: libaudit.so.1()(64bit) libc.so.6()(64bit) libc.so.6(GLIBC_2.14)(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.33)(64bit) libc.so.6(GLIBC_2.4)(64bit) libc.so.6(GLIBC_2.7)(64bit) libcrack.so.2()(64bit) libpam.so.0()(64bit) libpam.so.0(LIBPAM_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.0)(64bit) libpam.so.0(LIBPAM_EXTENSION_1.1.1)(64bit) libpam.so.0(LIBPAM_MODUTIL_1.0)(64bit) -[ 94s] Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 94s] Wrote: /home/abuild/rpmbuild/SRPMS/pam-1.5.1-11.1.src.rpm -[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-extra-1.5.1-11.1.x86_64.rpm -[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam_unix-1.5.1-11.1.x86_64.rpm -[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-deprecated-1.5.1-11.1.x86_64.rpm -[ 94s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-devel-1.5.1-11.1.x86_64.rpm -[ 95s] Wrote: /home/abuild/rpmbuild/RPMS/x86_64/pam-1.5.1-11.1.x86_64.rpm -[ 95s] Wrote: /home/abuild/rpmbuild/RPMS/noarch/pam-doc-1.5.1-11.1.noarch.rpm -[ 95s] Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.Enm2pi -[ 95s] + umask 022 -[ 95s] + cd /home/abuild/rpmbuild/BUILD -[ 95s] + cd Linux-PAM-1.5.1 -[ 95s] + /usr/bin/rm -rf /home/abuild/rpmbuild/BUILDROOT/pam-1.5.1-11.1.x86_64 -[ 95s] + RPM_EC=0 -[ 95s] ++ jobs -p -[ 95s] + exit 0 -[ 95s] ... checking for files with abuild user/group -[ 95s] ... running 00-check-install-rpms -[ 95s] ... installing all built rpms -[ 95s] Verifying packages... -[ 95s] Preparing packages... -[ 95s] pam_unix-1.5.1-11.1.x86_64 -[ 95s] pam-1.5.1-11.1.x86_64 -[ 95s] pam-deprecated-1.5.1-11.1.x86_64 -[ 95s] pam-extra-1.5.1-11.1.x86_64 -[ 95s] pam-devel-1.5.1-11.1.x86_64 -[ 95s] pam-doc-1.5.1-11.1.noarch -[ 95s] pam-devel-1.5.1-10.1.x86_64 -[ 95s] pam-1.5.1-10.1.x86_64 -[ 95s] pam_unix-1.5.1-10.1.x86_64 -[ 95s] ... running 50-check-binary-kernel-log -[ 95s] ... running 50-check-core-files -[ 95s] ... checking for core files -[ 95s] ... running 50-check-debuginfo -[ 95s] ... testing for empty debuginfo packages -[ 95s] ... running 50-check-filelist -[ 95s] ... checking filelist -[ 95s] ... running 50-check-gconf-scriptlets -[ 95s] ... testing GConf scriptlet presence -[ 95s] ... running 50-check-installtest -[ 95s] ... testing for pre/postinstall scripts that are not idempotent -[ 96s] ... running 50-check-invalid-provides -[ 96s] ... running 50-check-invalid-requires -[ 96s] ... running 50-check-kernel-build-id -[ 96s] ... running 50-check-lanana -[ 96s] ... running 50-check-libtool-deps -[ 96s] ... testing devel dependencies required by libtool .la files -[ 96s] (can be skipped by "skip-check-libtool-deps" anywhere in spec) -[ 96s] ... running 50-check-packaged-twice -[ 96s] ... running 50-check-permissions -[ 96s] ... testing for modified permissions -[ 96s] ... running 98-revert-uname-hack -[ 96s] ... running 99-check-remove-rpms -[ 96s] ... removing all built rpms -[ 96s] (order: reverse pam-deprecated pam-extra pam-doc) -[ 96s] -[ 96s] RPMLINT report: -[ 96s] =============== -[ 100s] pam-devel.x86_64: W: files-duplicate /usr/share/man/man3/pam_get_authtok_verify.3.gz /usr/share/man/man3/pam_get_authtok_noverify.3.gz -[ 100s] pam.x86_64: W: shared-lib-without-dependency-information /lib64/security/pam_deny.so -[ 100s] pam.x86_64: W: shlib-policy-missing-suffix -[ 100s] Your package containing shared libraries does not end in a digit and should -[ 100s] probably be split. -[ 100s] -[ 100s] pam.x86_64: W: suse-missing-rclink pam_namespace -[ 100s] The package contains an init script or systemd service file but lacks the -[ 100s] symlink /usr/sbin/rcFOO -> /usr/sbin/service -[ 100s] -[ 100s] pam.x86_64: W: systemd-service-without-service_add_post pam_namespace.service -[ 100s] The package contains a systemd service but doesn't contain a %post with a call -[ 100s] to service_add_post. -[ 100s] -[ 100s] pam.x86_64: W: systemd-service-without-service_add_pre pam_namespace.service -[ 100s] The package contains a systemd service but doesn't contain a %pre with a call -[ 100s] to service_add_pre. -[ 100s] -[ 100s] pam.x86_64: W: systemd-service-without-service_del_postun pam_namespace.service -[ 100s] The package contains a systemd service but doesn't contain a %postun with a -[ 100s] call to service_del_postun. -[ 100s] -[ 100s] pam.x86_64: W: systemd-service-without-service_del_preun pam_namespace.service -[ 100s] The package contains a systemd service but doesn't contain a %preun with a -[ 100s] call to service_del_preun. -[ 100s] -[ 100s] pam-deprecated.x86_64: W: useless-provides pam -[ 100s] This package provides 2 times the same capacity. It should only provide it -[ 100s] once. -[ 100s] -[ 100s] 7 packages and 0 specfiles checked; 0 errors, 9 warnings. -[ 100s] -[ 100s] ... creating baselibs -[ 101s] no targets for arch x86_64, skipping pam -[ 101s] no targets for arch x86_64, skipping pam_unix -[ 101s] no targets for arch x86_64, skipping pam-deprecated -[ 101s] no targets for arch x86_64, skipping pam-extra -[ 101s] no targets for arch x86_64, skipping pam-devel -[ 101s] ... comparing built packages with the former built -[ 101s] /usr/lib/build/pkg-diff.sh -[ 101s] compare /.build.oldpackages/pam-1.5.1-10.1.src.rpm /home/abuild/rpmbuild/SRPMS/pam-1.5.1-11.1.src.rpm -[ 101s] comparing the rpm tags of pam -[ 101s] --- old-rpm-tags -[ 101s] +++ new-rpm-tags -[ 101s] @@ -9,7 +9,7 @@ -[ 101s] PAM (Pluggable Authentication Modules) is a system security tool that -[ 101s] allows system administrators to set authentication policies without -[ 101s] having to recompile programs that do authentication. -[ 101s] -obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/480af3e46b7280a899332c27d202c4d5-pam -[ 101s] +obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/83207f1f0c181b7e3f3c5becb047aaec-pam -[ 101s] GPL-2.0-or-later OR BSD-3-Clause -[ 101s] System/Libraries http://www.linux-pam.org/ (none) (none) (none) -[ 101s] (none) 4.16.1.3 (none) -[ 101s] @@ -116,7 +116,7 @@ -[ 101s] ___QF_CHECKSUM___ -[ 101s] Linux-PAM-1.5.1-docs.tar.xz d0fc4ef466d0050f46b0ccd2f73373c60c47454da55f6fb2fd04b0701c73c134 0 -[ 101s] Linux-PAM-1.5.1.tar.xz 201d40730b1135b1b3cdea09f2c28ac634d73181ccd0172ceddee3649c5792fc 0 -[ 101s] -baselibs.conf 23facfeb7998c47f2ab5848178516c4ec07af74b1f51a46dc525d2c21971fb22 0 -[ 101s] +baselibs.conf db7f0122b228544e69bb910abdd00413a37a6add76c6b0bf97fdca2179c261dd 0 -[ 101s] bsc1184358-prevent-LOCAL-from-being-resolved.patch 74b29693e0221dbcdeee30dbee898aa23890f1281d3c79b12bcbb229438b25b2 0 -[ 101s] common-account.pamd 75606d3d6c62eb65529bb4ed1d96cdf78239a6982307f162642cbd48170fdb99 0 -[ 101s] common-auth.pamd 81239d477a14c57016e01cc8b0d41c1fd5bf2508abed3628f80e894e826ff684 0 -[ 101s] @@ -131,7 +131,7 @@ -[ 101s] pam-pam_cracklib-add-usersubstr.patch 5e24f9b63dbc5f306c3e53e1d1b18367e9fb40f26960ef7ae3e8cf611675a9b2 0 -[ 101s] pam-usrmerge.diff 39c90d58b2d07f79030e3d4e11147a15ed993312bbc9954522e3e196042656a0 0 -[ 101s] pam-xauth_ownership.patch 13322398c4987b24aa0eb7591f027178b98b2d24f611a100767b02eddb605972 0 -[ 101s] -pam.spec e559730d894d53fa8b1f88385ff05f41ac3dd79d3fd4f67f97899834ca36708b 32 -[ 101s] +pam.spec 4a61b990e506971bdd21aaa836214ee5facb32b58245dbfdbf8c0265f53a59ad 32 -[ 101s] pam_cracklib-removal.patch eec79a176e200b057651ca0c10b09ed955008f6c797fa08ffefcee03d4563e79 0 -[ 101s] pam_tally2-removal.patch a9f053ef71f1bc0915d553ac107b560f71d2e54a3de82c4b34251fb756eaccc9 0 -[ 101s] securetty 5a85f6ffe7296d0365b11d7804abbafc8d3540aab53ac0bc5440f97c94ded4de 0 -[ 101s] comparing rpmtags -[ 101s] --- old-rpmtags -[ 101s] +++ new-rpmtags -[ 101s] @@ -3,7 +3,7 @@ -[ 101s] PAM (Pluggable Authentication Modules) is a system security tool that -[ 101s] allows system administrators to set authentication policies without -[ 101s] having to recompile programs that do authentication. -[ 101s] -obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/480af3e46b7280a899332c27d202c4d5-pam -[ 101s] +obs://build.opensuse.org/home:jmoellers home:jmoellers:branches:Linux-PAM / openSUSE_Tumbleweed obs://build.opensuse.org/home:jmoellers:branches:Linux-PAM/openSUSE_Tumbleweed/83207f1f0c181b7e3f3c5becb047aaec-pam -[ 101s] GPL-2.0-or-later OR BSD-3-Clause -[ 101s] System/Libraries http://www.linux-pam.org/ (none) (none) (none) -[ 101s] (none) 4.16.1.3 (none) -[ 101s] RPM meta information is different -[ 101s] ... saving statistics -[ 101s] ... saving built packages -[ 101s] RPMS/x86_64/pam-1.5.1-11.1.x86_64.rpm -[ 101s] RPMS/x86_64/pam_unix-1.5.1-11.1.x86_64.rpm -[ 101s] RPMS/x86_64/pam-deprecated-1.5.1-11.1.x86_64.rpm -[ 101s] RPMS/x86_64/pam-extra-1.5.1-11.1.x86_64.rpm -[ 101s] RPMS/x86_64/pam-devel-1.5.1-11.1.x86_64.rpm -[ 101s] RPMS/noarch/pam-doc-1.5.1-11.1.noarch.rpm -[ 101s] SRPMS/pam-1.5.1-11.1.src.rpm -[ 101s] OTHER/_statistics -[ 101s] OTHER/rpmlint.log -[ 101s] -[ 101s] goat01 finished "build pam.spec" at Wed May 19 09:37:16 UTC 2021. -[ 101s] -[ 101s] ### VM INTERACTION START ### -[ 104s] [ 99.492878] sysrq: Power Off -[ 104s] [ 99.497045] reboot: Power down -[ 104s] ### VM INTERACTION END ### -[ 104s] build: extracting built packages... -[ 104s] RPMS/x86_64/pam-1.5.1-11.1.x86_64.rpm -[ 104s] RPMS/x86_64/pam_unix-1.5.1-11.1.x86_64.rpm -[ 104s] RPMS/x86_64/pam-deprecated-1.5.1-11.1.x86_64.rpm -[ 104s] RPMS/x86_64/pam-extra-1.5.1-11.1.x86_64.rpm -[ 104s] RPMS/x86_64/pam-devel-1.5.1-11.1.x86_64.rpm -[ 104s] RPMS/noarch/pam-doc-1.5.1-11.1.noarch.rpm -[ 104s] SRPMS/pam-1.5.1-11.1.src.rpm -[ 104s] OTHER/_statistics -[ 104s] OTHER/rpmlint.log -- 2.51.1 From bdff5d34caf4c10b93e683cf8ee6c456ebeda8f6fa97f95ec5a9b4ee101c509b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 15 Sep 2021 13:55:27 +0000 Subject: [PATCH 165/226] - Rename motd.tmpfiles to pam.tmpfiles - Add /run/faillock directory OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=249 --- motd.tmpfiles | 2 -- pam.changes | 6 ++++++ pam.spec | 8 ++++---- pam.tmpfiles | 3 +++ 4 files changed, 13 insertions(+), 6 deletions(-) delete mode 100644 motd.tmpfiles create mode 100644 pam.tmpfiles diff --git a/motd.tmpfiles b/motd.tmpfiles deleted file mode 100644 index e42e072..0000000 --- a/motd.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -#Type Path Mode User Group Age Argument -d /run/motd.d 0755 root root - - diff --git a/pam.changes b/pam.changes index 06cf8de..77fd3a4 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + ------------------------------------------------------------------- Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index b662e81..7a9c96e 100644 --- a/pam.spec +++ b/pam.spec @@ -49,7 +49,7 @@ Source9: baselibs.conf Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh -Source13: motd.tmpfiles +Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc Patch2: pam-limit-nproc.patch @@ -215,7 +215,7 @@ echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 # rpm macros install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d -install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/motd.conf +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf # Create filelist with translations %find_lang Linux-PAM @@ -227,7 +227,7 @@ install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/motd.conf /sbin/ldconfig %set_permissions %{_sbindir}/unix_chkpwd %set_permissions %{_sbindir}/unix2_chkpwd -%tmpfiles_create %{_tmpfilesdir}/motd.conf +%tmpfiles_create %{_tmpfilesdir}/pam.conf %postun -p /sbin/ldconfig %pre @@ -389,7 +389,7 @@ done %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd %attr(0700,root,root) %{_sbindir}/unix_update %{_unitdir}/pam_namespace.service -%{_tmpfilesdir}/motd.conf +%{_tmpfilesdir}/pam.conf %files -n pam_unix %defattr(-,root,root,755) diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..b6e8937 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,3 @@ +#Type Path Mode User Group Age Argument +d /run/faillock 0755 root root - - +d /run/motd.d 0755 root root - - -- 2.51.1 From ab36e21a0192d90cb6b4dd0c76b0004d044f39fefbab35e8d079d7390f1f4a7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 11 Oct 2021 06:28:05 +0000 Subject: [PATCH 166/226] Accepting request 923464 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/923464 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=250 --- macros.pam | 2 +- pam.changes | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/macros.pam b/macros.pam index fdffe5d..9a06a33 100644 --- a/macros.pam +++ b/macros.pam @@ -1,5 +1,5 @@ %_pam_libdir %{_libdir} -%_pam_moduledir %{_libdir}/security +%_pam_moduledir /%{_lib}/security %_pam_secconfdir %{_sysconfdir}/security %_pam_confdir %{_sysconfdir}/pam.d %_pam_vendordir %{_distconfdir}/pam.d diff --git a/pam.changes b/pam.changes index 77fd3a4..fdf7f85 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + ------------------------------------------------------------------- Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk -- 2.51.1 From 6f28f708b67a310fba21b23eadb115bff2d2c3f9e502ec88649271b931bbea5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Mon, 18 Oct 2021 07:41:15 +0000 Subject: [PATCH 167/226] Accepting request 924878 from home:jmoellers:branches:Linux-PAM OBS-URL: https://build.opensuse.org/request/show/924878 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=251 --- macros.pam | 2 +- pam.changes | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/macros.pam b/macros.pam index 9a06a33..fdffe5d 100644 --- a/macros.pam +++ b/macros.pam @@ -1,5 +1,5 @@ %_pam_libdir %{_libdir} -%_pam_moduledir /%{_lib}/security +%_pam_moduledir %{_libdir}/security %_pam_secconfdir %{_sysconfdir}/security %_pam_confdir %{_sysconfdir}/pam.d %_pam_vendordir %{_distconfdir}/pam.d diff --git a/pam.changes b/pam.changes index fdf7f85..5c04f0c 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + ------------------------------------------------------------------- Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers -- 2.51.1 From b73acde402a81e9834ea47be59d4a01b8b5133b2f285ec90fcc1db75bc718c74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20M=C3=B6llers?= Date: Wed, 3 Nov 2021 07:33:24 +0000 Subject: [PATCH 168/226] Accepting request 928857 from home:gmbr3:Active - Add /run/pam_timestamp to pam.tmpfiles OBS-URL: https://build.opensuse.org/request/show/928857 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=252 --- pam.changes | 5 +++++ pam.tmpfiles | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index 5c04f0c..ec7c4be 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + ------------------------------------------------------------------- Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers diff --git a/pam.tmpfiles b/pam.tmpfiles index b6e8937..444ec5d 100644 --- a/pam.tmpfiles +++ b/pam.tmpfiles @@ -1,3 +1,4 @@ -#Type Path Mode User Group Age Argument -d /run/faillock 0755 root root - - -d /run/motd.d 0755 root root - - +#Type Path Mode User Group Age Argument +d /run/faillock 0755 root root - - +d /run/motd.d 0755 root root - - +d /run/pam_timestamp 0755 root root - - -- 2.51.1 From 343fbe4278729ee65874a205e9c1c101a825afe9f8034f4360ecd48fda9ac713 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Nov 2021 14:13:26 +0000 Subject: [PATCH 169/226] Accepting request 931923 from home:sbrabec:branches:Base:System - Update pam-login_defs-check.sh regexp and login_defs-support-for-pam symbol to version 1.5.2 (new variable HMAC_CRYPTO_ALGO). OBS-URL: https://build.opensuse.org/request/show/931923 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=253 --- pam-login_defs-check.sh | 4 ++-- pam.changes | 7 +++++++ pam.spec | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh index b7b7532..50190eb 100644 --- a/pam-login_defs-check.sh +++ b/pam-login_defs-check.sh @@ -9,10 +9,10 @@ set -o errexit echo -n "Checking login.defs variables in pam... " >&2 grep -rh LOGIN_DEFS . | - sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | LC_ALL=C sort -u >pam-login_defs-vars.lst -if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != e9750fd874b9b55fc151d424ae048050e3858d57 ; then +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != cda62ec4158236270a5a30ba1875fa2795926f23 ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/pam.changes b/pam.changes index ec7c4be..b9161be 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + ------------------------------------------------------------------- Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer diff --git a/pam.spec b/pam.spec index 7a9c96e..3206500 100644 --- a/pam.spec +++ b/pam.spec @@ -66,7 +66,7 @@ Requires(post): permissions # All login.defs variables require support from shadow side. # Upgrade this symbol version only if new variables appear! # Verify by shadow-login_defs-check.sh from shadow source package. -Recommends: login_defs-support-for-pam >= 1.3.1 +Recommends: login_defs-support-for-pam >= 1.5.2 %if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) %endif -- 2.51.1 From 30c0969bef137b1beda35e82d82da5c60f0f4726ea28cb28275eff58f5c17b3d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 24 Nov 2021 13:43:37 +0000 Subject: [PATCH 170/226] Accepting request 933444 from home:kukuk:tiu - Use multibuild to build docu with correct paths and available features. - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch OBS-URL: https://build.opensuse.org/request/show/933444 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=254 --- ...uth_data.3.xml-in-source-archive-400.patch | 25 ++ ...-vendordir-in-manual-page-if-set-401.patch | 51 ++++ ...specific-limits.conf-as-fallback-402.patch | 61 +++++ _multibuild | 3 + common-session.pamd | 2 +- pam.changes | 16 ++ pam.spec | 235 ++++++++++++------ pam_unix-nis.changes | 32 --- pam_unix-nis.spec | 88 ------- pam_xauth_data.3.xml.patch | 97 ++++++++ 10 files changed, 408 insertions(+), 202 deletions(-) create mode 100644 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch create mode 100644 0002-Only-include-vendordir-in-manual-page-if-set-401.patch create mode 100644 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch create mode 100644 _multibuild delete mode 100644 pam_unix-nis.changes delete mode 100644 pam_unix-nis.spec create mode 100644 pam_xauth_data.3.xml.patch diff --git a/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch b/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch new file mode 100644 index 0000000..885b699 --- /dev/null +++ b/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch @@ -0,0 +1,25 @@ +From 00a46bcead2857002ed720f22b558b6f6d349fc8 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Tue, 2 Nov 2021 11:45:59 +0100 +Subject: [PATCH 1/3] Include pam_xauth_data.3.xml in source archive (#400) + +--- + doc/man/Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am +index 78c891df..c6fd73db 100644 +--- a/doc/man/Makefile.am ++++ b/doc/man/Makefile.am +@@ -43,7 +43,7 @@ XMLS = pam.3.xml pam.8.xml \ + pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ + pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ + misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ +- pam_misc_setenv.3.xml ++ pam_misc_setenv.3.xml pam_xauth_data.3.xml + + if ENABLE_REGENERATE_MAN + PAM.8: pam.8 +-- +2.31.1 + diff --git a/0002-Only-include-vendordir-in-manual-page-if-set-401.patch b/0002-Only-include-vendordir-in-manual-page-if-set-401.patch new file mode 100644 index 0000000..f5d345e --- /dev/null +++ b/0002-Only-include-vendordir-in-manual-page-if-set-401.patch @@ -0,0 +1,51 @@ +From 04109c25a7dbd11404f7f23a9a405b9b9d6b7246 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Tue, 2 Nov 2021 11:46:24 +0100 +Subject: [PATCH 2/3] Only include vendordir in manual page if set (#401) + +--- + configure.ac | 4 ++-- + doc/man/pam.8.xml | 5 ++--- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/configure.ac b/configure.ac +index c06bc7dd..eb98d69a 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -507,9 +507,9 @@ AC_ARG_ENABLE([vendordir], + if test -n "$enable_vendordir"; then + AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], + [Directory for distribution provided configuration files]) +- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'" ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" + else +- STRINGPARAM_VENDORDIR="--stringparam vendordir ''" ++ STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" + fi + AC_SUBST([STRINGPARAM_VENDORDIR]) + +diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml +index 464af0e5..8eef665a 100644 +--- a/doc/man/pam.8.xml ++++ b/doc/man/pam.8.xml +@@ -158,15 +158,14 @@ closing hook for modules to affect the services available to a user. + + + +- ++ + %vendordir%/pam.d + + + the Linux-PAM vendor configuration + directory. Files in /etc/pam.d and + /usr/lib/pam.d override files with the same +- name in this directory. Only available if Linux-PAM was compiled +- with vendordir enabled. ++ name in this directory. + + + +-- +2.31.1 + diff --git a/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch b/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch new file mode 100644 index 0000000..fab98fe --- /dev/null +++ b/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch @@ -0,0 +1,61 @@ +From 5deaac423159103d02b146afa753a8ebb7fddf09 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> +Date: Wed, 3 Nov 2021 09:02:40 +0100 +Subject: [PATCH 3/3] Use vendor specific limits.conf as fallback (#402) + +* Use vendor specific limits.conf as fallback +--- + modules/pam_limits/pam_limits.8.xml | 6 ++++++ + modules/pam_limits/pam_limits.c | 19 ++++++++++++++++--- + 2 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml +index bc46cbf4..c1c10eca 100644 +--- a/modules/pam_limits/pam_limits.8.xml ++++ b/modules/pam_limits/pam_limits.8.xml +@@ -57,6 +57,12 @@ + If a config file is explicitly specified with a module option then the + files in the above directory are not parsed. + ++ ++ If there is no explicitly specified configuration file and ++ /etc/security/limits.conf does not exist, ++ %vendordir%/security/limits.conf is used. ++ If this file does not exist, too, an error is thrown. ++ + + The module must not be called by a multithreaded application. + +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 7cc45d77..53188965 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -816,9 +816,22 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, + pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); + fil = fopen(CONF_FILE, "r"); + if (fil == NULL) { +- pam_syslog (pamh, LOG_WARNING, +- "cannot read settings from %s: %m", CONF_FILE); +- return PAM_SERVICE_ERR; ++ int err = errno; ++ ++#ifdef VENDORDIR ++ /* if the specified file does not exist, and it is not provided by ++ the user, try the vendor file as fallback. */ ++ if (pl->conf_file == NULL && err == ENOENT) ++ fil = fopen(VENDORDIR"/security/limits.conf", "r"); ++ ++ if (fil == NULL) ++#endif ++ { ++ pam_syslog (pamh, LOG_WARNING, ++ "cannot read settings from %s: %s", CONF_FILE, ++ strerror(err)); ++ return PAM_SERVICE_ERR; ++ } + } + + /* start the show */ +-- +2.31.1 + diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/common-session.pamd b/common-session.pamd index 0a8ae2c..f20e8c2 100644 --- a/common-session.pamd +++ b/common-session.pamd @@ -6,8 +6,8 @@ # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # +session optional pam_systemd.so session required pam_limits.so session required pam_unix.so try_first_pass session optional pam_umask.so session optional pam_env.so -session optional pam_systemd.so diff --git a/pam.changes b/pam.changes index b9161be..19095fe 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + ------------------------------------------------------------------- Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec diff --git a/pam.spec b/pam.spec index 3206500..831c81c 100644 --- a/pam.spec +++ b/pam.spec @@ -17,6 +17,18 @@ %bcond_with debug +%define flavor @BUILD_FLAVOR@%{nil} + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define name_suffix %{nil} +%endif + # %define enable_selinux 1 %define libpam_so_version 0.85.1 @@ -29,7 +41,7 @@ # %{load:%{_sourcedir}/macros.pam} # -Name: pam +Name: pam%{name_suffix} # Version: 1.5.2 Release: 0 @@ -52,11 +64,15 @@ Source12: pam-login_defs-check.sh Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc -Patch2: pam-limit-nproc.patch -Patch4: pam-hostnames-in-access_conf.patch -Patch5: pam-xauth_ownership.patch -Patch8: pam-bsc1177858-dont-free-environment-string.patch -Patch12: pam_umask-usergroups-login_defs.patch +Patch1: pam-limit-nproc.patch +Patch2: pam-hostnames-in-access_conf.patch +Patch3: pam-xauth_ownership.patch +Patch4: pam-bsc1177858-dont-free-environment-string.patch +Patch5: pam_umask-usergroups-login_defs.patch +Patch10: pam_xauth_data.3.xml.patch +Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch +Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch +Patch13: 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -88,6 +104,7 @@ having to recompile programs that do authentication. %package -n pam_unix Summary: PAM module for standard UNIX authentication Group: System/Libraries +Provides: pam:/%{_lib}/security/pam_unix.so Provides: pam_unix.so Conflicts: pam_unix-nis @@ -111,18 +128,33 @@ This package contains useful extra modules eg pam_userdb which is used to verify a username/password pair against values stored in a Berkeley DB database. -%package doc +%package -n pam-doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML BuildArch: noarch -%description doc +%description -n pam-doc PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. This package contains the documentation. +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch +BuildRequires: docbook-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + %package devel Summary: Include Files and Libraries for PAM Development Group: Development/Libraries/C and C++ @@ -140,11 +172,15 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . +%patch1 -p1 %patch2 -p1 +%patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch8 -p1 +%patch10 -p1 +%patch11 -p1 %patch12 -p1 +%patch13 -p1 %build bash ./pam-login_defs-check.sh @@ -167,8 +203,10 @@ CFLAGS="$CFLAGS -DNDEBUG" %make_build gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam +%if %{build_main} %check %make_build check +%endif %install mkdir -p %{buildroot}%{_pam_confdir} @@ -209,16 +247,39 @@ done popd # Install unix2_chkpwd install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} -install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ -# bsc#1188724 -echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 + # rpm macros install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir %{buildroot}%{_distconfdir}/security +mv %{buildroot}%{_sysconfdir}/security/limits.conf %{buildroot}%{_distconfdir}/security/limits.conf + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man[58]/* +install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/ +%else +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif +%if !%{build_main} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib} +rm -rf %{buildroot}%{_mandir}/man3/* +rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8* + +%else + # Create filelist with translations %find_lang Linux-PAM +%endif + +%if %{build_main} + %verifyscript %verify_permissions -e %{_sbindir}/unix_chkpwd %verify_permissions -e %{_sbindir}/unix2_chkpwd @@ -242,11 +303,17 @@ for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/comm done %files -f Linux-PAM.lang -%exclude %{_defaultdocdir}/pam +%doc NEWS +%license COPYING +%exclude %{_defaultdocdir}/pam/html +%exclude %{_defaultdocdir}/pam/modules +%exclude %{_defaultdocdir}/pam/pdf +%exclude %{_defaultdocdir}/pam/*.txt %dir %{_pam_confdir} %dir %{_pam_vendordir} %dir %{_pam_secconfdir} %dir %{_pam_secconfdir}/limits.d +%dir %{_distconfdir}/security %dir %{_prefix}/lib/motd.d %if %{defined config_noreplace} %config(noreplace) %{_pam_confdir}/other @@ -259,7 +326,7 @@ done %config(noreplace) %{_pam_secconfdir}/access.conf %config(noreplace) %{_pam_secconfdir}/group.conf %config(noreplace) %{_pam_secconfdir}/faillock.conf -%config(noreplace) %{_pam_secconfdir}/limits.conf +%{_distconfdir}/security/limits.conf %config(noreplace) %{_pam_secconfdir}/pam_env.conf %if %{enable_selinux} %config(noreplace) %{_pam_secconfdir}/sepermit.conf @@ -268,65 +335,6 @@ done %config(noreplace) %{_pam_secconfdir}/namespace.conf %config(noreplace) %{_pam_secconfdir}/namespace.init %dir %{_pam_secconfdir}/namespace.d -%doc NEWS -%license COPYING -%{_mandir}/man5/environment.5%{?ext_man} -%{_mandir}/man5/*.conf.5%{?ext_man} -%{_mandir}/man5/pam.d.5%{?ext_man} -%{_mandir}/man5/motd.5%{?ext_man} -%{_mandir}/man8/PAM.8%{?ext_man} -%{_mandir}/man8/faillock.8%{?ext_man} -%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} -%{_mandir}/man8/pam.8%{?ext_man} -%{_mandir}/man8/pam_access.8%{?ext_man} -%{_mandir}/man8/pam_debug.8%{?ext_man} -%{_mandir}/man8/pam_deny.8%{?ext_man} -%{_mandir}/man8/pam_echo.8%{?ext_man} -%{_mandir}/man8/pam_env.8%{?ext_man} -%{_mandir}/man8/pam_exec.8%{?ext_man} -%{_mandir}/man8/pam_faildelay.8%{?ext_man} -%{_mandir}/man8/pam_faillock.8%{?ext_man} -%{_mandir}/man8/pam_filter.8%{?ext_man} -%{_mandir}/man8/pam_ftp.8%{?ext_man} -%{_mandir}/man8/pam_group.8%{?ext_man} -%{_mandir}/man8/pam_issue.8%{?ext_man} -%{_mandir}/man8/pam_keyinit.8%{?ext_man} -%{_mandir}/man8/pam_lastlog.8%{?ext_man} -%{_mandir}/man8/pam_limits.8%{?ext_man} -%{_mandir}/man8/pam_listfile.8%{?ext_man} -%{_mandir}/man8/pam_localuser.8%{?ext_man} -%{_mandir}/man8/pam_loginuid.8%{?ext_man} -%{_mandir}/man8/pam_mail.8%{?ext_man} -%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} -%{_mandir}/man8/pam_motd.8%{?ext_man} -%{_mandir}/man8/pam_namespace.8%{?ext_man} -%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} -%{_mandir}/man8/pam_nologin.8%{?ext_man} -%{_mandir}/man8/pam_permit.8%{?ext_man} -%{_mandir}/man8/pam_pwhistory.8%{?ext_man} -%{_mandir}/man8/pam_rhosts.8%{?ext_man} -%{_mandir}/man8/pam_rootok.8%{?ext_man} -%{_mandir}/man8/pam_securetty.8%{?ext_man} -%{_mandir}/man8/pam_selinux.8%{?ext_man} -%{_mandir}/man8/pam_sepermit.8%{?ext_man} -%{_mandir}/man8/pam_setquota.8%{?ext_man} -%{_mandir}/man8/pam_shells.8%{?ext_man} -%{_mandir}/man8/pam_stress.8%{?ext_man} -%{_mandir}/man8/pam_succeed_if.8%{?ext_man} -%{_mandir}/man8/pam_time.8%{?ext_man} -%{_mandir}/man8/pam_timestamp.8%{?ext_man} -%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} -%{_mandir}/man8/pam_tty_audit.8%{?ext_man} -%{_mandir}/man8/pam_umask.8%{?ext_man} -%{_mandir}/man8/pam_unix.8%{?ext_man} -%{_mandir}/man8/pam_usertype.8%{?ext_man} -%{_mandir}/man8/pam_warn.8%{?ext_man} -%{_mandir}/man8/pam_wheel.8%{?ext_man} -%{_mandir}/man8/pam_xauth.8%{?ext_man} -%{_mandir}/man8/pwhistory_helper.8%{?ext_man} -%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} -%{_mandir}/man8/unix_chkpwd.8%{?ext_man} -%{_mandir}/man8/unix_update.8%{?ext_man} %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} %{_libdir}/libpamc.so.0 @@ -404,14 +412,6 @@ done %{_pam_moduledir}/pam_userdb.so %{_mandir}/man8/pam_userdb.8%{?ext_man} -%files doc -%defattr(644,root,root,755) -%dir %{_defaultdocdir}/pam -%doc %{_defaultdocdir}/pam/html -%doc %{_defaultdocdir}/pam/modules -%doc %{_defaultdocdir}/pam/pdf -%doc %{_defaultdocdir}/pam/*.txt - %files devel %defattr(644,root,root,755) %dir %{_includedir}/security @@ -424,4 +424,77 @@ done %{_rpmmacrodir}/macros.pam %{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_lastlog.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + %changelog diff --git a/pam_unix-nis.changes b/pam_unix-nis.changes deleted file mode 100644 index cfe83cc..0000000 --- a/pam_unix-nis.changes +++ /dev/null @@ -1,32 +0,0 @@ -------------------------------------------------------------------- -Fri Sep 10 10:23:13 UTC 2021 - Thorsten Kukuk - -- Update to version 1.5.2 - -------------------------------------------------------------------- -Tue Jul 13 13:40:54 UTC 2021 - Thorsten Kukuk - -- revert-check_shadow_expiry.diff: revert wrong - CRYPT_SALT_METHOD_LEGACY check. - -------------------------------------------------------------------- -Wed Jun 9 14:02:02 UTC 2021 - Ludwig Nussel - -- Remove usrmerged conditional as it's now the default - -------------------------------------------------------------------- -Thu Feb 18 22:16:58 UTC 2021 - Thorsten Kukuk - -- Add missing conflicts for pam_unix - -------------------------------------------------------------------- -Tue Feb 16 10:27:27 UTC 2021 - Thorsten Kukuk - -- Fix split provides and BuildRequires -- Makefile-pam_unix-nis.diff: Link pam_unix-nis.so against outside - pam library - -------------------------------------------------------------------- -Fri Feb 12 13:44:39 UTC 2021 - Thorsten Kukuk - -- standalone pam_unix with NIS support diff --git a/pam_unix-nis.spec b/pam_unix-nis.spec deleted file mode 100644 index 50f4fac..0000000 --- a/pam_unix-nis.spec +++ /dev/null @@ -1,88 +0,0 @@ -# -# spec file for package pam -# -# Copyright (c) 2020 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - - -# -%define enable_selinux 1 -%define libpam_so_version 0.85.1 -%define libpam_misc_so_version 0.82.1 -%define libpamc_so_version 0.82.1 -%if ! %{defined _distconfdir} - %define _distconfdir %{_sysconfdir} - %define config_noreplace 1 -%endif -Name: pam_unix-nis -# -Version: 1.5.2 -Release: 0 -Summary: PAM module for standard UNIX and NIS authentication -License: GPL-2.0-or-later OR BSD-3-Clause -Group: System/Libraries -URL: http://www.linux-pam.org/ -Source: Linux-PAM-%{version}.tar.xz -Source9: baselibs.conf -Patch: Makefile-pam_unix-nis.diff -BuildRequires: pam-devel -%if 0%{?suse_version} > 1320 -BuildRequires: pkgconfig(libeconf) -BuildRequires: pkgconfig(libnsl) -BuildRequires: pkgconfig(libtirpc) -%endif -%if %{enable_selinux} -BuildRequires: libselinux-devel -%endif -Provides: pam:/%{_lib}/security/pam_unix.so -Provides: pam_unix.so -Conflicts: pam_unix - -%description -This package contains the pam_unix module, which does the standard -UNIX authentication against the passwd and shadow database. This -module has NIS support. - -%prep -%setup -q -n Linux-PAM-%{version} -%patch -p1 - -%build -export CFLAGS="%{optflags} -DNDEBUG" -%configure \ - --includedir=%{_includedir}/security \ - --docdir=%{_docdir}/pam \ - --htmldir=%{_docdir}/pam/html \ - --pdfdir=%{_docdir}/pam/pdf \ - --enable-isadir=../..%{_pam_moduledir} \ - --enable-securedir=%{_pam_moduledir} \ - --enable-vendordir=%{_distconfdir} -make -C modules/pam_unix - -%install -mkdir -p %{buildroot}%{_pam_moduledir} -install -m 755 modules/pam_unix/.libs/pam_unix.so %{buildroot}%{_pam_moduledir}/ -for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so -done - -%files -%license COPYING -%{_pam_moduledir}/pam_unix.so -%{_pam_moduledir}/pam_unix_acct.so -%{_pam_moduledir}/pam_unix_auth.so -%{_pam_moduledir}/pam_unix_passwd.so -%{_pam_moduledir}/pam_unix_session.so - -%changelog diff --git a/pam_xauth_data.3.xml.patch b/pam_xauth_data.3.xml.patch new file mode 100644 index 0000000..7902e64 --- /dev/null +++ b/pam_xauth_data.3.xml.patch @@ -0,0 +1,97 @@ +--- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100 ++++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200 +@@ -0,0 +1,94 @@ ++ ++ ++ ++ ++ ++ ++ pam_xauth_data ++ 3 ++ Linux-PAM Manual ++ ++ ++ ++ pam_xauth_data ++ structure containing X authentication data ++ ++ ++ ++ ++ ++ ++ #include <security/pam_appl.h> ++ ++ ++struct pam_xauth_data { ++ int namelen; ++ char *name; ++ int datalen; ++ char *data; ++}; ++ ++ ++ ++ ++ DESCRIPTION ++ ++ The pam_xauth_data structure contains X ++ authentication data used to make a connection to an X display. ++ Using this mechanism, an application can communicate X ++ authentication data to PAM service modules. This allows modules to ++ make a connection to the user's X display in order to label the ++ user's session on login, display visual feedback or for other ++ purposes. ++ ++ ++ The name field contains the name of the ++ authentication method, such as "MIT-MAGIC-COOKIE-1". The ++ namelen field contains the length of this string, ++ not including the trailing NUL character. ++ ++ ++ The data field contains the authentication ++ method-specific data corresponding to the specified name. The ++ datalen field contains its length in bytes. ++ ++ ++ The X authentication data can be changed with the ++ PAM_XAUTH_DATA item. It can be queried and ++ set with ++ ++ pam_get_item3 ++ ++ and ++ ++ pam_set_item 3 ++ respectively. The value used to set it should be ++ a pointer to a pam_xauth_data structure. An internal copy of both ++ the structure itself and its fields is made by PAM when setting the ++ item. ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ pam_start3 ++ , ++ ++ pam_get_item3 ++ , ++ ++ ++ ++ ++ STANDARDS ++ ++ The pam_xauth_data structure and ++ PAM_XAUTH_DATA item are ++ Linux-PAM extensions. ++ ++ ++ ++ -- 2.51.1 From 3139982e021e0e02012262f292c9bfcbc91913fe3864ba45cb8d93d7a8512a51 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 24 Nov 2021 14:34:36 +0000 Subject: [PATCH 171/226] Accepting request 933454 from home:kukuk:tiu - Add missing recommends and split provides OBS-URL: https://build.opensuse.org/request/show/933454 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=255 --- Makefile-pam_unix-nis.diff | 21 --------------------- baselibs.conf | 2 -- pam.changes | 5 +++++ pam.spec | 2 ++ 4 files changed, 7 insertions(+), 23 deletions(-) delete mode 100644 Makefile-pam_unix-nis.diff diff --git a/Makefile-pam_unix-nis.diff b/Makefile-pam_unix-nis.diff deleted file mode 100644 index a3967c8..0000000 --- a/Makefile-pam_unix-nis.diff +++ /dev/null @@ -1,21 +0,0 @@ -diff -urN Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in Linux-PAM-1.5.1/modules/pam_unix/Makefile.in ---- Linux-PAM-1.5.1.orig/modules/pam_unix/Makefile.in 2020-11-25 17:57:14.000000000 +0100 -+++ Linux-PAM-1.5.1/modules/pam_unix/Makefile.in 2021-02-12 14:33:38.159412343 +0100 -@@ -155,7 +155,7 @@ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } - LTLIBRARIES = $(securelib_LTLIBRARIES) --pam_unix_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la -+pam_unix_la_DEPENDENCIES = - am_pam_unix_la_OBJECTS = bigcrypt.lo pam_unix_acct.lo pam_unix_auth.lo \ - pam_unix_passwd.lo pam_unix_sess.lo support.lo passverify.lo \ - yppasswd_xdr.lo md5_good.lo md5_broken.lo -@@ -654,7 +654,7 @@ - - pam_unix_la_LDFLAGS = -no-undefined -avoid-version -module \ - $(am__append_1) --pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -+pam_unix_la_LIBADD = -lpam \ - @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ - - securelib_LTLIBRARIES = pam_unix.la diff --git a/baselibs.conf b/baselibs.conf index 7c3bca9..00ed537 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -4,5 +4,3 @@ pam-extra pam-devel pam_unix conflicts "pam_unix-nis-" -pam_unix-nis - conflicts "pam_unix-" diff --git a/pam.changes b/pam.changes index 19095fe..85d70cf 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + ------------------------------------------------------------------- Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 831c81c..a123cfd 100644 --- a/pam.spec +++ b/pam.spec @@ -91,6 +91,7 @@ BuildRequires: libselinux-devel %endif Requires: pam_unix.so Suggests: pam_unix +Recommends: pam-manpages %if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) Requires(pre): user(root) @@ -143,6 +144,7 @@ This package contains the documentation. %package -n pam-manpages Summary: Manualpages for Pluggable Authentication Modules Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz BuildArch: noarch BuildRequires: docbook-xsl-stylesheets BuildRequires: elinks -- 2.51.1 From 16f5bfc37557a60c804c79886432ff3c6adb341593ae901d19ef2bba5c7e2282 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 24 Nov 2021 15:07:30 +0000 Subject: [PATCH 172/226] Accepting request 933489 from home:kukuk:tiu - Add missing recommends and split provides - Use multibuild to build docu with correct paths and available features. - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: - pam_xauth_data.3.xml.patch - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other spec file. - Update pam-login_defs-check.sh regexp and login_defs-support-for-pam symbol to version 1.5.2 (new variable HMAC_CRYPTO_ALGO). - Add /run/pam_timestamp to pam.tmpfiles - Corrected macro definition of %_pam_moduledir: %_pam_moduledir %{_libdir}/security [macros.pam] - Prepend a slash to the expansion of %{_lib} in macros.pam as this are defined without a leading slash! - Rename motd.tmpfiles to pam.tmpfiles - Add /run/faillock directory - pam-login_defs-check.sh: adjust for new login.defs variable usages - Update to 1.5.2 Noteworthy changes in Linux-PAM 1.5.2: * pam_exec: implemented quiet_log option. * pam_mkhomedir: added support of HOME_MODE and UMASK from /etc/login.defs. * pam_timestamp: changed hmac algorithm to call openssl instead of the bundled sha1 implementation if selected, added option to select the hash algorithm to use with HMAC. * Added pkgconfig files for provided libraries. * Added --with-systemdunitdir configure option to specify systemd unit directory. * Added --with-misc-conv-bufsize configure option to specify the buffer size in libpam_misc's misc_conv() function, raised the default value for this parameter from 512 to 4096. * Multiple minor bug fixes, portability fixes, documentation improvements, and translation updates. pam_tally2 has been removed upstream, remove pam_tally2-removal.patch pam_cracklib has been removed from the upstream sources. This obsoletes pam-pam_cracklib-add-usersubstr.patch and pam_cracklib-removal.patch. The following patches have been accepted upstream and, so, are obsolete: - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch - pam_securetty-don-t-complain-about-missing-config.patch - bsc1184358-prevent-LOCAL-from-being-resolved.patch - revert-check_shadow_expiry.diff [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, pam_securetty-don-t-complain-about-missing-config.patch, bsc1184358-prevent-LOCAL-from-being-resolved.patch, revert-check_shadow_expiry.diff] - pam_umask-usergroups-login_defs.patch: Deprecate pam_umask explicit "usergroups" option and instead read it from login.def's "USERGROUP_ENAB" option if umask is only defined there. [bsc#1189139] - package man5/motd.5 as a man-pages link to man8/pam_motd.8 [bsc#1188724] - revert-check_shadow_expiry.diff: revert wrong CRYPT_SALT_METHOD_LEGACY check. - Create /run/motd.d - Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) - Backport patch to not install /usr/etc/securetty (boo#1033626) ie no distro defaults and don't complain about it missing (pam_securetty-don-t-complain-about-missing-config.patch) - add debug bcond to be able to build pam with debug output easily - add macros file to allow other packages to stop hardcoding directory names. Compatible with Fedora. - In the 32-bit compatibility package for 64-bit architectures, require "systemd-32bit" to be also installed as it contains pam_systemd.so for 32 bit applications. [bsc#1185562, baselibs.conf] - If "LOCAL" is configured in access.conf, and a login attempt from a remote host is made, pam_access tries to resolve "LOCAL" as a hostname and logs a failure. Checking explicitly for "LOCAL" and rejecting access in this case resolves this issue. [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] - pam_limits: "unlimited" is not a legitimate value for "nofile" (see setrlimit(2)). So, when "nofile" is set to one of the "unlimited" values, it is set to the contents of "/proc/sys/fs/nr_open" instead. Also changed the manpage of pam_limits to express this. [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support - Update to 1.5.1 - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user doesn't exist and root password is blank [bsc#1179166] - pam_faillock: added nodelay option to not set pam_fail_delay - pam_wheel: use pam_modutil_user_in_group to check for the group membership with getgrouplist where it is available - add macros.pam to abstract directory for pam modules - Update to 1.5.0 - obsoletes pam-bsc1178727-initialize-daysleft.patch - Multiple minor bug fixes, portability fixes, and documentation improvements. - Extended libpam API with pam_modutil_check_user_in_passwd function. - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. - pam_motd: read motd files with target user credentials skipping unreadable ones. - pam_pwhistory: added a SELinux helper executable. - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. - pam_env: Reading of the user environment is deprecated and will be removed at some point in the future. - libpam: pam_modutil_drop_priv() now correctly sets the target user's supplementary groups, allowing pam_motd to filter messages accordingly - Refresh pam-xauth_ownership.patch - pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package - pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package - pam_cracklib: added code to check whether the password contains a substring of of the user's name of at least characters length in some form. This is enabled by the new parameter "usersubstr=" See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] - pam_xauth.c: do not free() a string which has been (successfully) passed to putenv(). [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] - Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" to avoid spurious (and misleading) Warning: your password will expire in ... days. fixed upstream with commit db6b293046a [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] - Enable pam_faillock [bnc#1171562] - prepare usrmerge (boo#1029961, pam-usrmerge.diff) - /usr/bin/xauth chokes on the old user's $HOME being on an NFS file system. Run /usr/bin/xauth using the old user's uid/gid Patch courtesy of Dr. Werner Fink. [bsc#1174593, pam-xauth_ownership.patch] - pam-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). - Revert the previous change [SR#815713]. The group is not necessary for PAM functionality but used only during testing. The test system should therefore create this group. [bsc#1171016, pam.spec] - Add requirement for group "wheel" to spec file. [bsc#1171016, pam.spec] - Update to final 1.4.0 release - includes pam-check-user-home-dir.patch - obsoletes fix-man-links.dif - common-password: remove pam_cracklib, as that is deprecated. - pam_setquota.so: When setting quota, don't apply any quota if the user's $HOME is a mountpoint (ie the user has a partition of his/her own). [bsc#1171721, pam-check-user-home-dir.patch] - Update to current Linux-PAM snapshot - pam_tally* and pam_cracklib got deprecated - Disable pam_faillock and pam_setquota until they are whitelisted - Adapted patch pam-hostnames-in-access_conf.patch for new version New version obsoleted patch use-correct-IP-address.patch [pam-hostnames-in-access_conf.patch, use-correct-IP-address.patch] - Update to current Linux-PAM snapshot - Obsoletes pam_namespace-systemd.diff - Update to current Linux-PAM snapshot - Add pam_faillock - Multiple minor bug fixes and documentation improvements - Fixed grammar of messages printed via pam_prompt - Added support for a vendor directory and libeconf - configure: Allowed disabling documentation through --disable-doc - pam_get_authtok_verify: Avoid duplicate password verification - pam_env: Changed the default to not read the user .pam_environment file - pam_group, pam_time: Fixed logical error with multiple ! operators - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session - pam_lastlog: Do not log info about failed login if the session was opened with PAM_SILENT flag - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' limit - pam_motd: Export MOTD_SHOWN=pam after showing MOTD - pam_motd: Support multiple motd paths specified, with filename overrides - pam_namespace: Added a systemd service, which creates the namespaced instance parent directories during boot - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts - pam_shells: Recognize /bin/sh as the default shell - pam_succeed_if: Support lists in group membership checks - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE - pam_umask: Added new 'nousergroups' module argument and allowed specifying the default for usergroups at build-time - pam_unix: Added 'nullresetok' option to allow resetting blank passwords - pam_unix: Report unusable hashes found by checksalt to syslog - pam_unix: Support for (gost-)yescrypt hashing methods - pam_unix: Use bcrypt b-variant when it bcrypt is chosen - pam_usertype: New module to tell if uid is in login.defs ranges - Added new API call pam_start_confdir() for special applications that cannot use the system-default PAM configuration paths and need to explicitly specify another path - pam_namespace-systemd.diff: fix path of pam_namespace.services - own /usr/lib/motd.d/ so other packages can add files there - Listed all manual pages seperately as pam_userdb.8 has been moved to pam-extra. Also %exclude %{_defaultdocdir}/pam as the docs are in a separate package. [pam.spec] - pam_userdb moved to a new package pam-extra as pam-modules is obsolete and not part of SLE. [bsc#1166510, pam.spec] - Removed pam_userdb from this package and moved to pam-modules. This removed the requirement for libdb. Also made "xz" required for all releases. Remove limits for nproc from /etc/security/limits.conf [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] - Recommend login.defs only (no hard requirement) - Update to version 1.3.1+git20190923.ea78d67: * Fixed missing quotes in configure script * Add support for a vendor directory and libeconf (#136) * pam_lastlog: document the 'unlimited' option * pam_lastlog: prevent crash due to reduced 'fsize' limit * pam_unix_sess.c add uid for opening session * Fix the man page for "pam_fail_delay()" * Fix a typo * Update a function comment - drop usr-etc-support.patch (accepted upstream) - Add migration support from /etc to /usr/etc during upgrade - Update to version 1.3.1+git20190902.9de67ee: * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd - Update to version 1.3.1+git20190826.1b087ed: * libpam/pam_modutil_sanitize.c: optimize the way to close fds - Replace old $RPM_* shell vars by macros. - Avoid unnecessary invocation of subshells. - Shorten recipe for constructing securetty contents on s390. - usr-etc-support.patch: Add support for /usr/etc/pam.d - encryption_method_nis.diff: obsolete, NIS clients shouldn't require DES anymore. - etc.environment: removed, the sources contain the same - Update to version 1.3.1+git20190807.e31dd6c: * pam_tty_audit: Manual page clarification about password logging * pam_get_authtok_verify: Avoid duplicate password verification * Mention that ./autogen.sh is needeed to be run if you check out the sources from git * pam_unix: Correct MAXPASS define name in the previous two commits. * Restrict password length when changing password * Trim password at PAM_MAX_RESP_SIZE chars * pam_succeed_if: Request user data only when needed * pam_tally2: Remove unnecessary fsync() * Fixed a grammer mistake * Fix documentation for pam_wheel * Fix a typo in the documentation * pam_lastlog: Improve silent option documentation * pam_lastlog: Respect PAM_SILENT flag * Fix regressions from the last commits. * Replace strndupa with strncpy * build: ignore pam_lastlog when logwtmp is not available. * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. * pam_motd: Cleanup the code and avoid unnecessary logging * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. * Move the duplicated search_key function to pam_modutil. * pam_unix: Use pam_syslog instead of helper_log_err. * pam_unix: Report unusable hashes found by checksalt to syslog. * Revert "pam_unix: Add crypt_default method, if supported." * pam_unix: Add crypt_default method, if supported. * Revert part of the commit 4da9febc * pam_unix: Add support for (gost-)yescrypt hashing methods. * pam_unix: Fix closing curly brace. (#77) * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. * pam_unix: Prefer a gensalt function, that supports auto entropy. * pam_motd: Fix segmentation fault when no motd_dir specified (#76) * pam_motd: Support multiple motd paths specified, with filename overrides (#69) * pam_unix: Use bcrypt b-variant for computing new hashes. * pam_tally, pam_tally2: fix grammar and spelling (#54) * Fix grammar of messages printed via pam_prompt * pam_stress: do not mark messages for translation * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros * pam_unix: remove obsolete _unix_read_password prototype - Add virtual symbols for login.defs compatibility (bsc#1121197). - Add login.defs safety check pam-login_defs-check.sh (bsc#1121197). - When comparing an incoming IP address with an entry in access.conf that only specified a single host (ie no netmask), the incoming IP address was used rather than the IP address from access.conf, effectively comparing the incoming address with itself. (Also fixed a small typo while I was at it) {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] - Upgrade to 1.3.1 * pam_motd: add support for a motd.d directory * pam_umask: Fix documentation to align with order of loading umask * pam_get_user.3: Fix missing word in documentation * pam_tally2 --reset: avoid creating a missing tallylog file * pam_mkhomedir: Allow creating parent of homedir under / * access.conf.5: Add note about spaces around ':' * pam.8: Workaround formatting problem * pam_unix: Check return value of malloc used for setcred data * pam_cracklib: Drop unused prompt macros * pam_tty_audit: Support matching users by uid range * pam_access: support parsing files in /etc/security/access.d/*.conf * pam_localuser: Correct documentation * pam_issue: Fix no prompting in parse escape codes mode * Unification and cleanup of syslog log levels Also: removed nproc limit, referred to systemd instead. Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. [bsc#1112508, pam-fix-config-order-in-manpage.patch] - Add libdb as build-time dependency to enable pam_userdb module. This module is useful for implementing virtual user support for vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] - Install empty directory /etc/security/namespace.d for pam_namespace.so iscript. - pam_umask.8 needed to be patched as well. [bsc#1089884, pam-fix-config-order-in-manpage.patch] - Changed order of configuration files to reflect actual code. [bsc#1089884, pam-fix-config-order-in-manpage.patch] - Use %license (boo#1082318) - Prerequire group(shadow), user(root) - Allow symbolic hostnames in access.conf file. [pam-hostnames-in-access_conf.patch, boo#1019866] - Increased nproc limits for non-privileged users to 4069/16384. Removed limits for "root". [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] - pam-limit-nproc.patch: increased process limit to help Chrome/Chromuim users with really lots of tabs. New limit gets closer to UserTasksMax parameter in logind.conf - Add doc directory to filelist. - Remove obsolete README.pam_tally [bsc#977973] - Update Linux-PAM to version 1.3.0 - Rediff encryption_method_nis.diff - Link pam_unix against libtirpc and external libnsl to enable IPv6 support. - Add /sbin/unix2_chkpwd (moved from pam-modules) - Remove (since accepted upstream): - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch - 0002-Remove-enable-static-modules-option-and-support-from.patch - 0003-fix-nis-checks.patch - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch - Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch - Replace IPv4 only functions - Fix typo in common-account.pamd [bnc#959439] - Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch - readd PAM_EXTERN for external PAM modules - Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch - Add 0002-Remove-enable-static-modules-option-and-support-from.patch - Add 0003-fix-nis-checks.patch - Add folder /etc/security/limits.d as mentioned in 'man pam_limits' - Update to version 1.2.1 - security update for CVE-2015-3238 - Update to version 1.2.0 - obsoletes Linux-PAM-git-20150109.diff - Re-add lost patch encryption_method_nis.diff [bnc#906660] - Update to current git: - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff - obsoletes pam_loginuid-log_write_errors.diff - obsoletes pam_xauth-sigpipe.diff - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch - increase process limit to 1200 to help chromium users with many tabs - limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch - Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) bug-870433_pam_timestamp-fix-directory-traversal.patch - adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) - Add pam_loginuid-log_write_errors.diff: log significant loginuid write errors - pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to xauth process - Update to current git (Linux-PAM-git-20140127.diff), which obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and Linux-PAM-git-20140109.diff. - Fix gratuitous use of strdup and x_strdup - pam_xauth: log fatal errors preventing xauth process execution - pam_loginuid: cleanup loginuid buffer initialization - libpam_misc: fix an inconsistency in handling memory allocation errors - pam_limits: fix utmp->ut_user handling - pam_mkhomedir: check and create home directory for the same user - pam_limits: detect and ignore stale utmp entries - Disable pam_userdb (remove db-devel from build requires) - Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid - Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc - Update to current git (Linux-PAM-git-20140109.diff, which replaces pam_unix.diff and encryption_method_nis.diff) - pam_access: fix debug level logging - pam_warn: log flags passed to the module - pam_securetty: check return value of fgets - pam_lastlog: fix format string - pam_loginuid: If the correct loginuid is already set, skip writing it - common-session.pamd: add missing newline - Remove libtrpc support to solve dependency/build cycles, plain glibc is enough for now. - Add encryption_method_nis.diff: - implement pam_unix2 functionality to use another hash for NIS passwords. - Add pam_unix.diff: - fix if /etc/login.defs uses DES - ask always for old password if a NIS password will be changed - fix manpages links (bnc#842872) [fix-man-links.dif] - Explicitly add pam_systemd.so to list of modules in common-session.pamd (bnc#812462) - Update to official release 1.1.8 (1.1.7 + git-20130916.diff) - Remove needless pam_tally-deprecated.diff patch - Replace fix-compiler-warnings.diff with current git snapshot (git-20130916.diff) for pam_unix.so: - fix glibc warnings - fix syntax error in SELinux code - fix crash at login - Remove pam_unix-login.defs.diff, not needed anymore - Update to version 1.1.7 (bugfix release) - Drop missing-DESTDIR.diff and pam-fix-includes.patch - fix-compiler-warnings.diff: fix unchecked setuid return code - adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) - Fix typo in common-password [bnc#821526] - Added libtool as BuildRequire, and autoreconf -i option to fix build with new automake - Update pam_unix-login.defs.diff patch to the final upstream version. - Adjust URL - Add set_permission macro and PreReq - Read default encryption method from /etc/login.defs (pam_unix-login.defs.diff) - Remove deprecated pam_tally.so module, it's too buggy and can destroy config and log files. - Sync common-*.pamd config with pam-config (use pam_unix.so as default). - Fix building in Factory (add patch missing-DESTDIR.diff) - Update to Linux-PAM 1.1.6 - Update translations - pam_cracklib: Add more checks for weak passwords - pam_lastlog: Never lock out root - Lot of bug fixes and smaller enhancements - Include correct headers for getrlimit (add patch pam-fix-includes.patch). - Update homepage URL in specfile - Update to new upstream release 1.1.5 * pam_env: Fix CVE-2011-3148: correctly count leading whitespace when parsing environment file in pam_env * Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in pam_env * pam_access: Add hostname resolution cache - pam_tally2: remove invalid options from manpage (bnc#726071) - fix possible overflow and DOS in pam_env (bnc#724480) CVE-2011-3148, CVE-2011-3149 - Update to version 1.1.4 * pam_securetty: Honour console= kernel option, add noconsole option * pam_limits: Add %group syntax, drop change_uid option, add set_all option * Lot of small bug fixes * Add support for libtirpc - Build against libtirpc - license update: GPL-2.0+ or BSD-3-Clause Updating to spdx.org/licenses syntax as legal-auto for some reason did not accept the previous spec file license - Remove libxcrypt-devel from BuildRequires - bnc#673826 rework * manpage is left intact, as it was * correct parsing of "quiet" option - fix for bnc#673826 (pam_listfile) * removed unnecessary logging when listfile is missing and quiet option is specified * manpage is also updated, to reflect that all option require values - Update to Linux-PAM 1.1.3 - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 - pam_unix: Add minlen option, change default from 6 to 0 - Update to Linux-PAM 1.1.2 - use %_smp_mflags - Update to current CVS version (pam_rootok: Add support for chauthtok and acct_mgmt, [bnc#533249]) - Install correct documentation - Update to Linux-PAM 1.1.1 (bug fix release) - add baselibs.conf as a source - enable parallel building - Add fixes from CVS - Update to final version 1.1.0 (spelling fixes) - Update to version 1.0.92: * Update translations * pam_succeed_if: Use provided username * pam_mkhomedir: Fix handling of options - Remove cracklib-dict-full and pwdutils BuildRequires again. - Update to version 1.0.91 aka 1.1 Beta2: * Changes in the behavior of the password stack. Results of PRELIM_CHECK are not used for the final run. * Redefine LOCAL keyword of pam_access configuration file * Add support for try_first_pass and use_first_pass to pam_cracklib * New password quality tests in pam_cracklib * Add support for passing PAM_AUTHTOK to stdin of helpers from pam_exec * New options for pam_lastlog to show last failed login attempt and to disable lastlog update * New pam_pwhistory module to store last used passwords * New pam_tally2 module similar to pam_tally with wordsize independent tally data format, obsoletes pam_tally * Make libpam not log missing module if its type is prepended with '-' * New pam_timestamp module for authentication based on recent successful login. * Add blowfish support to pam_unix. * Add support for user specific environment file to pam_env. * Add pam_get_authtok to libpam as Linux-PAM extension. - use sr@latin instead of sr@Latn - Log failures of setrlimit in pam_limits [bnc#448314] - Fix using of requisite in password stack [bnc#470337] - Regenerate documentation [bnc#448314] - use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade (bnc#437293) - obsolete old -XXbit packages (bnc#437293) - enhance the man page for limits.conf (bnc#448314) - pam_time: fix parsing if '|' is used [bdo#326407] - pam_xauth: update last patch - pam_pwhistory: add missing type option - pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment (bnc#441314) - Add pam_tally2 - Regenerate Documentation - Enhance pam_lastlog with status output - Add pam_pwhistory as tech preview - pam_tally: fix fd leak - pam_mail: fix "quiet" option - Update to version 1.0.2 (fix SELinux regression) - enhance pam_tally [FATE#303753] - Backport fixes from CVS - enabled SELinux support [Fate#303662] - Update to version 1.0.1: - Fixes regression in pam_set_item(). - added baselibs.conf file to build xxbit packages for multilib support - Remove devfs lines from securetty [bnc#372241] - Update to version 1.0.0: - Official first "stable" release - bug fixes - translation updates - Update to version 0.99.10.0: - New substack directive in config file syntax - New module pam_tty_audit.so for enabling and disabling tty auditing - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA - Improved functionality of pam_namespace.so module (method flags, namespace.d configuration directory, new options). - Finaly removed deprecated pam_rhosts_auth module. - Update to version 0.99.9.0: - misc_conv no longer blocks SIGINT; applications that don't want user-interruptable prompts should block SIGINT themselves - Merge fixes from Debian - Fix parser for pam_group and pam_time - Update to version 0.99.8.1: - Fix regression in pam_audit - Update to version 0.99.8.0: - Add translations for ar, ca, da, ru, sv and zu. - Update hungarian translation. - Add support for limits.d directory to pam_limits. - Add minclass option to pam_cracklib - Add new group syntax to pam_access - move the documentation into a seperate package (pam-doc) [partly fixes Bug #265733] - add flex and bison BuildRequires - add %verify_permissions for /sbin/unix_chkpwd [#237625] - Update to Version 0.99.7.1 (security fix) - Update to Version 0.99.7.0 * Add manual page for pam_unix.so. * Add pam_faildelay module to set pam_fail_delay() value. * Fix possible seg.fault in libpam/pam_set_data(). * Cleanup of configure options. * Update hungarian translation, fix german translation. - install unix_chkpwd setuid root instead of setgid shadow (#216816) - pam_unix.so/unix_chkpwd: teach about blowfish [#213929] - pam_namespace.so: Fix two possible buffer overflow - link against libxcrypt - Update hungarian translation [#210091] - Don't remove pam_unix.so - Use cracklib again (goes lost with one of the last cleanups) - Add pam_umask.so to common-session [Fate#3621] - Update to Linux-PAM 0.99.6.3 (merges all patches) - Update to Linux-PAM 0.99.6.2 (incorporate last change) - Add pam_loginuid and fixes from CVS [Fate#300486] - Fix seg.fault in pam_cracklib if retyped password is empty - Remove use_first_pass from pam_unix2.so in password section - Update to Linux-PAM 0.99.6.1 (big documentation update) - Add missing namespace.init script - Reenable audit subsystem [Fate#300486] - Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM modules: pam_keyinit, pam_namespace, pam_rhosts) - Update to current CVS (lot of new manual pages and docu) - Update to Linux-PAM 0.99.4.0 (merge all patches and translations) - Fix problems found by Coverity - Don't strip binaries. - Fix pam_tally LFS support [#172492] - Update fr.po and pl.po - Update km.po - Remove obsolete pam-laus from the system - Update translations for pt, pl, fr, fi and cs - Add translation for uk - Update hu.po - Add translation for tr - Fix order of NULL checks in pam_get_user - Fix comment in pam_lastlog for translators to be visible in pot file - Docu update, remove pam_selinux docu - Update km translation - pam_lastlog: - Initialize correct struct member [SF#1427401] - Mark strftime fmt string for translation [SF#1428269] - Update more manual pages - really disable audit if header file not present - Update fi.po - Add km.po - Update pl.po - Update with better manual pages - Add translation for nl, update pt translation - Move devel manual pages to -devel package - Mark PAM config files as noreplace - Mark /etc/securetty as noreplace - Run ldconfig - Fix libdb/ndbm compat detection with gdbm - Adjust german translation - Add all services to pam_listfile - converted neededforbuild to BuildRequires - Update to Linux-PAM 0.99.3.0 release candiate tar balls (new translations) - Fix NULL handling for LSB-pam test suite [#141240] - Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR - NULL is allowed as thirs argument for pam_get_item [#141240] - Add fixes from CVS - Fix pam_lastlog: don't report error on first login - Update to 0.99.2.1 - Add /etc/environment to avoid warnings in syslog - disable SELinux - Update getlogin() fix to final one - Fix PAM getlogin() implementation - Update to official 0.99.2.0 release - Update to new snapshot - Enable original pam_wheel module - Update to current CVS - Compile libpam_misc with -fno-strict-aliasing - Update to current CVS - Fix compiling of pammodutil with -fPIC - Update to current CVS - Update to new snapshot (Major version is back to 0) - Update to Linux-PAM 0.99.0.3 snapshot - Add pam_umask - Update to current CVS snapshot - Update to current CVS snapshot - Add pam_loginuid - Update to current CVS snapshot - Don't reset priority [#81690] - Fix creating of symlinks - Update to current CVS snapshot - Real fix for [#82687] (don't include kernel header files) - Bug 82687 - pam_client.h redefines __u8 and __u32 - Apply lot of fixes from CVS (including SELinux support) - Update to final 0.79 release - Apply patch for pam_xauth to preserve DISPLAY variable [#66885] - Compile with large file support - Made patch of latest CVS tree - Removed patch pam_handler.diff ( included in CVS now ) - moved Linux-PAM-0.78.dif to pam_group_time.diff - Fix seg.fault, if a PAM config line is incomplete - Update to final 0.78 - Add pam_env.so to common-auth - Add pam_limit.so to common-session - Update to 0.78-Beta1 - Create pam.d/common-{auth,account,password,session} and include them in pam.d/other - Update to current CVS version of upcoming 0.78 release - Update "code cleanup" patch - Disable reading of /etc/environment in pam_env.so per default - Reenable a "fixed" version of "code cleanup" patch - Use pam_wheel from pam-modules package - Disable "code cleanup" patch (no more comments about security fixes) - Apply big "code cleanup" patch [Bug #39673] - pam_wheel: Use original getlogin again, PAM internal does not work without application help [Bug #35682] - We no longer have pam in the buildsystem, so we need some buildroot magic flags for the dlopen tests. - Cleanup neededforbuild - Add manual pages from SLES8 - Fix installing manual pages of modules - Remove pthread check (db is now linked against pthread) - Merge with current CVS - Apply bug fixes from bugtracking system - Build as normal user - Compile with noexecstack - Fix pam_securetty CVS patch - Sync with current CVS version - Add patch to implement "include" statement in pamd files - added ttyS1 (VT220) to securetty on s390* (bug #29239) - Apply lot of fixes for various problems - Fix getlogin handling in pam_wheel.so - added cracklib-devel to neededforbuild - Update pam_localuser and pam_xauth. - Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) - changed neededforbuild to - changed securetty / use extra file - 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty - Call password checking helper from pam_unix.so whenever the passwd field is invalid. - Don't build ps and pdf documentation - pam-devel requires pam [Bug #17543] - Remove explicit requires - Update to Linux-PAM 0.76 - Remove reentrant patch for original PAM modules (needs to be rewritten for new PAM version) - Add docu in PDF format - Fix build on different partitions - Fix to not own /usr/shar/man/man3 - Add /usr/include/security to pam-devel filelist - tar option for bz2 is "j" - Fix last pam_securetty patch - Use reentrant getpwnam functions for most modules - Fix unresolved symbols in pam_access and pam_userdb - libpam_misc: Don't handle Ctrl-D as error. - Remove SuSEconfig.pam - Update pam_localuser and pam_xauth - Add new READMEs about blowfish and cracklib - Remove pam_unix.so (is part of pam-modules) - Move extra PAM modules to separate package - Require pam-modules package - Move susehelp config file to susehelp package - changed neededforbuild to - Fixes wrong symlink handling of pam_homecheck [Bug #3905] - Sync pam_homecheck and pam_unix2 fixes from 7.2 - Always ask for the old password if it is expired - Cleanup Patches, make tar archive from extra pam modules - Use LOG_NOTICE for trace option [Bug #7673] - Linux-PAM: link pam_access against libnsl - Add pam.conf for susehelp/pam html docu - Linux-PAM: Update to version 0.75 - Linux-PAM: link libpam_misc against libpam [Bug #6890] - Linux-PAM: Fix manual pages (.so reference) - pam_pwcheck: fix Makefile - Update for Linux-PAM 0.74 - Drop pwdb subpackage - pam_unix2: Create temp files with permission 0600 - pam_issue.c: include time.h to make it compile - Don't print error message about failed initialization from pam_limits with kernel 2.2 [Bug #5198] - Adjust docu for pam_limits - Adjust docu for pam_pwcheck - Add fix for pam_limits from 0.73 - Add db-devel to need for build - Don't link PAM modules against old libpam library - Create new "devel" subpackage - Add SuSEconfig.pam - Fix problems with new gcc and glibc 2.2 header files - Fix problem with passwords longer then PASS_MAX_LEN - Add missing PAM modules to filelist - Fix seg.fault in pam_pwcheck [BUG #3894] - Clean spec file - Lot of bug fixes in pam_unix2 and pam_pwcheck - compress postscript docu - Move docu to /usr/share/doc/pam - Fix some bugs in pam_unix2 and pam_pwcheck - Add pam_homecheck Module - Add devfs devices to /etc/securetty - Fix handling of changing passwords to empty one - Set correct attr for unix_chkpwd and pwdb_chkpwd - Update pam_pwcheck - Update pam_unix2 - pwdb: Update to 0.61 - Add config files and README for md5 passwords - Update pam_pwcheck - Update pam_unix2 - Update pam_unix2 - New: pam_pwcheck - Update to Linux-PAM 0.72 - pam_pwdb: Add security fixes from RedHat - Update to Linux-PAM 0.70 - Update to pwdb-0.60 - Fix more pam_unix2 shadow bugs - Add more PAM fixes - Implement Password changing request (sp_lstchg == 0) - ran old prepare_spec on spec file to switch to new prepare_spec. - Add pam_wheel to file list - pam_wheel: Minor fixes - pam_unix2: root is allowed to change passwords with wrong password aging information - pam_unix2: Fix typo - Linux-PAM: Update to version 0.69 - pam_unix2: Root is allowed to use the old password again. - pam_unix2: Allow root to set an empty password. - Add HP-UX password aging to pam_unix2. - Don't install .cvsignore files - Make sure, /etc/shadow has the correct rights - Update to Linux-PAM 0.68 - pam_unix2: more bug fixes - pam_unix2: Fix "inactive" password - pam_warn: Add missing functions - other.pamd: Update - Add more doku - Add securetty config file - Fix Debian pam_env patch - Update to Linux-PAM 0.67 - Add Debian pam_env patch - pam_ftp malloc (core dump) fix - pam_unix2 fixes - First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 OBS-URL: https://build.opensuse.org/request/show/933489 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=256 --- pam.changes | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pam.changes b/pam.changes index 85d70cf..1e4313f 100644 --- a/pam.changes +++ b/pam.changes @@ -15,9 +15,12 @@ Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk - common-session: move pam_systemd to first position as if the file would have been generated with pam-config - Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. ------------------------------------------------------------------- Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec -- 2.51.1 From 4b7b9d93e4bed978da581975971cd696fc19e1a173cef1a93aec087786d4f56b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 29 Nov 2021 09:46:08 +0000 Subject: [PATCH 173/226] Accepting request 934493 from home:kukuk:tiu - Don't define doc/manpages packages in main build OBS-URL: https://build.opensuse.org/request/show/934493 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=257 --- pam.changes | 5 +++++ pam.spec | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/pam.changes b/pam.changes index 1e4313f..a11b844 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + ------------------------------------------------------------------- Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index a123cfd..6ca6d85 100644 --- a/pam.spec +++ b/pam.spec @@ -129,6 +129,8 @@ This package contains useful extra modules eg pam_userdb which is used to verify a username/password pair against values stored in a Berkeley DB database. +%if %{build_doc} + %package -n pam-doc Summary: Documentation for Pluggable Authentication Modules Group: Documentation/HTML @@ -157,6 +159,8 @@ having to recompile programs that do authentication. This package contains the manual pages. +%endif + %package devel Summary: Include Files and Libraries for PAM Development Group: Development/Libraries/C and C++ -- 2.51.1 From 945f25a7aec3f8aeecedd725fbb68abee4b7f2a5156ab5eaf643a3951541d6b1 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 13 Dec 2021 13:17:12 +0000 Subject: [PATCH 174/226] Accepting request 940243 from home:kukuk:tiu - Drop pam_umask-usergroups-login_defs.patch, does more harm than helps. If not explizit specified as module option, we use UMASK from login.defs unmodified. OBS-URL: https://build.opensuse.org/request/show/940243 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=258 --- pam.changes | 7 ++ pam.spec | 2 - pam_umask-usergroups-login_defs.patch | 129 -------------------------- 3 files changed, 7 insertions(+), 131 deletions(-) delete mode 100644 pam_umask-usergroups-login_defs.patch diff --git a/pam.changes b/pam.changes index a11b844..ef1c80b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + ------------------------------------------------------------------- Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 6ca6d85..5c3afd1 100644 --- a/pam.spec +++ b/pam.spec @@ -68,7 +68,6 @@ Patch1: pam-limit-nproc.patch Patch2: pam-hostnames-in-access_conf.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch -Patch5: pam_umask-usergroups-login_defs.patch Patch10: pam_xauth_data.3.xml.patch Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch @@ -182,7 +181,6 @@ cp -a %{SOURCE12} . %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 diff --git a/pam_umask-usergroups-login_defs.patch b/pam_umask-usergroups-login_defs.patch deleted file mode 100644 index 75ac27a..0000000 --- a/pam_umask-usergroups-login_defs.patch +++ /dev/null @@ -1,129 +0,0 @@ -Description: -Deprecate pam_umask explicit "usergroups" option and instead read it from /etc/login.def's -"USERGROUP_ENAB" option if umask is only defined there. -Original Author: Martin Pitt -Bug-Debian: http://bugs.debian.org/583958 - -Index: Linux-PAM-1.5.2/modules/pam_umask/README -=================================================================== ---- Linux-PAM-1.5.2.orig/modules/pam_umask/README -+++ Linux-PAM-1.5.2/modules/pam_umask/README -@@ -15,7 +15,7 @@ following order: - - • umask= argument - -- • UMASK entry from /etc/login.defs -+ • UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB) - - • UMASK= entry from /etc/default/login - -@@ -38,7 +38,10 @@ usergroups - - If the user is not root and the username is the same as primary group name, - the umask group bits are set to be the same as owner bits (examples: 022 -> -- 002, 077 -> 007). -+ 002, 077 -> 007). Note that using this option explicitly is discouraged. -+ pam_umask enables this functionality by default if /etc/login.defs enables -+ USERGROUPS_ENAB, and the umask is not set explicitly in other places than / -+ etc/login.defs. - - nousergroups - -Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8 -=================================================================== ---- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8 -+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8 -@@ -68,7 +68,9 @@ umask= argument - .sp -1 - .IP \(bu 2.3 - .\} --UMASK entry from /etc/login\&.defs -+UMASK entry from -+/etc/login\&.defs -+(influenced by USERGROUPS_ENAB) - .RE - .sp - .RS 4 -@@ -79,7 +81,8 @@ UMASK entry from /etc/login\&.defs - .sp -1 - .IP \(bu 2.3 - .\} --UMASK= entry from /etc/default/login -+UMASK= entry from -+/etc/default/login - .RE - .PP - The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. -@@ -98,7 +101,10 @@ Don\*(Aqt print informative messages\&. - .PP - \fBusergroups\fR - .RS 4 --If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. -+If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. Note that using this option explicitly is discouraged\&. pam_umask enables this functionality by default if -+/etc/login\&.defs -+enables USERGROUPS_ENAB, and the umask is not set explicitly in other places than -+/etc/login\&.defs\&. - .RE - .PP - \fBnousergroups\fR -Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml -=================================================================== ---- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.8.xml -+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.8.xml -@@ -61,12 +61,13 @@ - - - -- UMASK entry from /etc/login.defs -+ UMASK entry from /etc/login.defs -+ (influenced by USERGROUPS_ENAB) - - - - -- UMASK= entry from /etc/default/login -+ UMASK= entry from /etc/default/login - - - -@@ -118,6 +119,11 @@ - If the user is not root and the username is the same as - primary group name, the umask group bits are set to be the - same as owner bits (examples: 022 -> 002, 077 -> 007). -+ Note that using this option explicitly is discouraged. pam_umask -+ enables this functionality by default if -+ /etc/login.defs enables -+ USERGROUPS_ENAB, and the umask is not set explicitly in other -+ places than /etc/login.defs. - - - -Index: Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c -=================================================================== ---- Linux-PAM-1.5.2.orig/modules/pam_umask/pam_umask.c -+++ Linux-PAM-1.5.2/modules/pam_umask/pam_umask.c -@@ -104,7 +104,23 @@ get_options (pam_handle_t *pamh, options - parse_option (pamh, *argv, options); - - if (options->umask == NULL) { -- options->login_umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK"); -+ { -+ options->umask = pam_modutil_search_key (pamh, LOGIN_DEFS, "UMASK"); -+ /* login.defs' USERGROUPS_ENAB will modify the UMASK setting there by way -+ * of usergroups; but we don't want it to influence umask definitions -+ * from other places (like GECOS). -+ */ -+ if (options->umask != NULL) -+ { -+ char *result = pam_modutil_search_key (pamh, LOGIN_DEFS, -+ "USERGROUPS_ENAB"); -+ if (result != NULL) -+ { -+ options->usergroups = (strcasecmp (result, "yes") == 0); -+ free (result); -+ } -+ } -+ } - if (options->login_umask == NULL) - options->login_umask = pam_modutil_search_key (pamh, LOGIN_CONF, "UMASK"); - options->umask = options->login_umask; -- 2.51.1 From 656f9b5474bf0d533f8d03b944e76018b1746c1d10179006f81867f1bfd05169 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 11 Mar 2022 11:29:42 +0000 Subject: [PATCH 175/226] Accepting request 961064 from home:kukuk:tiu - pam-hostnames-in-access_conf.patch: update with upstream submission. Fixes several bugs including memory leaks. - Move group.conf and faillock.conf to /usr/etc/security - Update to current git for enhanced vendordir support (pam-git.diff) Obsoletes: - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch OBS-URL: https://build.opensuse.org/request/show/961064 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=259 --- ...uth_data.3.xml-in-source-archive-400.patch | 25 - ...-vendordir-in-manual-page-if-set-401.patch | 51 - ...specific-limits.conf-as-fallback-402.patch | 61 - pam-git.diff | 1672 +++++++++++++++++ pam-hostnames-in-access_conf.patch | 134 +- pam.changes | 20 + pam.spec | 12 +- 7 files changed, 1781 insertions(+), 194 deletions(-) delete mode 100644 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch delete mode 100644 0002-Only-include-vendordir-in-manual-page-if-set-401.patch delete mode 100644 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch create mode 100644 pam-git.diff diff --git a/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch b/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch deleted file mode 100644 index 885b699..0000000 --- a/0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 00a46bcead2857002ed720f22b558b6f6d349fc8 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> -Date: Tue, 2 Nov 2021 11:45:59 +0100 -Subject: [PATCH 1/3] Include pam_xauth_data.3.xml in source archive (#400) - ---- - doc/man/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am -index 78c891df..c6fd73db 100644 ---- a/doc/man/Makefile.am -+++ b/doc/man/Makefile.am -@@ -43,7 +43,7 @@ XMLS = pam.3.xml pam.8.xml \ - pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ - pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ - misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ -- pam_misc_setenv.3.xml -+ pam_misc_setenv.3.xml pam_xauth_data.3.xml - - if ENABLE_REGENERATE_MAN - PAM.8: pam.8 --- -2.31.1 - diff --git a/0002-Only-include-vendordir-in-manual-page-if-set-401.patch b/0002-Only-include-vendordir-in-manual-page-if-set-401.patch deleted file mode 100644 index f5d345e..0000000 --- a/0002-Only-include-vendordir-in-manual-page-if-set-401.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 04109c25a7dbd11404f7f23a9a405b9b9d6b7246 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> -Date: Tue, 2 Nov 2021 11:46:24 +0100 -Subject: [PATCH 2/3] Only include vendordir in manual page if set (#401) - ---- - configure.ac | 4 ++-- - doc/man/pam.8.xml | 5 ++--- - 2 files changed, 4 insertions(+), 5 deletions(-) - -diff --git a/configure.ac b/configure.ac -index c06bc7dd..eb98d69a 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -507,9 +507,9 @@ AC_ARG_ENABLE([vendordir], - if test -n "$enable_vendordir"; then - AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], - [Directory for distribution provided configuration files]) -- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'" -+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" - else -- STRINGPARAM_VENDORDIR="--stringparam vendordir ''" -+ STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" - fi - AC_SUBST([STRINGPARAM_VENDORDIR]) - -diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml -index 464af0e5..8eef665a 100644 ---- a/doc/man/pam.8.xml -+++ b/doc/man/pam.8.xml -@@ -158,15 +158,14 @@ closing hook for modules to affect the services available to a user. - - - -- -+ - %vendordir%/pam.d - - - the Linux-PAM vendor configuration - directory. Files in /etc/pam.d and - /usr/lib/pam.d override files with the same -- name in this directory. Only available if Linux-PAM was compiled -- with vendordir enabled. -+ name in this directory. - - - --- -2.31.1 - diff --git a/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch b/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch deleted file mode 100644 index fab98fe..0000000 --- a/0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 5deaac423159103d02b146afa753a8ebb7fddf09 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk <5908016+thkukuk@users.noreply.github.com> -Date: Wed, 3 Nov 2021 09:02:40 +0100 -Subject: [PATCH 3/3] Use vendor specific limits.conf as fallback (#402) - -* Use vendor specific limits.conf as fallback ---- - modules/pam_limits/pam_limits.8.xml | 6 ++++++ - modules/pam_limits/pam_limits.c | 19 ++++++++++++++++--- - 2 files changed, 22 insertions(+), 3 deletions(-) - -diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml -index bc46cbf4..c1c10eca 100644 ---- a/modules/pam_limits/pam_limits.8.xml -+++ b/modules/pam_limits/pam_limits.8.xml -@@ -57,6 +57,12 @@ - If a config file is explicitly specified with a module option then the - files in the above directory are not parsed. - -+ -+ If there is no explicitly specified configuration file and -+ /etc/security/limits.conf does not exist, -+ %vendordir%/security/limits.conf is used. -+ If this file does not exist, too, an error is thrown. -+ - - The module must not be called by a multithreaded application. - -diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 7cc45d77..53188965 100644 ---- a/modules/pam_limits/pam_limits.c -+++ b/modules/pam_limits/pam_limits.c -@@ -816,9 +816,22 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, - pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); - fil = fopen(CONF_FILE, "r"); - if (fil == NULL) { -- pam_syslog (pamh, LOG_WARNING, -- "cannot read settings from %s: %m", CONF_FILE); -- return PAM_SERVICE_ERR; -+ int err = errno; -+ -+#ifdef VENDORDIR -+ /* if the specified file does not exist, and it is not provided by -+ the user, try the vendor file as fallback. */ -+ if (pl->conf_file == NULL && err == ENOENT) -+ fil = fopen(VENDORDIR"/security/limits.conf", "r"); -+ -+ if (fil == NULL) -+#endif -+ { -+ pam_syslog (pamh, LOG_WARNING, -+ "cannot read settings from %s: %s", CONF_FILE, -+ strerror(err)); -+ return PAM_SERVICE_ERR; -+ } - } - - /* start the show */ --- -2.31.1 - diff --git a/pam-git.diff b/pam-git.diff new file mode 100644 index 0000000..3f05e3c --- /dev/null +++ b/pam-git.diff @@ -0,0 +1,1672 @@ +diff --git a/README b/README +index 21af8c4c..aa99927e 100644 +--- a/README ++++ b/README +@@ -6,7 +6,7 @@ NOTES: + + How to use it is as follows: + +-Please look at the ci/install_dependencies.sh for the necessary ++Please look at the ci/install-dependencies.sh for the necessary + prerequisite packages to be able to build the Linux-PAM. The script + is targeted at Debian based Linux distributions so the package + names and availability might differ on other distributions. +diff --git a/configure.ac b/configure.ac +index c06bc7dd..639fc1ad 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -259,6 +259,8 @@ AC_MSG_RESULT([Defining \$ISA to "$ISA"]) + AC_ARG_ENABLE(sconfigdir, + AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]), + SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security) ++AC_DEFINE_UNQUOTED([SCONFIGDIR], ["$SCONFIGDIR"], ++ [Directory for PAM modules system configuration files]) + AC_SUBST(SCONFIGDIR) + + AC_ARG_ENABLE(pamlocking, +@@ -507,9 +509,11 @@ AC_ARG_ENABLE([vendordir], + if test -n "$enable_vendordir"; then + AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], + [Directory for distribution provided configuration files]) +- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'" ++ AC_DEFINE_UNQUOTED([VENDOR_SCONFIGDIR], ["$enable_vendordir/security"], ++ [Directory for PAM modules distribution provided configuration files]) ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" + else +- STRINGPARAM_VENDORDIR="--stringparam vendordir ''" ++ STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" + fi + AC_SUBST([STRINGPARAM_VENDORDIR]) + +diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am +index 78c891df..c6fd73db 100644 +--- a/doc/man/Makefile.am ++++ b/doc/man/Makefile.am +@@ -43,7 +43,7 @@ XMLS = pam.3.xml pam.8.xml \ + pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ + pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ + misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ +- pam_misc_setenv.3.xml ++ pam_misc_setenv.3.xml pam_xauth_data.3.xml + + if ENABLE_REGENERATE_MAN + PAM.8: pam.8 +diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml +index 464af0e5..8eef665a 100644 +--- a/doc/man/pam.8.xml ++++ b/doc/man/pam.8.xml +@@ -158,15 +158,14 @@ closing hook for modules to affect the services available to a user. + + + +- ++ + %vendordir%/pam.d + + + the Linux-PAM vendor configuration + directory. Files in /etc/pam.d and + /usr/lib/pam.d override files with the same +- name in this directory. Only available if Linux-PAM was compiled +- with vendordir enabled. ++ name in this directory. + + + +diff --git a/examples/Makefile.am b/examples/Makefile.am +index 722ec686..c4c3c261 100644 +--- a/examples/Makefile.am ++++ b/examples/Makefile.am +@@ -11,4 +11,4 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + LDADD = $(top_builddir)/libpam/libpam.la \ + $(top_builddir)/libpam_misc/libpam_misc.la + +-noinst_PROGRAMS = xsh vpass blank check_user ++noinst_PROGRAMS = xsh vpass blank check_user tty_conv +diff --git a/examples/tty_conv.c b/examples/tty_conv.c +new file mode 100644 +index 00000000..23f0684c +--- /dev/null ++++ b/examples/tty_conv.c +@@ -0,0 +1,177 @@ ++/* PlanC (hubenchang0515@outlook.com) -- an example application ++ * that implements a custom conversation */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++/*************************************** ++ * @brief echo off/on ++ * @param[in] fd file descriptor ++ * @param[in] off 1 - echo off,0 - echo on ++ ***************************************/ ++static void echoOff(int fd, int off) ++{ ++ struct termio tty; ++ if (ioctl(fd, TCGETA, &tty) < 0) ++ { ++ fprintf(stderr, "TCGETA failed: %s\n", strerror(errno)); ++ return; ++ } ++ ++ if (off) ++ { ++ tty.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); ++ if (ioctl(fd, TCSETAF, &tty) < 0) ++ { ++ fprintf(stderr, "TCSETAF failed: %s\n", strerror(errno)); ++ } ++ } ++ else ++ { ++ tty.c_lflag |= (ECHO | ECHOE | ECHOK | ECHONL); ++ if (ioctl(fd, TCSETAW, &tty) < 0) ++ { ++ fprintf(stderr, "TCSETAW failed: %s\n", strerror(errno)); ++ } ++ } ++} ++ ++/*************************************** ++ * @brief echo off stdin ++ ***************************************/ ++static void echoOffStdin(void) ++{ ++ echoOff(fileno(stdin), 1); ++} ++ ++/*************************************** ++ * @brief echo on stdin ++ ***************************************/ ++static void echoOnStdin(void) ++{ ++ echoOff(fileno(stdin), 0); ++} ++ ++/*************************************** ++ * @brief read a line input ++ * @return the input string ++ ***************************************/ ++static char *readline(void) ++{ ++ char input[PAM_MAX_RESP_SIZE]; ++ int i; ++ ++ flockfile(stdin); ++ for (i = 0; i < PAM_MAX_RESP_SIZE; i++) ++ { ++ int ch = getchar_unlocked(); ++ if (ch == '\n' || ch == '\r' ||ch == EOF) ++ break; ++ input[i] = ch; ++ } ++ funlockfile(stdin); ++ input[i] = '\0'; ++ ++ return (strdup(input)); ++} ++ ++/************************************************** ++ * @brief callback of PAM conversation ++ * @param[in] num_msg the count of message ++ * @param[in] msg PAM message ++ * @param[out] resp our response ++ * @param[in] appdata_ptr custom data passed by struct pam_conv.appdata_ptr ++ * @return state ++ **************************************************/ ++static int conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) ++{ ++ (void)(appdata_ptr); ++ int i; ++ ++ /* check the count of message */ ++ if (num_msg <= 0 || num_msg >= PAM_MAX_MSG_SIZE) ++ { ++ fprintf(stderr, "invalid num_msg(%d)\n", num_msg); ++ return PAM_CONV_ERR; ++ } ++ ++ /* alloc memory for response */ ++ if ((resp[0] = malloc(num_msg * sizeof(struct pam_response))) == NULL) ++ { ++ fprintf(stderr, "bad alloc\n"); ++ return PAM_BUF_ERR; ++ } ++ ++ /* response for message */ ++ for (i = 0; i < num_msg; i++) ++ { ++ const struct pam_message *m = *msg + i; ++ struct pam_response *r = *resp + i; ++ r->resp_retcode = 0; /* currently un-used, zero expected */ ++ switch (m->msg_style) ++ { ++ case PAM_PROMPT_ECHO_OFF: /* get the input with echo off, like the password */ ++ printf("%s", m->msg); ++ echoOffStdin(); ++ r->resp = readline(); ++ echoOnStdin(); ++ printf("\n"); ++ break; ++ ++ case PAM_PROMPT_ECHO_ON: /* get the input with echo on, like the username */ ++ printf("%s", m->msg); ++ r->resp = readline(); ++ break; ++ ++ case PAM_TEXT_INFO: /* normal info */ ++ printf("%s\n", m->msg); ++ break; ++ ++ case PAM_ERROR_MSG: /* error info */ ++ fprintf(stderr, "%s\n", m->msg); ++ break; ++ ++ default: ++ fprintf(stderr, "unexpected msg_style: %d\n", m->msg_style); ++ break; ++ } ++ } ++ return PAM_SUCCESS; ++} ++ ++int main(void) ++{ ++ struct pam_conv pam_conv = {conversation, NULL}; ++ pam_handle_t *pamh; ++ ++ /* echo on while exist, like Ctrl+C on input password */ ++ atexit(echoOnStdin); ++ ++ if (PAM_SUCCESS != pam_start("login", NULL, &pam_conv, &pamh)) ++ { ++ fprintf(stderr, "pam_start failed\n"); ++ return EXIT_FAILURE; ++ } ++ ++ if (PAM_SUCCESS != pam_authenticate(pamh, 0)) ++ { ++ fprintf(stderr, "pam_authenticate failed\n"); ++ pam_end(pamh, 0); ++ return EXIT_FAILURE; ++ } ++ ++ if (PAM_SUCCESS != pam_acct_mgmt(pamh, 0)) ++ { ++ fprintf(stderr, "pam_acct_mgmt failed\n"); ++ pam_end(pamh, 0); ++ return EXIT_FAILURE; ++ } ++ ++ pam_end(pamh, 0); ++ return EXIT_SUCCESS; ++} +diff --git a/examples/xsh.c b/examples/xsh.c +index ef4dca0c..5b34fc17 100644 +--- a/examples/xsh.c ++++ b/examples/xsh.c +@@ -80,7 +80,7 @@ int main(int argc, char **argv) + tty = ttyname(fileno(stdin)); + if (tty) { + retcode = pam_set_item(pamh, PAM_TTY, tty); +- bail_out(pamh,1,retcode,"pam_set_item(PAM_RHOST)"); ++ bail_out(pamh,1,retcode,"pam_set_item(PAM_TTY)"); + } + } + +diff --git a/libpam/Makefile.am b/libpam/Makefile.am +index 55222afc..389d5d02 100644 +--- a/libpam/Makefile.am ++++ b/libpam/Makefile.am +@@ -21,7 +21,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ + include/pam_inline.h include/test_assert.h + + libpam_la_LDFLAGS = -no-undefined -version-info 85:1:85 +-libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ ++libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ @LTLIBINTL@ + + if HAVE_VERSIONING + libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map +diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am +index 5723dd59..b9fbefdb 100644 +--- a/modules/pam_access/Makefile.am ++++ b/modules/pam_access/Makefile.am +@@ -18,8 +18,7 @@ securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \ +- -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS) ++ $(WARN_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 277192b9..0d033aa2 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -56,6 +56,9 @@ + #include "pam_cc_compat.h" + #include "pam_inline.h" + ++#define PAM_ACCESS_CONFIG (SCONFIGDIR "/access.conf") ++#define ACCESS_CONF_GLOB (SCONFIGDIR "/access.d/*.conf") ++ + /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */ + + /* +diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am +index c66112d6..beca8e1a 100644 +--- a/modules/pam_env/Makefile.am ++++ b/modules/pam_env/Makefile.am +@@ -18,7 +18,7 @@ securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS) ++ $(WARN_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c +index f5f8cead..c03ec3a3 100644 +--- a/modules/pam_env/pam_env.c ++++ b/modules/pam_env/pam_env.c +@@ -41,6 +41,8 @@ typedef struct var { + char *override; + } VAR; + ++#define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") ++ + #define BUF_SIZE 8192 + #define MAX_ENV 8192 + +diff --git a/modules/pam_faillock/Makefile.am b/modules/pam_faillock/Makefile.am +index 44a49660..16d9f8bc 100644 +--- a/modules/pam_faillock/Makefile.am ++++ b/modules/pam_faillock/Makefile.am +@@ -15,7 +15,7 @@ endif + XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml + + dist_check_SCRIPTS = tst-pam_faillock +-TESTS = $(dist_check_SCRIPTS) ++TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) + + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) +@@ -33,6 +33,9 @@ if HAVE_VERSIONING + pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + ++check_PROGRAMS = tst-pam_faillock-retval ++tst_pam_faillock_retval_LDADD = $(top_builddir)/libpam/libpam.la ++ + faillock_LDFLAGS = @EXE_LDFLAGS@ + faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) + +diff --git a/modules/pam_faillock/faillock.h b/modules/pam_faillock/faillock.h +index b22a9dfb..c3f157ef 100644 +--- a/modules/pam_faillock/faillock.h ++++ b/modules/pam_faillock/faillock.h +@@ -67,7 +67,10 @@ struct tally_data { + }; + + #define FAILLOCK_DEFAULT_TALLYDIR "/var/run/faillock" +-#define FAILLOCK_DEFAULT_CONF "/etc/security/faillock.conf" ++#define FAILLOCK_DEFAULT_CONF SCONFIGDIR "/faillock.conf" ++#ifdef VENDOR_SCONFIGDIR ++#define VENDOR_FAILLOCK_DEFAULT_CONF VENDOR_SCONFIGDIR "/faillock.conf" ++#endif + + int open_tally(const char *dir, const char *user, uid_t uid, int create); + int read_tally(int fd, struct tally_data *tallies); +diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c +index f62e1bb2..ea6329ca 100644 +--- a/modules/pam_faillock/main.c ++++ b/modules/pam_faillock/main.c +@@ -174,6 +174,11 @@ do_user(struct options *opts, const char *user) + time_t when = tallies.records[i].time; + + tm = localtime(&when); ++ if(tm == NULL) { ++ fprintf(stderr, "%s: Invalid timestamp in the tally record\n", ++ opts->progname); ++ continue; ++ } + strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm); + printf("%-19s %-5s %-52.52s %s\n", timebuf, + status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"), +diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml +index 58c16442..79bcbbd0 100644 +--- a/modules/pam_faillock/pam_faillock.8.xml ++++ b/modules/pam_faillock/pam_faillock.8.xml +@@ -134,10 +134,17 @@ + + + +- ++ + Use another configuration file instead of the default + /etc/security/faillock.conf. + ++ ++ Use another configuration file instead of the default ++ which is to use the file ++ /etc/security/faillock.conf or, ++ if that one is not present, the file ++ %vendordir%/security/faillock.conf. ++ + + + +@@ -328,6 +335,15 @@ session required pam_selinux.so open + the config file for pam_faillock options + + ++ ++ %vendordir%/security/faillock.conf ++ ++ ++ the config file for pam_faillock options. It will be used if ++ /etc/security/faillock.conf does not exist. ++ ++ ++ + + + +diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c +index 8328fbae..932d4281 100644 +--- a/modules/pam_faillock/pam_faillock.c ++++ b/modules/pam_faillock/pam_faillock.c +@@ -192,6 +192,15 @@ read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile) + char linebuf[FAILLOCK_CONF_MAX_LINELEN+1]; + + f = fopen(cfgfile, "r"); ++#ifdef VENDOR_FAILLOCK_DEFAULT_CONF ++ if (f == NULL && errno == ENOENT && cfgfile == default_faillock_conf) { ++ /* ++ * If the default configuration file in /etc does not exist, ++ * try the vendor configuration file as fallback. ++ */ ++ f = fopen(VENDOR_FAILLOCK_DEFAULT_CONF, "r"); ++ } ++#endif + if (f == NULL) { + /* ignore non-existent default config file */ + if (errno == ENOENT && cfgfile == default_faillock_conf) +diff --git a/modules/pam_faillock/tst-pam_faillock-retval.c b/modules/pam_faillock/tst-pam_faillock-retval.c +new file mode 100644 +index 00000000..133026cb +--- /dev/null ++++ b/modules/pam_faillock/tst-pam_faillock-retval.c +@@ -0,0 +1,119 @@ ++/* ++ * Check pam_faillock return values. ++ */ ++ ++#include "test_assert.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++#define MODULE_NAME "pam_faillock" ++#define TEST_NAME "tst-" MODULE_NAME "-retval" ++ ++static const char service_file[] = TEST_NAME ".service"; ++static const char config_filename[] = TEST_NAME ".conf"; ++static const char user_name[] = "root"; ++static struct pam_conv conv; ++ ++int ++main(void) ++{ ++ pam_handle_t *pamh = NULL; ++ FILE *fp; ++ char cwd[PATH_MAX]; ++ ++ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); ++ ++ ASSERT_NE(NULL, fp = fopen(config_filename, "w")); ++ ASSERT_LT(0, fprintf(fp, ++ "deny = 2\n" ++ "unlock_time = 5\n" ++ "root_unlock_time = 5\n")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ /* root has access */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/../pam_permit/.libs/pam_permit.so\n" ++ "auth required %s/.libs/%s.so authsucc even_deny_root dir=%s conf=%s\n" ++ "account required %s/.libs/%s.so dir=%s\n" ++ "password required %s/.libs/%s.so dir=%s\n" ++ "session required %s/.libs/%s.so dir=%s\n", ++ cwd, ++ cwd, MODULE_NAME, cwd, config_filename, ++ cwd, MODULE_NAME, cwd, ++ cwd, MODULE_NAME, cwd, ++ cwd, MODULE_NAME, cwd)); ++ ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, user_name, &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ ASSERT_EQ(0, unlink(service_file)); ++ pamh = NULL; ++ ++ /* root tries to login 2 times without success*/ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "auth requisite %s/.libs/%s.so dir=%s preauth even_deny_root conf=%s\n" ++ "auth [success=1 default=bad] %s/../pam_debug/.libs/pam_debug.so auth=perm_denied cred=success\n" ++ "auth [default=die] %s/.libs/%s.so dir=%s authfail even_deny_root conf=%s\n" ++ "auth sufficient %s/.libs/%s.so dir=%s authsucc even_deny_root conf=%s\n", ++ cwd, MODULE_NAME, cwd, config_filename, ++ cwd, ++ cwd, MODULE_NAME, cwd, config_filename, ++ cwd, MODULE_NAME, cwd, config_filename)); ++ ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, user_name, &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); ++ pamh = NULL; ++ ASSERT_EQ(0, unlink(service_file)); ++ ++ /* root is locked for 5 sec*/ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "auth requisite %s/.libs/%s.so dir=%s preauth even_deny_root conf=%s\n" ++ "auth [success=1 default=bad] %s/../pam_debug/.libs/pam_debug.so auth=success cred=success\n" ++ "auth [default=die] %s/.libs/%s.so dir=%s authfail even_deny_root conf=%s\n" ++ "auth sufficient %s/.libs/%s.so dir=%s authsucc even_deny_root conf=%s\n", ++ cwd, MODULE_NAME, cwd, config_filename, ++ cwd, ++ cwd, MODULE_NAME, cwd, config_filename, ++ cwd, MODULE_NAME, cwd, config_filename)); ++ ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, user_name, &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_AUTH_ERR, pam_authenticate(pamh, 0)); ++ ++ /* waiting at least 5 sec --> login is working again*/ ++ sleep(6); ++ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); ++ ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ ASSERT_EQ(0, unlink(service_file)); ++ pamh = NULL; ++ ++ ASSERT_EQ(0,unlink(user_name)); ++ ASSERT_EQ(0,unlink(config_filename)); ++ ++ return 0; ++} +diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am +index a9a0a1ef..fd88b952 100644 +--- a/modules/pam_group/Makefile.am ++++ b/modules/pam_group/Makefile.am +@@ -18,7 +18,7 @@ securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" $(WARN_CFLAGS) ++ $(WARN_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml +index 2c1c9058..e4a59dfd 100644 +--- a/modules/pam_group/pam_group.8.xml ++++ b/modules/pam_group/pam_group.8.xml +@@ -38,6 +38,10 @@ + By default rules for group memberships are taken from config file + /etc/security/group.conf. + ++ ++ If /etc/security/group.conf does not exist, ++ %vendordir%/security/group.conf is used. ++ + + This module's usefulness relies on the file-systems + accessible to the user. The point being that once granted the +diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c +index d9a35ea6..c49358a1 100644 +--- a/modules/pam_group/pam_group.c ++++ b/modules/pam_group/pam_group.c +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -23,6 +24,10 @@ + #include + #include + ++#define PAM_GROUP_CONF SCONFIGDIR "/group.conf" ++#ifdef VENDOR_SCONFIGDIR ++# define VENDOR_PAM_GROUP_CONF VENDOR_SCONFIGDIR "/group.conf" ++#endif + #define PAM_GROUP_BUFLEN 1000 + #define FIELD_SEPARATOR ';' /* this is new as of .02 */ + +@@ -70,7 +75,8 @@ trim_spaces(char *buf, char *from) + #define STATE_EOF 3 /* end of file or error */ + + static int +-read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) ++read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, ++ const char *conf_filename) + { + char *to; + char *src; +@@ -89,9 +95,9 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) + } + *from = 0; + *state = STATE_NL; +- fd = open(PAM_GROUP_CONF, O_RDONLY); ++ fd = open(conf_filename, O_RDONLY); + if (fd < 0) { +- pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_GROUP_CONF); ++ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", conf_filename); + _pam_drop(*buf); + *state = STATE_EOF; + return -1; +@@ -106,7 +112,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) + while (fd != -1 && to - *buf < PAM_GROUP_BUFLEN) { + i = pam_modutil_read(fd, to, PAM_GROUP_BUFLEN - (to - *buf)); + if (i < 0) { +- pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_GROUP_CONF); ++ pam_syslog(pamh, LOG_ERR, "error reading %s: %m", conf_filename); + close(fd); + memset(*buf, 0, PAM_GROUP_BUFLEN); + _pam_drop(*buf); +@@ -573,6 +579,18 @@ static int check_account(pam_handle_t *pamh, const char *service, + int retval=PAM_SUCCESS; + gid_t *grps; + int no_grps; ++ const char *conf_filename = PAM_GROUP_CONF; ++ ++#ifdef VENDOR_PAM_GROUP_CONF ++ /* ++ * Check whether PAM_GROUP_CONF file is available. ++ * If it does not exist, fall back to VENDOR_PAM_GROUP_CONF file. ++ */ ++ struct stat stat_buffer; ++ if (stat(conf_filename, &stat_buffer) != 0 && errno == ENOENT) { ++ conf_filename = VENDOR_PAM_GROUP_CONF; ++ } ++#endif + + /* + * first we get the current list of groups - the application +@@ -611,7 +629,7 @@ static int check_account(pam_handle_t *pamh, const char *service, + + /* here we get the service name field */ + +- fd = read_field(pamh, fd, &buffer, &from, &state); ++ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); + if (!buffer || !buffer[0]) { + /* empty line .. ? */ + continue; +@@ -621,7 +639,7 @@ static int check_account(pam_handle_t *pamh, const char *service, + + if (state != STATE_FIELD) { + pam_syslog(pamh, LOG_ERR, +- "%s: malformed rule #%d", PAM_GROUP_CONF, count); ++ "%s: malformed rule #%d", conf_filename, count); + continue; + } + +@@ -630,10 +648,10 @@ static int check_account(pam_handle_t *pamh, const char *service, + + /* here we get the terminal name field */ + +- fd = read_field(pamh, fd, &buffer, &from, &state); ++ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); + if (state != STATE_FIELD) { + pam_syslog(pamh, LOG_ERR, +- "%s: malformed rule #%d", PAM_GROUP_CONF, count); ++ "%s: malformed rule #%d", conf_filename, count); + continue; + } + good &= logic_field(pamh,tty, buffer, count, is_same); +@@ -641,10 +659,10 @@ static int check_account(pam_handle_t *pamh, const char *service, + + /* here we get the username field */ + +- fd = read_field(pamh, fd, &buffer, &from, &state); ++ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); + if (state != STATE_FIELD) { + pam_syslog(pamh, LOG_ERR, +- "%s: malformed rule #%d", PAM_GROUP_CONF, count); ++ "%s: malformed rule #%d", conf_filename, count); + continue; + } + /* If buffer starts with @, we are using netgroups */ +@@ -663,20 +681,20 @@ static int check_account(pam_handle_t *pamh, const char *service, + + /* here we get the time field */ + +- fd = read_field(pamh, fd, &buffer, &from, &state); ++ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); + if (state != STATE_FIELD) { + pam_syslog(pamh, LOG_ERR, +- "%s: malformed rule #%d", PAM_GROUP_CONF, count); ++ "%s: malformed rule #%d", conf_filename, count); + continue; + } + + good &= logic_field(pamh,&here_and_now, buffer, count, check_time); + D(("with time: %s", good ? "passes":"fails" )); + +- fd = read_field(pamh, fd, &buffer, &from, &state); ++ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); + if (state == STATE_FIELD) { + pam_syslog(pamh, LOG_ERR, +- "%s: poorly terminated rule #%d", PAM_GROUP_CONF, count); ++ "%s: poorly terminated rule #%d", conf_filename, count); + continue; + } + +diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am +index 911b07b3..9ae1794d 100644 +--- a/modules/pam_limits/Makefile.am ++++ b/modules/pam_limits/Makefile.am +@@ -19,8 +19,8 @@ secureconfdir = $(SCONFIGDIR) + limits_conf_dir = $(SCONFIGDIR)/limits.d + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \ +- -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" $(WARN_CFLAGS) ++ -DLIMITS_FILE_DIR=\"$(limits_conf_dir)\" \ ++ $(WARN_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml +index bc46cbf4..08c6fc4d 100644 +--- a/modules/pam_limits/pam_limits.8.xml ++++ b/modules/pam_limits/pam_limits.8.xml +@@ -57,6 +57,11 @@ + If a config file is explicitly specified with a module option then the + files in the above directory are not parsed. + ++ ++ If there is no explicitly specified configuration file and ++ /etc/security/limits.conf does not exist, ++ %vendordir%/security/limits.conf is used. ++ + + The module must not be called by a multithreaded application. + +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 7cc45d77..6fbe95fc 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -47,6 +47,10 @@ + #include + #endif + ++#ifndef PR_SET_NO_NEW_PRIVS ++# define PR_SET_NO_NEW_PRIVS 38 /* from */ ++#endif ++ + /* Module defines */ + #define LINE_LENGTH 1024 + +@@ -119,9 +123,10 @@ struct pam_limit_s { + #define PAM_SET_ALL 0x0010 + + /* Limits from globbed files. */ +-#define LIMITS_CONF_GLOB LIMITS_FILE_DIR ++#define LIMITS_CONF_GLOB (LIMITS_FILE_DIR "/*.conf") + +-#define CONF_FILE (pl->conf_file != NULL)?pl->conf_file:LIMITS_FILE ++#define LIMITS_FILE (SCONFIGDIR "/limits.conf") ++#define CONF_FILE ((pl->conf_file != NULL) ? pl->conf_file : LIMITS_FILE) + + static int + _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, +@@ -811,14 +816,30 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, + FILE *fil; + char buf[LINE_LENGTH]; + +- /* check for the LIMITS_FILE */ ++ /* check for the CONF_FILE */ + if (ctrl & PAM_DEBUG_ARG) + pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); + fil = fopen(CONF_FILE, "r"); + if (fil == NULL) { +- pam_syslog (pamh, LOG_WARNING, +- "cannot read settings from %s: %m", CONF_FILE); +- return PAM_SERVICE_ERR; ++ int err = errno; ++ ++#ifdef VENDOR_SCONFIGDIR ++ /* if the specified file does not exist, and it is not provided by ++ the user, try the vendor file as fallback. */ ++ if (pl->conf_file == NULL && err == ENOENT) ++ fil = fopen(VENDOR_SCONFIGDIR "/limits.conf", "r"); ++ ++ if (fil == NULL) ++#endif ++ { ++ if (err == ENOENT) ++ return PAM_SUCCESS; ++ ++ pam_syslog (pamh, LOG_WARNING, ++ "cannot read settings from %s: %s", CONF_FILE, ++ strerror(err)); ++ return PAM_SERVICE_ERR; ++ } + } + + /* start the show */ +diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am +index 47cc38e1..33375857 100644 +--- a/modules/pam_namespace/Makefile.am ++++ b/modules/pam_namespace/Makefile.am +@@ -21,7 +21,7 @@ namespaceddir = $(SCONFIGDIR)/namespace.d + servicedir = $(systemdunitdir) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) ++ $(WARN_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h +index b51f2841..169bd59f 100644 +--- a/modules/pam_namespace/pam_namespace.h ++++ b/modules/pam_namespace/pam_namespace.h +@@ -90,14 +90,10 @@ + /* + * Module defines + */ +-#ifndef SECURECONF_DIR +-#define SECURECONF_DIR "/etc/security/" +-#endif +- +-#define PAM_NAMESPACE_CONFIG (SECURECONF_DIR "namespace.conf") +-#define NAMESPACE_INIT_SCRIPT (SECURECONF_DIR "namespace.init") +-#define NAMESPACE_D_DIR (SECURECONF_DIR "namespace.d/") +-#define NAMESPACE_D_GLOB (SECURECONF_DIR "namespace.d/*.conf") ++#define PAM_NAMESPACE_CONFIG (SCONFIGDIR "/namespace.conf") ++#define NAMESPACE_INIT_SCRIPT (SCONFIGDIR "/namespace.init") ++#define NAMESPACE_D_DIR (SCONFIGDIR "/namespace.d/") ++#define NAMESPACE_D_GLOB (SCONFIGDIR "/namespace.d/*.conf") + + /* module flags */ + #define PAMNS_DEBUG 0x00000100 /* Running in debug mode */ +diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c +index a6cd3d2a..1d3242ca 100644 +--- a/modules/pam_pwhistory/opasswd.c ++++ b/modules/pam_pwhistory/opasswd.c +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -74,8 +75,7 @@ + #define RANDOM_DEVICE "/dev/urandom" + #endif + +-#define OLD_PASSWORDS_FILE "/etc/security/opasswd" +-#define TMP_PASSWORDS_FILE OLD_PASSWORDS_FILE".tmpXXXXXX" ++#define DEFAULT_OLD_PASSWORDS_FILE SCONFIGDIR "/opasswd" + + #define DEFAULT_BUFLEN 4096 + +@@ -142,7 +142,7 @@ compare_password(const char *newpass, const char *oldpass) + + /* Check, if the new password is already in the opasswd file. */ + PAMH_ARG_DECL(int +-check_old_pass, const char *user, const char *newpass, int debug) ++check_old_pass, const char *user, const char *newpass, const char *filename, int debug) + { + int retval = PAM_SUCCESS; + FILE *oldpf; +@@ -156,10 +156,13 @@ check_old_pass, const char *user, const char *newpass, int debug) + return PAM_PWHISTORY_RUN_HELPER; + #endif + +- if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) ++ const char *opasswd_file = ++ (filename != NULL ? filename : DEFAULT_OLD_PASSWORDS_FILE); ++ ++ if ((oldpf = fopen (opasswd_file, "r")) == NULL) + { + if (errno != ENOENT) +- pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", OLD_PASSWORDS_FILE); ++ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", opasswd_file); + return PAM_SUCCESS; + } + +@@ -242,9 +245,8 @@ check_old_pass, const char *user, const char *newpass, int debug) + } + + PAMH_ARG_DECL(int +-save_old_pass, const char *user, int howmany, int debug UNUSED) ++save_old_pass, const char *user, int howmany, const char *filename, int debug UNUSED) + { +- char opasswd_tmp[] = TMP_PASSWORDS_FILE; + struct stat opasswd_stat; + FILE *oldpf, *newpf; + int newpf_fd; +@@ -256,6 +258,15 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) + struct passwd *pwd; + const char *oldpass; + ++ /* Define opasswd file and temp file for opasswd */ ++ const char *opasswd_file = ++ (filename != NULL ? filename : DEFAULT_OLD_PASSWORDS_FILE); ++ char opasswd_tmp[PATH_MAX]; ++ ++ if ((size_t) snprintf (opasswd_tmp, sizeof (opasswd_tmp), "%s.tmpXXXXXX", ++ opasswd_file) >= sizeof (opasswd_tmp)) ++ return PAM_BUF_ERR; ++ + pwd = pam_modutil_getpwnam (pamh, user); + if (pwd == NULL) + return PAM_USER_UNKNOWN; +@@ -285,24 +296,22 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) + if (oldpass == NULL || *oldpass == '\0') + return PAM_SUCCESS; + +- if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) ++ if ((oldpf = fopen (opasswd_file, "r")) == NULL) + { + if (errno == ENOENT) + { +- pam_syslog (pamh, LOG_NOTICE, "Creating %s", +- OLD_PASSWORDS_FILE); ++ pam_syslog (pamh, LOG_NOTICE, "Creating %s", opasswd_file); + do_create = 1; + } + else + { +- pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", +- OLD_PASSWORDS_FILE); ++ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", opasswd_file); + return PAM_AUTHTOK_ERR; + } + } + else if (fstat (fileno (oldpf), &opasswd_stat) < 0) + { +- pam_syslog (pamh, LOG_ERR, "Cannot stat %s: %m", OLD_PASSWORDS_FILE); ++ pam_syslog (pamh, LOG_ERR, "Cannot stat %s: %m", opasswd_file); + fclose (oldpf); + return PAM_AUTHTOK_ERR; + } +@@ -312,7 +321,7 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) + if (newpf_fd == -1) + { + pam_syslog (pamh, LOG_ERR, "Cannot create %s temp file: %m", +- OLD_PASSWORDS_FILE); ++ opasswd_file); + if (oldpf) + fclose (oldpf); + return PAM_AUTHTOK_ERR; +@@ -321,23 +330,19 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) + { + if (fchmod (newpf_fd, S_IRUSR|S_IWUSR) != 0) + pam_syslog (pamh, LOG_ERR, +- "Cannot set permissions of %s temp file: %m", +- OLD_PASSWORDS_FILE); ++ "Cannot set permissions of %s temp file: %m", opasswd_file); + if (fchown (newpf_fd, 0, 0) != 0) + pam_syslog (pamh, LOG_ERR, +- "Cannot set owner/group of %s temp file: %m", +- OLD_PASSWORDS_FILE); ++ "Cannot set owner/group of %s temp file: %m", opasswd_file); + } + else + { + if (fchmod (newpf_fd, opasswd_stat.st_mode) != 0) + pam_syslog (pamh, LOG_ERR, +- "Cannot set permissions of %s temp file: %m", +- OLD_PASSWORDS_FILE); ++ "Cannot set permissions of %s temp file: %m", opasswd_file); + if (fchown (newpf_fd, opasswd_stat.st_uid, opasswd_stat.st_gid) != 0) + pam_syslog (pamh, LOG_ERR, +- "Cannot set owner/group of %s temp file: %m", +- OLD_PASSWORDS_FILE); ++ "Cannot set owner/group of %s temp file: %m", opasswd_file); + } + newpf = fdopen (newpf_fd, "w+"); + if (newpf == NULL) +@@ -550,12 +555,20 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) + goto error_opasswd; + } + +- unlink (OLD_PASSWORDS_FILE".old"); +- if (link (OLD_PASSWORDS_FILE, OLD_PASSWORDS_FILE".old") != 0 && ++ char opasswd_backup[PATH_MAX]; ++ if ((size_t) snprintf (opasswd_backup, sizeof (opasswd_backup), "%s.old", ++ opasswd_file) >= sizeof (opasswd_backup)) ++ { ++ retval = PAM_BUF_ERR; ++ goto error_opasswd; ++ } ++ ++ unlink (opasswd_backup); ++ if (link (opasswd_file, opasswd_backup) != 0 && + errno != ENOENT) + pam_syslog (pamh, LOG_ERR, "Cannot create backup file of %s: %m", +- OLD_PASSWORDS_FILE); +- rename (opasswd_tmp, OLD_PASSWORDS_FILE); ++ opasswd_file); ++ rename (opasswd_tmp, opasswd_file); + error_opasswd: + unlink (opasswd_tmp); + free (buf); +diff --git a/modules/pam_pwhistory/opasswd.h b/modules/pam_pwhistory/opasswd.h +index 3f257288..19a4062c 100644 +--- a/modules/pam_pwhistory/opasswd.h ++++ b/modules/pam_pwhistory/opasswd.h +@@ -57,10 +57,10 @@ void + helper_log_err(int err, const char *format, ...); + #endif + +-PAMH_ARG_DECL(int +-check_old_pass, const char *user, const char *newpass, int debug); ++PAMH_ARG_DECL(int check_old_pass, const char *user, const char *newpass, ++ const char *filename, int debug); + +-PAMH_ARG_DECL(int +-save_old_pass, const char *user, int howmany, int debug); ++PAMH_ARG_DECL(int save_old_pass, const char *user, int howmany, ++ const char *filename, int debug); + + #endif /* __OPASSWD_H__ */ +diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml +index d88115c2..df16a776 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.8.xml ++++ b/modules/pam_pwhistory/pam_pwhistory.8.xml +@@ -36,6 +36,9 @@ + + authtok_type=STRING + ++ ++ file=/path/filename ++ + + + +@@ -137,6 +140,19 @@ + + + ++ ++ ++ ++ ++ ++ ++ Store password history in file /path/filename ++ rather than the default location. The default location is ++ /etc/security/opasswd. ++ ++ ++ ++ + + + +@@ -213,7 +229,7 @@ password required pam_unix.so use_authtok + + /etc/security/opasswd + +- File with password history ++ Default file with password history + + + +diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c +index ce2c21f5..9c1bdd87 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.c ++++ b/modules/pam_pwhistory/pam_pwhistory.c +@@ -69,6 +69,7 @@ struct options_t { + int enforce_for_root; + int remember; + int tries; ++ const char *filename; + }; + typedef struct options_t options_t; + +@@ -104,13 +105,23 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) + options->enforce_for_root = 1; + else if (pam_str_skip_icase_prefix(argv, "authtok_type=") != NULL) + { /* ignore, for pam_get_authtok */; } ++ else if ((str = pam_str_skip_icase_prefix(argv, "file=")) != NULL) ++ { ++ if (*str != '/') ++ { ++ pam_syslog (pamh, LOG_ERR, ++ "pam_pwhistory: file path should be absolute: %s", argv); ++ } ++ else ++ options->filename = str; ++ } + else + pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); + } + + static int + run_save_helper(pam_handle_t *pamh, const char *user, +- int howmany, int debug) ++ int howmany, const char *filename, int debug) + { + int retval, child; + struct sigaction newsa, oldsa; +@@ -123,7 +134,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, + if (child == 0) + { + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; ++ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; + + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, + PAM_MODUTIL_PIPE_FD, +@@ -137,9 +148,10 @@ run_save_helper(pam_handle_t *pamh, const char *user, + args[0] = (char *)PWHISTORY_HELPER; + args[1] = (char *)"save"; + args[2] = (char *)user; ++ args[3] = (char *)filename; + DIAG_POP_IGNORE_CAST_QUAL; +- if (asprintf(&args[3], "%d", howmany) < 0 || +- asprintf(&args[4], "%d", debug) < 0) ++ if (asprintf(&args[4], "%d", howmany) < 0 || ++ asprintf(&args[5], "%d", debug) < 0) + { + pam_syslog(pamh, LOG_ERR, "asprintf: %m"); + _exit(PAM_SYSTEM_ERR); +@@ -185,7 +197,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, + + static int + run_check_helper(pam_handle_t *pamh, const char *user, +- const char *newpass, int debug) ++ const char *newpass, const char *filename, int debug) + { + int retval, child, fds[2]; + struct sigaction newsa, oldsa; +@@ -202,7 +214,7 @@ run_check_helper(pam_handle_t *pamh, const char *user, + if (child == 0) + { + static char *envp[] = { NULL }; +- char *args[] = { NULL, NULL, NULL, NULL, NULL }; ++ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; + + /* reopen stdin as pipe */ + if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) +@@ -223,8 +235,9 @@ run_check_helper(pam_handle_t *pamh, const char *user, + args[0] = (char *)PWHISTORY_HELPER; + args[1] = (char *)"check"; + args[2] = (char *)user; ++ args[3] = (char *)filename; + DIAG_POP_IGNORE_CAST_QUAL; +- if (asprintf(&args[3], "%d", debug) < 0) ++ if (asprintf(&args[4], "%d", debug) < 0) + { + pam_syslog(pamh, LOG_ERR, "asprintf: %m"); + _exit(PAM_SYSTEM_ERR); +@@ -323,10 +336,10 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) + return PAM_SUCCESS; + } + +- retval = save_old_pass (pamh, user, options.remember, options.debug); ++ retval = save_old_pass (pamh, user, options.remember, options.filename, options.debug); + + if (retval == PAM_PWHISTORY_RUN_HELPER) +- retval = run_save_helper(pamh, user, options.remember, options.debug); ++ retval = run_save_helper(pamh, user, options.remember, options.filename, options.debug); + + if (retval != PAM_SUCCESS) + return retval; +@@ -358,9 +371,9 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) + if (options.debug) + pam_syslog (pamh, LOG_DEBUG, "check against old password file"); + +- retval = check_old_pass (pamh, user, newpass, options.debug); ++ retval = check_old_pass (pamh, user, newpass, options.filename, options.debug); + if (retval == PAM_PWHISTORY_RUN_HELPER) +- retval = run_check_helper(pamh, user, newpass, options.debug); ++ retval = run_check_helper(pamh, user, newpass, options.filename, options.debug); + + if (retval != PAM_SUCCESS) + { +diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c +index b08a14a7..7a61ae53 100644 +--- a/modules/pam_pwhistory/pwhistory_helper.c ++++ b/modules/pam_pwhistory/pwhistory_helper.c +@@ -51,7 +51,7 @@ + + + static int +-check_history(const char *user, const char *debug) ++check_history(const char *user, const char *filename, const char *debug) + { + char pass[PAM_MAX_RESP_SIZE + 1]; + char *passwords[] = { pass }; +@@ -68,7 +68,7 @@ check_history(const char *user, const char *debug) + return PAM_AUTHTOK_ERR; + } + +- retval = check_old_pass(user, pass, dbg); ++ retval = check_old_pass(user, pass, filename, dbg); + + memset(pass, '\0', PAM_MAX_RESP_SIZE); /* clear memory of the password */ + +@@ -76,13 +76,13 @@ check_history(const char *user, const char *debug) + } + + static int +-save_history(const char *user, const char *howmany, const char *debug) ++save_history(const char *user, const char *filename, const char *howmany, const char *debug) + { + int num = atoi(howmany); + int dbg = atoi(debug); /* no need to be too fancy here */ + int retval; + +- retval = save_old_pass(user, num, dbg); ++ retval = save_old_pass(user, num, filename, dbg); + + return retval; + } +@@ -92,13 +92,14 @@ main(int argc, char *argv[]) + { + const char *option; + const char *user; ++ const char *filename; + + /* + * we establish that this program is running with non-tty stdin. + * this is to discourage casual use. + */ + +- if (isatty(STDIN_FILENO) || argc < 4) ++ if (isatty(STDIN_FILENO) || argc < 5) + { + fprintf(stderr, + "This binary is not designed for running in this way.\n"); +@@ -107,11 +108,12 @@ main(int argc, char *argv[]) + + option = argv[1]; + user = argv[2]; ++ filename = argv[3]; + +- if (strcmp(option, "check") == 0 && argc == 4) +- return check_history(user, argv[3]); +- else if (strcmp(option, "save") == 0 && argc == 5) +- return save_history(user, argv[3], argv[4]); ++ if (strcmp(option, "check") == 0 && argc == 5) ++ return check_history(user, filename, argv[4]); ++ else if (strcmp(option, "save") == 0 && argc == 6) ++ return save_history(user, filename, argv[4], argv[5]); + + fprintf(stderr, "This binary is not designed for running in this way.\n"); + +diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c +index dd374c53..9bc15abf 100644 +--- a/modules/pam_rootok/pam_rootok.c ++++ b/modules/pam_rootok/pam_rootok.c +@@ -53,11 +53,10 @@ static int + PAM_FORMAT((printf, 2, 3)) + log_callback (int type UNUSED, const char *fmt, ...) + { +- int audit_fd; + va_list ap; + + #ifdef HAVE_LIBAUDIT +- audit_fd = audit_open(); ++ int audit_fd = audit_open(); + + if (audit_fd >= 0) { + char *buf; +diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am +index 18a89b60..bed3b149 100644 +--- a/modules/pam_sepermit/Makefile.am ++++ b/modules/pam_sepermit/Makefile.am +@@ -13,7 +13,7 @@ dist_man_MANS = pam_sepermit.8 sepermit.conf.5 + endif + XMLS = README.xml pam_sepermit.8.xml sepermit.conf.5.xml + dist_check_SCRIPTS = tst-pam_sepermit +-TESTS = $(dist_check_SCRIPTS) ++TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) + + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) +@@ -21,7 +21,6 @@ sepermitlockdir = ${localstatedir}/run/sepermit + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/libpam_misc/include \ +- -D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \ + -D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\" $(WARN_CFLAGS) + + pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ +@@ -33,6 +32,9 @@ endif + dist_secureconf_DATA = sepermit.conf + securelib_LTLIBRARIES = pam_sepermit.la + ++check_PROGRAMS = tst-pam_sepermit-retval ++tst_pam_sepermit_retval_LDADD = $(top_builddir)/libpam/libpam.la ++ + install-data-local: + mkdir -p $(DESTDIR)$(sepermitlockdir) + +diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml +index 30d9cc54..5763c346 100644 +--- a/modules/pam_sepermit/pam_sepermit.8.xml ++++ b/modules/pam_sepermit/pam_sepermit.8.xml +@@ -54,7 +54,11 @@ + sepermit.conf5 + for details. + +- ++ ++ If there is no explicitly specified configuration file and ++ /etc/security/sepermit.conf does not exist, ++ %vendordir%/security/sepermit.conf is used. ++ + + + +diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c +index f7d98d5b..5fbc8fdd 100644 +--- a/modules/pam_sepermit/pam_sepermit.c ++++ b/modules/pam_sepermit/pam_sepermit.c +@@ -61,6 +61,12 @@ + + #include + ++#include "pam_inline.h" ++ ++#define SEPERMIT_CONF_FILE (SCONFIGDIR "/sepermit.conf") ++#ifdef VENDOR_SCONFIGDIR ++# define SEPERMIT_VENDOR_CONF_FILE (VENDOR_SCONFIGDIR "/sepermit.conf"); ++#endif + #define MODULE "pam_sepermit" + #define OPT_DELIM ":" + +@@ -370,16 +376,31 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, + const char *user = NULL; + char *seuser = NULL; + char *level = NULL; +- const char *cfgfile = SEPERMIT_CONF_FILE; ++ const char *cfgfile = NULL; + + /* Parse arguments. */ + for (i = 0; i < argc; i++) { ++ const char *str; ++ + if (strcmp(argv[i], "debug") == 0) { + debug = 1; ++ } else if ((str = pam_str_skip_prefix(argv[i], "conf=")) != NULL) { ++ cfgfile = str; ++ } else { ++ pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]); + } +- if (strcmp(argv[i], "conf=") == 0) { +- cfgfile = argv[i] + 5; +- } ++ } ++ ++ if (cfgfile == NULL) { ++#ifdef SEPERMIT_VENDOR_CONF_FILE ++ struct stat buffer; ++ ++ cfgfile = SEPERMIT_CONF_FILE; ++ if (stat(cfgfile, &buffer) != 0 && errno == ENOENT) ++ cfgfile = SEPERMIT_VENDOR_CONF_FILE; ++#else ++ cfgfile = SEPERMIT_CONF_FILE; ++#endif + } + + if (debug) +diff --git a/modules/pam_sepermit/tst-pam_sepermit-retval.c b/modules/pam_sepermit/tst-pam_sepermit-retval.c +new file mode 100644 +index 00000000..321bd6d1 +--- /dev/null ++++ b/modules/pam_sepermit/tst-pam_sepermit-retval.c +@@ -0,0 +1,158 @@ ++/* ++ * Check pam_sepermit return values and conf= option. ++ * ++ * Copyright (c) 2020-2022 Dmitry V. Levin ++ */ ++ ++#include "test_assert.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++#define MODULE_NAME "pam_sepermit" ++#define TEST_NAME "tst-" MODULE_NAME "-retval" ++ ++static const char service_file[] = TEST_NAME ".service"; ++static const char missing_file[] = TEST_NAME ".missing"; ++static const char config_file[] = TEST_NAME ".conf"; ++static struct pam_conv conv; ++ ++int ++main(void) ++{ ++ pam_handle_t *pamh = NULL; ++ FILE *fp; ++ char cwd[PATH_MAX]; ++ ++ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); ++ ++ /* PAM_USER_UNKNOWN */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, ++ fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so\n" ++ "account required %s/.libs/%s.so\n" ++ "password required %s/.libs/%s.so\n" ++ "session required %s/.libs/%s.so\n", ++ cwd, MODULE_NAME, ++ cwd, MODULE_NAME, ++ cwd, MODULE_NAME, ++ cwd, MODULE_NAME)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_USER_UNKNOWN, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_USER_UNKNOWN, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ ASSERT_NE(NULL, fp = fopen(config_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "nosuchuser:ignore\n")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ /* ++ * conf= specifies an existing file, ++ * PAM_IGNORE -> PAM_PERM_DENIED ++ */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, ++ fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so conf=%s\n" ++ "account required %s/.libs/%s.so conf=%s\n" ++ "password required %s/.libs/%s.so conf=%s\n" ++ "session required %s/.libs/%s.so conf=%s\n", ++ cwd, MODULE_NAME, config_file, ++ cwd, MODULE_NAME, config_file, ++ cwd, MODULE_NAME, config_file, ++ cwd, MODULE_NAME, config_file)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ /* ++ * conf= specifies an existing file, ++ * PAM_IGNORE -> PAM_SUCCESS ++ */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, ++ fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so conf=%s\n" ++ "auth required %s/../pam_permit/.libs/pam_permit.so\n" ++ "account required %s/.libs/%s.so conf=%s\n" ++ "account required %s/../pam_permit/.libs/pam_permit.so\n" ++ "password required %s/.libs/%s.so conf=%s\n" ++ "password required %s/../pam_permit/.libs/pam_permit.so\n" ++ "session required %s/.libs/%s.so conf=%s\n" ++ "session required %s/../pam_permit/.libs/pam_permit.so\n", ++ cwd, MODULE_NAME, config_file, cwd, ++ cwd, MODULE_NAME, config_file, cwd, ++ cwd, MODULE_NAME, config_file, cwd, ++ cwd, MODULE_NAME, config_file, cwd)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ /* ++ * conf= specifies a missing file, ++ * PAM_IGNORE -> PAM_PERM_DENIED ++ */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, ++ fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so conf=%s\n" ++ "account required %s/.libs/%s.so conf=%s\n" ++ "password required %s/.libs/%s.so conf=%s\n" ++ "session required %s/.libs/%s.so conf=%s\n", ++ cwd, MODULE_NAME, missing_file, ++ cwd, MODULE_NAME, missing_file, ++ cwd, MODULE_NAME, missing_file, ++ cwd, MODULE_NAME, missing_file)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ /* cleanup */ ++ ASSERT_EQ(0, unlink(config_file)); ++ ASSERT_EQ(0, unlink(service_file)); ++ ++ return 0; ++} +diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am +index 833d51a6..f34f8dce 100644 +--- a/modules/pam_time/Makefile.am ++++ b/modules/pam_time/Makefile.am +@@ -18,7 +18,7 @@ securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- -DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS) ++ $(WARN_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c +index 089ae22d..8eebc914 100644 +--- a/modules/pam_time/pam_time.c ++++ b/modules/pam_time/pam_time.c +@@ -33,6 +33,8 @@ + #include + #endif + ++#define PAM_TIME_CONF (SCONFIGDIR "/time.conf") ++ + #define PAM_TIME_BUFLEN 1000 + #define FIELD_SEPARATOR ';' /* this is new as of .02 */ + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index f2474a5b..c8ab49f3 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -334,7 +334,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, + + #define PW_TMPFILE "/etc/npasswd" + #define SH_TMPFILE "/etc/nshadow" +-#define OPW_TMPFILE "/etc/security/nopasswd" ++#define OPW_TMPFILE SCONFIGDIR "/nopasswd" + + /* + * i64c - convert an integer to a radix 64 character +diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h +index c07037d2..463ef185 100644 +--- a/modules/pam_unix/passverify.h ++++ b/modules/pam_unix/passverify.h +@@ -8,7 +8,7 @@ + + #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT + +-#define OLD_PASSWORDS_FILE "/etc/security/opasswd" ++#define OLD_PASSWORDS_FILE SCONFIGDIR "/opasswd" + + int + is_pwd_shadowed(const struct passwd *pwd); +diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh +index 14f585d9..ff9a4dc1 100755 +--- a/xtests/run-xtests.sh ++++ b/xtests/run-xtests.sh +@@ -18,10 +18,12 @@ all=0 + + mkdir -p /etc/security + for config in access.conf group.conf time.conf limits.conf ; do +- cp /etc/security/$config /etc/security/$config-pam-xtests ++ [ -f "/etc/security/$config" ] && ++ mv /etc/security/$config /etc/security/$config-pam-xtests + install -m 644 "${SRCDIR}"/$config /etc/security/$config + done +-mv /etc/security/opasswd /etc/security/opasswd-pam-xtests ++[ -f /etc/security/opasswd ] && ++ mv /etc/security/opasswd /etc/security/opasswd-pam-xtests + + for testname in $XTESTS ; do + for cfg in "${SRCDIR}"/$testname*.pamd ; do +@@ -47,11 +49,15 @@ for testname in $XTESTS ; do + all=`expr $all + 1` + rm -f /etc/pam.d/$testname* + done +-mv /etc/security/access.conf-pam-xtests /etc/security/access.conf +-mv /etc/security/group.conf-pam-xtests /etc/security/group.conf +-mv /etc/security/time.conf-pam-xtests /etc/security/time.conf +-mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf +-mv /etc/security/opasswd-pam-xtests /etc/security/opasswd ++ ++for config in access.conf group.conf time.conf limits.conf opasswd ; do ++ if [ -f "/etc/security/$config-pam-xtests" ]; then ++ mv /etc/security/$config-pam-xtests /etc/security/$config ++ else ++ rm -f /etc/security/$config ++ fi ++done ++ + if test "$failed" -ne 0; then + echo "===================" + echo "$failed of $all tests failed" diff --git a/pam-hostnames-in-access_conf.patch b/pam-hostnames-in-access_conf.patch index 3f2c1f9..076ff17 100644 --- a/pam-hostnames-in-access_conf.patch +++ b/pam-hostnames-in-access_conf.patch @@ -1,12 +1,52 @@ -Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c -=================================================================== ---- Linux-PAM-1.3.91.orig/modules/pam_access/pam_access.c -+++ Linux-PAM-1.3.91/modules/pam_access/pam_access.c -@@ -699,10 +699,10 @@ string_match (pam_handle_t *pamh, const - return (NO); +From d275f22cf28da287e93b5e5a1fdb8a68b2815982 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 24 Feb 2022 10:37:32 +0100 +Subject: [PATCH] pam_access: handle hostnames in access.conf + +According to the manual page, the following entry is valid but does not +work: +-:root:ALL EXCEPT localhost + +See https://bugzilla.suse.com/show_bug.cgi?id=1019866 + +Patched is based on PR#226 from Josef Moellers +--- + modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- + 1 file changed, 76 insertions(+), 19 deletions(-) + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 0d033aa20..3cec542be 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -640,7 +640,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -681,7 +681,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + return NO; + } + +- /* Assume network/netmask with an IP of a host. */ ++ /* Assume network/netmask, IP address or hostname. */ + return network_netmask_match(pamh, tok, string, item); } -- +@@ -699,7 +699,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. +- * "NONE" token matches NULL string. ++ * "NONE" token matches NULL string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ +@@ -717,7 +717,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + /* network_netmask_match - match a string against one token * where string is a hostname or ip (v4,v6) address and tok - * represents either a single ip (v4,v6) address or a network/netmask @@ -15,13 +55,11 @@ Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c */ static int network_netmask_match (pam_handle_t *pamh, -@@ -711,10 +711,14 @@ network_netmask_match (pam_handle_t *pam +@@ -726,10 +727,12 @@ network_netmask_match (pam_handle_t *pamh, char *netmask_ptr; char netmask_string[MAXHOSTNAMELEN + 1]; int addr_type; -+ struct addrinfo *ai; -+ struct sockaddr_storage tok_addr; -+ struct addrinfo hint; ++ struct addrinfo *ai = NULL; if (item->debug) - pam_syslog (pamh, LOG_DEBUG, @@ -31,33 +69,17 @@ Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c /* OK, check if tok is of type addr/mask */ if ((netmask_ptr = strchr(tok, '/')) != NULL) { -@@ -724,7 +728,7 @@ network_netmask_match (pam_handle_t *pam - *netmask_ptr = 0; - netmask_ptr++; - -- if (isipaddr(tok, &addr_type, NULL) == NO) -+ if (isipaddr(tok, &addr_type, &tok_addr) == NO) - { /* no netaddr */ - return NO; - } -@@ -748,19 +752,47 @@ network_netmask_match (pam_handle_t *pam +@@ -763,54 +766,108 @@ network_netmask_match (pam_handle_t *pamh, netmask_ptr = number_to_netmask(netmask, addr_type, netmask_string, MAXHOSTNAMELEN); } - } + -+ /* -+ * Although isipaddr() has already converted the IP address, -+ * we call getaddrinfo here to properly construct an addrinfo list -+ */ -+ memset (&hint, '\0', sizeof (hint)); -+ hint.ai_flags = 0; -+ hint.ai_family = AF_UNSPEC; -+ -+ ai = NULL; /* just to be on the safe side */ -+ -+ /* The following should not fail ... */ -+ if (getaddrinfo (tok, NULL, &hint, &ai) != 0) ++ /* ++ * Construct an addrinfo list from the IP address. ++ * This should not fail as the input is a correct IP address... ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) + { + return NO; + } @@ -70,15 +92,9 @@ Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c + * It is either an IP address or a hostname. + * Let getaddrinfo sort everything out + */ -+ memset (&hint, '\0', sizeof (hint)); -+ hint.ai_flags = 0; -+ hint.ai_family = AF_UNSPEC; -+ -+ ai = NULL; /* just to be on the safe side */ -+ -+ if (getaddrinfo (string, NULL, &hint, &ai) != 0) ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) { -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", string); ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); + return NO; } @@ -87,13 +103,25 @@ Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c if (isipaddr(string, NULL, NULL) != YES) { - /* Assume network/netmask with a name of a host. */ -- struct addrinfo hint; -- +- /* Assume network/netmask with a name of a host. */ + struct addrinfo hint; + ++ /* Assume network/netmask with a name of a host. */ memset (&hint, '\0', sizeof (hint)); hint.ai_flags = AI_CANONNAME; hint.ai_family = AF_UNSPEC; -@@ -773,29 +805,54 @@ network_netmask_match (pam_handle_t *pam + + if (item->gai_rv != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else if (!item->res && + (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } else { struct addrinfo *runp = item->res; @@ -103,14 +131,18 @@ Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c { char buf[INET6_ADDRSTRLEN]; - DIAG_PUSH_IGNORE_CAST_ALIGN; +- DIAG_PUSH_IGNORE_CAST_ALIGN; - inet_ntop (runp->ai_family, - runp->ai_family == AF_INET - ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr - : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, - buf, sizeof (buf)); -+ (void) getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST); - DIAG_POP_IGNORE_CAST_ALIGN; +- DIAG_POP_IGNORE_CAST_ALIGN; ++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } - if (are_addresses_equal(buf, tok, netmask_ptr)) + for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) @@ -121,7 +153,11 @@ Index: Linux-PAM-1.3.91/modules/pam_access/pam_access.c + if (runp->ai_family != runp1->ai_family) + continue; + -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } + + if (are_addresses_equal (buf, buf1, netmask_ptr)) + { diff --git a/pam.changes b/pam.changes index ef1c80b..2a2c654 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + ------------------------------------------------------------------- Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 5c3afd1..6f5d2a4 100644 --- a/pam.spec +++ b/pam.spec @@ -69,9 +69,7 @@ Patch2: pam-hostnames-in-access_conf.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch Patch10: pam_xauth_data.3.xml.patch -Patch11: 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch -Patch12: 0002-Only-include-vendordir-in-manual-page-if-set-401.patch -Patch13: 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +Patch11: pam-git.diff BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -183,8 +181,6 @@ cp -a %{SOURCE12} . %patch4 -p1 %patch10 -p1 %patch11 -p1 -%patch12 -p1 -%patch13 -p1 %build bash ./pam-login_defs-check.sh @@ -258,7 +254,7 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf mkdir %{buildroot}%{_distconfdir}/security -mv %{buildroot}%{_sysconfdir}/security/limits.conf %{buildroot}%{_distconfdir}/security/limits.conf +mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf} %{buildroot}%{_distconfdir}/security/ # Remove manual pages for main package %if !%{build_doc} @@ -328,8 +324,8 @@ done %endif %config(noreplace) %{_sysconfdir}/environment %config(noreplace) %{_pam_secconfdir}/access.conf -%config(noreplace) %{_pam_secconfdir}/group.conf -%config(noreplace) %{_pam_secconfdir}/faillock.conf +%{_distconfdir}/security/group.conf +%{_distconfdir}/security/faillock.conf %{_distconfdir}/security/limits.conf %config(noreplace) %{_pam_secconfdir}/pam_env.conf %if %{enable_selinux} -- 2.51.1 From d59ee3f1e184251a189a6832b664d87c56960c9bd8cce4306428622d174c4e8c Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 1 Jun 2022 11:43:49 +0000 Subject: [PATCH 176/226] - Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=260 --- macros.pam | 2 +- pam.changes | 5 +++++ pam.spec | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/macros.pam b/macros.pam index fdffe5d..d33ba56 100644 --- a/macros.pam +++ b/macros.pam @@ -2,6 +2,6 @@ %_pam_moduledir %{_libdir}/security %_pam_secconfdir %{_sysconfdir}/security %_pam_confdir %{_sysconfdir}/pam.d -%_pam_vendordir %{_distconfdir}/pam.d +%_pam_vendordir %{_libdir}/pam.d # legacy, to be retired %_pamdir %{_pam_moduledir} diff --git a/pam.changes b/pam.changes index 2a2c654..b3ffb4d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + ------------------------------------------------------------------- Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 6f5d2a4..1f21bf7 100644 --- a/pam.spec +++ b/pam.spec @@ -253,7 +253,7 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf -mkdir %{buildroot}%{_distconfdir}/security +mkdir -p %{buildroot}%{_distconfdir}/security mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf} %{buildroot}%{_distconfdir}/security/ # Remove manual pages for main package -- 2.51.1 From 41ae53b4d43586d5bfd73df47806c2653dde58a66c1a3dc4d6ee3d7a4200e013 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 1 Jun 2022 12:00:32 +0000 Subject: [PATCH 177/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=261 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 1f21bf7..145a462 100644 --- a/pam.spec +++ b/pam.spec @@ -195,7 +195,7 @@ CFLAGS="$CFLAGS -DNDEBUG" --pdfdir=%{_docdir}/pam/pdf \ --enable-isadir=../..%{_pam_moduledir} \ --enable-securedir=%{_pam_moduledir} \ - --enable-vendordir=%{_distconfdir} \ + --enable-vendordir=%{_prefix}/etc/pam.d \ %if %{with debug} --enable-debug %endif -- 2.51.1 From c8e4e2b50f9158e185fffbe8db5574010931c6c1534d8cf467def50892b7f4da Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 13 Jun 2022 08:55:58 +0000 Subject: [PATCH 178/226] Accepting request 982382 from home:kukuk:tiu Fix paths OBS-URL: https://build.opensuse.org/request/show/982382 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=262 --- macros.pam | 2 +- pam.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/macros.pam b/macros.pam index d33ba56..90a9763 100644 --- a/macros.pam +++ b/macros.pam @@ -2,6 +2,6 @@ %_pam_moduledir %{_libdir}/security %_pam_secconfdir %{_sysconfdir}/security %_pam_confdir %{_sysconfdir}/pam.d -%_pam_vendordir %{_libdir}/pam.d +%_pam_vendordir %{_usr}/lib/pam.d # legacy, to be retired %_pamdir %{_pam_moduledir} diff --git a/pam.spec b/pam.spec index 145a462..8563489 100644 --- a/pam.spec +++ b/pam.spec @@ -195,7 +195,7 @@ CFLAGS="$CFLAGS -DNDEBUG" --pdfdir=%{_docdir}/pam/pdf \ --enable-isadir=../..%{_pam_moduledir} \ --enable-securedir=%{_pam_moduledir} \ - --enable-vendordir=%{_prefix}/etc/pam.d \ + --enable-vendordir=%{_prefix}/etc \ %if %{with debug} --enable-debug %endif -- 2.51.1 From 99fd8d508efeeb609dfb684969791e72d1bac829965d9570659ce67095326158 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 17 Jun 2022 15:30:56 +0000 Subject: [PATCH 179/226] Accepting request 983463 from home:kukuk:tiu - Keep old directory in filelist for migration OBS-URL: https://build.opensuse.org/request/show/983463 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=263 --- macros.pam | 2 +- pam.changes | 5 +++++ pam.spec | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/macros.pam b/macros.pam index 90a9763..87a5493 100644 --- a/macros.pam +++ b/macros.pam @@ -2,6 +2,6 @@ %_pam_moduledir %{_libdir}/security %_pam_secconfdir %{_sysconfdir}/security %_pam_confdir %{_sysconfdir}/pam.d -%_pam_vendordir %{_usr}/lib/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d # legacy, to be retired %_pamdir %{_pam_moduledir} diff --git a/pam.changes b/pam.changes index b3ffb4d..210835b 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + ------------------------------------------------------------------- Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 8563489..fc8bf01 100644 --- a/pam.spec +++ b/pam.spec @@ -215,6 +215,8 @@ mkdir -p %{buildroot}%{_includedir}/security mkdir -p %{buildroot}%{_pam_moduledir} mkdir -p %{buildroot}/sbin mkdir -p -m 755 %{buildroot}%{_libdir} +# For compat reasons +mkdir -p %{buildroot}%{_distconfdir}/pam.d %make_install /sbin/ldconfig -n %{buildroot}%{libdir} # Install documentation @@ -314,6 +316,8 @@ done %dir %{_pam_secconfdir} %dir %{_pam_secconfdir}/limits.d %dir %{_distconfdir}/security +# /usr/etc/pam.d is for compat reasons +%dir %{_distconfdir}/pam.d %dir %{_prefix}/lib/motd.d %if %{defined config_noreplace} %config(noreplace) %{_pam_confdir}/other -- 2.51.1 From a7257563cb588131dff9625fbc5d6dcfd1bce737a13877b290a52130908be463 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 12 Oct 2022 09:48:57 +0000 Subject: [PATCH 180/226] Accepting request 1010118 from home:schubi2 - pam_env: Using libeconf for reading configuration and environment files. OBS-URL: https://build.opensuse.org/request/show/1010118 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=264 --- pam.changes | 6 + pam.spec | 4 + pam_env_econf.patch | 1019 ++++++++++++++++++++++++++++++++++++++++++ tst-pam_env-retval.c | 259 +++++++++++ 4 files changed, 1288 insertions(+) create mode 100644 pam_env_econf.patch create mode 100644 tst-pam_env-retval.c diff --git a/pam.changes b/pam.changes index 210835b..8a618ee 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. + ------------------------------------------------------------------- Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index fc8bf01..070c148 100644 --- a/pam.spec +++ b/pam.spec @@ -64,12 +64,14 @@ Source12: pam-login_defs-check.sh Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc +Source16: tst-pam_env-retval.c Patch1: pam-limit-nproc.patch Patch2: pam-hostnames-in-access_conf.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch Patch10: pam_xauth_data.3.xml.patch Patch11: pam-git.diff +Patch12: pam_env_econf.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -175,12 +177,14 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . +cp %{SOURCE16} ./modules/pam_env %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 %build bash ./pam-login_defs-check.sh diff --git a/pam_env_econf.patch b/pam_env_econf.patch new file mode 100644 index 0000000..e2db6d9 --- /dev/null +++ b/pam_env_econf.patch @@ -0,0 +1,1019 @@ +diff -Naur org/configure.ac patch/configure.ac +--- org/configure.ac 2022-10-11 12:35:53.558193223 +0200 ++++ patch/configure.ac 2022-10-11 12:36:32.502192985 +0200 +@@ -511,7 +511,11 @@ + [Directory for distribution provided configuration files]) + AC_DEFINE_UNQUOTED([VENDOR_SCONFIGDIR], ["$enable_vendordir/security"], + [Directory for PAM modules distribution provided configuration files]) +- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" ++ if test "$WITH_ECONF" = "yes" ; then ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_with_econf'" ++ else ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_without_econf" ++ fi + else + STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" + fi +diff -Naur org/modules/pam_env/Makefile.am patch/modules/pam_env/Makefile.am +--- org/modules/pam_env/Makefile.am 2022-10-11 12:35:53.574193223 +0200 ++++ patch/modules/pam_env/Makefile.am 2022-10-11 12:36:32.518192985 +0200 +@@ -12,20 +12,23 @@ + endif + XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml + dist_check_SCRIPTS = tst-pam_env +-TESTS = $(dist_check_SCRIPTS) ++TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) + + securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- $(WARN_CFLAGS) ++ $(WARN_CFLAGS) -DSYSCONFDIR=\"$(sysconfdir)\" $(ECONF_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + + securelib_LTLIBRARIES = pam_env.la +-pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la ++pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS) ++ ++check_PROGRAMS = tst-pam_env-retval ++tst_pam_env_retval_LDADD = $(top_builddir)/libpam/libpam.la + + dist_secureconf_DATA = pam_env.conf + dist_sysconf_DATA = environment +diff -Naur org/modules/pam_env/pam_env.8.xml patch/modules/pam_env/pam_env.8.xml +--- org/modules/pam_env/pam_env.8.xml 2022-10-11 12:35:53.574193223 +0200 ++++ patch/modules/pam_env/pam_env.8.xml 2022-10-11 12:36:32.518192985 +0200 +@@ -52,13 +52,55 @@ + variables as well as PAM_ITEMs such as + PAM_RHOST. + +- ++ ++ Rules for (un)setting of variables can be defined in an own config ++ file. The path to this file can be specified with the ++ conffile option. ++ If this file does not exist, the default rules are taken from the ++ config files /etc/security/pam_env.conf and ++ /etc/security/pam_env.conf.d/*.conf. ++ If the file /etc/security/pam_env.conf does not ++ exist, the rules are taken from the files ++ %vendordir%/security/pam_env.conf, ++ %vendordir%/security/pam_env.conf.d/*.conf and ++ /etc/security/pam_env.conf.d/*.conf in that order. ++ ++ ++ By default rules for (un)setting of variables are taken from the ++ config file /etc/security/pam_env.conf. ++ If this file does not exist %vendordir%/security/pam_env.conf is used. ++ An alternate file can be specified with the conffile ++ option, which overrules all other files. ++ ++ + By default rules for (un)setting of variables are taken from the + config file /etc/security/pam_env.conf. An + alternate file can be specified with the conffile + option. + +- ++ ++ Environment variables can be defined in a file with simple KEY=VAL ++ pairs on separate lines. The path to this file can be specified with the ++ envfile option. ++ If this file has not been defined, the settings are read from the ++ files /etc/security/environment and ++ /etc/security/environment.d/*. ++ If the file /etc/environment does not exist, the ++ settings are read from the files %vendordir%/environment, ++ %vendordir%/environment.d/* and ++ /etc/environment.d/* in that order. ++ And last but not least, with the readenv option this mechanism can ++ be completely disabled. ++ ++ ++ Second a file (/etc/environment by default) with simple ++ KEY=VAL pairs on separate lines will be read. ++ If this file does not exist, %vendordir%/etc/environment is used. ++ With the envfile option an alternate file can be specified, ++ which overrules all other files. ++ And with the readenv option this can be completely disabled. ++ ++ + Second a file (/etc/environment by default) with simple + KEY=VAL pairs on separate lines will be read. + With the envfile option an alternate file can be specified. +@@ -224,12 +266,14 @@ + FILES + + ++ /usr/etc/security/pam_env.conf + /etc/security/pam_env.conf + + Default configuration file + + + ++ /usr/etc/environment + /etc/environment + + Default environment file +diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c +--- org/modules/pam_env/pam_env.c 2022-10-11 12:35:53.574193223 +0200 ++++ patch/modules/pam_env/pam_env.c 2022-10-11 12:36:32.518192985 +0200 +@@ -7,6 +7,9 @@ + */ + + #define DEFAULT_ETC_ENVFILE "/etc/environment" ++#ifdef VENDORDIR ++#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/etc/environment") ++#endif + #define DEFAULT_READ_ENVFILE 1 + + #define DEFAULT_USER_ENVFILE ".pam_environment" +@@ -25,6 +28,9 @@ + #include + #include + #include ++#ifdef USE_ECONF ++#include ++#endif + + #include + #include +@@ -42,6 +48,9 @@ + } VAR; + + #define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") ++#ifdef VENDOR_SCONFIGDIR ++#define VENDOR_DEFAULT_CONF_FILE (VENDOR_SCONFIGDIR "/pam_env.conf") ++#endif + + #define BUF_SIZE 8192 + #define MAX_ENV 8192 +@@ -53,18 +62,19 @@ + #define UNDEFINE_VAR 102 + #define ILLEGAL_VAR 103 + +-static int _assemble_line(FILE *, char *, int); +-static int _parse_line(const pam_handle_t *, const char *, VAR *); +-static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */ +-static void _clean_var(VAR *); +-static int _expand_arg(pam_handle_t *, char **); +-static const char * _pam_get_item_byname(pam_handle_t *, const char *); +-static int _define_var(pam_handle_t *, int, VAR *); +-static int _undefine_var(pam_handle_t *, int, VAR *); +- + /* This is a special value used to designate an empty string */ + static char quote='\0'; + ++static void free_string_array(char **array) ++{ ++ if (array == NULL) ++ return; ++ for (char **entry = array; *entry != NULL; ++entry) { ++ free(*entry); ++ } ++ free(array); ++} ++ + /* argument parsing */ + + #define PAM_DEBUG_ARG 0x01 +@@ -77,10 +87,10 @@ + int ctrl=0; + + *user_envfile = DEFAULT_USER_ENVFILE; +- *envfile = DEFAULT_ETC_ENVFILE; ++ *envfile = NULL; + *readenv = DEFAULT_READ_ENVFILE; + *user_readenv = DEFAULT_USER_READ_ENVFILE; +- *conffile = DEFAULT_CONF_FILE; ++ *conffile = NULL; + + /* step through arguments */ + for (; argc-- > 0; ++argv) { +@@ -128,166 +138,145 @@ + return ctrl; + } + +-static int +-_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) +-{ +- int retval; +- char buffer[BUF_SIZE]; +- FILE *conf; +- VAR Var, *var=&Var; +- +- D(("Called.")); +- +- var->name=NULL; var->defval=NULL; var->override=NULL; ++#ifdef USE_ECONF + +- D(("Config file name is: %s", file)); ++#define ENVIRONMENT "environment" ++#define PAM_ENV "pam_env" + +- /* +- * Lets try to open the config file, parse it and process +- * any variables found. +- */ ++static int ++isDirectory(const char *path) { ++ struct stat statbuf; ++ if (stat(path, &statbuf) != 0) ++ return 0; ++ return S_ISDIR(statbuf.st_mode); ++} + +- if ((conf = fopen(file,"r")) == NULL) { +- pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); +- return PAM_IGNORE; ++static int ++econf_read_file(const pam_handle_t *pamh, const char *filename, const char *delim, ++ const char *name, const char *suffix, const char *subpath, ++ char ***lines) ++{ ++ econf_file *key_file = NULL; ++ econf_err error; ++ size_t key_number = 0; ++ char **keys = NULL; ++ const char *base_dir = ""; ++ ++ if (filename != NULL) { ++ if (isDirectory(filename)) { ++ /* Set base directory which can be different from root */ ++ D(("filename argument is a directory: %s", filename)); ++ base_dir = filename; ++ } else { ++ /* Read only one file */ ++ error = econf_readFile (&key_file, filename, delim, "#"); ++ D(("File name is: %s", filename)); ++ if (error != ECONF_SUCCESS) { ++ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %s", filename, ++ econf_errString(error)); ++ if (error == ECONF_NOFILE) ++ return PAM_IGNORE; ++ else ++ return PAM_ABORT; ++ } ++ } + } +- +- /* _pam_assemble_line will provide a complete line from the config file, +- * with all comments removed and any escaped newlines fixed up +- */ +- +- while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { +- D(("Read line: %s", buffer)); +- +- if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { +- retval = _check_var(pamh, var); +- +- if (DEFINE_VAR == retval) { +- retval = _define_var(pamh, ctrl, var); +- +- } else if (UNDEFINE_VAR == retval) { +- retval = _undefine_var(pamh, ctrl, var); ++ if (filename == NULL || base_dir[0] != '\0') { ++ /* Read and merge all setting in e.g. /usr/etc and /etc */ ++ char *vendor_dir = NULL, *sysconf_dir; ++ if (subpath != NULL && subpath[0] != '\0') { ++#ifdef VENDORDIR ++ if (asprintf(&vendor_dir, "%s%s/%s/", base_dir, VENDORDIR, subpath) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ return PAM_BUF_ERR; ++ } ++#endif ++ if (asprintf(&sysconf_dir, "%s%s/%s/", base_dir, SYSCONFDIR, subpath) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ free(vendor_dir); ++ return PAM_BUF_ERR; ++ } ++ } else { ++#ifdef VENDORDIR ++ if (asprintf(&vendor_dir, "%s%s/", base_dir, VENDORDIR) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ return PAM_BUF_ERR; ++ } ++#endif ++ if (asprintf(&sysconf_dir, "%s%s/", base_dir, SYSCONFDIR) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ free(vendor_dir); ++ return PAM_BUF_ERR; + } + } +- if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval +- && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; +- +- _clean_var(var); +- +- } /* while */ +- +- (void) fclose(conf); +- +- /* tidy up */ +- _clean_var(var); /* We could have got here prematurely, +- * this is safe though */ +- D(("Exit.")); +- return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); +-} + +-static int +-_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) +-{ +- int retval=PAM_SUCCESS, i, t; +- char buffer[BUF_SIZE], *key, *mark; +- FILE *conf; +- +- D(("Env file name is: %s", file)); +- +- if ((conf = fopen(file,"r")) == NULL) { +- pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); +- return PAM_IGNORE; ++ D(("Read configuration from directory %s and %s", vendor_dir, sysconf_dir)); ++ error = econf_readDirs (&key_file, vendor_dir, sysconf_dir, name, suffix, ++ delim, "#"); ++ free(vendor_dir); ++ free(sysconf_dir); ++ if (error != ECONF_SUCCESS) { ++ pam_syslog(pamh, LOG_ERR, "Unable to read configuration in different directories: %s", ++ econf_errString(error)); ++ if (error == ECONF_NOFILE) ++ return PAM_IGNORE; ++ else ++ return PAM_ABORT; ++ } + } + +- while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { +- D(("Read line: %s", buffer)); +- key = buffer; +- +- /* skip leading white space */ +- key += strspn(key, " \n\t"); +- +- /* skip blanks lines and comments */ +- if (key[0] == '#') +- continue; +- +- /* skip over "export " if present so we can be compat with +- bash type declarations */ +- if (strncmp(key, "export ", (size_t) 7) == 0) +- key += 7; +- +- /* now find the end of value */ +- mark = key; +- while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') +- mark++; +- if (mark[0] != '\0') +- mark[0] = '\0'; +- +- /* +- * sanity check, the key must be alphanumeric +- */ +- +- if (key[0] == '=') { +- pam_syslog(pamh, LOG_ERR, +- "missing key name '%s' in %s', ignoring", +- key, file); +- continue; +- } +- +- for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) +- if (!isalnum(key[i]) && key[i] != '_') { +- pam_syslog(pamh, LOG_ERR, +- "non-alphanumeric key '%s' in %s', ignoring", +- key, file); +- break; +- } +- /* non-alphanumeric key, ignore this line */ +- if (key[i] != '=' && key[i] != '\0') +- continue; ++ error = econf_getKeys(key_file, NULL, &key_number, &keys); ++ if (error != ECONF_SUCCESS && error != ECONF_NOKEY) { ++ pam_syslog(pamh, LOG_ERR, "Unable to read keys: %s", ++ econf_errString(error)); ++ econf_freeFile(key_file); ++ return PAM_ABORT; ++ } + +- /* now we try to be smart about quotes around the value, +- but not too smart, we can't get all fancy with escaped +- values like bash */ +- if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { +- for ( t = i+1 ; key[t] != '\0' ; t++) +- if (key[t] != '\"' && key[t] != '\'') +- key[i++] = key[t]; +- else if (key[t+1] != '\0') +- key[i++] = key[t]; +- key[i] = '\0'; +- } ++ *lines = malloc((key_number +1)* sizeof(char**)); ++ if (*lines == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ econf_free(keys); ++ econf_freeFile(key_file); ++ return PAM_BUF_ERR; ++ } + +- /* if this is a request to delete a variable, check that it's +- actually set first, so we don't get a vague error back from +- pam_putenv() */ +- for (i = 0; key[i] != '=' && key[i] != '\0'; i++); ++ (*lines)[key_number] = 0; + +- if (key[i] == '\0' && !pam_getenv(pamh,key)) +- continue; ++ for (size_t i = 0; i < key_number; i++) { ++ char *val; + +- /* set the env var, if it fails, we break out of the loop */ +- retval = pam_putenv(pamh, key); +- if (retval != PAM_SUCCESS) { +- D(("error setting env \"%s\"", key)); +- break; +- } else if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_DEBUG, +- "pam_putenv(\"%s\")", key); ++ error = econf_getStringValue (key_file, NULL, keys[i], &val); ++ if (error != ECONF_SUCCESS) { ++ pam_syslog(pamh, LOG_ERR, "Unable to get string from key %s: %s", ++ keys[i], ++ econf_errString(error)); ++ } else { ++ if (asprintf(&(*lines)[i],"%s%c%s", keys[i], delim[0], val) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ econf_free(keys); ++ econf_freeFile(key_file); ++ free_string_array(*lines); ++ free (val); ++ return PAM_BUF_ERR; + } ++ free (val); ++ } + } + +- (void) fclose(conf); +- +- /* tidy up */ +- D(("Exit.")); +- return retval; ++ econf_free(keys); ++ econf_free(key_file); ++ return PAM_SUCCESS; + } + ++#else ++ + /* + * This is where we read a line of the PAM config file. The line may be + * preceded by lines of comments and also extended with "\\\n" + */ +- +-static int _assemble_line(FILE *f, char *buffer, int buf_len) ++static int ++_assemble_line(FILE *f, char *buffer, int buf_len) + { + char *p = buffer; + char *s, *os; +@@ -375,8 +364,54 @@ + return used; + } + ++static int read_file(const pam_handle_t *pamh, const char*filename, char ***lines) ++{ ++ FILE *conf; ++ char buffer[BUF_SIZE]; ++ ++ D(("Parsed file name is: %s", filename)); ++ ++ if ((conf = fopen(filename,"r")) == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s", filename); ++ return PAM_IGNORE; ++ } ++ ++ size_t i = 0; ++ *lines = malloc((i + 1)* sizeof(char**)); ++ if (*lines == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ (void) fclose(conf); ++ return PAM_BUF_ERR; ++ } ++ (*lines)[i] = 0; ++ while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { ++ char **tmp = NULL; ++ D(("Read line: %s", buffer)); ++ tmp = realloc(*lines, (++i + 1) * sizeof(char**)); ++ if (tmp == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ (void) fclose(conf); ++ free_string_array(*lines); ++ return PAM_BUF_ERR; ++ } ++ *lines = tmp; ++ (*lines)[i-1] = strdup(buffer); ++ if ((*lines)[i-1] == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ (void) fclose(conf); ++ free_string_array(*lines); ++ return PAM_BUF_ERR; ++ } ++ (*lines)[i] = 0; ++ } ++ ++ (void) fclose(conf); ++ return PAM_SUCCESS; ++} ++#endif ++ + static int +-_parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) ++_parse_line(const pam_handle_t *pamh, const char *buffer, VAR *var) + { + /* + * parse buffer into var, legal syntax is +@@ -471,75 +506,57 @@ + return GOOD_LINE; + } + +-static int _check_var(pam_handle_t *pamh, VAR *var) ++static const char * ++_pam_get_item_byname(pam_handle_t *pamh, const char *name) + { + /* +- * Examine the variable and determine what action to take. +- * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take +- * or a PAM_* error code if passed back from other routines +- * +- * if no DEFAULT provided, the empty string is assumed +- * if no OVERRIDE provided, the empty string is assumed +- * if DEFAULT= and OVERRIDE evaluates to the empty string, +- * this variable should be undefined +- * if DEFAULT="" and OVERRIDE evaluates to the empty string, +- * this variable should be defined with no value +- * if OVERRIDE=value and value turns into the empty string, DEFAULT is used +- * +- * If DEFINE_VAR is to be returned, the correct value to define will +- * be pointed to by var->value ++ * This function just allows me to use names as given in the config ++ * file and translate them into the appropriate PAM_ITEM macro + */ + +- int retval; ++ int item; ++ const void *itemval; + + D(("Called.")); +- +- /* +- * First thing to do is to expand any arguments, but only +- * if they are not the special quote values (cause expand_arg +- * changes memory). +- */ +- +- if (var->defval && ("e != var->defval) && +- ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { +- return retval; +- } +- if (var->override && ("e != var->override) && +- ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { +- return retval; ++ if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { ++ item = PAM_USER; ++ } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { ++ item = PAM_USER_PROMPT; ++ } else if (strcmp(name, "PAM_TTY") == 0) { ++ item = PAM_TTY; ++ } else if (strcmp(name, "PAM_RUSER") == 0) { ++ item = PAM_RUSER; ++ } else if (strcmp(name, "PAM_RHOST") == 0) { ++ item = PAM_RHOST; ++ } else { ++ D(("Unknown PAM_ITEM: <%s>", name)); ++ pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); ++ return NULL; + } + +- /* Now its easy */ +- +- if (var->override && *(var->override)) { +- /* if there is a non-empty string in var->override, we use it */ +- D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); +- var->value = var->override; +- retval = DEFINE_VAR; +- } else { ++ if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { ++ D(("pam_get_item failed")); ++ return NULL; /* let pam_get_item() log the error */ ++ } + +- var->value = var->defval; +- if ("e == var->defval) { +- /* +- * This means that the empty string was given for defval value +- * which indicates that a variable should be defined with no value +- */ +- D(("An empty variable: <%s>", var->name)); +- retval = DEFINE_VAR; +- } else if (var->defval) { +- D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); +- retval = DEFINE_VAR; +- } else { +- D(("UNDEFINE variable <%s>", var->name)); +- retval = UNDEFINE_VAR; ++ if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { ++ struct passwd *user_entry; ++ user_entry = pam_modutil_getpwnam (pamh, itemval); ++ if (!user_entry) { ++ pam_syslog(pamh, LOG_ERR, "No such user!?"); ++ return NULL; + } ++ return (strcmp(name, "SHELL") == 0) ? ++ user_entry->pw_shell : ++ user_entry->pw_dir; + } + + D(("Exit.")); +- return retval; ++ return itemval; + } + +-static int _expand_arg(pam_handle_t *pamh, char **value) ++static int ++_expand_arg(pam_handle_t *pamh, char **value) + { + const char *orig=*value, *tmpptr=NULL; + char *ptr; /* +@@ -679,55 +696,96 @@ + return PAM_SUCCESS; + } + +-static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) ++static int ++_check_var(pam_handle_t *pamh, VAR *var) + { + /* +- * This function just allows me to use names as given in the config +- * file and translate them into the appropriate PAM_ITEM macro ++ * Examine the variable and determine what action to take. ++ * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take ++ * or a PAM_* error code if passed back from other routines ++ * ++ * if no DEFAULT provided, the empty string is assumed ++ * if no OVERRIDE provided, the empty string is assumed ++ * if DEFAULT= and OVERRIDE evaluates to the empty string, ++ * this variable should be undefined ++ * if DEFAULT="" and OVERRIDE evaluates to the empty string, ++ * this variable should be defined with no value ++ * if OVERRIDE=value and value turns into the empty string, DEFAULT is used ++ * ++ * If DEFINE_VAR is to be returned, the correct value to define will ++ * be pointed to by var->value + */ + +- int item; +- const void *itemval; ++ int retval; + + D(("Called.")); +- if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { +- item = PAM_USER; +- } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { +- item = PAM_USER_PROMPT; +- } else if (strcmp(name, "PAM_TTY") == 0) { +- item = PAM_TTY; +- } else if (strcmp(name, "PAM_RUSER") == 0) { +- item = PAM_RUSER; +- } else if (strcmp(name, "PAM_RHOST") == 0) { +- item = PAM_RHOST; +- } else { +- D(("Unknown PAM_ITEM: <%s>", name)); +- pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); +- return NULL; +- } + +- if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { +- D(("pam_get_item failed")); +- return NULL; /* let pam_get_item() log the error */ ++ /* ++ * First thing to do is to expand any arguments, but only ++ * if they are not the special quote values (cause expand_arg ++ * changes memory). ++ */ ++ ++ if (var->defval && ("e != var->defval) && ++ ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { ++ return retval; ++ } ++ if (var->override && ("e != var->override) && ++ ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { ++ return retval; + } + +- if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { +- struct passwd *user_entry; +- user_entry = pam_modutil_getpwnam (pamh, itemval); +- if (!user_entry) { +- pam_syslog(pamh, LOG_ERR, "No such user!?"); +- return NULL; ++ /* Now its easy */ ++ ++ if (var->override && *(var->override)) { ++ /* if there is a non-empty string in var->override, we use it */ ++ D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); ++ var->value = var->override; ++ retval = DEFINE_VAR; ++ } else { ++ ++ var->value = var->defval; ++ if ("e == var->defval) { ++ /* ++ * This means that the empty string was given for defval value ++ * which indicates that a variable should be defined with no value ++ */ ++ D(("An empty variable: <%s>", var->name)); ++ retval = DEFINE_VAR; ++ } else if (var->defval) { ++ D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); ++ retval = DEFINE_VAR; ++ } else { ++ D(("UNDEFINE variable <%s>", var->name)); ++ retval = UNDEFINE_VAR; + } +- return (strcmp(name, "SHELL") == 0) ? +- user_entry->pw_shell : +- user_entry->pw_dir; + } + + D(("Exit.")); +- return itemval; ++ return retval; + } + +-static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) ++static void ++_clean_var(VAR *var) ++{ ++ if (var->name) { ++ free(var->name); ++ } ++ if (var->defval && ("e != var->defval)) { ++ free(var->defval); ++ } ++ if (var->override && ("e != var->override)) { ++ free(var->override); ++ } ++ var->name = NULL; ++ var->value = NULL; /* never has memory specific to it */ ++ var->defval = NULL; ++ var->override = NULL; ++ return; ++} ++ ++static int ++_define_var(pam_handle_t *pamh, int ctrl, VAR *var) + { + /* We have a variable to define, this is a simple function */ + +@@ -749,7 +807,8 @@ + return retval; + } + +-static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) ++static int ++_undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) + { + /* We have a variable to undefine, this is a simple function */ + +@@ -760,25 +819,176 @@ + return pam_putenv(pamh, var->name); + } + +-static void _clean_var(VAR *var) ++static int ++_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) + { +- if (var->name) { +- free(var->name); +- } +- if (var->defval && ("e != var->defval)) { +- free(var->defval); +- } +- if (var->override && ("e != var->override)) { +- free(var->override); +- } +- var->name = NULL; +- var->value = NULL; /* never has memory specific to it */ +- var->defval = NULL; +- var->override = NULL; +- return; ++ int retval; ++ VAR Var, *var=&Var; ++ char **conf_list = NULL; ++ ++ var->name=NULL; var->defval=NULL; var->override=NULL; ++ ++ D(("Called.")); ++ ++#ifdef USE_ECONF ++ /* If "file" is not NULL, only this file will be parsed. */ ++ retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); ++#else ++ /* Only one file will be parsed. So, file has to be set. */ ++ if (file == NULL) /* No filename has been set via argv. */ ++ file = DEFAULT_CONF_FILE; ++#ifdef VENDOR_DEFAULT_CONF_FILE ++ /* ++ * Check whether file is available. ++ * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. ++ */ ++ struct stat stat_buffer; ++ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { ++ file = VENDOR_DEFAULT_CONF_FILE; ++ } ++#endif ++ retval = read_file(pamh, file, &conf_list); ++#endif ++ ++ if (retval != PAM_SUCCESS) ++ return retval; ++ ++ for (char **conf = conf_list; *conf != NULL; ++conf) { ++ if ((retval = _parse_line(pamh, *conf, var)) == GOOD_LINE) { ++ retval = _check_var(pamh, var); ++ ++ if (DEFINE_VAR == retval) { ++ retval = _define_var(pamh, ctrl, var); ++ ++ } else if (UNDEFINE_VAR == retval) { ++ retval = _undefine_var(pamh, ctrl, var); ++ } ++ } ++ if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval ++ && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; ++ ++ _clean_var(var); ++ ++ } /* for */ ++ ++ /* tidy up */ ++ free_string_array(conf_list); ++ _clean_var(var); /* We could have got here prematurely, ++ * this is safe though */ ++ D(("Exit.")); ++ return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); + } + ++static int ++_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) ++{ ++ int retval=PAM_SUCCESS, i, t; ++ char *key, *mark; ++ char **env_list = NULL; ++ ++#ifdef USE_ECONF ++ retval = econf_read_file(pamh, file, "=", ENVIRONMENT, "", "", &env_list); ++#else ++ /* Only one file will be parsed. So, file has to be set. */ ++ if (file == NULL) /* No filename has been set via argv. */ ++ file = DEFAULT_ETC_ENVFILE; ++#ifdef VENDOR_DEFAULT_ETC_ENVFILE ++ /* ++ * Check whether file is available. ++ * If it does not exist, fall back to VENDOR_DEFAULT_ETC_ENVFILE; file. ++ */ ++ struct stat stat_buffer; ++ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { ++ file = VENDOR_DEFAULT_ETC_ENVFILE; ++ } ++#endif ++ retval = read_file(pamh, file, &env_list); ++#endif ++ ++ if (retval != PAM_SUCCESS) ++ return retval == PAM_IGNORE ? PAM_SUCCESS : retval; ++ ++ for (char **env = env_list; *env != NULL; ++env) { ++ key = *env; ++ ++ /* skip leading white space */ ++ key += strspn(key, " \n\t"); ++ ++ /* skip blanks lines and comments */ ++ if (key[0] == '#') ++ continue; ++ ++ /* skip over "export " if present so we can be compat with ++ bash type declarations */ ++ if (strncmp(key, "export ", (size_t) 7) == 0) ++ key += 7; ++ ++ /* now find the end of value */ ++ mark = key; ++ while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') ++ mark++; ++ if (mark[0] != '\0') ++ mark[0] = '\0'; ++ ++ /* ++ * sanity check, the key must be alphanumeric ++ */ ++ ++ if (key[0] == '=') { ++ pam_syslog(pamh, LOG_ERR, ++ "missing key name '%s' in %s', ignoring", ++ key, file); ++ continue; ++ } ++ ++ for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) ++ if (!isalnum(key[i]) && key[i] != '_') { ++ pam_syslog(pamh, LOG_ERR, ++ "non-alphanumeric key '%s' in %s', ignoring", ++ key, file); ++ break; ++ } ++ /* non-alphanumeric key, ignore this line */ ++ if (key[i] != '=' && key[i] != '\0') ++ continue; ++ ++ /* now we try to be smart about quotes around the value, ++ but not too smart, we can't get all fancy with escaped ++ values like bash */ ++ if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { ++ for ( t = i+1 ; key[t] != '\0' ; t++) ++ if (key[t] != '\"' && key[t] != '\'') ++ key[i++] = key[t]; ++ else if (key[t+1] != '\0') ++ key[i++] = key[t]; ++ key[i] = '\0'; ++ } ++ ++ /* if this is a request to delete a variable, check that it's ++ actually set first, so we don't get a vague error back from ++ pam_putenv() */ ++ for (i = 0; key[i] != '=' && key[i] != '\0'; i++); ++ ++ if (key[i] == '\0' && !pam_getenv(pamh,key)) ++ continue; ++ ++ /* set the env var, if it fails, we break out of the loop */ ++ retval = pam_putenv(pamh, key); ++ if (retval != PAM_SUCCESS) { ++ D(("error setting env \"%s\"", key)); ++ break; ++ } else if (ctrl & PAM_DEBUG_ARG) { ++ pam_syslog(pamh, LOG_DEBUG, ++ "pam_putenv(\"%s\")", key); ++ } ++ free(*env); ++ } + ++ /* tidy up */ ++ free(env_list); ++ D(("Exit.")); ++ return retval; ++} + + /* --- authentication management functions (only) --- */ + +diff -Naur org/modules/pam_env/pam_env.conf.5.xml patch/modules/pam_env/pam_env.conf.5.xml +--- org/modules/pam_env/pam_env.conf.5.xml 2022-10-11 12:35:53.574193223 +0200 ++++ patch/modules/pam_env/pam_env.conf.5.xml 2022-10-11 12:36:32.518192985 +0200 +@@ -20,7 +20,15 @@ + + DESCRIPTION + +- ++ ++ The /usr/etc/security/pam_env.conf and ++ /etc/security/pam_env.conf files specify ++ the environment variables to be set, unset or modified by ++ pam_env8. ++ When someone logs in, these files are read and the environment ++ variables are set according. ++ ++ + The /etc/security/pam_env.conf file specifies + the environment variables to be set, unset or modified by + pam_env8. +@@ -61,7 +69,15 @@ + at front) can be used to mark this line as a comment line. + + +- ++ ++ The /usr/etc/environment and /etc/environment files specify ++ the environment variables to be set. These files must consist of simple ++ NAME=VALUE pairs on separate lines. ++ The pam_env8 ++ module will read these files after the pam_env.conf ++ file. ++ ++ + The /etc/environment file specifies + the environment variables to be set. The file must consist of simple + NAME=VALUE pairs on separate lines. diff --git a/tst-pam_env-retval.c b/tst-pam_env-retval.c new file mode 100644 index 0000000..524d183 --- /dev/null +++ b/tst-pam_env-retval.c @@ -0,0 +1,259 @@ +/* + * Check pam_env return values. + * + * Copyright (c) 2020-2022 Dmitry V. Levin + * Copyright (c) 2022 Stefan Schubert + */ + +#include "test_assert.h" + +#include +#include +#include +#include +#include +#include +#include + +#define MODULE_NAME "pam_env" +#define TEST_NAME "tst-" MODULE_NAME "-retval" +#define TEST_NAME_DIR TEST_NAME ".dir" + +static const char service_file[] = TEST_NAME ".service"; +static const char missing_file[] = TEST_NAME ".missing"; +static const char dir[] = TEST_NAME_DIR; +static const char dir_usr[] = TEST_NAME_DIR "/usr"; +static const char dir_usr_etc[] = TEST_NAME_DIR "/usr/etc"; +static const char dir_usr_etc_security[] = TEST_NAME_DIR "/usr/etc/security"; +static const char my_conf[] = TEST_NAME ".conf"; +static const char my_env[] = TEST_NAME ".env"; +static const char usr_env[] = TEST_NAME_DIR "/usr/etc/environment"; +static const char usr_conf[] = TEST_NAME_DIR "/usr/etc/security/pam_env.conf"; + +static struct pam_conv conv; + +static void +setup(void) +{ + FILE *fp; + + ASSERT_EQ(0, mkdir(dir, 0755)); + ASSERT_EQ(0, mkdir(dir_usr, 0755)); + ASSERT_EQ(0, mkdir(dir_usr_etc, 0755)); + ASSERT_EQ(0, mkdir(dir_usr_etc_security, 0755)); + + ASSERT_NE(NULL, fp = fopen(my_conf, "w")); + ASSERT_LT(0, fprintf(fp, + "EDITOR\tDEFAULT=vim\n" + "PAGER\tDEFAULT=more\n")); + ASSERT_EQ(0, fclose(fp)); + + ASSERT_NE(NULL, fp = fopen(my_env, "w")); + ASSERT_LT(0, fprintf(fp, + "test_value=foo\n" + "test2_value=bar\n")); + ASSERT_EQ(0, fclose(fp)); + + ASSERT_NE(NULL, fp = fopen(usr_env, "w")); + ASSERT_LT(0, fprintf(fp, + "usr_etc_test=foo\n" + "usr_etc_test2=bar\n")); + ASSERT_EQ(0, fclose(fp)); + + ASSERT_NE(NULL, fp = fopen(usr_conf, "w")); + ASSERT_LT(0, fprintf(fp, + "PAGER DEFAULT=emacs\n" + "MANPAGER DEFAULT=less\n")); + ASSERT_EQ(0, fclose(fp)); +} + +static void +cleanup(void) +{ + ASSERT_EQ(0, unlink(my_conf)); + ASSERT_EQ(0, unlink(my_env)); + ASSERT_EQ(0, unlink(usr_env)); + ASSERT_EQ(0, unlink(usr_conf)); + ASSERT_EQ(0, rmdir(dir_usr_etc_security)); + ASSERT_EQ(0, rmdir(dir_usr_etc)); + ASSERT_EQ(0, rmdir(dir_usr)); + ASSERT_EQ(0, rmdir(dir)); +} + +static void +check_array(const char **array1, char **array2) +{ + for (const char **a1 = array1; *a1 != NULL; ++a1) { + char **a2; + for (a2 = array2; *a2 != NULL; ++a2) { + if (strcmp(*a1, *a2) == 0) + break; + } + ASSERT_NE(NULL, *a2); + } +} + +static void +check_env(const char **list) +{ + pam_handle_t *pamh = NULL; + + ASSERT_EQ(PAM_SUCCESS, + pam_start_confdir(service_file, "", &conv, ".", &pamh)); + ASSERT_NE(NULL, pamh); + + ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); + + char **env_list = pam_getenvlist(pamh); + ASSERT_NE(NULL, env_list); + + check_array(list, env_list); + + for (char **e = env_list; *e != NULL; ++e) + free(*e); + free(env_list); + + ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); + ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); +} + +int +main(void) +{ + pam_handle_t *pamh = NULL; + FILE *fp; + char cwd[PATH_MAX]; + + ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); + + setup(); + + /* + * When conffile= specifies a missing file, all methods except + * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. + * The return code of the stack where every module returns PAM_IGNORE + * is PAM_PERM_DENIED. + */ + ASSERT_NE(NULL, fp = fopen(service_file, "w")); + ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" + "auth required %s/.libs/%s.so conffile=%s/%s\n" + "account required %s/.libs/%s.so conffile=%s/%s\n" + "password required %s/.libs/%s.so conffile=%s/%s\n" + "session required %s/.libs/%s.so conffile=%s/%s\n", + cwd, MODULE_NAME, cwd, missing_file, + cwd, MODULE_NAME, cwd, missing_file, + cwd, MODULE_NAME, cwd, missing_file, + cwd, MODULE_NAME, cwd, missing_file)); + ASSERT_EQ(0, fclose(fp)); + + ASSERT_EQ(PAM_SUCCESS, + pam_start_confdir(service_file, "", &conv, ".", &pamh)); + ASSERT_NE(NULL, pamh); + ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); + ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); + ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); + ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); + ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, 0)); + ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0)); + ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); + pamh = NULL; + + /* + * When conffile= specifies a missing file, all methods except + * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. + * pam_permit is added after pam_env to convert PAM_IGNORE to PAM_SUCCESS. + */ + ASSERT_NE(NULL, fp = fopen(service_file, "w")); + ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" + "auth required %s/.libs/%s.so conffile=%s/%s\n" + "auth required %s/../pam_permit/.libs/pam_permit.so\n" + "account required %s/.libs/%s.so conffile=%s/%s\n" + "account required %s/../pam_permit/.libs/pam_permit.so\n" + "password required %s/.libs/%s.so conffile=%s/%s\n" + "password required %s/../pam_permit/.libs/pam_permit.so\n" + "session required %s/.libs/%s.so conffile=%s/%s\n" + "session required %s/../pam_permit/.libs/pam_permit.so\n", + cwd, MODULE_NAME, cwd, missing_file, cwd, + cwd, MODULE_NAME, cwd, missing_file, cwd, + cwd, MODULE_NAME, cwd, missing_file, cwd, + cwd, MODULE_NAME, cwd, missing_file, cwd)); + ASSERT_EQ(0, fclose(fp)); + + ASSERT_EQ(PAM_SUCCESS, + pam_start_confdir(service_file, "", &conv, ".", &pamh)); + ASSERT_NE(NULL, pamh); + ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); + ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); + ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); + ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); + ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); + ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); + ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); + pamh = NULL; + + /* + * conffile= specifies an existing file, + * envfile= specifies an empty file. + */ + ASSERT_NE(NULL, fp = fopen(service_file, "w")); + ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" + "session required %s/.libs/%s.so" + " conffile=%s/%s envfile=%s\n", + cwd, MODULE_NAME, + cwd, my_conf, "/dev/null")); + ASSERT_EQ(0, fclose(fp)); + + const char *env1[] = { "EDITOR=vim", "PAGER=more", NULL }; + check_env(env1); + + /* + * conffile= specifies an empty file, + * envfile= specifies an existing file. + */ + ASSERT_NE(NULL, fp = fopen(service_file, "w")); + ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" + "session required %s/.libs/%s.so" + " conffile=%s envfile=%s/%s\n", + cwd, MODULE_NAME, + "/dev/null", cwd, my_env)); + ASSERT_EQ(0, fclose(fp)); + + const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; + check_env(env2); + +#if defined (USE_ECONF) && defined (VENDORDIR) + + /* envfile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ + ASSERT_NE(NULL, fp = fopen(service_file, "w")); + ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" + "session required %s/.libs/%s.so" + " conffile=%s envfile=%s/%s/\n", + cwd, MODULE_NAME, + "/dev/null", + cwd, dir)); + ASSERT_EQ(0, fclose(fp)); + + const char *env3[] = {"usr_etc_test=foo", "usr_etc_test2=bar", NULL}; + check_env(env3); + + /* conffile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ + ASSERT_NE(NULL, fp = fopen(service_file, "w")); + ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" + "session required %s/.libs/%s.so" + " conffile=%s/%s/ envfile=%s\n", + cwd, MODULE_NAME, + cwd, dir, + "/dev/null")); + ASSERT_EQ(0, fclose(fp)); + + const char *env4[] = {"PAGER=emacs", "MANPAGER=less", NULL}; + check_env(env4); + +#endif + + /* cleanup */ + cleanup(); + ASSERT_EQ(0, unlink(service_file)); + + return 0; +} -- 2.51.1 From 7c469f81fb56fa55a4ec82c47ef8e3305813665aba80424f3a52c450efd2ee26 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 13 Oct 2022 11:58:41 +0000 Subject: [PATCH 181/226] Accepting request 1010229 from home:schubi2 - pam_env: Using libeconf for reading configuration and environment files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) OBS-URL: https://build.opensuse.org/request/show/1010229 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=265 --- pam.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index 8a618ee..d39faf6 100644 --- a/pam.changes +++ b/pam.changes @@ -2,7 +2,7 @@ Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert - pam_env: Using libeconf for reading configuration and environment - files. + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) ------------------------------------------------------------------- Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk -- 2.51.1 From f8d6ec4fd6c84501558310b904d432bdca8229e471f7f9eb5d3c490600488ea4 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 23 Nov 2022 12:21:53 +0000 Subject: [PATCH 182/226] Accepting request 1037574 from home:kukuk:tiu - Move pam_env config files below /usr/etc OBS-URL: https://build.opensuse.org/request/show/1037574 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=266 --- pam.changes | 5 +++++ pam.spec | 7 ++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index d39faf6..db5f842 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + ------------------------------------------------------------------- Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert diff --git a/pam.spec b/pam.spec index 070c148..a09aebc 100644 --- a/pam.spec +++ b/pam.spec @@ -260,7 +260,8 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf mkdir -p %{buildroot}%{_distconfdir}/security -mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf} %{buildroot}%{_distconfdir}/security/ +mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf} %{buildroot}%{_distconfdir}/security/ +mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment # Remove manual pages for main package %if !%{build_doc} @@ -330,12 +331,12 @@ done %{_pam_vendordir}/other %{_pam_vendordir}/common-* %endif -%config(noreplace) %{_sysconfdir}/environment +%{_distconfdir}/environment %config(noreplace) %{_pam_secconfdir}/access.conf %{_distconfdir}/security/group.conf %{_distconfdir}/security/faillock.conf %{_distconfdir}/security/limits.conf -%config(noreplace) %{_pam_secconfdir}/pam_env.conf +%{_distconfdir}/security/pam_env.conf %if %{enable_selinux} %config(noreplace) %{_pam_secconfdir}/sepermit.conf %endif -- 2.51.1 From 5aa4f5ad816c85902f9a9fbe3640b9878993f675a6236ae68ffb5c3503074ae0 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 8 Dec 2022 14:52:25 +0000 Subject: [PATCH 183/226] Accepting request 1041655 from home:kukuk:tiu - pam_pwhistory-docu.patch, docbook5.patch: convert docu to docbook5 - pam-git.diff: update to current git - obsoletes pam-hostnames-in-access_conf.patch - obsoletes tst-pam_env-retval.c - pam_env_econf.patch refresh OBS-URL: https://build.opensuse.org/request/show/1041655 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=267 --- docbook5.patch | 20423 +++++++++++++++++++++++++++ pam-git.diff | 4862 ++++++- pam-hostnames-in-access_conf.patch | 194 - pam.changes | 14 + pam.spec | 15 +- pam_env_econf.patch | 977 +- pam_pwhistory-docu.patch | 264 + tst-pam_env-retval.c | 259 - 8 files changed, 25579 insertions(+), 1429 deletions(-) create mode 100644 docbook5.patch delete mode 100644 pam-hostnames-in-access_conf.patch create mode 100644 pam_pwhistory-docu.patch delete mode 100644 tst-pam_env-retval.c diff --git a/docbook5.patch b/docbook5.patch new file mode 100644 index 0000000..3e23423 --- /dev/null +++ b/docbook5.patch @@ -0,0 +1,20423 @@ +From 681e88a5428904b478a37e65154d7cf0ba1a9eb5 Mon Sep 17 00:00:00 2001 +From: Stefan Schubert +Date: Tue, 25 Oct 2022 16:29:41 +0200 +Subject: [PATCH] doc: Update PAM documentation from DockBook 4 to DocBook 5 + +Changed files +-------------- + +Make.xml.rules.in: +- Using RNG file instead of DTD file for checking XML files. +- Taking the correct stylesheet for README files. + +doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am: +- Using RNG file instead of DTD file for checking XML files. + +configure.ac: +- Added a new option for selecting RNG check file (-enable-docbook-rng) +- Switching stylesheets to docbook 5 +- Checking DocBook 5 environment instead of DocBook 4 environment + +*.xml: +Update from DockBook 4 to DocBook 5 +--- + Make.xml.rules.in | 10 +- + ci/install-dependencies.sh | 4 +- + configure.ac | 33 ++- + doc/adg/Linux-PAM_ADG.xml | 199 +++++++-------- + doc/adg/Makefile.am | 6 +- + doc/adg/pam_acct_mgmt.xml | 20 +- + doc/adg/pam_authenticate.xml | 20 +- + doc/adg/pam_chauthtok.xml | 20 +- + doc/adg/pam_close_session.xml | 20 +- + doc/adg/pam_conv.xml | 20 +- + doc/adg/pam_end.xml | 20 +- + doc/adg/pam_fail_delay.xml | 20 +- + doc/adg/pam_get_item.xml | 20 +- + doc/adg/pam_getenv.xml | 20 +- + doc/adg/pam_getenvlist.xml | 20 +- + doc/adg/pam_misc_conv.xml | 15 +- + doc/adg/pam_misc_drop_env.xml | 15 +- + doc/adg/pam_misc_paste_env.xml | 15 +- + doc/adg/pam_misc_setenv.xml | 15 +- + doc/adg/pam_open_session.xml | 20 +- + doc/adg/pam_putenv.xml | 20 +- + doc/adg/pam_set_item.xml | 20 +- + doc/adg/pam_setcred.xml | 20 +- + doc/adg/pam_start.xml | 20 +- + doc/adg/pam_strerror.xml | 20 +- + doc/man/misc_conv.3.xml | 35 ++- + doc/man/pam.3.xml | 40 ++- + doc/man/pam.8.xml | 85 ++++--- + doc/man/pam.conf-desc.xml | 7 +- + doc/man/pam.conf-dir.xml | 9 +- + doc/man/pam.conf-syntax.xml | 12 +- + doc/man/pam.conf.5.xml | 28 +-- + doc/man/pam_acct_mgmt.3.xml | 20 +- + doc/man/pam_authenticate.3.xml | 20 +- + doc/man/pam_chauthtok.3.xml | 20 +- + doc/man/pam_close_session.3.xml | 21 +- + doc/man/pam_conv.3.xml | 20 +- + doc/man/pam_end.3.xml | 21 +- + doc/man/pam_error.3.xml | 23 +- + doc/man/pam_fail_delay.3.xml | 27 +-- + doc/man/pam_get_authtok.3.xml | 33 ++- + doc/man/pam_get_data.3.xml | 21 +- + doc/man/pam_get_item.3.xml | 33 +-- + doc/man/pam_get_user.3.xml | 21 +- + doc/man/pam_getenv.3.xml | 20 +- + doc/man/pam_getenvlist.3.xml | 20 +- + doc/man/pam_info.3.xml | 23 +- + doc/man/pam_item_types_ext.inc.xml | 5 +- + doc/man/pam_item_types_std.inc.xml | 5 +- + doc/man/pam_misc_drop_env.3.xml | 21 +- + doc/man/pam_misc_paste_env.3.xml | 21 +- + doc/man/pam_misc_setenv.3.xml | 21 +- + doc/man/pam_open_session.3.xml | 21 +- + doc/man/pam_prompt.3.xml | 23 +- + doc/man/pam_putenv.3.xml | 20 +- + doc/man/pam_set_data.3.xml | 21 +- + doc/man/pam_set_item.3.xml | 33 +-- + doc/man/pam_setcred.3.xml | 21 +- + doc/man/pam_sm_acct_mgmt.3.xml | 22 +- + doc/man/pam_sm_authenticate.3.xml | 22 +- + doc/man/pam_sm_chauthtok.3.xml | 30 ++- + doc/man/pam_sm_close_session.3.xml | 22 +- + doc/man/pam_sm_open_session.3.xml | 22 +- + doc/man/pam_sm_setcred.3.xml | 24 +- + doc/man/pam_start.3.xml | 21 +- + doc/man/pam_strerror.3.xml | 21 +- + doc/man/pam_syslog.3.xml | 21 +- + doc/man/pam_xauth_data.3.xml | 21 +- + doc/mwg/Linux-PAM_MWG.xml | 178 ++++++-------- + doc/mwg/Makefile.am | 6 +- + doc/mwg/pam_conv.xml | 20 +- + doc/mwg/pam_fail_delay.xml | 20 +- + doc/mwg/pam_get_data.xml | 20 +- + doc/mwg/pam_get_item.xml | 20 +- + doc/mwg/pam_get_user.xml | 20 +- + doc/mwg/pam_getenv.xml | 20 +- + doc/mwg/pam_getenvlist.xml | 20 +- + doc/mwg/pam_putenv.xml | 20 +- + doc/mwg/pam_set_data.xml | 20 +- + doc/mwg/pam_set_item.xml | 20 +- + doc/mwg/pam_sm_acct_mgmt.xml | 20 +- + doc/mwg/pam_sm_authenticate.xml | 20 +- + doc/mwg/pam_sm_chauthtok.xml | 20 +- + doc/mwg/pam_sm_close_session.xml | 20 +- + doc/mwg/pam_sm_open_session.xml | 20 +- + doc/mwg/pam_sm_setcred.xml | 20 +- + doc/mwg/pam_strerror.xml | 20 +- + doc/sag/Linux-PAM_SAG.xml | 229 +++++++----------- + doc/sag/Makefile.am | 7 +- + doc/sag/pam_access.xml | 52 ++-- + doc/sag/pam_debug.xml | 42 ++-- + doc/sag/pam_deny.xml | 42 ++-- + doc/sag/pam_echo.xml | 42 ++-- + doc/sag/pam_env.xml | 52 ++-- + doc/sag/pam_exec.xml | 42 ++-- + doc/sag/pam_faildelay.xml | 42 ++-- + doc/sag/pam_faillock.xml | 47 ++-- + doc/sag/pam_filter.xml | 42 ++-- + doc/sag/pam_ftp.xml | 42 ++-- + doc/sag/pam_group.xml | 52 ++-- + doc/sag/pam_issue.xml | 42 ++-- + doc/sag/pam_keyinit.xml | 42 ++-- + doc/sag/pam_lastlog.xml | 42 ++-- + doc/sag/pam_limits.xml | 52 ++-- + doc/sag/pam_listfile.xml | 42 ++-- + doc/sag/pam_localuser.xml | 42 ++-- + doc/sag/pam_loginuid.xml | 42 ++-- + doc/sag/pam_mail.xml | 42 ++-- + doc/sag/pam_mkhomedir.xml | 42 ++-- + doc/sag/pam_motd.xml | 42 ++-- + doc/sag/pam_namespace.xml | 52 ++-- + doc/sag/pam_nologin.xml | 42 ++-- + doc/sag/pam_permit.xml | 42 ++-- + doc/sag/pam_pwhistory.xml | 47 ++-- + doc/sag/pam_rhosts.xml | 42 ++-- + doc/sag/pam_rootok.xml | 42 ++-- + doc/sag/pam_securetty.xml | 42 ++-- + doc/sag/pam_selinux.xml | 42 ++-- + doc/sag/pam_sepermit.xml | 47 ++-- + doc/sag/pam_setquota.xml | 42 ++-- + doc/sag/pam_shells.xml | 42 ++-- + doc/sag/pam_succeed_if.xml | 42 ++-- + doc/sag/pam_time.xml | 52 ++-- + doc/sag/pam_timestamp.xml | 52 ++-- + doc/sag/pam_tty_audit.xml | 47 ++-- + doc/sag/pam_umask.xml | 42 ++-- + doc/sag/pam_unix.xml | 42 ++-- + doc/sag/pam_userdb.xml | 42 ++-- + doc/sag/pam_warn.xml | 42 ++-- + doc/sag/pam_wheel.xml | 42 ++-- + doc/sag/pam_xauth.xml | 42 ++-- + examples/.gitignore | 2 +- + modules/pam_access/README.xml | 32 +-- + modules/pam_access/access.conf.5.xml | 20 +- + modules/pam_access/pam_access.8.xml | 63 +++-- + modules/pam_debug/README.xml | 32 +-- + modules/pam_debug/pam_debug.8.xml | 61 +++-- + modules/pam_deny/README.xml | 29 +-- + modules/pam_deny/pam_deny.8.xml | 29 +-- + modules/pam_echo/README.xml | 29 +-- + modules/pam_echo/pam_echo.8.xml | 45 ++-- + modules/pam_env/README.xml | 34 +-- + modules/pam_env/pam_env.8.xml | 59 +++-- + modules/pam_env/pam_env.conf.5.xml | 19 +- + modules/pam_exec/README.xml | 32 +-- + modules/pam_exec/pam_exec.8.xml | 65 +++-- + modules/pam_faildelay/README.xml | 32 +-- + modules/pam_faildelay/pam_faildelay.8.xml | 37 ++- + modules/pam_faillock/README.xml | 35 +-- + modules/pam_faillock/faillock.8.xml | 41 ++-- + modules/pam_faillock/faillock.conf.5.xml | 53 ++-- + modules/pam_faillock/pam_faillock.8.xml | 74 +++--- + modules/pam_filter/README.xml | 32 +-- + modules/pam_filter/pam_filter.8.xml | 51 ++-- + modules/pam_ftp/README.xml | 32 +-- + modules/pam_ftp/pam_ftp.8.xml | 41 ++-- + modules/pam_group/README.xml | 29 +-- + modules/pam_group/group.conf.5.xml | 19 +- + modules/pam_group/pam_group.8.xml | 31 ++- + modules/pam_issue/README.xml | 32 +-- + modules/pam_issue/pam_issue.8.xml | 63 +++-- + modules/pam_keyinit/README.xml | 32 +-- + modules/pam_keyinit/pam_keyinit.8.xml | 47 ++-- + modules/pam_lastlog/README.xml | 32 +-- + modules/pam_lastlog/pam_lastlog.8.xml | 77 +++--- + modules/pam_limits/README.xml | 32 +-- + modules/pam_limits/limits.conf.5.xml | 111 ++++----- + modules/pam_limits/pam_limits.8.xml | 55 ++--- + modules/pam_listfile/README.xml | 32 +-- + modules/pam_listfile/pam_listfile.8.xml | 53 ++-- + modules/pam_localuser/README.xml | 32 +-- + modules/pam_localuser/pam_localuser.8.xml | 41 ++-- + modules/pam_loginuid/README.xml | 29 +-- + modules/pam_loginuid/pam_loginuid.8.xml | 33 ++- + modules/pam_mail/README.xml | 32 +-- + modules/pam_mail/pam_mail.8.xml | 73 +++--- + modules/pam_mkhomedir/README.xml | 29 +-- + modules/pam_mkhomedir/mkhomedir_helper.8.xml | 29 +-- + modules/pam_mkhomedir/pam_mkhomedir.8.xml | 49 ++-- + modules/pam_motd/README.xml | 32 +-- + modules/pam_motd/pam_motd.8.xml | 41 ++-- + modules/pam_namespace/README.xml | 37 +-- + modules/pam_namespace/namespace.conf.5.xml | 19 +- + modules/pam_namespace/pam_namespace.8.xml | 87 ++++--- + .../pam_namespace/pam_namespace_helper.8.xml | 21 +- + modules/pam_nologin/README.xml | 35 +-- + modules/pam_nologin/pam_nologin.8.xml | 39 ++- + modules/pam_permit/README.xml | 32 +-- + modules/pam_permit/pam_permit.8.xml | 29 +-- + modules/pam_pwhistory/README.xml | 32 +-- + modules/pam_pwhistory/pam_pwhistory.8.xml | 65 +++-- + modules/pam_pwhistory/pwhistory.conf.5.xml | 39 ++- + modules/pam_pwhistory/pwhistory_helper.8.xml | 23 +- + modules/pam_rhosts/README.xml | 32 +-- + modules/pam_rhosts/pam_rhosts.8.xml | 35 ++- + modules/pam_rootok/README.xml | 32 +-- + modules/pam_rootok/pam_rootok.8.xml | 35 ++- + modules/pam_securetty/README.xml | 32 +-- + modules/pam_securetty/pam_securetty.8.xml | 41 ++-- + modules/pam_selinux/README.xml | 32 +-- + modules/pam_selinux/pam_selinux.8.xml | 65 +++-- + modules/pam_sepermit/README.xml | 32 +-- + modules/pam_sepermit/pam_sepermit.8.xml | 41 ++-- + modules/pam_sepermit/sepermit.conf.5.xml | 29 +-- + modules/pam_setquota/README.xml | 32 +-- + modules/pam_setquota/pam_setquota.8.xml | 64 +++-- + modules/pam_shells/README.xml | 32 +-- + modules/pam_shells/pam_shells.8.xml | 29 +-- + modules/pam_stress/README.xml | 26 +- + modules/pam_stress/pam_stress.8.xml | 71 +++--- + modules/pam_succeed_if/README.xml | 32 +-- + modules/pam_succeed_if/pam_succeed_if.8.xml | 78 +++--- + modules/pam_time/README.xml | 29 +-- + modules/pam_time/pam_time.8.xml | 45 ++-- + modules/pam_time/time.conf.5.xml | 23 +- + modules/pam_timestamp/README.xml | 35 +-- + modules/pam_timestamp/pam_timestamp.8.xml | 53 ++-- + .../pam_timestamp/pam_timestamp_check.8.xml | 45 ++-- + modules/pam_tty_audit/README.xml | 30 +-- + modules/pam_tty_audit/pam_tty_audit.8.xml | 47 ++-- + modules/pam_umask/README.xml | 32 +-- + modules/pam_umask/pam_umask.8.xml | 51 ++-- + modules/pam_unix/README.xml | 32 +-- + modules/pam_unix/pam_unix.8.xml | 89 ++++--- + modules/pam_unix/unix_chkpwd.8.xml | 23 +- + modules/pam_unix/unix_update.8.xml | 23 +- + modules/pam_userdb/README.xml | 32 +-- + modules/pam_userdb/pam_userdb.8.xml | 67 +++-- + modules/pam_usertype/README.xml | 32 +-- + modules/pam_usertype/pam_usertype.8.xml | 42 ++-- + modules/pam_warn/README.xml | 32 +-- + modules/pam_warn/pam_warn.8.xml | 31 ++- + modules/pam_wheel/README.xml | 32 +-- + modules/pam_wheel/pam_wheel.8.xml | 59 +++-- + modules/pam_xauth/README.xml | 35 +-- + modules/pam_xauth/pam_xauth.8.xml | 65 +++-- + 236 files changed, 3398 insertions(+), 5101 deletions(-) + +diff --git a/Make.xml.rules.in b/Make.xml.rules.in +index 27bb510ec..98beb9ed7 100644 +--- a/Make.xml.rules.in ++++ b/Make.xml.rules.in +@@ -5,22 +5,22 @@ + README: $(XMLS) + + README: README.xml +- $(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-html.xsl $< | $(BROWSER) > $(srcdir)/$@ ++ $(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" @STRINGPARAM_VENDORDIR@ --nonet $(TXT_STYLESHEET) $< | $(BROWSER) > $(srcdir)/$@ + + %.1: %.1.xml +- $(XMLLINT) --nonet --xinclude --postvalid --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< + $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< + + %.3: %.3.xml +- $(XMLLINT) --nonet --xinclude --postvalid --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< + $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< + + %.5: %.5.xml +- $(XMLLINT) --nonet --xinclude --postvalid --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< + $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< + + %.8: %.8.xml +- $(XMLLINT) --nonet --xinclude --postvalid --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< + $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ @STRINGPARAM_HMAC@ --nonet $(top_srcdir)/doc/custom-man.xsl $< + + #CLEANFILES += $(man_MANS) README +diff --git a/configure.ac b/configure.ac +index 2f74d1b49..84cda219d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -243,26 +243,35 @@ if test x"$enable_debug" = x"yes" ; then + [lots of stuff gets written to /var/run/pam-debug.log]) + fi + ++AC_ARG_ENABLE(docbook_rng, ++ AS_HELP_STRING([--enable-docbook-rng=FILE],[RNG file for checking XML files @<:@default=http://docbook.org/xml/5.0/rng/docbookxi.rng@:>@]), ++ DOCBOOK_RNG=$enableval, DOCBOOK_RNG=http://docbook.org/xml/5.0/rng/docbookxi.rng) ++AC_SUBST(DOCBOOK_RNG) ++ + AC_ARG_ENABLE(html_stylesheet, +- AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl@:>@]), +- HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl) ++ AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/html/chunk.xsl@:>@]), ++ HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/html/chunk.xsl) + AC_SUBST(HTML_STYLESHEET) + + AC_ARG_ENABLE(txt_stylesheet, +- AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl@:>@]), +- TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl) ++ AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/html/docbook.xsl@:>@]), ++ TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/html/docbook.xsl) ++ ++ + AC_SUBST(TXT_STYLESHEET) + # It has to be TXT_STYLESHEET otherwise a html tree will be generated while generating all README files. + sed "s+HTML_STYLESHEET+$TXT_STYLESHEET+g" doc/custom-html.xsl + + AC_ARG_ENABLE(pdf_stylesheet, +- AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl@:>@]), +- PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl) ++ AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/fo/docbook.xsl@:>@]), ++ PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/fo/docbook.xsl) + AC_SUBST(PDF_STYLESHEET) + + AC_ARG_ENABLE(man_stylesheet, +- AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl@:>@]), +- MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl) ++ AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/manpages/profile-docbook.xsl@:>@]), ++ MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/manpages/profile-docbook.xsl) ++ ++ + AC_SUBST(MAN_STYLESHEET) + sed "s+MAN_STYLESHEET+$MAN_STYLESHEET+g" doc/custom-man.xsl + +@@ -605,10 +614,10 @@ if test -z "$XSLTPROC"; then + enable_docu=no + fi + AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true]) +-dnl check for DocBook DTD and stylesheets in the local catalog. +-JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN], +- [DocBook XML DTD V4.4], [], enable_docu=no) +-JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], ++dnl check for DocBook RNG and stylesheets in the local catalog. ++JH_CHECK_XML_CATALOG([http://docbook.org/xml/5.0/rng/docbookxi.rng], ++ [DocBook XML RNG V5.0], [], enable_docu=no) ++JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl-ns/current/manpages/docbook.xsl], + [DocBook XSL Stylesheets], [], enable_docu=no) + + AC_PATH_PROG([BROWSER], [w3m]) +diff --git a/doc/adg/Linux-PAM_ADG.xml b/doc/adg/Linux-PAM_ADG.xml +index 79452e17d..169e15cf1 100644 +--- a/doc/adg/Linux-PAM_ADG.xml ++++ b/doc/adg/Linux-PAM_ADG.xml +@@ -1,50 +1,39 @@ +- +- +- +- ++ ++ + The Linux-PAM Application Developers' Guide + +- +- Andrew G. +- Morgan +- morgan@kernel.org +- +- +- Thorsten +- Kukuk +- kukuk@thkukuk.de +- ++ Andrew G.Morganmorgan@kernel.org ++ ThorstenKukukkukuk@thkukuk.de + + Version 1.1.2, 31. August 2010 + + + This manual documents what an application developer needs to know +- about the Linux-PAM library. It ++ about the Linux-PAM library. It + describes how an application might use the +- Linux-PAM library to authenticate ++ Linux-PAM library to authenticate + users. In addition it contains a description of the functions + to be found in libpam_misc library, that can + be used in general applications. Finally, it contains some comments + on PAM related security issues for the application developer. + + +- ++ + +- ++ + Introduction +-
++
+ Description + +- Linux-PAM ++ Linux-PAM + (Pluggable Authentication Modules for Linux) is a library that enables + the local system administrator to choose how individual applications + authenticate users. For an overview of the +- Linux-PAM library see the ++ Linux-PAM library see the + Linux-PAM System Administrators' Guide. + + +- It is the purpose of the Linux-PAM ++ It is the purpose of the Linux-PAM + project to liberate the development of privilege granting software + from the development of secure and appropriate authentication schemes. + This is accomplished by providing a documented library of functions +@@ -64,11 +53,11 @@ + +
+ +-
++
+ Synopsis + + For general applications that wish to use the services provided by +- Linux-PAM the following is a summary ++ Linux-PAM the following is a summary + of the relevant linking information: + + #include <security/pam_appl.h> +@@ -92,7 +81,7 @@ cc -o application .... -lpam -lpam_misc +
+ + +- ++ + Overview + + Most service-giving applications are restricted. In other words, +@@ -108,7 +97,7 @@ cc -o application .... -lpam -lpam_misc + authentication-token (password changing) management services. It is + important to realize when writing a PAM based application that these + services are provided in a manner that is +- transparent to the application. That is ++ transparent to the application. That is + to say, when the application is written, no assumptions can be made + about how the client will be authenticated. + +@@ -206,74 +195,58 @@ cc -o application .... -lpam -lpam_misc + + + +- ++ + +- The public interface to <emphasis remap='B'>Linux-PAM</emphasis> ++ The public interface to <emphasis remap="B">Linux-PAM</emphasis> + + + Firstly, the relevant include file for the +- Linux-PAM library is ++ Linux-PAM library is + <security/pam_appl.h>. + It contains the definitions for a number of functions. After + listing these functions, we collect some guiding remarks for + programmers. + +-
++
+ What can be expected by the application +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +
+-
++
+ What is expected of an application +- ++ +
+-
++
+ Programming notes + + Note, all of the authentication service function calls accept the +- token PAM_SILENT, which instructs ++ token PAM_SILENT, which instructs + the modules to not send messages to the application. This token + can be logically OR'd with any one of the permitted tokens specific + to the individual function calls. +- PAM_SILENT does not override the ++ PAM_SILENT does not override the + prompting of the user for passwords etc., it only stops informative + messages from being generated. + +
+ + +- ++ + +- Security issues of <emphasis remap='B'>Linux-PAM</emphasis> ++ Security issues of <emphasis remap="B">Linux-PAM</emphasis> + + + PAM, from the perspective of an application, is a convenient API for +@@ -284,19 +257,19 @@ cc -o application .... -lpam -lpam_misc + + + A poorly (or maliciously) written application can defeat any +- Linux-PAM module's authentication ++ Linux-PAM module's authentication + mechanisms by simply ignoring it's return values. It is the + applications task and responsibility to grant privileges and access +- to services. The Linux-PAM library ++ to services. The Linux-PAM library + simply assumes the responsibility of authenticating + the user; ascertaining that the user is who they + say they are. Care should be taken to anticipate all of the documented +- behavior of the Linux-PAM library ++ behavior of the Linux-PAM library + functions. A failure to do this will most certainly lead to a future + security breach. + + +-
++
+ Care about standard library calls + + In general, writers of authorization-granting applications should +@@ -308,9 +281,9 @@ cc -o application .... -lpam -lpam_misc + function is likely to corrupt a pointer previously + obtained by the application. The application programmer should + either re-call such a 'libc' function after a call to the +- Linux-PAM library, or copy the ++ Linux-PAM library, or copy the + structure contents to some safe area of memory before passing +- control to the Linux-PAM library. ++ control to the Linux-PAM library. + + + Two important function classes that fall into this category are +@@ -322,12 +295,12 @@ cc -o application .... -lpam -lpam_misc + +
+ +-
++
+ Choice of a service name + + When picking the service-name that + corresponds to the first entry in the +- Linux-PAM configuration file, ++ Linux-PAM configuration file, + the application programmer should avoid + the temptation of choosing something related to + argv[0]. It is a trivial matter for any user +@@ -352,11 +325,11 @@ cc -o application .... -lpam -lpam_misc + and then run ./preferred_name. + + +- By studying the Linux-PAM ++ By studying the Linux-PAM + configuration file(s), an attacker can choose the + preferred_name to be that of a service enjoying + minimal protection; for example a game which uses +- Linux-PAM to restrict access to ++ Linux-PAM to restrict access to + certain hours of the day. If the service-name were to be linked + to the filename under which the service was invoked, it + is clear that the user is effectively in the position of +@@ -370,7 +343,7 @@ cc -o application .... -lpam -lpam_misc + +
+ +-
++
+ The conversation function + + Care should be taken to ensure that the conv() +@@ -380,10 +353,10 @@ cc -o application .... -lpam -lpam_misc + +
+ +-
++
+ The identity of the user + +- The Linux-PAM modules will need ++ The Linux-PAM modules will need + to determine the identity of the user who requests a service, + and the identity of the user who grants the service. These two + users will seldom be the same. Indeed there is generally a third +@@ -444,7 +417,7 @@ cc -o application .... -lpam -lpam_misc + +
+ +-
++
+ Sufficient resources + + Care should be taken to ensure that the proper execution of an +@@ -465,7 +438,7 @@ cc -o application .... -lpam -lpam_misc +
+ + +- ++ + A library of miscellaneous helper functions + + To aid the work of the application developer a library of +@@ -479,24 +452,20 @@ cc -o application .... -lpam -lpam_misc + library can be defined by including + <security/pam_misc.h>. It should be + noted that this library is specific to +- Linux-PAM and is not referred to in ++ Linux-PAM and is not referred to in + the defining DCE-RFC (see See also) + below. + +-
++
+ Functions supplied +- +- +- +- ++ ++ ++ ++ +
+ + +- ++ + Porting legacy applications + + The point of PAM is that the application is not supposed to +@@ -545,7 +514,7 @@ cc -o application .... -lpam -lpam_misc + + + +- ++ + Glossary of PAM related terms + + The following are a list of terms used within this document. +@@ -585,17 +554,17 @@ cc -o application .... -lpam -lpam_misc + + + +- ++ + An example application + +- To get a flavor of the way a Linux-PAM ++ To get a flavor of the way a Linux-PAM + application is written we include the following example. It prompts + the user for their password and indicates whether their account + is valid on the standard output, its return code also indicates + the success (0 for success; + 1 for failure). + +- + /* + This program was contributed by Shane Watts + [modifications by AGM and kukuk] +@@ -607,9 +576,9 @@ cc -o application .... -lpam -lpam_misc + account required pam_unix.so + */ + +-#include +-#include +-#include ++#include <security/pam_appl.h> ++#include <security/pam_misc.h> ++#include <stdio.h> + + static struct pam_conv conv = { + misc_conv, +@@ -626,12 +595,12 @@ int main(int argc, char *argv[]) + user = argv[1]; + } + +- if(argc > 2) { ++ if(argc > 2) { + fprintf(stderr, "Usage: check_user [username]\n"); + exit(1); + } + +- retval = pam_start("check_user", user, &conv, &pamh); ++ retval = pam_start("check_user", user, &conv, &pamh); + + if (retval == PAM_SUCCESS) + retval = pam_authenticate(pamh, 0); /* is user really user? */ +@@ -655,24 +624,24 @@ int main(int argc, char *argv[]) + + return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ + } +-]]> ++ + + + +- ++ + Files + + +- /usr/include/security/pam_appl.h ++ /usr/include/security/pam_appl.h + + + Header file with interfaces for +- Linux-PAM applications. ++ Linux-PAM applications. + + + + +- /usr/include/security/pam_misc.h ++ /usr/include/security/pam_misc.h + + + Header file for useful library functions for making +@@ -683,7 +652,7 @@ int main(int argc, char *argv[]) + + + +- ++ + See also + + +@@ -706,7 +675,7 @@ int main(int argc, char *argv[]) + + + +- ++ + Author/acknowledgments + + This document was written by Andrew G. Morgan (morgan@kernel.org) +@@ -726,14 +695,14 @@ int main(int argc, char *argv[]) + + Thanks are also due to Sun Microsystems, especially to Vipin Samar and + Charlie Lai for their advice. At an early stage in the development of +- Linux-PAM, Sun graciously made the ++ Linux-PAM, Sun graciously made the + documentation for their implementation of PAM available. This act + greatly accelerated the development of +- Linux-PAM. ++ Linux-PAM. + + + +- ++ + Copyright information for this document + + Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> +@@ -777,4 +746,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + + +- ++ +\ No newline at end of file +diff --git a/doc/adg/Makefile.am b/doc/adg/Makefile.am +index b795b1a46..77abdb717 100644 +--- a/doc/adg/Makefile.am ++++ b/doc/adg/Makefile.am +@@ -16,7 +16,7 @@ all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf + + Linux-PAM_ADG.pdf: $(XMLS) $(DEP_XMLS) + if ENABLE_GENERATE_PDF +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam generate.toc "book toc" \ + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ +@@ -28,7 +28,7 @@ else + endif + + Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam generate.toc "book toc" \ + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ +@@ -37,7 +37,7 @@ Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) + + html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) + @test -d html || mkdir -p html +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam base.dir html/ \ + --stringparam root.filename Linux-PAM_ADG \ + --stringparam use.id.as.filename 1 \ +diff --git a/doc/adg/pam_acct_mgmt.xml b/doc/adg/pam_acct_mgmt.xml +index 6a3a37d2c..afcf2f2f1 100644 +--- a/doc/adg/pam_acct_mgmt.xml ++++ b/doc/adg/pam_acct_mgmt.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Account validation management + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_authenticate.xml b/doc/adg/pam_authenticate.xml +index 2ca9b540b..aa36c6870 100644 +--- a/doc/adg/pam_authenticate.xml ++++ b/doc/adg/pam_authenticate.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Authenticating the user + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_chauthtok.xml b/doc/adg/pam_chauthtok.xml +index 1c613da7a..e6815dde6 100644 +--- a/doc/adg/pam_chauthtok.xml ++++ b/doc/adg/pam_chauthtok.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Updating authentication tokens + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_close_session.xml b/doc/adg/pam_close_session.xml +index 4b93fc3a5..ed83d7a1c 100644 +--- a/doc/adg/pam_close_session.xml ++++ b/doc/adg/pam_close_session.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ terminating PAM session management + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_conv.xml b/doc/adg/pam_conv.xml +index 01b751277..b2ba876e8 100644 +--- a/doc/adg/pam_conv.xml ++++ b/doc/adg/pam_conv.xml +@@ -1,11 +1,7 @@ +- +- +-
++
+ The conversation function + +- ++ + + + struct pam_message { +@@ -24,12 +20,10 @@ struct pam_conv { + void *appdata_ptr; + }; + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_end.xml b/doc/adg/pam_end.xml +index efa328bec..5e7192550 100644 +--- a/doc/adg/pam_end.xml ++++ b/doc/adg/pam_end.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Termination of PAM transaction + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_fail_delay.xml b/doc/adg/pam_fail_delay.xml +index 589e1148b..d602a1f79 100644 +--- a/doc/adg/pam_fail_delay.xml ++++ b/doc/adg/pam_fail_delay.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Request a delay on failure + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_get_item.xml b/doc/adg/pam_get_item.xml +index f23c734b8..d12cb17d7 100644 +--- a/doc/adg/pam_get_item.xml ++++ b/doc/adg/pam_get_item.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Getting PAM items + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_getenv.xml b/doc/adg/pam_getenv.xml +index 61d69c33c..f7b483ed9 100644 +--- a/doc/adg/pam_getenv.xml ++++ b/doc/adg/pam_getenv.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Get a PAM environment variable + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_getenvlist.xml b/doc/adg/pam_getenvlist.xml +index d3c2fcd35..4433c04d6 100644 +--- a/doc/adg/pam_getenvlist.xml ++++ b/doc/adg/pam_getenvlist.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Getting the PAM environment + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_misc_conv.xml b/doc/adg/pam_misc_conv.xml +index 2dc760cc3..4f54e11a4 100644 +--- a/doc/adg/pam_misc_conv.xml ++++ b/doc/adg/pam_misc_conv.xml +@@ -1,14 +1,9 @@ +- +- +-
++
+ Text based conversation function + +- ++ + +-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_misc_drop_env.xml b/doc/adg/pam_misc_drop_env.xml +index 956d48156..cacb770e0 100644 +--- a/doc/adg/pam_misc_drop_env.xml ++++ b/doc/adg/pam_misc_drop_env.xml +@@ -1,14 +1,9 @@ +- +- +-
++
+ Liberating a locally saved environment + +- ++ + +-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_misc_paste_env.xml b/doc/adg/pam_misc_paste_env.xml +index c6d3856bc..8ab2440ab 100644 +--- a/doc/adg/pam_misc_paste_env.xml ++++ b/doc/adg/pam_misc_paste_env.xml +@@ -1,14 +1,9 @@ +- +- +-
++
+ Transcribing an environment to that of PAM + +- ++ + +-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_misc_setenv.xml b/doc/adg/pam_misc_setenv.xml +index 3b1a32e44..7e8c489b6 100644 +--- a/doc/adg/pam_misc_setenv.xml ++++ b/doc/adg/pam_misc_setenv.xml +@@ -1,14 +1,9 @@ +- +- +-
++
+ BSD like PAM environment variable setting + +- ++ + +-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_open_session.xml b/doc/adg/pam_open_session.xml +index ba738a552..10afa755f 100644 +--- a/doc/adg/pam_open_session.xml ++++ b/doc/adg/pam_open_session.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Start PAM session management + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_putenv.xml b/doc/adg/pam_putenv.xml +index e55f1a42f..6378a15b2 100644 +--- a/doc/adg/pam_putenv.xml ++++ b/doc/adg/pam_putenv.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Set or change PAM environment variable + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_set_item.xml b/doc/adg/pam_set_item.xml +index 411693874..efc4292b1 100644 +--- a/doc/adg/pam_set_item.xml ++++ b/doc/adg/pam_set_item.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Setting PAM items + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_setcred.xml b/doc/adg/pam_setcred.xml +index 1d3d23cdd..488028cd9 100644 +--- a/doc/adg/pam_setcred.xml ++++ b/doc/adg/pam_setcred.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Setting user credentials + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_start.xml b/doc/adg/pam_start.xml +index e5ec84818..c7ee4494a 100644 +--- a/doc/adg/pam_start.xml ++++ b/doc/adg/pam_start.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Initialization of PAM transaction + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/adg/pam_strerror.xml b/doc/adg/pam_strerror.xml +index 35b08a274..e4e1c56af 100644 +--- a/doc/adg/pam_strerror.xml ++++ b/doc/adg/pam_strerror.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Strings describing PAM error codes + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/man/misc_conv.3.xml b/doc/man/misc_conv.3.xml +index d902ba838..92d4acd19 100644 +--- a/doc/man/misc_conv.3.xml ++++ b/doc/man/misc_conv.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + misc_conv + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + misc_conv + text based conversation function + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_misc.h> + + int misc_conv +@@ -30,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The misc_conv function is part of +@@ -50,7 +47,7 @@ + + + +- time_t pam_misc_conv_warn_time; ++ time_t pam_misc_conv_warn_time; + + + This variable contains the time (as +@@ -67,7 +64,7 @@ + + + +- const char *pam_misc_conv_warn_line; ++ const char *pam_misc_conv_warn_line; + + + Used in conjunction with +@@ -83,7 +80,7 @@ + + + +- time_t pam_misc_conv_die_time; ++ time_t pam_misc_conv_die_time; + + + This variable contains the time (as +@@ -100,7 +97,7 @@ + + + +- const char *pam_misc_conv_die_line; ++ const char *pam_misc_conv_die_line; + + + Used in conjunction with +@@ -116,7 +113,7 @@ + + + +- int pam_misc_conv_died; ++ int pam_misc_conv_died; + + + Following a return from the Linux-PAM +@@ -136,7 +133,7 @@ + + + +- int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); ++ int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); + + + +@@ -151,7 +148,7 @@ + + + +- int (*pam_binary_handler_free)(void *appdata, pamc_bp_t *delete_me); ++ int (*pam_binary_handler_free)(void *appdata, pamc_bp_t *delete_me); + + + +@@ -164,7 +161,7 @@ + + + +- ++ + SEE ALSO + + +@@ -176,7 +173,7 @@ + + + +- ++ + STANDARDS + + The misc_conv function is part of the +@@ -185,4 +182,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam.3.xml b/doc/man/pam.3.xml +index 0b1efccf4..4b8280160 100644 +--- a/doc/man/pam.3.xml ++++ b/doc/man/pam.3.xml +@@ -1,20 +1,18 @@ +- +- +- ++ + + + pam + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam + Pluggable Authentication Modules Library + + +- ++ + + #include <security/pam_appl.h> + #include <security/pam_modules.h> +@@ -22,10 +20,10 @@ + + + +- ++ + DESCRIPTION + +- PAM is a system of libraries ++ PAM is a system of libraries + that handle the authentication tasks of applications (services) + on the system. The library provides a stable general interface + (Application Programming Interface - API) that privilege granting +@@ -38,7 +36,7 @@ + defer to to perform standard authentication tasks. + + +- ++ + Initialization and Cleanup + + The +@@ -64,7 +62,7 @@ + + + +- ++ + Authentication + + The +@@ -85,7 +83,7 @@ + + + +- ++ + Account Management + + The +@@ -98,7 +96,7 @@ + + + +- ++ + Password Management + + The +@@ -109,7 +107,7 @@ + + + +- ++ + Session Management + + The +@@ -124,7 +122,7 @@ + + + +- ++ + Conversation + + The PAM library uses an application-defined callback to allow +@@ -141,7 +139,7 @@ + + + +- ++ + Data Objects + + The +@@ -176,7 +174,7 @@ + + + +- ++ + Environment and Error Management + + The +@@ -202,7 +200,7 @@ + + + +- ++ + RETURN VALUES + + The following return codes are known by PAM: +@@ -389,7 +387,7 @@ + + + +- SEE ALSO ++ SEE ALSO + + + pam_acct_mgmt3 +@@ -430,10 +428,10 @@ + + + +- NOTES ++ NOTES + + The libpam interfaces are only thread-safe if each + thread within the multithreaded application uses its own PAM handle. + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml +index 8eef665a0..20cd19d9c 100644 +--- a/doc/man/pam.8.xml ++++ b/doc/man/pam.8.xml +@@ -1,32 +1,29 @@ +- +- +- +- ++ + + + pam + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + PAM + pam + Pluggable Authentication Modules for Linux + + +- ++ + DESCRIPTION + + This manual is intended to offer a quick introduction to +- Linux-PAM. For more information ++ Linux-PAM. For more information + the reader is directed to the +- Linux-PAM system administrators' guide. ++ Linux-PAM system administrators' guide. + + + +- Linux-PAM is a system of libraries ++ Linux-PAM is a system of libraries + that handle the authentication tasks of applications (services) on + the system. The library provides a stable general interface + (Application Programming Interface - API) that privilege granting +@@ -43,12 +40,12 @@ + system administrator is free to choose how individual + service-providing applications will authenticate users. This dynamic + configuration is set by the contents of the single +- Linux-PAM configuration file ++ Linux-PAM configuration file + /etc/pam.conf. Alternatively, the configuration + can be set by individual configuration files located in the + /etc/pam.d/ directory. The presence of this +- directory will cause Linux-PAM to +- ignore /etc/pam.conf. ++ directory will cause Linux-PAM to ++ ignore /etc/pam.conf. + + + +@@ -64,26 +61,26 @@ + From the point of view of the system administrator, for whom this + manual is provided, it is not of primary importance to understand the + internal behavior of the +-Linux-PAM ++Linux-PAM + library. The important point to recognize is that the configuration + file(s) +-define ++define + the connection between applications +-(services) ++(services) + and the pluggable authentication modules +-(PAMs) ++(PAMs) + that perform the actual authentication tasks. + + +-Linux-PAM ++Linux-PAM + separates the tasks of +-authentication ++authentication + into four independent management groups: +-account management; +-authentication management; +-password management; ++account management; ++authentication management; ++password management; + and +-session management. ++session management. + (We highlight the abbreviations used for these groups in the + configuration file.) + +@@ -92,12 +89,12 @@ configuration file.) + user's request for a restricted service: + + +-account - ++account - + provide account verification types of service: has the user's password + expired?; is this user permitted access to the requested service? + + +-authentication - ++authentication - + authenticate a user and set up user credentials. Typically this is via + some challenge-response request that the user must satisfy: if you are + who you claim to be please enter your password. Not all authentications +@@ -105,64 +102,64 @@ are of this type, there exist hardware based authentication schemes + (such as the use of smart-cards and biometric devices), with suitable + modules, these may be substituted seamlessly for more standard + approaches to authentication - such is the flexibility of +-Linux-PAM. ++Linux-PAM. + + +-password - ++password - + this group's responsibility is the task of updating authentication + mechanisms. Typically, such services are strongly coupled to those of + the +-auth ++auth + group. Some authentication mechanisms lend themselves well to being + updated with such a function. Standard UN*X password-based access is + the obvious example: please enter a replacement password. + + +-session - ++session - + this group of tasks cover things that should be done prior to a + service being given and after it is withdrawn. Such tasks include the + maintenance of audit trails and the mounting of the user's home + directory. The +-session ++session + management group is important as it provides both an opening and + closing hook for modules to affect the services available to a user. + + + +- ++ + FILES + + +- /etc/pam.conf ++ /etc/pam.conf + + the configuration file + + + +- /etc/pam.d ++ /etc/pam.d + + +- the Linux-PAM configuration ++ the Linux-PAM configuration + directory. Generally, if this directory is present, the + /etc/pam.conf file is ignored. + + + + +- /usr/lib/pam.d ++ /usr/lib/pam.d + + +- the Linux-PAM vendor configuration ++ the Linux-PAM vendor configuration + directory. Files in /etc/pam.d override + files with the same name in this directory. + + + + +- %vendordir%/pam.d ++ %vendordir%/pam.d + + +- the Linux-PAM vendor configuration ++ the Linux-PAM vendor configuration + directory. Files in /etc/pam.d and + /usr/lib/pam.d override files with the same + name in this directory. +@@ -172,18 +169,18 @@ closing hook for modules to affect the services available to a user. + + + +- ++ + ERRORS + + Typically errors generated by the +- Linux-PAM system of libraries, will ++ Linux-PAM system of libraries, will + be written to + syslog3 + . + + + +- ++ + CONFORMING TO + + DCE-RFC 86.0, October 1995. +@@ -192,7 +189,7 @@ closing hook for modules to affect the services available to a user. + + + +- ++ + SEE ALSO + + +@@ -212,4 +209,4 @@ closing hook for modules to affect the services available to a user. + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam.conf-desc.xml b/doc/man/pam.conf-desc.xml +index 909dcdbef..5dca89fe2 100644 +--- a/doc/man/pam.conf-desc.xml ++++ b/doc/man/pam.conf-desc.xml +@@ -1,7 +1,4 @@ +- +- +-
++
+ + When a PAM aware privilege granting application + is started, it activates its attachment to the PAM-API. This +@@ -18,4 +15,4 @@ + behavior of the PAM-API in the event that individual + PAMs fail. + +-
++
+\ No newline at end of file +diff --git a/doc/man/pam.conf-dir.xml b/doc/man/pam.conf-dir.xml +index 8446cf353..8272337b5 100644 +--- a/doc/man/pam.conf-dir.xml ++++ b/doc/man/pam.conf-dir.xml +@@ -1,7 +1,4 @@ +- +- +-
++
+ + More flexible than the single configuration file is it to + configure libpam via the contents of the +@@ -25,6 +22,6 @@ type control module-path module-arguments + The only difference being that the service-name is not present. The + service-name is of course the name of the given configuration file. + For example, /etc/pam.d/login contains the +- configuration for the login service. ++ configuration for the login service. + +-
++
+\ No newline at end of file +diff --git a/doc/man/pam.conf-syntax.xml b/doc/man/pam.conf-syntax.xml +index 5112f9301..c7d900811 100644 +--- a/doc/man/pam.conf-syntax.xml ++++ b/doc/man/pam.conf-syntax.xml +@@ -1,8 +1,4 @@ +- +- +- +-
++
+ + The syntax of the /etc/pam.conf + configuration file is as follows. The file is made up of a list +@@ -18,7 +14,7 @@ + + + +- service type control module-path module-arguments ++ service type control module-path module-arguments + + + +@@ -411,7 +407,7 @@ + should use `\]'. In other words: + + +- [..[..\]..] --> ..[..].. ++ [..[..\]..] --> ..[..].. + + + +@@ -424,4 +420,4 @@ + . + + +-
++
+\ No newline at end of file +diff --git a/doc/man/pam.conf.5.xml b/doc/man/pam.conf.5.xml +index 68f576afc..62a2b4108 100644 +--- a/doc/man/pam.conf.5.xml ++++ b/doc/man/pam.conf.5.xml +@@ -1,15 +1,13 @@ +- +- +- ++ + + + pam.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam.conf + pam.d + PAM configuration files +@@ -17,22 +15,16 @@ + + + +- ++ + DESCRIPTION +- ++ + +- ++ + +- ++ + + +- ++ + SEE ALSO + + +@@ -47,4 +39,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_acct_mgmt.3.xml b/doc/man/pam_acct_mgmt.3.xml +index 59760d7fc..de6a94aba 100644 +--- a/doc/man/pam_acct_mgmt.3.xml ++++ b/doc/man/pam_acct_mgmt.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_acct_mgmt + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_acct_mgmt + PAM account validation management + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_acct_mgmt +@@ -27,7 +25,7 @@ + + + +- ++ + DESCRIPTION + + The pam_acct_mgmt function is used to determine +@@ -62,7 +60,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -122,7 +120,7 @@ + + + +- ++ + SEE ALSO + + +@@ -142,4 +140,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_authenticate.3.xml b/doc/man/pam_authenticate.3.xml +index c2004eb4a..794a5c711 100644 +--- a/doc/man/pam_authenticate.3.xml ++++ b/doc/man/pam_authenticate.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_authenticate + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_authenticate + account authentication + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_authenticate +@@ -27,7 +25,7 @@ + + + +- ++ + DESCRIPTION + + The pam_authenticate function is used to +@@ -77,7 +75,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -146,7 +144,7 @@ + + + +- ++ + SEE ALSO + + +@@ -166,4 +164,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml +index f42bc68fb..e184f45fc 100644 +--- a/doc/man/pam_chauthtok.3.xml ++++ b/doc/man/pam_chauthtok.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_chauthtok + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_chauthtok + updating authentication tokens + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_chauthtok +@@ -27,7 +25,7 @@ + + + +- ++ + DESCRIPTION + + The pam_chauthtok function is used to change the +@@ -64,7 +62,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -138,7 +136,7 @@ + + + +- ++ + SEE ALSO + + +@@ -161,4 +159,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_close_session.3.xml b/doc/man/pam_close_session.3.xml +index db549bdae..e1c74ebd4 100644 +--- a/doc/man/pam_close_session.3.xml ++++ b/doc/man/pam_close_session.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_close_session + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_close_session + terminate PAM session management + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_close_session +@@ -29,7 +26,7 @@ + + + +- ++ + DESCRIPTION + + The pam_close_session function is used +@@ -63,7 +60,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -101,7 +98,7 @@ + + + +- ++ + SEE ALSO + + +@@ -112,4 +109,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_conv.3.xml b/doc/man/pam_conv.3.xml +index 5106ddf7b..31834f3c9 100644 +--- a/doc/man/pam_conv.3.xml ++++ b/doc/man/pam_conv.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_conv + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_conv + PAM conversation function + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + +@@ -38,7 +36,7 @@ struct pam_conv { + + + +- ++ + DESCRIPTION + + The PAM library uses an application-defined callback to allow +@@ -174,7 +172,7 @@ struct pam_conv { + + + +- ++ + RETURN VALUES + + +@@ -205,7 +203,7 @@ struct pam_conv { + + + +- ++ + SEE ALSO + + +@@ -225,4 +223,4 @@ struct pam_conv { + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_end.3.xml b/doc/man/pam_end.3.xml +index 5febf85ad..b2584e732 100644 +--- a/doc/man/pam_end.3.xml ++++ b/doc/man/pam_end.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_end + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_end + termination of PAM transaction + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_end +@@ -29,7 +26,7 @@ + + + +- ++ + DESCRIPTION + + The pam_end function terminates the PAM +@@ -79,7 +76,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -102,7 +99,7 @@ + + + +- ++ + SEE ALSO + + +@@ -119,4 +116,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_error.3.xml b/doc/man/pam_error.3.xml +index de167f2c3..0f294c228 100644 +--- a/doc/man/pam_error.3.xml ++++ b/doc/man/pam_error.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_error + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_error + pam_verror + display error messages to the user +@@ -18,7 +15,7 @@ + + + +- ++ + + #include <security/pam_ext.h> + +@@ -36,7 +33,7 @@ + + + +- ++ + DESCRIPTION + + The pam_error function prints error messages +@@ -51,7 +48,7 @@ + variable argument list macros. + + +- ++ + RETURN VALUES + + +@@ -89,7 +86,7 @@ + + + +- ++ + SEE ALSO + + +@@ -110,7 +107,7 @@ + + + +- ++ + STANDARDS + + The pam_error and pam_verror +@@ -118,4 +115,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_fail_delay.3.xml b/doc/man/pam_fail_delay.3.xml +index 53c1f89e8..c400736a5 100644 +--- a/doc/man/pam_fail_delay.3.xml ++++ b/doc/man/pam_fail_delay.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_fail_delay + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_fail_delay + request a delay on failure + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_fail_delay +@@ -28,7 +25,7 @@ + + + +- ++ + DESCRIPTION + + The pam_fail_delay function provides a +@@ -105,7 +102,7 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); + + + +- ++ + RATIONALE + + It is often possible to attack an authentication scheme by exploiting +@@ -129,7 +126,7 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); + + + +- ++ + EXAMPLE + + For example, a login application may require a failure delay of +@@ -161,7 +158,7 @@ module #2: pam_fail_delay (pamh, 4000000); + + + +- ++ + RETURN VALUES + + +@@ -183,7 +180,7 @@ module #2: pam_fail_delay (pamh, 4000000); + + + +- ++ + SEE ALSO + + +@@ -198,7 +195,7 @@ module #2: pam_fail_delay (pamh, 4000000); + + + +- ++ + STANDARDS + + The pam_fail_delay function is an +@@ -206,4 +203,4 @@ module #2: pam_fail_delay (pamh, 4000000); + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_get_authtok.3.xml b/doc/man/pam_get_authtok.3.xml +index 5d50b1684..ba6d955e9 100644 +--- a/doc/man/pam_get_authtok.3.xml ++++ b/doc/man/pam_get_authtok.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_get_authtok + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_get_authtok + pam_get_authtok_verify + pam_get_authtok_noverify +@@ -19,7 +16,7 @@ + + + +- ++ + + #include <security/pam_ext.h> + +@@ -44,7 +41,7 @@ + + + +- ++ + DESCRIPTION + + The pam_get_authtok function returns the +@@ -119,7 +116,7 @@ + + + +- ++ + OPTIONS + + pam_get_authtok honours the following module +@@ -128,7 +125,7 @@ + + + +- ++ try_first_pass + + + +@@ -140,7 +137,7 @@ + + + +- ++ use_first_pass + + + +@@ -153,7 +150,7 @@ + + + +- ++ use_authtok + + + +@@ -166,7 +163,7 @@ + + + +- ++ authtok_type=XXX + + + +@@ -182,7 +179,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -228,7 +225,7 @@ + + + +- ++ + SEE ALSO + + +@@ -237,7 +234,7 @@ + + + +- ++ + STANDARDS + + The pam_get_authtok function is a Linux-PAM +@@ -245,4 +242,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_get_data.3.xml b/doc/man/pam_get_data.3.xml +index e84e5a4c9..1e71cf3b1 100644 +--- a/doc/man/pam_get_data.3.xml ++++ b/doc/man/pam_get_data.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_get_data + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_get_data + + get module internal data +@@ -22,7 +19,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_get_data +@@ -35,7 +32,7 @@ + + + +- ++ + DESCRIPTION + + This function together with the +@@ -58,7 +55,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -90,7 +87,7 @@ + + + +- ++ + SEE ALSO + + +@@ -105,4 +102,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_get_item.3.xml b/doc/man/pam_get_item.3.xml +index 1145273c3..c30a279fa 100644 +--- a/doc/man/pam_get_item.3.xml ++++ b/doc/man/pam_get_item.3.xml +@@ -1,22 +1,13 @@ +- +- +- +---> +-]> +- +- ++ + + + pam_get_item + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_get_item + + getting PAM information +@@ -28,7 +19,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_get_item +@@ -41,7 +32,7 @@ + + + +- ++ + DESCRIPTION + + The pam_get_item function allows applications +@@ -55,16 +46,14 @@ + item_type: + + +- ++ + + + The following additional items are specific to Linux-PAM and should not be used in + portable applications: + + +- ++ + + + If a service module wishes to obtain the name of the user, +@@ -80,7 +69,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -128,7 +117,7 @@ + + + +- ++ + SEE ALSO + + +@@ -140,4 +129,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_get_user.3.xml b/doc/man/pam_get_user.3.xml +index 8bb176e49..121b3aa76 100644 +--- a/doc/man/pam_get_user.3.xml ++++ b/doc/man/pam_get_user.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_get_user + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_get_user + + get user name +@@ -22,7 +19,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_get_user +@@ -35,7 +32,7 @@ + + + +- ++ + DESCRIPTION + + The pam_get_user function returns the +@@ -87,7 +84,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -143,7 +140,7 @@ + + + +- ++ + SEE ALSO + + +@@ -161,4 +158,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml +index 7e8db015b..df25863b3 100644 +--- a/doc/man/pam_getenv.3.xml ++++ b/doc/man/pam_getenv.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_getenv + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_getenv + get a PAM environment variable + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + const char *pam_getenv +@@ -27,7 +25,7 @@ + + + +- ++ + DESCRIPTION + + The pam_getenv function searches the +@@ -39,7 +37,7 @@ + + + +- ++ + RETURN VALUES + + The pam_getenv function returns NULL +@@ -47,7 +45,7 @@ + + + +- ++ + SEE ALSO + + +@@ -64,4 +62,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_getenvlist.3.xml b/doc/man/pam_getenvlist.3.xml +index 1c29b737d..54b1f411f 100644 +--- a/doc/man/pam_getenvlist.3.xml ++++ b/doc/man/pam_getenvlist.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_getenvlist + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_getenvlist + getting the PAM environment + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + char **pam_getenvlist +@@ -26,7 +24,7 @@ + + + +- ++ + DESCRIPTION + + The pam_getenvlist function returns a complete +@@ -57,7 +55,7 @@ + + + +- ++ + RETURN VALUES + + The pam_getenvlist function returns NULL +@@ -65,7 +63,7 @@ + + + +- ++ + SEE ALSO + + +@@ -82,4 +80,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_info.3.xml b/doc/man/pam_info.3.xml +index 88e671c7b..5155d4190 100644 +--- a/doc/man/pam_info.3.xml ++++ b/doc/man/pam_info.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_info + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_info + pam_vinfo + display messages to the user +@@ -18,7 +15,7 @@ + + + +- ++ + + #include <security/pam_ext.h> + +@@ -36,7 +33,7 @@ + + + +- ++ + DESCRIPTION + + The pam_info function prints messages +@@ -51,7 +48,7 @@ + variable argument list macros. + + +- ++ + RETURN VALUES + + +@@ -89,7 +86,7 @@ + + + +- ++ + SEE ALSO + + +@@ -98,7 +95,7 @@ + + + +- ++ + STANDARDS + + The pam_info and pam_vinfo +@@ -106,4 +103,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_item_types_ext.inc.xml b/doc/man/pam_item_types_ext.inc.xml +index d36a5bd1d..a5fee9c26 100644 +--- a/doc/man/pam_item_types_ext.inc.xml ++++ b/doc/man/pam_item_types_ext.inc.xml +@@ -1,6 +1,5 @@ + +- +- ++ + + PAM_FAIL_DELAY + +@@ -58,4 +57,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_item_types_std.inc.xml b/doc/man/pam_item_types_std.inc.xml +index 81f240b05..9b229486d 100644 +--- a/doc/man/pam_item_types_std.inc.xml ++++ b/doc/man/pam_item_types_std.inc.xml +@@ -1,6 +1,5 @@ + +- +- ++ + + PAM_SERVICE + +@@ -135,4 +134,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_misc_drop_env.3.xml b/doc/man/pam_misc_drop_env.3.xml +index 1941f5899..a7f6cc80e 100644 +--- a/doc/man/pam_misc_drop_env.3.xml ++++ b/doc/man/pam_misc_drop_env.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_misc_drop_env + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_misc_drop_env + liberating a locally saved environment + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_misc.h> + + int pam_misc_drop_env +@@ -27,7 +24,7 @@ + + + +- ++ + DESCRIPTION + + This function is defined to complement the +@@ -39,7 +36,7 @@ + + + +- ++ + SEE ALSO + + +@@ -51,7 +48,7 @@ + + + +- ++ + STANDARDS + + The pam_misc_drop_env function is part of the +@@ -60,4 +57,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_misc_paste_env.3.xml b/doc/man/pam_misc_paste_env.3.xml +index d9a282c0b..06194a9d9 100644 +--- a/doc/man/pam_misc_paste_env.3.xml ++++ b/doc/man/pam_misc_paste_env.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_misc_paste_env + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_misc_paste_env + transcribing an environment to that of PAM + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_misc.h> + + int pam_misc_paste_env +@@ -28,7 +25,7 @@ + + + +- ++ + DESCRIPTION + + This function takes the supplied list of environment pointers and +@@ -37,7 +34,7 @@ + + + +- ++ + SEE ALSO + + +@@ -49,7 +46,7 @@ + + + +- ++ + STANDARDS + + The pam_misc_paste_env function is part of the +@@ -58,4 +55,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_misc_setenv.3.xml b/doc/man/pam_misc_setenv.3.xml +index 7e61a8dd5..4414d54db 100644 +--- a/doc/man/pam_misc_setenv.3.xml ++++ b/doc/man/pam_misc_setenv.3.xml +@@ -1,15 +1,12 @@ +- +- +- +- ++ + + + pam_misc_setenv + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + +- ++ + pam_misc_setenv + BSD like PAM environment variable setting + +@@ -17,7 +14,7 @@ + + + +- ++ + #include <security/pam_misc.h> + + int pam_misc_setenv +@@ -29,7 +26,7 @@ + + + +- ++ + DESCRIPTION + + This function performs a task equivalent to +@@ -44,7 +41,7 @@ + + + +- ++ + SEE ALSO + + +@@ -56,7 +53,7 @@ + + + +- ++ + STANDARDS + + The pam_misc_setenv function is part of the +@@ -65,4 +62,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_open_session.3.xml b/doc/man/pam_open_session.3.xml +index eba0bc016..d37b3e595 100644 +--- a/doc/man/pam_open_session.3.xml ++++ b/doc/man/pam_open_session.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_open_session + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_open_session + start PAM session management + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_open_session +@@ -29,7 +26,7 @@ + + + +- ++ + DESCRIPTION + + The pam_open_session function sets up a +@@ -63,7 +60,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -101,7 +98,7 @@ + + + +- ++ + SEE ALSO + + +@@ -112,4 +109,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml +index bf0c9bf6b..c65a0c90a 100644 +--- a/doc/man/pam_prompt.3.xml ++++ b/doc/man/pam_prompt.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_prompt + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_prompt + pam_vprompt + interface to conversation function +@@ -18,7 +15,7 @@ + + + +- ++ + + #include <security/pam_ext.h> + +@@ -40,7 +37,7 @@ + + + +- ++ + DESCRIPTION + + The pam_prompt function constructs a message +@@ -52,7 +49,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -91,7 +88,7 @@ + + + +- ++ + SEE ALSO + + +@@ -103,7 +100,7 @@ + + + +- ++ + STANDARDS + + The pam_prompt and pam_vprompt +@@ -111,4 +108,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_putenv.3.xml b/doc/man/pam_putenv.3.xml +index 2d4afbc51..7267046f8 100644 +--- a/doc/man/pam_putenv.3.xml ++++ b/doc/man/pam_putenv.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_putenv + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_putenv + set or change PAM environment variable + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_putenv +@@ -27,7 +25,7 @@ + + + +- ++ + DESCRIPTION + + The pam_putenv function is used to +@@ -83,7 +81,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -129,7 +127,7 @@ + + + +- ++ + SEE ALSO + + +@@ -149,4 +147,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_set_data.3.xml b/doc/man/pam_set_data.3.xml +index c20068c64..2bcfeb0b7 100644 +--- a/doc/man/pam_set_data.3.xml ++++ b/doc/man/pam_set_data.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_set_data + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_set_data + + set module internal data +@@ -22,7 +19,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_set_data +@@ -36,7 +33,7 @@ + + + +- ++ + DESCRIPTION + + The pam_set_data function associates a pointer +@@ -123,7 +120,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -154,7 +151,7 @@ + + + +- ++ + SEE ALSO + + +@@ -169,4 +166,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_set_item.3.xml b/doc/man/pam_set_item.3.xml +index 30ab92b90..1dbaeebfd 100644 +--- a/doc/man/pam_set_item.3.xml ++++ b/doc/man/pam_set_item.3.xml +@@ -1,22 +1,13 @@ +- +- +- +---> +-]> +- +- ++ + + + pam_set_item + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_set_item + + set and update PAM information +@@ -28,7 +19,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_set_item +@@ -41,7 +32,7 @@ + + + +- ++ + DESCRIPTION + + The pam_set_item function allows applications +@@ -52,16 +43,14 @@ + supported: + + +- ++ + + + The following additional items are specific to Linux-PAM and should not be used in + portable applications: + + +- ++ + + + For all item_types, other than PAM_CONV and +@@ -81,7 +70,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -121,7 +110,7 @@ + + + +- ++ + SEE ALSO + + +@@ -133,4 +122,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_setcred.3.xml b/doc/man/pam_setcred.3.xml +index 629224824..09fe30d16 100644 +--- a/doc/man/pam_setcred.3.xml ++++ b/doc/man/pam_setcred.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_setcred + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_setcred + + establish / delete user credentials +@@ -19,7 +16,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_setcred +@@ -30,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The pam_setcred function is used to establish, +@@ -95,7 +92,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -160,7 +157,7 @@ + + + +- ++ + SEE ALSO + + +@@ -177,4 +174,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml +index b37dc3069..822a338ad 100644 +--- a/doc/man/pam_sm_acct_mgmt.3.xml ++++ b/doc/man/pam_sm_acct_mgmt.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_sm_acct_mgmt + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_sm_acct_mgmt + PAM service function for account management + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_sm_acct_mgmt +@@ -29,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The pam_sm_acct_mgmt function is the service +@@ -64,7 +62,7 @@ + PAM_DISALLOW_NULL_AUTHTOK + + +- Return PAM_AUTH_ERR if the ++ Return PAM_AUTH_ERR if the + database of authentication tokens for this authentication + mechanism has a NULL entry for the user. + +@@ -73,7 +71,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -131,7 +129,7 @@ + + + +- ++ + SEE ALSO + + +@@ -151,4 +149,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml +index ef3a8f150..ec3de2fdf 100644 +--- a/doc/man/pam_sm_authenticate.3.xml ++++ b/doc/man/pam_sm_authenticate.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_sm_authenticate + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_sm_authenticate + PAM service function for user authentication + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_sm_authenticate +@@ -29,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The pam_sm_authenticate function is the service +@@ -58,7 +56,7 @@ + PAM_DISALLOW_NULL_AUTHTOK + + +- Return PAM_AUTH_ERR if the ++ Return PAM_AUTH_ERR if the + database of authentication tokens for this authentication + mechanism has a NULL entry for the user. + Without this flag, such a NULL token +@@ -69,7 +67,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -128,7 +126,7 @@ + + + +- ++ + SEE ALSO + + +@@ -148,4 +146,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml +index 25e17d020..692bc620d 100644 +--- a/doc/man/pam_sm_chauthtok.3.xml ++++ b/doc/man/pam_sm_chauthtok.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_sm_chauthtok + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_sm_chauthtok + PAM service function for authentication token management + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_sm_chauthtok +@@ -29,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The pam_sm_chauthtok function is the service +@@ -77,7 +75,7 @@ + some network it should attempt to verify it can connect to + this system on receiving this flag. If a module cannot establish + it is ready to update the user's authentication token it should +- return PAM_TRY_AGAIN, this ++ return PAM_TRY_AGAIN, this + information will be passed back to the application. + + +@@ -93,7 +91,7 @@ + + This informs the module that this is the call it should change + the authorization tokens. If the flag is logically OR'd with +- PAM_CHANGE_EXPIRED_AUTHTOK, the ++ PAM_CHANGE_EXPIRED_AUTHTOK, the + token is only changed if it has actually expired. + + +@@ -101,15 +99,15 @@ + + + The PAM library calls this function twice in succession. The first +- time with PAM_PRELIM_CHECK and then, ++ time with PAM_PRELIM_CHECK and then, + if the module does not return +- PAM_TRY_AGAIN, subsequently with +- PAM_UPDATE_AUTHTOK. It is only on ++ PAM_TRY_AGAIN, subsequently with ++ PAM_UPDATE_AUTHTOK. It is only on + the second call that the authorization token is (possibly) changed. + + + +- ++ + RETURN VALUES + + +@@ -181,7 +179,7 @@ + + + +- ++ + SEE ALSO + + +@@ -201,4 +199,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml +index 6d8278ec7..e76693fd9 100644 +--- a/doc/man/pam_sm_close_session.3.xml ++++ b/doc/man/pam_sm_close_session.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_sm_close_session + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_sm_close_session + PAM service function to terminate session management + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_sm_close_session +@@ -29,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The pam_sm_close_session function is the service +@@ -40,7 +38,7 @@ + + + This function is called to terminate a session. The only valid +- value for flags is zero or: ++ value for flags is zero or: + + + +@@ -54,7 +52,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -76,7 +74,7 @@ + + + +- ++ + SEE ALSO + + +@@ -96,4 +94,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml +index ead7ca770..392225a4a 100644 +--- a/doc/man/pam_sm_open_session.3.xml ++++ b/doc/man/pam_sm_open_session.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_sm_open_session + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_sm_open_session + PAM service function to start session management + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_sm_open_session +@@ -29,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The pam_sm_open_session function is the service +@@ -40,7 +38,7 @@ + + + This function is called to commence a session. The only valid +- value for flags is zero or: ++ value for flags is zero or: + + + +@@ -54,7 +52,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -76,7 +74,7 @@ + + + +- ++ + SEE ALSO + + +@@ -96,4 +94,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml +index bb04a2df3..93a69e3e3 100644 +--- a/doc/man/pam_sm_setcred.3.xml ++++ b/doc/man/pam_sm_setcred.3.xml +@@ -1,14 +1,12 @@ +- +- +- ++ + + pam_sm_setcred + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_sm_setcred + PAM service function to alter credentials + +@@ -16,7 +14,7 @@ + + + +- ++ + #include <security/pam_modules.h> + + int pam_sm_setcred +@@ -29,7 +27,7 @@ + + + +- ++ + DESCRIPTION + + The pam_sm_setcred function is the service +@@ -92,7 +90,7 @@ + + + +- The way the auth stack is ++ The way the auth stack is + navigated in order to evaluate the pam_setcred() + function call, independent of the pam_sm_setcred() + return codes, is exactly the same way that it was navigated when +@@ -102,11 +100,11 @@ + libpam evaluates the pam_setcred() function + call. Otherwise, the return codes from each module specific + pam_sm_setcred() call are treated as +- required. ++ required. + + + +- ++ + RETURN VALUES + + +@@ -158,7 +156,7 @@ + + + +- ++ + SEE ALSO + + +@@ -181,4 +179,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_start.3.xml b/doc/man/pam_start.3.xml +index 1d544e641..470c6cec1 100644 +--- a/doc/man/pam_start.3.xml ++++ b/doc/man/pam_start.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_start + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_start + pam_start_confdir + initialization of PAM transaction +@@ -19,7 +16,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + int pam_start +@@ -40,7 +37,7 @@ + + + +- ++ + DESCRIPTION + + The pam_start function creates the PAM context +@@ -108,7 +105,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -147,7 +144,7 @@ + + + +- ++ + SEE ALSO + + +@@ -164,4 +161,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_strerror.3.xml b/doc/man/pam_strerror.3.xml +index 954e131d5..b76cbc4d1 100644 +--- a/doc/man/pam_strerror.3.xml ++++ b/doc/man/pam_strerror.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_strerror + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_strerror + return string describing PAM error code + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + const char *pam_strerror +@@ -29,7 +26,7 @@ + + + +- ++ + DESCRIPTION + + The pam_strerror function returns a pointer to +@@ -40,14 +37,14 @@ + modify this string. + + +- ++ + RETURN VALUES + + This function returns always a pointer to a string. + + + +- ++ + SEE ALSO + + +@@ -55,4 +52,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_syslog.3.xml b/doc/man/pam_syslog.3.xml +index ca28587ef..f5be287fe 100644 +--- a/doc/man/pam_syslog.3.xml ++++ b/doc/man/pam_syslog.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_syslog + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_syslog + pam_vsyslog + send messages to the system logger +@@ -18,7 +15,7 @@ + + + +- ++ + + #include <syslog.h> + #include <security/pam_ext.h> +@@ -39,7 +36,7 @@ + + + +- ++ + DESCRIPTION + + The pam_syslog function logs messages using +@@ -62,7 +59,7 @@ + + + +- ++ + SEE ALSO + + +@@ -71,7 +68,7 @@ + + + +- ++ + STANDARDS + + The pam_syslog and pam_vsyslog +@@ -79,4 +76,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/doc/man/pam_xauth_data.3.xml b/doc/man/pam_xauth_data.3.xml +index 505985e49..447a9c2d4 100644 +--- a/doc/man/pam_xauth_data.3.xml ++++ b/doc/man/pam_xauth_data.3.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_xauth_data + 3 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_xauth_data + structure containing X authentication data + +@@ -18,7 +15,7 @@ + + + +- ++ + #include <security/pam_appl.h> + + +@@ -31,7 +28,7 @@ struct pam_xauth_data { + + + +- ++ + DESCRIPTION + + The pam_xauth_data structure contains X +@@ -70,7 +67,7 @@ struct pam_xauth_data { + + + +- ++ + SEE ALSO + + +@@ -82,7 +79,7 @@ struct pam_xauth_data { + + + +- ++ + STANDARDS + + The pam_xauth_data structure and +@@ -91,4 +88,4 @@ struct pam_xauth_data { + + + +- ++ +\ No newline at end of file +diff --git a/doc/mwg/Linux-PAM_MWG.xml b/doc/mwg/Linux-PAM_MWG.xml +index 3022538c0..046c3c480 100644 +--- a/doc/mwg/Linux-PAM_MWG.xml ++++ b/doc/mwg/Linux-PAM_MWG.xml +@@ -1,49 +1,38 @@ +- +- +- +- ++ ++ + The Linux-PAM Module Writers' Guide + +- +- Andrew G. +- Morgan +- morgan@kernel.org +- +- +- Thorsten +- Kukuk +- kukuk@thkukuk.de +- ++ Andrew G.Morganmorgan@kernel.org ++ ThorstenKukukkukuk@thkukuk.de + + Version 1.1.2, 31. August 2010 + + + This manual documents what a programmer needs to know in order + to write a module that conforms to the +- Linux-PAM standard.It also ++ Linux-PAM standard.It also + discusses some security issues from the point of view of the + module programmer. + + +- ++ + +- ++ + Introduction +-
++
+ Description + +- Linux-PAM (Pluggable Authentication ++ Linux-PAM (Pluggable Authentication + Modules for Linux) is a library that enables the local system + administrator to choose how individual applications authenticate + users. For an overview of the +- Linux-PAM library see the ++ Linux-PAM library see the + Linux-PAM System Administrators' Guide. + + +- A Linux-PAM module is a single ++ A Linux-PAM module is a single + executable binary file that can be loaded by the +- Linux-PAM interface library. ++ Linux-PAM interface library. + This PAM library is configured locally with a system file, + /etc/pam.conf, to authenticate a user + request via the locally available authentication modules. The +@@ -54,14 +43,14 @@ + + dlopen3 + . Alternatively, the modules can be statically +- linked into the Linux-PAM library; +- this is mostly to allow Linux-PAM to ++ linked into the Linux-PAM library; ++ this is mostly to allow Linux-PAM to + be used on platforms without dynamic linking available, but this is + a deprecated functionality. It is the +- Linux-PAM interface that is called ++ Linux-PAM interface that is called + by an application and it is the responsibility of the library to + locate, load and call the appropriate functions in a +- Linux-PAM-module. ++ Linux-PAM-module. + + + Except for the immediate purpose of interacting with the user +@@ -71,7 +60,7 @@ + +
+ +-
++
+ Synopsis + + #include <security/pam_modules.h> +@@ -82,63 +71,52 @@ gcc -shared -o pam_module.so pam_module.o -lpam +
+ + +- ++ + What can be expected by the module + + Here we list the interface that the conventions that all +- Linux-PAM modules must adhere to. ++ Linux-PAM modules must adhere to. + +-
++
+ + Getting and setting <emphasis>PAM_ITEM</emphasis>s and + <emphasis>data</emphasis> + + + First, we cover what the module should expect from the +- Linux-PAM library and a +- Linux-PAM aware application. ++ Linux-PAM library and a ++ Linux-PAM aware application. + Essentially this is the libpam.* library. + +- +- +- +- +- +- +- +- +- ++ ++ ++ ++ ++ ++ ++ ++ ++ +
+-
++
+ + Other functions provided by <filename>libpam</filename> + +- +- ++ ++ +
+ + +- ++ + What is expected of a module + + The module must supply a sub-set of the six functions listed + below. Together they define the function of a +- Linux-PAM module. Module developers ++ Linux-PAM module. Module developers + are strongly urged to read the comments on security that follow + this list. + +-
++
+ Overview + + The six module functions are grouped into four independent +@@ -149,7 +127,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + at least one of these groups. A single module may contain the + necessary functions for all four groups. + +-
++
+ Functional independence + + The independence of the four groups of service a module can +@@ -163,7 +141,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + As an informative example, consider the possibility that an + application applies to change a user's authentication token, + without having first requested that +- Linux-PAM authenticate the ++ Linux-PAM authenticate the + user. In some cases this may be deemed appropriate: when + root wants to change the authentication + token of some lesser user. In other cases it may not be +@@ -176,7 +154,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + this when implementing a given module. + +
+-
++
+ Minimizing administration problems + + To avoid system administration problems and the poor +@@ -189,7 +167,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + simply return PAM_IGNORE. + +
+-
++
+ Arguments supplied to the module + + The flags argument of each of +@@ -203,7 +181,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + arguments are taken from the line appropriate to this + module---that is, with the service_name + matching that of the application---in the configuration file +- (see the Linux-PAM ++ (see the Linux-PAM + System Administrators' Guide). Together these two parameters + provide the number of arguments and an array of pointers to + the individual argument tokens. This will be familiar to C +@@ -214,33 +192,27 @@ gcc -shared -o pam_module.so pam_module.o -lpam + +
+
+-
++
+ Authentication management +- +- ++ ++ +
+-
++
+ Account management +- ++ +
+-
++
+ Session management +- +- ++ ++ +
+-
++
+ Authentication token management +- ++ +
+ + +- ++ + Generic optional arguments + + Here we list the generic arguments that all modules can expect to +@@ -276,17 +248,17 @@ gcc -shared -o pam_module.so pam_module.o -lpam + + + +- ++ + Programming notes + + Here we collect some pointers for the module writer to bear in mind +- when writing/developing a Linux-PAM ++ when writing/developing a Linux-PAM + compatible module. + + +-
++
+ Security issues for module creation +-
++
+ Sufficient resources + + Care should be taken to ensure that the proper execution +@@ -299,7 +271,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + consideration. + +
+-
++
+ Who´s who? + + Generally, the module may wish to establish the identity of +@@ -349,13 +321,13 @@ gcc -shared -o pam_module.so pam_module.o -lpam + Z, the user under whose identity the service will be granted. + This is the username returned by + pam_get_user() and also stored in the +- Linux-PAM item, ++ Linux-PAM item, + PAM_USER. + + + + +- Linux-PAM has a place for ++ Linux-PAM has a place for + an additional user identity that a module may care to make + use of. This is the PAM_RUSER item. + Generally, network sensitive modules/applications may wish +@@ -369,10 +341,10 @@ gcc -shared -o pam_module.so pam_module.o -lpam + uid or euid of the + running process, it should take care to restore the original + values prior to returning control to the +- Linux-PAM library. ++ Linux-PAM library. + +
+-
++
+ Using the conversation function + + Prior to calling the conversation function, the module should +@@ -389,7 +361,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + indicating failure. + +
+-
++
+ Authentication tokens + + To ensure that the authentication tokens are not left lying +@@ -403,7 +375,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam + general rule the module should overwrite authentication tokens + as soon as they are no longer needed. Especially before + free()'ing them. The +- Linux-PAM library is ++ Linux-PAM library is + required to do this when either of these authentication + token items are (re)set. + +@@ -437,7 +409,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) + +
+
+-
++
+ Use of <citerefentry> + <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> +@@ -451,7 +423,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) + + syslog3 + with facility-type +- LOG_AUTHPRIV. ++ LOG_AUTHPRIV. + + + With a few exceptions, the level of logging is, at the discretion +@@ -501,7 +473,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) + + +
+-
++
+ Modules that require system libraries + + Writing a module is much like writing an application. You +@@ -526,16 +498,16 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) +
+ + +- ++ + An example module + + At some point, we may include a fully commented example of a module in + this document. For now, please look at the modules directory of the +- Linux-PAM sources. ++ Linux-PAM sources. + + + +- ++ + See also + + +@@ -558,7 +530,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) + + + +- ++ + Author/acknowledgments + + This document was written by Andrew G. Morgan (morgan@kernel.org) +@@ -578,14 +550,14 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) + + Thanks are also due to Sun Microsystems, especially to Vipin Samar and + Charlie Lai for their advice. At an early stage in the development of +- Linux-PAM, Sun graciously made the ++ Linux-PAM, Sun graciously made the + documentation for their implementation of PAM available. This act + greatly accelerated the development of +- Linux-PAM. ++ Linux-PAM. + + + +- ++ + Copyright information for this document + + Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> +@@ -629,4 +601,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + + +- ++ +\ No newline at end of file +diff --git a/doc/mwg/Makefile.am b/doc/mwg/Makefile.am +index 688e6cb3a..340249c6c 100644 +--- a/doc/mwg/Makefile.am ++++ b/doc/mwg/Makefile.am +@@ -16,7 +16,7 @@ all: Linux-PAM_MWG.txt html/Linux-PAM_MWG.html Linux-PAM_MWG.pdf + + Linux-PAM_MWG.pdf: $(XMLS) $(DEP_XMLS) + if ENABLE_GENERATE_PDF +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam generate.toc "book toc" \ + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ +@@ -28,7 +28,7 @@ else + endif + + Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam generate.toc "book toc" \ + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ +@@ -37,7 +37,7 @@ Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) + + html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) + @test -d html || mkdir -p html +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam base.dir html/ \ + --stringparam root.filename Linux-PAM_MWG \ + --stringparam use.id.as.filename 1 \ +diff --git a/doc/mwg/pam_conv.xml b/doc/mwg/pam_conv.xml +index a2b470af5..2b369503d 100644 +--- a/doc/mwg/pam_conv.xml ++++ b/doc/mwg/pam_conv.xml +@@ -1,11 +1,7 @@ +- +- +-
++
+ The conversation function + +- ++ + + + struct pam_message { +@@ -24,12 +20,10 @@ struct pam_conv { + void *appdata_ptr; + }; + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_fail_delay.xml b/doc/mwg/pam_fail_delay.xml +index 589e1148b..d602a1f79 100644 +--- a/doc/mwg/pam_fail_delay.xml ++++ b/doc/mwg/pam_fail_delay.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Request a delay on failure + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_get_data.xml b/doc/mwg/pam_get_data.xml +index b1afdb3f7..e1342d16e 100644 +--- a/doc/mwg/pam_get_data.xml ++++ b/doc/mwg/pam_get_data.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Get module internal data + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_get_item.xml b/doc/mwg/pam_get_item.xml +index 370a10a1a..e0635d212 100644 +--- a/doc/mwg/pam_get_item.xml ++++ b/doc/mwg/pam_get_item.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Getting PAM items + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_get_user.xml b/doc/mwg/pam_get_user.xml +index 1cb7fdf30..3b79fe076 100644 +--- a/doc/mwg/pam_get_user.xml ++++ b/doc/mwg/pam_get_user.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Get user name + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_getenv.xml b/doc/mwg/pam_getenv.xml +index 61d69c33c..f7b483ed9 100644 +--- a/doc/mwg/pam_getenv.xml ++++ b/doc/mwg/pam_getenv.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Get a PAM environment variable + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_getenvlist.xml b/doc/mwg/pam_getenvlist.xml +index d3c2fcd35..4433c04d6 100644 +--- a/doc/mwg/pam_getenvlist.xml ++++ b/doc/mwg/pam_getenvlist.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Getting the PAM environment + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_putenv.xml b/doc/mwg/pam_putenv.xml +index e55f1a42f..6378a15b2 100644 +--- a/doc/mwg/pam_putenv.xml ++++ b/doc/mwg/pam_putenv.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Set or change PAM environment variable + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_set_data.xml b/doc/mwg/pam_set_data.xml +index 18b2711b9..3fb3b1fed 100644 +--- a/doc/mwg/pam_set_data.xml ++++ b/doc/mwg/pam_set_data.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Set module internal data + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_set_item.xml b/doc/mwg/pam_set_item.xml +index 7d19925e0..7a8ee8dea 100644 +--- a/doc/mwg/pam_set_item.xml ++++ b/doc/mwg/pam_set_item.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Setting PAM items + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_sm_acct_mgmt.xml b/doc/mwg/pam_sm_acct_mgmt.xml +index 10b3c9e9e..c17a9bf06 100644 +--- a/doc/mwg/pam_sm_acct_mgmt.xml ++++ b/doc/mwg/pam_sm_acct_mgmt.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Service function for account management + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_sm_authenticate.xml b/doc/mwg/pam_sm_authenticate.xml +index 54c79af6f..138fc1ff7 100644 +--- a/doc/mwg/pam_sm_authenticate.xml ++++ b/doc/mwg/pam_sm_authenticate.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Service function for user authentication + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_sm_chauthtok.xml b/doc/mwg/pam_sm_chauthtok.xml +index a13643158..546ae6622 100644 +--- a/doc/mwg/pam_sm_chauthtok.xml ++++ b/doc/mwg/pam_sm_chauthtok.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Service function to alter authentication token + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_sm_close_session.xml b/doc/mwg/pam_sm_close_session.xml +index 9346c506b..69140b810 100644 +--- a/doc/mwg/pam_sm_close_session.xml ++++ b/doc/mwg/pam_sm_close_session.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Service function to terminate session management + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_sm_open_session.xml b/doc/mwg/pam_sm_open_session.xml +index b8e3fa90f..aba28a3e9 100644 +--- a/doc/mwg/pam_sm_open_session.xml ++++ b/doc/mwg/pam_sm_open_session.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Service function to start session management + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_sm_setcred.xml b/doc/mwg/pam_sm_setcred.xml +index eee8e1d61..36e43c04b 100644 +--- a/doc/mwg/pam_sm_setcred.xml ++++ b/doc/mwg/pam_sm_setcred.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Service function to alter credentials + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/mwg/pam_strerror.xml b/doc/mwg/pam_strerror.xml +index 35b08a274..e4e1c56af 100644 +--- a/doc/mwg/pam_strerror.xml ++++ b/doc/mwg/pam_strerror.xml +@@ -1,18 +1,12 @@ +- +- +-
++
+ Strings describing PAM error codes + +- ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/Linux-PAM_SAG.xml b/doc/sag/Linux-PAM_SAG.xml +index 2adaef7da..952f224b4 100644 +--- a/doc/sag/Linux-PAM_SAG.xml ++++ b/doc/sag/Linux-PAM_SAG.xml +@@ -1,36 +1,25 @@ +- +- +- +- ++ ++ + The Linux-PAM System Administrators' Guide + +- +- Andrew G. +- Morgan +- morgan@kernel.org +- +- +- Thorsten +- Kukuk +- kukuk@thkukuk.de +- ++ Andrew G.Morganmorgan@kernel.org ++ ThorstenKukukkukuk@thkukuk.de + + Version 1.1.2, 31. August 2010 + + + This manual documents what a system-administrator needs to know about +- the Linux-PAM library. It covers the ++ the Linux-PAM library. It covers the + correct syntax of the PAM configuration file and discusses strategies + for maintaining a secure system. + + +- ++ + +- ++ + Introduction + +- Linux-PAM (Pluggable Authentication ++ Linux-PAM (Pluggable Authentication + Modules for Linux) is a suite of shared libraries that enable the + local system administrator to choose how applications authenticate users. + +@@ -58,7 +47,7 @@ + on entries in the /etc/group file. + + +- It is the purpose of the Linux-PAM ++ It is the purpose of the Linux-PAM + project to separate the development of privilege granting software + from the development of secure and appropriate authentication schemes. + This is accomplished by providing a library of functions that an +@@ -76,7 +65,7 @@ + + + +- ++ + Some comments on the text + + Before proceeding to read the rest of this document, it should be +@@ -91,7 +80,7 @@ + + As an example of the above, where it is explicit, the text assumes + that PAM loadable object files (the +- modules) are to be located in ++ modules) are to be located in + the following directory: /lib/security/ or + /lib64/security depending on the architecture. + This is generally the location that seems to be compatible with the +@@ -103,7 +92,7 @@ + + + +- ++ + Overview + + For the uninitiated, we begin by considering an example. We take an +@@ -121,16 +110,16 @@ + password and then verifying that it agrees with that located on + the system; hence verifying that as far as the system is concerned + the user is who they claim to be. This is the task that is delegated +- to Linux-PAM. ++ to Linux-PAM. + + + From the perspective of the application programmer (in this case + the person that wrote the login application), +- Linux-PAM takes care of this ++ Linux-PAM takes care of this + authentication task -- verifying the identity of the user. + + +- The flexibility of Linux-PAM is ++ The flexibility of Linux-PAM is + that you, the system administrator, have + the freedom to stipulate which authentication scheme is to be + used. You have the freedom to set the scheme for any/all +@@ -152,7 +141,7 @@ + authentication can be upgraded to include (long) division! + + +- Linux-PAM deals with four ++ Linux-PAM deals with four + separate types of (management) task. These are: + authentication management; + account management; +@@ -160,15 +149,15 @@ + password management. + The association of the preferred management scheme with the behavior + of an application is made with entries in the relevant +- Linux-PAM configuration file. ++ Linux-PAM configuration file. + The management functions are performed by modules + specified in the configuration file. The syntax for this + file is discussed in the section +- below. ++ below. + + + Here is a figure that describes the overall organization of +- Linux-PAM: ++ Linux-PAM: + + +----------------+ + | application: X | +@@ -193,14 +182,14 @@ + + By way of explanation, the left of the figure represents the + application; application X. Such an application interfaces with the +- Linux-PAM library and knows none of ++ Linux-PAM library and knows none of + the specifics of its configured authentication method. The +- Linux-PAM library (in the center) ++ Linux-PAM library (in the center) + consults the contents of the PAM configuration file and loads the + modules that are appropriate for application-X. These modules fall + into one of four management groups (lower-center) and are stacked in + the order they appear in the configuration file. These modules, when +- called by Linux-PAM, perform the ++ called by Linux-PAM, perform the + various authentication tasks for the application. Textual information, + required from/or offered to the user, can be exchanged through the + use of the application-supplied conversation +@@ -216,34 +205,28 @@ + + + +- ++ + The Linux-PAM configuration file +- +-
++ ++
+ Configuration file syntax +- ++ +
+-
++
+ Directory based configuration +- ++ +
+-
++
+ Example configuration file entries + + In this section, we give some examples of entries that can +- be present in the Linux-PAM ++ be present in the Linux-PAM + configuration file. As a first attempt at configuring your + system you could do worse than to implement these. + + + If a system is to be considered secure, it had better have a +- reasonably secure 'other entry. ++ reasonably secure 'other entry. + The following is a paranoid setting (which is not a bad place + to start!): + +@@ -311,7 +294,7 @@ session required pam_deny.so + + On a less sensitive computer, one on which the system + administrator wishes to remain ignorant of much of the +- power of Linux-PAM, the ++ power of Linux-PAM, the + following selection of lines (in + /etc/pam.d/other) is likely to + mimic the historically familiar Linux setup. +@@ -331,21 +314,21 @@ session required pam_unix.so +
+ + +- ++ + Security issues +-
++
+ If something goes wrong + +- Linux-PAM has the potential ++ Linux-PAM has the potential + to seriously change the security of your system. You can + choose to have no security or absolute security (no access +- permitted). In general, Linux-PAM ++ permitted). In general, Linux-PAM + errs towards the latter. Any number of configuration errors + can disable access to your system partially, or completely. + + + The most dramatic problem that is likely to be encountered when +- configuring Linux-PAM is that of ++ configuring Linux-PAM is that of + deleting the configuration file(s): + /etc/pam.d/* and/or + /etc/pam.conf. This will lock you out of +@@ -357,11 +340,11 @@ session required pam_unix.so + things from there. + +
+-
++
+ Avoid having a weak `other' configuration + + It is not a good thing to have a weak default +- (other) entry. ++ (other) entry. + This service is the default configuration for all PAM aware + applications and if it is weak, your system is likely to be + vulnerable to attack. +@@ -388,93 +371,57 @@ session required pam_warn.so +
+ + +- ++ + A reference guide for available modules + + Here, we collect together the descriptions of the various modules + coming with Linux-PAM. + +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- +- ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + +- ++ + See also + + +@@ -497,7 +444,7 @@ session required pam_warn.so + + + +- ++ + Author/acknowledgments + + This document was written by Andrew G. Morgan (morgan@kernel.org) +@@ -518,14 +465,14 @@ session required pam_warn.so + + Thanks are also due to Sun Microsystems, especially to Vipin Samar and + Charlie Lai for their advice. At an early stage in the development of +- Linux-PAM, Sun graciously made the ++ Linux-PAM, Sun graciously made the + documentation for their implementation of PAM available. This act + greatly accelerated the development of +- Linux-PAM. ++ Linux-PAM. + + + +- ++ + Copyright information for this document + + Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> +@@ -569,4 +516,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + + +- ++ +\ No newline at end of file +diff --git a/doc/sag/Makefile.am b/doc/sag/Makefile.am +index 84fd383fe..04c90919e 100644 +--- a/doc/sag/Makefile.am ++++ b/doc/sag/Makefile.am +@@ -7,7 +7,6 @@ CLEANFILES = Linux-PAM_SAG.fo *~ + EXTRA_DIST = $(XMLS) + + XMLS = Linux-PAM_SAG.xml $(shell ls $(srcdir)/pam_*.xml) +- + DEP_XMLS = $(shell ls $(top_srcdir)/modules/pam_*/pam_*.xml) + + if ENABLE_REGENERATE_MAN +@@ -17,7 +16,7 @@ all: Linux-PAM_SAG.txt html/Linux-PAM_SAG.html Linux-PAM_SAG.pdf + + Linux-PAM_SAG.pdf: $(XMLS) $(DEP_XMLS) + if ENABLE_GENERATE_PDF +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam generate.toc "book toc" \ + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ +@@ -29,7 +28,7 @@ else + endif + + Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam generate.toc "book toc" \ + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ +@@ -38,7 +37,7 @@ Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) + + html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) + @test -d html || mkdir -p html +- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< ++ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< + $(XSLTPROC) --stringparam base.dir html/ \ + --stringparam root.filename Linux-PAM_SAG \ + --stringparam use.id.as.filename 1 \ +diff --git a/doc/sag/pam_access.xml b/doc/sag/pam_access.xml +index b9bf39d0a..75f14b37a 100644 +--- a/doc/sag/pam_access.xml ++++ b/doc/sag/pam_access.xml +@@ -1,42 +1,30 @@ +- +- +-
++
+ pam_access - logdaemon style login access control +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_debug.xml b/doc/sag/pam_debug.xml +index b131954c1..0c8aa940d 100644 +--- a/doc/sag/pam_debug.xml ++++ b/doc/sag/pam_debug.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_debug - debug the PAM stack +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_deny.xml b/doc/sag/pam_deny.xml +index 2cb71a03f..fdd2aaae7 100644 +--- a/doc/sag/pam_deny.xml ++++ b/doc/sag/pam_deny.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_deny - locking-out PAM module +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_echo.xml b/doc/sag/pam_echo.xml +index b066d4acc..e4de88627 100644 +--- a/doc/sag/pam_echo.xml ++++ b/doc/sag/pam_echo.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_echo - print text messages +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_env.xml b/doc/sag/pam_env.xml +index 9f6e63319..68b7c4f0c 100644 +--- a/doc/sag/pam_env.xml ++++ b/doc/sag/pam_env.xml +@@ -1,42 +1,30 @@ +- +- +-
++
+ pam_env - set/unset environment variables +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_exec.xml b/doc/sag/pam_exec.xml +index 265e7f415..859bb3b92 100644 +--- a/doc/sag/pam_exec.xml ++++ b/doc/sag/pam_exec.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_exec - call an external command +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_faildelay.xml b/doc/sag/pam_faildelay.xml +index 1d8295e01..969020878 100644 +--- a/doc/sag/pam_faildelay.xml ++++ b/doc/sag/pam_faildelay.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_faildelay - change the delay on failure per-application +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_faillock.xml b/doc/sag/pam_faillock.xml +index 96940c6bf..32777b1d3 100644 +--- a/doc/sag/pam_faillock.xml ++++ b/doc/sag/pam_faillock.xml +@@ -1,38 +1,27 @@ +- +- +-
++
+ pam_faillock - temporarily locking access based on failed authentication attempts during an interval +- +- ++ ++ + +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_filter.xml b/doc/sag/pam_filter.xml +index 6a4a1ba22..56af28cb7 100644 +--- a/doc/sag/pam_filter.xml ++++ b/doc/sag/pam_filter.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_filter - filter module +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_ftp.xml b/doc/sag/pam_ftp.xml +index b24562659..13fe40a0f 100644 +--- a/doc/sag/pam_ftp.xml ++++ b/doc/sag/pam_ftp.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_ftp - module for anonymous access +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_group.xml b/doc/sag/pam_group.xml +index ce82bf0f0..e4efc0356 100644 +--- a/doc/sag/pam_group.xml ++++ b/doc/sag/pam_group.xml +@@ -1,42 +1,30 @@ +- +- +-
++
+ pam_group - module to modify group access +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_issue.xml b/doc/sag/pam_issue.xml +index 5033d23f6..f56cc4632 100644 +--- a/doc/sag/pam_issue.xml ++++ b/doc/sag/pam_issue.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_issue - add issue file to user prompt +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_keyinit.xml b/doc/sag/pam_keyinit.xml +index 3caa4c270..d8013512a 100644 +--- a/doc/sag/pam_keyinit.xml ++++ b/doc/sag/pam_keyinit.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_keyinit - display the keyinit file +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_lastlog.xml b/doc/sag/pam_lastlog.xml +index c250c0189..1c9c6b2c1 100644 +--- a/doc/sag/pam_lastlog.xml ++++ b/doc/sag/pam_lastlog.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_lastlog - display date of last login +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_limits.xml b/doc/sag/pam_limits.xml +index 7f898a406..f03a1e41e 100644 +--- a/doc/sag/pam_limits.xml ++++ b/doc/sag/pam_limits.xml +@@ -1,42 +1,30 @@ +- +- +-
++
+ pam_limits - limit resources +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_listfile.xml b/doc/sag/pam_listfile.xml +index db7acdc61..66d7a82ef 100644 +--- a/doc/sag/pam_listfile.xml ++++ b/doc/sag/pam_listfile.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_listfile - deny or allow services based on an arbitrary file +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_localuser.xml b/doc/sag/pam_localuser.xml +index 480ff96ec..a3cee75f7 100644 +--- a/doc/sag/pam_localuser.xml ++++ b/doc/sag/pam_localuser.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_localuser - require users to be listed in /etc/passwd +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_loginuid.xml b/doc/sag/pam_loginuid.xml +index 3b4428434..fc4a09674 100644 +--- a/doc/sag/pam_loginuid.xml ++++ b/doc/sag/pam_loginuid.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_loginuid - record user's login uid to the process attribute +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_mail.xml b/doc/sag/pam_mail.xml +index 031f786d4..6b76770e8 100644 +--- a/doc/sag/pam_mail.xml ++++ b/doc/sag/pam_mail.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_mail - inform about available mail +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_mkhomedir.xml b/doc/sag/pam_mkhomedir.xml +index dc6a1eb79..141395cda 100644 +--- a/doc/sag/pam_mkhomedir.xml ++++ b/doc/sag/pam_mkhomedir.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_mkhomedir - create users home directory +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_motd.xml b/doc/sag/pam_motd.xml +index 7a7d2deec..9af77bb53 100644 +--- a/doc/sag/pam_motd.xml ++++ b/doc/sag/pam_motd.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_motd - display the motd file +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_namespace.xml b/doc/sag/pam_namespace.xml +index 6ece9bc14..e18bc0f74 100644 +--- a/doc/sag/pam_namespace.xml ++++ b/doc/sag/pam_namespace.xml +@@ -1,42 +1,30 @@ +- +- +-
++
+ pam_namespace - setup a private namespace +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_nologin.xml b/doc/sag/pam_nologin.xml +index 0c626b82c..f2acf4923 100644 +--- a/doc/sag/pam_nologin.xml ++++ b/doc/sag/pam_nologin.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_nologin - prevent non-root users from login +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_permit.xml b/doc/sag/pam_permit.xml +index 7c200478a..52548c0d3 100644 +--- a/doc/sag/pam_permit.xml ++++ b/doc/sag/pam_permit.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_permit - the promiscuous module +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_pwhistory.xml b/doc/sag/pam_pwhistory.xml +index 0677eae39..867a1bca4 100644 +--- a/doc/sag/pam_pwhistory.xml ++++ b/doc/sag/pam_pwhistory.xml +@@ -1,38 +1,27 @@ +- +- +-
++
+ pam_pwhistory - grant access using .pwhistory file +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_rhosts.xml b/doc/sag/pam_rhosts.xml +index 680a70c16..f70b1fbfa 100644 +--- a/doc/sag/pam_rhosts.xml ++++ b/doc/sag/pam_rhosts.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_rhosts - grant access using .rhosts file +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_rootok.xml b/doc/sag/pam_rootok.xml +index 59c99ae92..ab4b4438d 100644 +--- a/doc/sag/pam_rootok.xml ++++ b/doc/sag/pam_rootok.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_rootok - gain only root access +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_securetty.xml b/doc/sag/pam_securetty.xml +index 6ed13e593..9bd9fe218 100644 +--- a/doc/sag/pam_securetty.xml ++++ b/doc/sag/pam_securetty.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_securetty - limit root login to special devices +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_selinux.xml b/doc/sag/pam_selinux.xml +index 9a4f9878f..cb64bcfeb 100644 +--- a/doc/sag/pam_selinux.xml ++++ b/doc/sag/pam_selinux.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_selinux - set the default security context +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_sepermit.xml b/doc/sag/pam_sepermit.xml +index 9831a13f1..264266155 100644 +--- a/doc/sag/pam_sepermit.xml ++++ b/doc/sag/pam_sepermit.xml +@@ -1,38 +1,27 @@ +- +- +-
++
+ pam_sepermit - allow/reject access based on SELinux mode +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_setquota.xml b/doc/sag/pam_setquota.xml +index 368dfd8e2..01d187327 100644 +--- a/doc/sag/pam_setquota.xml ++++ b/doc/sag/pam_setquota.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_setquota - set or modify disk quotas on session start +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_shells.xml b/doc/sag/pam_shells.xml +index b3b3d3273..6765a1973 100644 +--- a/doc/sag/pam_shells.xml ++++ b/doc/sag/pam_shells.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_shells - check for valid login shell +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_succeed_if.xml b/doc/sag/pam_succeed_if.xml +index ce0792d95..7c9f4934c 100644 +--- a/doc/sag/pam_succeed_if.xml ++++ b/doc/sag/pam_succeed_if.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_succeed_if - test account characteristics +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_time.xml b/doc/sag/pam_time.xml +index 74e9e02ab..e15d20a0a 100644 +--- a/doc/sag/pam_time.xml ++++ b/doc/sag/pam_time.xml +@@ -1,42 +1,30 @@ +- +- +-
++
+ pam_time - time controlled access +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_timestamp.xml b/doc/sag/pam_timestamp.xml +index 833a6bac9..dfe87e7df 100644 +--- a/doc/sag/pam_timestamp.xml ++++ b/doc/sag/pam_timestamp.xml +@@ -1,42 +1,30 @@ +- +- +-
++
+ pam_timestamp - authenticate using cached successful authentication attempts +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_tty_audit.xml b/doc/sag/pam_tty_audit.xml +index 86d1cd039..44de8105c 100644 +--- a/doc/sag/pam_tty_audit.xml ++++ b/doc/sag/pam_tty_audit.xml +@@ -1,38 +1,27 @@ +- +- +-
++
+ pam_tty_audit - enable/disable tty auditing +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_umask.xml b/doc/sag/pam_umask.xml +index b05350869..2fb200bbd 100644 +--- a/doc/sag/pam_umask.xml ++++ b/doc/sag/pam_umask.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_umask - set the file mode creation mask +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_unix.xml b/doc/sag/pam_unix.xml +index 24bbaec32..bb3412240 100644 +--- a/doc/sag/pam_unix.xml ++++ b/doc/sag/pam_unix.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_unix - traditional password authentication +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_userdb.xml b/doc/sag/pam_userdb.xml +index 47c2c7271..3c1bbc171 100644 +--- a/doc/sag/pam_userdb.xml ++++ b/doc/sag/pam_userdb.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_userdb - authenticate against a db database +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_warn.xml b/doc/sag/pam_warn.xml +index e2e7adba5..0f1376be6 100644 +--- a/doc/sag/pam_warn.xml ++++ b/doc/sag/pam_warn.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_warn - logs all PAM items +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_wheel.xml b/doc/sag/pam_wheel.xml +index 5ea011e36..76f020427 100644 +--- a/doc/sag/pam_wheel.xml ++++ b/doc/sag/pam_wheel.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_wheel - only permit root access to members of group wheel +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/doc/sag/pam_xauth.xml b/doc/sag/pam_xauth.xml +index 9aca9ffab..4c9ba35e7 100644 +--- a/doc/sag/pam_xauth.xml ++++ b/doc/sag/pam_xauth.xml +@@ -1,34 +1,24 @@ +- +- +-
++
+ pam_xauth - forward xauth keys between users +- +- ++ ++ + +-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
+- ++
++ +
+-
++
+\ No newline at end of file +diff --git a/modules/pam_access/README.xml b/modules/pam_access/README.xml +index 8c7d078b2..408aed009 100644 +--- a/modules/pam_access/README.xml ++++ b/modules/pam_access/README.xml +@@ -1,39 +1,23 @@ +- +- +---> +- +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_access.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_access-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_access.8.xml" xpointer='xpointer(id("pam_access-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index 8fdbc31de..ff1cb2237 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -1,8 +1,4 @@ +- +- +- +- ++ + + + access.conf +@@ -16,7 +12,7 @@ + + + +- ++ + DESCRIPTION + + The /etc/security/access.conf file specifies +@@ -126,7 +122,7 @@ + + + +- ++ + EXAMPLES + + These are some example lines which might be specified in +@@ -135,7 +131,7 @@ + + + User root should be allowed to get access via +- cron, X11 terminal :0, ++ cron, X11 terminal :0, + tty1, ..., tty5, + tty6. + +@@ -216,7 +212,7 @@ + + + +- ++ + NOTES + + The default separators of list items in a field are space, ',', and tabulator +@@ -228,7 +224,7 @@ + + + +- ++ + SEE ALSO + + pam_access8, +@@ -237,7 +233,7 @@ + + + +- ++ + AUTHORS + + Original login.access5 +@@ -250,4 +246,4 @@ + introduced by Mike Becher <mike.becher@lrz-muenchen.de>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index db853410a..010e749e8 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_access + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_access + + PAM module for logdaemon style login access control +@@ -20,31 +17,31 @@ + + + +- ++ + pam_access.so +- ++ + debug + +- ++ + nodefgroup + +- ++ + noaudit + +- ++ + accessfile=file + +- ++ + fieldsep=sep + +- ++ + listsep=sep + + + + + +- ++ + DESCRIPTION + + The pam_access PAM module is mainly for access management. +@@ -92,13 +89,13 @@ + + + +- ++ + OPTIONS + + + + +- ++ accessfile=/path/to/access.conf + + + +@@ -111,7 +108,7 @@ + + + +- ++ debug + + + +@@ -123,7 +120,7 @@ + + + +- ++ noaudit + + + +@@ -134,19 +131,19 @@ + + + +- ++ fieldsep=separators + + + + This option modifies the field separator character that + pam_access will recognize when parsing the access + configuration file. For example: +- fieldsep=| will cause the ++ fieldsep=| will cause the + default `:' character to be treated as part of a field value + and `|' becomes the field separator. Doing this may be + useful in conjunction with a system that wants to use + pam_access with X based applications, since the +- PAM_TTY item is likely to be ++ PAM_TTY item is likely to be + of the form "hostname:0" which includes a `:' character in + its value. But you should not need this. + +@@ -155,14 +152,14 @@ + + + +- ++ listsep=separators + + + + This option modifies the list separator character that + pam_access will recognize when parsing the access + configuration file. For example: +- listsep=, will cause the ++ listsep=, will cause the + default ` ' (space) and `\t' (tab) characters to be treated + as part of a list element value and `,' becomes the only + list element separator. Doing this may be useful on a system +@@ -175,7 +172,7 @@ + + + +- ++ nodefgroup + + + +@@ -190,7 +187,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -198,7 +195,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -244,17 +241,17 @@ + + + +- ++ + FILES + + +- /etc/security/access.conf ++ /etc/security/access.conf + + Default configuration file + + + +- %vendordir%/security/access.conf ++ %vendordir%/security/access.conf + + Default configuration file if + /etc/security/access.conf does not exist. +@@ -263,7 +260,7 @@ + + + +- ++ + SEE ALSO + + +@@ -278,7 +275,7 @@ + + + +- ++ + AUTHORS + + The logdaemon style login access control scheme was designed and implemented by +@@ -289,4 +286,4 @@ + was developed and provided by Mike Becher <mike.becher@lrz-muenchen.de>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_debug/README.xml b/modules/pam_debug/README.xml +index ef41911be..cdcec7f43 100644 +--- a/modules/pam_debug/README.xml ++++ b/modules/pam_debug/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_debug.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_debug-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_debug.8.xml" xpointer='xpointer(id("pam_debug-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml +index 3d85f4d85..1c98f17e3 100644 +--- a/modules/pam_debug/pam_debug.8.xml ++++ b/modules/pam_debug/pam_debug.8.xml +@@ -1,51 +1,48 @@ +- +- +- +- ++ + + + pam_debug + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_debug + PAM module to debug the PAM stack + + + +- ++ + pam_debug.so +- ++ + auth=value + +- ++ + cred=value + +- ++ + acct=value + +- ++ + prechauthtok=value + +- ++ + chauthtok=value + +- ++ + auth=value + +- ++ + open_session=value + +- ++ + close_session=value + + + + +- ++ + DESCRIPTION + + The pam_debug PAM module is intended as a debugging aide for +@@ -54,12 +51,12 @@ + + + +- ++ + OPTIONS + + + +- ++ auth=value + + + +@@ -73,7 +70,7 @@ + + + +- ++ cred=value + + + +@@ -87,7 +84,7 @@ + + + +- ++ acct=value + + + +@@ -101,7 +98,7 @@ + + + +- ++ prechauthtok=value + + + +@@ -116,7 +113,7 @@ + + + +- ++ chauthtok=value + + + +@@ -126,13 +123,13 @@ + function will return + value if the + PAM_PRELIM_CHECK flag is +- not set. ++ not set. + + + + + +- ++ open_session=value + + + +@@ -146,7 +143,7 @@ + + + +- ++ close_session=value + + + +@@ -171,7 +168,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -179,7 +176,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -194,7 +191,7 @@ + + + +- ++ + EXAMPLES + + auth requisite pam_permit.so +@@ -206,7 +203,7 @@ auth sufficient pam_debug.so auth=success cred=success + + + +- ++ + SEE ALSO + + +@@ -221,11 +218,11 @@ auth sufficient pam_debug.so auth=success cred=success + + + +- ++ + AUTHOR + + pam_debug was written by Andrew G. Morgan <morgan@kernel.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_deny/README.xml b/modules/pam_deny/README.xml +index ff2e82b03..d3ba53ce0 100644 +--- a/modules/pam_deny/README.xml ++++ b/modules/pam_deny/README.xml +@@ -1,36 +1,23 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_deny.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_deny-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_deny.8.xml" xpointer='xpointer(id("pam_deny-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml +index a92835829..db8fcb635 100644 +--- a/modules/pam_deny/pam_deny.8.xml ++++ b/modules/pam_deny/pam_deny.8.xml +@@ -1,27 +1,24 @@ +- +- +- +- ++ + + + pam_deny + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_deny + The locking-out PAM module + + + +- ++ + pam_deny.so + + + +- ++ + + DESCRIPTION + +@@ -33,12 +30,12 @@ + + + +- ++ + OPTIONS + This module does not recognise any options. + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -46,7 +43,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -91,7 +88,7 @@ + + + +- ++ + EXAMPLES + + #%PAM-1.0 +@@ -110,7 +107,7 @@ other session required pam_deny.so + + + +- ++ + SEE ALSO + + +@@ -125,11 +122,11 @@ other session required pam_deny.so + + + +- ++ + AUTHOR + + pam_deny was written by Andrew G. Morgan <morgan@kernel.org> + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_echo/README.xml b/modules/pam_echo/README.xml +index b1556e38c..ceecf9ef6 100644 +--- a/modules/pam_echo/README.xml ++++ b/modules/pam_echo/README.xml +@@ -1,36 +1,23 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_echo.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_echo-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_echo.8.xml" xpointer='xpointer(id("pam_echo-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml +index ef76b022d..07b793d92 100644 +--- a/modules/pam_echo/pam_echo.8.xml ++++ b/modules/pam_echo/pam_echo.8.xml +@@ -1,15 +1,12 @@ +- +- +- +- ++ + + pam_echo + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_echo + PAM module for printing text messages + +@@ -17,15 +14,15 @@ + + + +- ++ + pam_echo.so +- ++ + file=/path/message + + + + +- ++ + DESCRIPTION + + The pam_echo PAM module is for printing +@@ -35,37 +32,37 @@ + + + +- %H ++ %H + + The name of the remote host (PAM_RHOST). + + + +- %h ++ %h + + The name of the local host. + + + +- %s ++ %s + + The service name (PAM_SERVICE). + + + +- %t ++ %t + + The name of the controlling terminal (PAM_TTY). + + + +- %U ++ %U + + The remote user name (PAM_RUSER). + + + +- %u ++ %u + + The local user name (PAM_USER). + +@@ -79,12 +76,12 @@ + + + +- ++ + OPTIONS + + + +- ++ file=/path/message + + + +@@ -96,7 +93,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -106,7 +103,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -137,7 +134,7 @@ + + + +- ++ + EXAMPLES + + For an example of the use of this module, we show how it may be +@@ -150,7 +147,7 @@ password required pam_unix.so + + + +- SEE ALSO ++ SEE ALSO + + + pam.conf8 +@@ -163,8 +160,8 @@ password required pam_unix.so + + + +- ++ + AUTHOR + Thorsten Kukuk <kukuk@thkukuk.de> + +- ++ +\ No newline at end of file +diff --git a/modules/pam_env/README.xml b/modules/pam_env/README.xml +index 21a9b8555..8becf8700 100644 +--- a/modules/pam_env/README.xml ++++ b/modules/pam_env/README.xml +@@ -1,39 +1,21 @@ +- +- +---> +- +-]> +- +-
+- +- ++
+ ++ + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_env.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_env-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_env.8.xml" xpointer='xpointer(id("pam_env-name")/*)'/> + +- +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml +index 75ff862be..bcb16036f 100644 +--- a/modules/pam_env/pam_env.8.xml ++++ b/modules/pam_env/pam_env.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_env + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_env + + PAM module to set/unset environment variables +@@ -20,31 +17,31 @@ + + + +- ++ + pam_env.so +- ++ + debug + +- ++ + conffile=conf-file + +- ++ + envfile=env-file + +- ++ + readenv=0|1 + +- ++ + user_envfile=env-file + +- ++ + user_readenv=0|1 + + + + + +- ++ + DESCRIPTION + + The pam_env PAM module allows the (un)setting of environment +@@ -77,13 +74,13 @@ + + + +- ++ + OPTIONS + + + + +- ++ conffile=/path/to/pam_env.conf + + + +@@ -96,7 +93,7 @@ + + + +- ++ debug + + + +@@ -108,7 +105,7 @@ + + + +- ++ envfile=/path/to/environment + + + +@@ -124,7 +121,7 @@ + + + +- ++ readenv=0|1 + + + +@@ -137,7 +134,7 @@ + + + +- ++ user_envfile=filename + + + +@@ -153,7 +150,7 @@ + + + +- ++ user_readenv=0|1 + + + +@@ -174,7 +171,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The and module +@@ -182,7 +179,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -220,23 +217,23 @@ + + + +- ++ + FILES + + +- /etc/security/pam_env.conf ++ /etc/security/pam_env.conf + + Default configuration file + + + +- /etc/environment ++ /etc/environment + + Default environment file + + + +- $HOME/.pam_environment ++ $HOME/.pam_environment + + User specific environment file + +@@ -244,7 +241,7 @@ + + + +- ++ + SEE ALSO + + +@@ -262,10 +259,10 @@ + + + +- ++ + AUTHOR + + pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml +index fca046fe3..f88791676 100644 +--- a/modules/pam_env/pam_env.conf.5.xml ++++ b/modules/pam_env/pam_env.conf.5.xml +@@ -1,13 +1,10 @@ +- +- +- +- ++ + + + pam_env.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + + +@@ -17,7 +14,7 @@ + + + +- ++ + DESCRIPTION + + +@@ -71,7 +68,7 @@ + + + +- ++ + EXAMPLES + + These are some example lines which might be specified in +@@ -117,7 +114,7 @@ + + + +- ++ + SEE ALSO + + pam_env8, +@@ -127,10 +124,10 @@ + + + +- ++ + AUTHOR + + pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_exec/README.xml b/modules/pam_exec/README.xml +index 5e76cab30..1928d7f94 100644 +--- a/modules/pam_exec/README.xml ++++ b/modules/pam_exec/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_exec.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_exec-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_exec.8.xml" xpointer='xpointer(id("pam_exec-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml +index 7e89943ce..13abe6e64 100644 +--- a/modules/pam_exec/pam_exec.8.xml ++++ b/modules/pam_exec/pam_exec.8.xml +@@ -1,57 +1,54 @@ +- +- +- +- ++ + + + pam_exec + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_exec + PAM module which calls an external command + + + +- ++ + pam_exec.so +- ++ + debug + +- ++ + expose_authtok + +- ++ + seteuid + +- ++ + quiet + +- ++ + quiet_log + +- ++ + stdout + +- ++ + log=file + +- ++ + type=type + +- ++ + command + +- ++ + ... + + + + +- ++ + + DESCRIPTION + +@@ -83,7 +80,7 @@ + + + +- ++ + + OPTIONS + +@@ -91,7 +88,7 @@ + + + +- ++ debug + + + +@@ -102,7 +99,7 @@ + + + +- ++ expose_authtok + + + +@@ -117,7 +114,7 @@ + + + +- ++ log=file + + + +@@ -129,7 +126,7 @@ + + + +- ++ type=type + + + +@@ -140,7 +137,7 @@ + + + +- ++ stdout + + + +@@ -151,7 +148,7 @@ + + + +- ++ quiet + + + +@@ -164,7 +161,7 @@ + + + +- ++ quiet_log + + + +@@ -177,7 +174,7 @@ + + + +- ++ seteuid + + + +@@ -194,7 +191,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -202,7 +199,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -278,7 +275,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/passwd to +@@ -293,7 +290,7 @@ + + + +- ++ + SEE ALSO + + +@@ -308,7 +305,7 @@ + + + +- ++ + AUTHOR + + pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and +@@ -316,4 +313,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_faildelay/README.xml b/modules/pam_faildelay/README.xml +index 64d4acccb..8530a3d09 100644 +--- a/modules/pam_faildelay/README.xml ++++ b/modules/pam_faildelay/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_faildelay.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faildelay-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_faildelay.8.xml" xpointer='xpointer(id("pam_faildelay-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml +index 571072036..c31b5076d 100644 +--- a/modules/pam_faildelay/pam_faildelay.8.xml ++++ b/modules/pam_faildelay/pam_faildelay.8.xml +@@ -1,33 +1,30 @@ +- +- +- +- ++ + + + pam_faildelay + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_faildelay + Change the delay on failure per-application + + + +- ++ + pam_faildelay.so +- ++ + debug + +- ++ + delay=microseconds + + + + +- ++ + + DESCRIPTION + +@@ -41,13 +38,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ debug + + + +@@ -57,7 +54,7 @@ + + + +- ++ delay=N + + + +@@ -68,14 +65,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -97,7 +94,7 @@ + + + +- ++ + EXAMPLES + + The following example will set the delay on failure to +@@ -108,7 +105,7 @@ auth optional pam_faildelay.so delay=10000000 + + + +- ++ + SEE ALSO + + +@@ -126,11 +123,11 @@ auth optional pam_faildelay.so delay=10000000 + + + +- ++ + AUTHOR + + pam_faildelay was written by Darren Tucker <dtucker@zip.com.au>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_faillock/README.xml b/modules/pam_faillock/README.xml +index f0654dbe2..a62c917a9 100644 +--- a/modules/pam_faillock/README.xml ++++ b/modules/pam_faillock/README.xml +@@ -1,46 +1,31 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_faillock.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faillock-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_faillock.8.xml" xpointer='xpointer(id("pam_faillock-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_faillock/faillock.8.xml b/modules/pam_faillock/faillock.8.xml +index 81d2107ca..74440fc81 100644 +--- a/modules/pam_faillock/faillock.8.xml ++++ b/modules/pam_faillock/faillock.8.xml +@@ -1,36 +1,33 @@ +- +- +- +- ++ + + + faillock + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + faillock + Tool for displaying and modifying the authentication failure record files + + + +- ++ + faillock +- ++ + --dir /path/to/tally-directory + +- ++ + --user username + +- ++ + --reset + + + + +- ++ + + DESCRIPTION + +@@ -51,13 +48,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ --conf /path/to/config-file + + + +@@ -68,7 +65,7 @@ + + + +- ++ --dir /path/to/tally-directory + + + +@@ -85,7 +82,7 @@ + + + +- ++ --user username + + + +@@ -95,7 +92,7 @@ + + + +- ++ --reset + + + +@@ -106,11 +103,11 @@ + + + +- ++ + FILES + + +- /var/run/faillock/* ++ /var/run/faillock/* + + the files logging the authentication failures for users + +@@ -118,7 +115,7 @@ + + + +- ++ + SEE ALSO + + +@@ -130,11 +127,11 @@ + + + +- ++ + AUTHOR + + faillock was written by Tomas Mraz. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml +index 8faa5915c..cc750fbff 100644 +--- a/modules/pam_faillock/faillock.conf.5.xml ++++ b/modules/pam_faillock/faillock.conf.5.xml +@@ -1,25 +1,22 @@ +- +- +- +- ++ + + + faillock.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + faillock.conf + pam_faillock configuration file + + +- ++ + + DESCRIPTION + +- faillock.conf provides a way to configure the ++ faillock.conf provides a way to configure the + default settings for locking the user after multiple failed authentication attempts. + This file is read by the pam_faillock module and is the + preferred method over configuring pam_faillock directly. +@@ -31,13 +28,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ dir=/path/to/tally-directory + + + +@@ -52,7 +49,7 @@ + + + +- ++ audit + + + +@@ -62,7 +59,7 @@ + + + +- ++ silent + + + +@@ -74,7 +71,7 @@ + + + +- ++ no_log_info + + + +@@ -84,7 +81,7 @@ + + + +- ++ local_users_only + + + +@@ -100,7 +97,7 @@ + + + +- ++ nodelay + + + +@@ -110,7 +107,7 @@ + + + +- ++ deny=n + + + +@@ -122,7 +119,7 @@ + + + +- ++ fail_interval=n + + + +@@ -135,7 +132,7 @@ + + + +- ++ unlock_time=n + + + +@@ -163,7 +160,7 @@ + + + +- ++ even_deny_root + + + +@@ -173,7 +170,7 @@ + + + +- ++ root_unlock_time=n + + + +@@ -187,7 +184,7 @@ + + + +- ++ admin_group=name + + + +@@ -202,7 +199,7 @@ + + + +- ++ + EXAMPLES + + /etc/security/faillock.conf file example: +@@ -214,11 +211,11 @@ silent + + + +- ++ + FILES + + +- /etc/security/faillock.conf ++ /etc/security/faillock.conf + + the config file for custom options + +@@ -226,7 +223,7 @@ silent + + + +- ++ + SEE ALSO + + +@@ -247,11 +244,11 @@ silent + + + +- ++ + AUTHOR + + pam_faillock was written by Tomas Mraz. The support for faillock.conf was written by Brian Ward. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml +index b7b7b0db9..ce0ae050b 100644 +--- a/modules/pam_faillock/pam_faillock.8.xml ++++ b/modules/pam_faillock/pam_faillock.8.xml +@@ -1,8 +1,4 @@ +- +- +- +- ++ + + + pam_faillock +@@ -10,63 +6,63 @@ + Linux-PAM Manual + + +- ++ + pam_faillock + Module counting authentication failures during a specified interval + + + +- ++ + auth ... pam_faillock.so +- ++ + preauth|authfail|authsucc + +- ++ + conf=/path/to/config-file + +- ++ + dir=/path/to/tally-directory + +- ++ + even_deny_root + +- ++ + deny=n + +- ++ + fail_interval=n + +- ++ + unlock_time=n + +- ++ + root_unlock_time=n + +- ++ + admin_group=name + +- ++ + audit + +- ++ + silent + +- ++ + no_log_info + + +- ++ + account ... pam_faillock.so +- ++ + dir=/path/to/tally-directory + +- ++ + no_log_info + + + + +- ++ + + DESCRIPTION + +@@ -78,20 +74,20 @@ + + + Normally, failed attempts to authenticate root will +- not cause the root account to become ++ not cause the root account to become + blocked, to prevent denial-of-service: if your users aren't given + shell accounts and root may only login via su or + at the machine console (not telnet/rsh, etc), this is safe. + + + +- ++ + + OPTIONS + + + +- ++ {preauth|authfail|authsucc} + + + +@@ -131,7 +127,7 @@ + + + +- ++ conf=/path/to/config-file + + + +@@ -156,7 +152,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The and module types are +@@ -164,7 +160,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -222,7 +218,7 @@ + + + +- ++ + NOTES + + Configuring options on the module command line is not recommend. The +@@ -234,7 +230,7 @@ + + + Individual files with the failure records are created as owned by +- the user. This allows pam_faillock.so module ++ the user. This allows pam_faillock.so module + to work correctly when it is called from a screensaver. + + +@@ -249,7 +245,7 @@ + + + +- ++ + EXAMPLES + + Here are two possible configuration examples for /etc/pam.d/login. +@@ -320,11 +316,11 @@ session required pam_selinux.so open + + + +- ++ + FILES + + +- /var/run/faillock/* ++ /var/run/faillock/* + + the files logging the authentication failures for users + +@@ -336,13 +332,13 @@ session required pam_selinux.so open + + + +- /etc/security/faillock.conf ++ /etc/security/faillock.conf + + the config file for pam_faillock options + + + +- %vendordir%/security/faillock.conf ++ %vendordir%/security/faillock.conf + + + the config file for pam_faillock options. It will be used if +@@ -353,7 +349,7 @@ session required pam_selinux.so open + + + +- ++ + SEE ALSO + + +@@ -374,11 +370,11 @@ session required pam_selinux.so open + + + +- ++ + AUTHOR + + pam_faillock was written by Tomas Mraz. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_filter/README.xml b/modules/pam_filter/README.xml +index b76cb743f..ab0531748 100644 +--- a/modules/pam_filter/README.xml ++++ b/modules/pam_filter/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_filter.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_filter-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_filter.8.xml" xpointer='xpointer(id("pam_filter-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml +index 7309c352a..8015f41e5 100644 +--- a/modules/pam_filter/pam_filter.8.xml ++++ b/modules/pam_filter/pam_filter.8.xml +@@ -1,45 +1,42 @@ +- +- +- +- ++ + + + pam_filter + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_filter + PAM filter module + + + +- ++ + pam_filter.so +- ++ + debug + +- ++ + new_term + +- ++ + non_term + +- ++ + run1|run2 + +- ++ + filter + +- ++ + ... + + + + +- ++ + + DESCRIPTION + +@@ -66,7 +63,7 @@ + + + +- ++ + + OPTIONS + +@@ -74,7 +71,7 @@ + + + +- ++ debug + + + +@@ -85,7 +82,7 @@ + + + +- ++ new_term + + + +@@ -101,7 +98,7 @@ + + + +- ++ non_term + + + +@@ -112,7 +109,7 @@ + + + +- ++ runX + + + +@@ -174,7 +171,7 @@ + + + +- ++ filter + + + +@@ -188,7 +185,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -196,7 +193,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -223,7 +220,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/login to +@@ -236,7 +233,7 @@ + + + +- ++ + SEE ALSO + + +@@ -251,11 +248,11 @@ + + + +- ++ + AUTHOR + + pam_filter was written by Andrew G. Morgan <morgan@kernel.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_ftp/README.xml b/modules/pam_ftp/README.xml +index 65de28e36..f4606beee 100644 +--- a/modules/pam_ftp/README.xml ++++ b/modules/pam_ftp/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_ftp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_ftp-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_ftp.8.xml" xpointer='xpointer(id("pam_ftp-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml +index 6f11f570f..03f367817 100644 +--- a/modules/pam_ftp/pam_ftp.8.xml ++++ b/modules/pam_ftp/pam_ftp.8.xml +@@ -1,36 +1,33 @@ +- +- +- +- ++ + + + pam_ftp + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_ftp + PAM module for anonymous access module + + + +- ++ + pam_ftp.so +- ++ + debug + +- ++ + ignore + +- ++ + users=XXX,YYY, + + + + +- ++ + + DESCRIPTION + +@@ -54,7 +51,7 @@ + + + +- ++ + + OPTIONS + +@@ -62,7 +59,7 @@ + + + +- ++ debug + + + +@@ -73,7 +70,7 @@ + + + +- ++ ignore + + + +@@ -85,7 +82,7 @@ + + + +- ++ ftp=XXX,YYY,... + + + +@@ -105,14 +102,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -139,7 +136,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/ftpd to +@@ -158,7 +155,7 @@ auth required pam_listfile.so \ + + + +- ++ + SEE ALSO + + +@@ -173,11 +170,11 @@ auth required pam_listfile.so \ + + + +- ++ + AUTHOR + + pam_ftp was written by Andrew G. Morgan <morgan@kernel.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_group/README.xml b/modules/pam_group/README.xml +index 387d69871..8ccd55d05 100644 +--- a/modules/pam_group/README.xml ++++ b/modules/pam_group/README.xml +@@ -1,34 +1,19 @@ +- +- +---> +- +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_group.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_group-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_group.8.xml" xpointer='xpointer(id("pam_group-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml +index 2b7fb3454..a8875b30a 100644 +--- a/modules/pam_group/group.conf.5.xml ++++ b/modules/pam_group/group.conf.5.xml +@@ -1,13 +1,10 @@ +- +- +- +- ++ + + + group.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + + +@@ -15,7 +12,7 @@ + configuration file for the pam_group module + + +- ++ + DESCRIPTION + + +@@ -98,7 +95,7 @@ + + + +- ++ + EXAMPLES + + These are some example lines which might be specified in +@@ -129,7 +126,7 @@ xsh; tty* ;%admin;Al0000-2400;plugdev + + + +- ++ + SEE ALSO + + pam_group8, +@@ -138,10 +135,10 @@ xsh; tty* ;%admin;Al0000-2400;plugdev + + + +- ++ + AUTHOR + + pam_group was written by Andrew G. Morgan <morgan@kernel.org>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml +index e4a59dfd9..695a7baf6 100644 +--- a/modules/pam_group/pam_group.8.xml ++++ b/modules/pam_group/pam_group.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_group + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_group + + PAM module for group access +@@ -20,13 +17,13 @@ + + + +- ++ + pam_group.so + + + + +- ++ + DESCRIPTION + + The pam_group PAM module does not authenticate the user, but instead +@@ -64,19 +61,19 @@ + + + +- ++ + OPTIONS + This module does not recognise any options. + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -130,11 +127,11 @@ + + + +- ++ + FILES + + +- /etc/security/group.conf ++ /etc/security/group.conf + + Default configuration file + +@@ -142,7 +139,7 @@ + + + +- ++ + SEE ALSO + + +@@ -157,10 +154,10 @@ + + + +- ++ + AUTHORS + + pam_group was written by Andrew G. Morgan <morgan@kernel.org>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_issue/README.xml b/modules/pam_issue/README.xml +index b5b61c3aa..36742c779 100644 +--- a/modules/pam_issue/README.xml ++++ b/modules/pam_issue/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_issue.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_issue-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_issue.8.xml" xpointer='xpointer(id("pam_issue-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml +index fb9b73777..20d324516 100644 +--- a/modules/pam_issue/pam_issue.8.xml ++++ b/modules/pam_issue/pam_issue.8.xml +@@ -1,110 +1,107 @@ +- +- +- +- ++ + + + pam_issue + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_issue + PAM module to add issue file to user prompt + + + +- ++ + pam_issue.so +- ++ + noesc + +- ++ + issue=issue-file-name + + + + +- ++ + + DESCRIPTION + + + pam_issue is a PAM module to prepend an issue file to the username + prompt. It also by default parses escape codes in the issue file +- similar to some common getty's (using \x format). ++ similar to some common getty's (using \x format). + + + Recognized escapes: + + + +- \d ++ \d + + current day + + + +- \l ++ \l + + name of this tty + + + +- \m ++ \m + + machine architecture (uname -m) + + + +- \n ++ \n + + machine's network node hostname (uname -n) + + + +- \o ++ \o + + domain name of this system + + + +- \r ++ \r + + release number of operating system (uname -r) + + + +- \t ++ \t + + current time + + + +- \s ++ \s + + operating system name (uname -s) + + + +- \u ++ \u + + number of users currently logged in + + + +- \U ++ \U + + +- same as \u except it is suffixed with "user" or ++ same as \u except it is suffixed with "user" or + "users" (eg. "1 user" or "10 users") + + + + +- \v ++ \v + + operating system version and build date (uname -v) + +@@ -113,7 +110,7 @@ + + + +- ++ + + OPTIONS + +@@ -121,7 +118,7 @@ + + + +- ++ noesc + + + +@@ -132,7 +129,7 @@ + + + +- ++ issue=issue-file-name + + + +@@ -146,14 +143,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -198,7 +195,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/login to +@@ -209,7 +206,7 @@ + + + +- ++ + SEE ALSO + + +@@ -224,11 +221,11 @@ + + + +- ++ + AUTHOR + + pam_issue was written by Ben Collins <bcollins@debian.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_keyinit/README.xml b/modules/pam_keyinit/README.xml +index 47659e89d..33059c7e1 100644 +--- a/modules/pam_keyinit/README.xml ++++ b/modules/pam_keyinit/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_keyinit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_keyinit-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_keyinit.8.xml" xpointer='xpointer(id("pam_keyinit-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml +index ff1e7d001..7b0a73be4 100644 +--- a/modules/pam_keyinit/pam_keyinit.8.xml ++++ b/modules/pam_keyinit/pam_keyinit.8.xml +@@ -1,36 +1,33 @@ +- +- +- +- ++ + + + pam_keyinit + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_keyinit + Kernel session keyring initialiser module + + + +- ++ + pam_keyinit.so +- ++ + debug + +- ++ + force + +- ++ + revoke + + + + +- ++ + DESCRIPTION + + The pam_keyinit PAM module ensures that the invoking process has a +@@ -71,7 +68,7 @@ + + + This module should not, generally, be invoked by programs like +- su, since it is usually desirable for the ++ su, since it is usually desirable for the + key set to percolate through to the alternate context. The keys have + their own permissions system to manage this. + +@@ -80,18 +77,18 @@ + can be obtained from: + + +- ++ + Keyutils +- ++ + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -104,7 +101,7 @@ + + + +- ++ force + + + +@@ -116,7 +113,7 @@ + + + +- ++ revoke + + + +@@ -130,14 +127,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -207,7 +204,7 @@ + + + +- ++ + EXAMPLES + + Add this line to your login entries to start each login session with its +@@ -222,7 +219,7 @@ session required pam_keyinit.so + + + +- ++ + SEE ALSO + + +@@ -240,11 +237,11 @@ session required pam_keyinit.so + + + +- ++ + AUTHOR + + pam_keyinit was written by David Howells, <dhowells@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_lastlog/README.xml b/modules/pam_lastlog/README.xml +index 7fe70339d..6b312435e 100644 +--- a/modules/pam_lastlog/README.xml ++++ b/modules/pam_lastlog/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_lastlog.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_lastlog-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml +index bada2ea02..1fd9d9dd4 100644 +--- a/modules/pam_lastlog/pam_lastlog.8.xml ++++ b/modules/pam_lastlog/pam_lastlog.8.xml +@@ -1,60 +1,57 @@ +- +- +- +- ++ + + + pam_lastlog + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_lastlog + PAM module to display date of last login and perform inactive account lock out + + + +- ++ + pam_lastlog.so +- ++ + debug + +- ++ + silent + +- ++ + never + +- ++ + nodate + +- ++ + nohost + +- ++ + noterm + +- ++ + nowtmp + +- ++ + noupdate + +- ++ + showfailed + +- ++ + inactive=<days> + +- ++ + unlimited + + + + +- ++ + + DESCRIPTION + +@@ -83,13 +80,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ debug + + + +@@ -99,7 +96,7 @@ + + + +- ++ silent + + + +@@ -111,7 +108,7 @@ + + + +- ++ never + + + +@@ -124,7 +121,7 @@ + + + +- ++ nodate + + + +@@ -134,7 +131,7 @@ + + + +- ++ noterm + + + +@@ -145,7 +142,7 @@ + + + +- ++ nohost + + + +@@ -156,7 +153,7 @@ + + + +- ++ nowtmp + + + +@@ -166,7 +163,7 @@ + + + +- ++ noupdate + + + +@@ -176,7 +173,7 @@ + + + +- ++ showfailed + + + +@@ -188,7 +185,7 @@ + + + +- ++ inactive=<days> + + + +@@ -201,7 +198,7 @@ + + + +- ++ unlimited + + + +@@ -214,7 +211,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The and module type +@@ -225,7 +222,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -282,7 +279,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/login to +@@ -300,11 +297,11 @@ + + + +- ++ + FILES + + +- /var/log/lastlog ++ /var/log/lastlog + + Lastlog logging file + +@@ -312,7 +309,7 @@ + + + +- ++ + SEE ALSO + + +@@ -330,7 +327,7 @@ + + + +- ++ + AUTHOR + + pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. +@@ -340,4 +337,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_limits/README.xml b/modules/pam_limits/README.xml +index 964a5a218..25a463cc4 100644 +--- a/modules/pam_limits/README.xml ++++ b/modules/pam_limits/README.xml +@@ -1,39 +1,23 @@ +- +- +---> +- +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_limits.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_limits-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_limits.8.xml" xpointer='xpointer(id("pam_limits-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml +index c5bd6768c..2177da1f3 100644 +--- a/modules/pam_limits/limits.conf.5.xml ++++ b/modules/pam_limits/limits.conf.5.xml +@@ -1,13 +1,10 @@ +- +- +- +- ++ + + + limits.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + + +@@ -15,7 +12,7 @@ + configuration file for the pam_limits module + + +- ++ + DESCRIPTION + + The pam_limits.so module applies ulimit limits, +@@ -38,7 +35,7 @@ + + + +- ++ <domain> + + + +@@ -49,38 +46,35 @@ + + + +- a groupname, with @group syntax. ++ a groupname, with @group syntax. + This should not be confused with netgroups. + + + + +- the wildcard *, for default entry. ++ the wildcard *, for default entry. + + + + +- the wildcard %, for maxlogins limit only, +- can also be used with %group syntax. If the +- % wildcard is used alone it is identical +- to using * with maxsyslogins limit. With +- a group specified after % it limits the total ++ the wildcard %, for maxlogins limit only, ++ can also be used with %group syntax. If the ++ % wildcard is used alone it is identical ++ to using * with maxsyslogins limit. With ++ a group specified after % it limits the total + number of logins of all users that are member of the group. + + + + +- an uid range specified as <min_uid>:<max_uid>. If min_uid ++ an uid range specified as <min_uid>:<max_uid>. If min_uid + is omitted, the match is exact for the max_uid. If max_uid is omitted, all + uids greater than or equal min_uid match. + + + + +- a gid range specified as @<min_gid>:<max_gid>. If min_gid ++ a gid range specified as @<min_gid>:<max_gid>. If min_gid + is omitted, the match is exact for the max_gid. If max_gid is omitted, all + gids greater than or equal min_gid match. For the exact match all groups including + the user's supplementary groups are examined. For the range matches only +@@ -89,8 +83,7 @@ + + + +- a gid specified as %:<gid> applicable ++ a gid specified as %:<gid> applicable + to maxlogins limit only. It limits the total number of logins of all users + that are member of the group with the specified gid. + +@@ -101,38 +94,38 @@ + + + +- ++ <type> + + + + +- ++ hard + + +- for enforcing hard resource limits. ++ for enforcing hard resource limits. + These limits are set by the superuser and enforced by the Kernel. + The user cannot raise his requirement of system resources above such values. + + + + +- ++ soft + + +- for enforcing soft resource limits. ++ for enforcing soft resource limits. + These limits are ones that the user can move up or down within the +- permitted range by any pre-existing hard ++ permitted range by any pre-existing hard + limits. The values specified with this token can be thought of as + default values, for normal system usage. + + + + +- ++ - + + +- for enforcing both soft and +- hard resource limits together. ++ for enforcing both soft and ++ hard resource limits together. + + + Note, if you specify a type of '-' but neglect to supply the +@@ -147,79 +140,79 @@ + + + +- ++ <item> + + + + +- ++ core + + limits the core file size (KB) + + + +- ++ data + + maximum data size (KB) + + + +- ++ fsize + + maximum filesize (KB) + + + +- ++ memlock + + maximum locked-in-memory address space (KB) + + + +- ++ nofile + + maximum number of open file descriptors + + + +- ++ rss + + maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher) + + + +- ++ stack + + maximum stack size (KB) + + + +- ++ cpu + + maximum CPU time (minutes) + + + +- ++ nproc + + maximum number of processes + + + +- ++ as + + address space limit (KB) + + + +- ++ maxlogins + + maximum number of logins for this user (this limit does + not apply to user with uid=0) + + + +- ++ maxsyslogins + + maximum number of all logins on system; user is not + allowed to log-in if total number of all user logins is +@@ -228,46 +221,46 @@ + + + +- ++ nonewprivs + + value of 0 or 1; if set to 1 disables acquiring new + privileges by invoking prctl(PR_SET_NO_NEW_PRIVS) + + + +- ++ priority + + the priority to run user process with (negative + values boost process priority) + + + +- ++ locks + + maximum locked files (Linux 2.4 and higher) + + + +- ++ sigpending + + maximum number of pending signals (Linux 2.6 and higher) + + + +- ++ msgqueue + + maximum memory used by POSIX message queues (bytes) + (Linux 2.6 and higher) + + + +- ++ nice + + maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19] + + + +- ++ rtprio + + maximum realtime priority allowed for non-privileged processes + (Linux 2.6.12 and higher) +@@ -281,9 +274,9 @@ + + All items support the values -1, + unlimited or infinity indicating no limit, +- except for priority, nice, +- and nonewprivs. +- If nofile is to be set to one of these values, ++ except for priority, nice, ++ and nonewprivs. ++ If nofile is to be set to one of these values, + it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). + + +@@ -309,7 +302,7 @@ + + + In the limits configuration file, the +- '#' character introduces a comment ++ '#' character introduces a comment + - after which the rest of the line is ignored. + + +@@ -319,7 +312,7 @@ + + + +- ++ + EXAMPLES + + These are some example lines which might be specified in +@@ -340,7 +333,7 @@ ftp hard nproc 0 + + + +- ++ + SEE ALSO + + pam_limits8, +@@ -351,10 +344,10 @@ ftp hard nproc 0 + + + +- ++ + AUTHOR + + pam_limits was initially written by Cristian Gafton <gafton@redhat.com> + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml +index 422924fe8..cca046cce 100644 +--- a/modules/pam_limits/pam_limits.8.xml ++++ b/modules/pam_limits/pam_limits.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_limits + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_limits + + PAM module to limit resources +@@ -20,28 +17,28 @@ + + + +- ++ + pam_limits.so +- ++ + conf=/path/to/limits.conf + +- ++ + debug + +- ++ + set_all + +- ++ + utmp_early + +- ++ + noaudit + + + + + +- ++ + DESCRIPTION + + The pam_limits PAM module sets limits on the system resources that can be +@@ -84,12 +81,12 @@ + + + +- ++ + OPTIONS + + + +- ++ conf=/path/to/limits.conf + + + +@@ -100,7 +97,7 @@ + + + +- ++ debug + + + +@@ -110,7 +107,7 @@ + + + +- ++ set_all + + + +@@ -124,7 +121,7 @@ + + + +- ++ utmp_early + + + +@@ -139,7 +136,7 @@ + + + +- ++ noaudit + + + +@@ -150,14 +147,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -219,17 +216,17 @@ + + + +- ++ + FILES + + +- /etc/security/limits.conf ++ /etc/security/limits.conf + + Default configuration file + + + +- %vendordir%/security/limits.conf ++ %vendordir%/security/limits.conf + + Default configuration file if + /etc/security/limits.conf does not exist. +@@ -238,7 +235,7 @@ + + + +- ++ + EXAMPLES + + For the services you need resources limits (login for example) put a +@@ -257,7 +254,7 @@ session required pam_limits.so + + + +- ++ + SEE ALSO + + +@@ -272,10 +269,10 @@ session required pam_limits.so + + + +- ++ + AUTHORS + + pam_limits was initially written by Cristian Gafton <gafton@redhat.com> + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_listfile/README.xml b/modules/pam_listfile/README.xml +index d851aef30..d0b601075 100644 +--- a/modules/pam_listfile/README.xml ++++ b/modules/pam_listfile/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_listfile.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_listfile-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_listfile.8.xml" xpointer='xpointer(id("pam_listfile-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml +index 15f047c27..8847415a5 100644 +--- a/modules/pam_listfile/pam_listfile.8.xml ++++ b/modules/pam_listfile/pam_listfile.8.xml +@@ -1,45 +1,42 @@ +- +- +- +- ++ + + + pam_listfile + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_listfile + deny or allow services based on an arbitrary file + + + +- ++ + pam_listfile.so +- ++ + item=[tty|user|rhost|ruser|group|shell] + +- ++ + sense=[allow|deny] + +- ++ + file=/path/filename + +- ++ + onerr=[succeed|fail] + +- ++ + apply=[user|@group] + +- ++ + quiet + + + + +- ++ + + DESCRIPTION + +@@ -93,7 +90,7 @@ + + + +- ++ + + OPTIONS + +@@ -101,7 +98,7 @@ + + + +- ++ item=[tty|user|rhost|ruser|group|shell] + + + +@@ -112,7 +109,7 @@ + + + +- ++ sense=[allow|deny] + + + +@@ -124,7 +121,7 @@ + + + +- ++ file=/path/filename + + + +@@ -136,7 +133,7 @@ + + + +- ++ onerr=[succeed|fail] + + + +@@ -148,7 +145,7 @@ + + + +- ++ apply=[user|@group] + + + +@@ -161,7 +158,7 @@ + + + +- ++ quiet + + + +@@ -175,7 +172,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -183,7 +180,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -235,7 +232,7 @@ + + + +- ++ + EXAMPLES + + Classic 'ftpusers' authentication can be implemented with this entry +@@ -271,7 +268,7 @@ auth required pam_listfile.so \ + + + +- ++ + SEE ALSO + + +@@ -286,7 +283,7 @@ auth required pam_listfile.so \ + + + +- ++ + AUTHOR + + pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> +@@ -294,4 +291,4 @@ auth required pam_listfile.so \ + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_localuser/README.xml b/modules/pam_localuser/README.xml +index 4ab56d9df..f1b05d1a5 100644 +--- a/modules/pam_localuser/README.xml ++++ b/modules/pam_localuser/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_localuser.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_localuser-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_localuser.8.xml" xpointer='xpointer(id("pam_localuser-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml +index b3c1886b3..2002d1d67 100644 +--- a/modules/pam_localuser/pam_localuser.8.xml ++++ b/modules/pam_localuser/pam_localuser.8.xml +@@ -1,33 +1,30 @@ +- +- +- +- ++ + + + pam_localuser + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_localuser + require users to be listed in /etc/passwd + + + +- ++ + pam_localuser.so +- ++ + debug + +- ++ + file=/path/passwd + + + + +- ++ + + DESCRIPTION + +@@ -47,7 +44,7 @@ + + + +- ++ + + OPTIONS + +@@ -55,7 +52,7 @@ + + + +- ++ debug + + + +@@ -66,7 +63,7 @@ + + + +- ++ file=/path/passwd + + + +@@ -80,7 +77,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -88,7 +85,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -153,7 +150,7 @@ + + + +- ++ + EXAMPLES + + Add the following lines to /etc/pam.d/su to +@@ -165,11 +162,11 @@ account required pam_wheel.so + + + +- ++ + FILES + + +- /etc/passwd ++ /etc/passwd + + Local user account information. + +@@ -177,7 +174,7 @@ account required pam_wheel.so + + + +- ++ + SEE ALSO + + +@@ -192,11 +189,11 @@ account required pam_wheel.so + + + +- ++ + AUTHOR + + pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_loginuid/README.xml b/modules/pam_loginuid/README.xml +index 3bcd38abd..f972105f9 100644 +--- a/modules/pam_loginuid/README.xml ++++ b/modules/pam_loginuid/README.xml +@@ -1,36 +1,23 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_loginuid.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_loginuid-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_loginuid.8.xml" xpointer='xpointer(id("pam_loginuid-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml +index 9513b0e49..d5285f029 100644 +--- a/modules/pam_loginuid/pam_loginuid.8.xml ++++ b/modules/pam_loginuid/pam_loginuid.8.xml +@@ -1,30 +1,27 @@ +- +- +- +- ++ + + + pam_loginuid + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_loginuid + Record user's login uid to the process attribute + + + +- ++ + pam_loginuid.so +- ++ + require_auditd + + + + +- ++ + + DESCRIPTION + +@@ -40,12 +37,12 @@ + + + +- ++ + OPTIONS + + + +- ++ require_auditd + + + +@@ -57,14 +54,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -98,7 +95,7 @@ + + + +- ++ + EXAMPLES + + #%PAM-1.0 +@@ -111,7 +108,7 @@ session required pam_loginuid.so + + + +- ++ + SEE ALSO + + +@@ -132,11 +129,11 @@ session required pam_loginuid.so + + + +- ++ + AUTHOR + + pam_loginuid was written by Steve Grubb <sgrubb@redhat.com> + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_mail/README.xml b/modules/pam_mail/README.xml +index 4165d857c..5dc89a855 100644 +--- a/modules/pam_mail/README.xml ++++ b/modules/pam_mail/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_mail.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mail-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mail.8.xml" xpointer='xpointer(id("pam_mail-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml +index 95216b6cf..2c0c0543a 100644 +--- a/modules/pam_mail/pam_mail.8.xml ++++ b/modules/pam_mail/pam_mail.8.xml +@@ -1,54 +1,51 @@ +- +- +- +- ++ + + + pam_mail + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_mail + Inform about available mail + + + +- ++ + pam_mail.so +- ++ + close + +- ++ + debug + +- ++ + dir=maildir + +- ++ + empty + +- ++ + hash=count + +- ++ + noenv + +- ++ + nopen + +- ++ + quiet + +- ++ + standard + + + + +- ++ + + DESCRIPTION + +@@ -58,18 +55,18 @@ + that has credential or session hooks. It gives a single message + indicating the newness of any mail it finds + in the user's mail folder. This module also sets the PAM +- environment variable, MAIL, to the ++ environment variable, MAIL, to the + user's mail directory. + + + If the mail spool file (be it /var/mail/$USER + or a pathname given with the parameter) is + a directory then pam_mail assumes it is in the +- Maildir format. ++ Maildir format. + + + +- ++ + + OPTIONS + +@@ -77,7 +74,7 @@ + + + +- ++ close + + + +@@ -88,7 +85,7 @@ + + + +- ++ debug + + + +@@ -99,7 +96,7 @@ + + + +- ++ dir=maildir + + + +@@ -116,7 +113,7 @@ + + + +- ++ empty + + + +@@ -127,7 +124,7 @@ + + + +- ++ hash=count + + + +@@ -141,11 +138,11 @@ + + + +- ++ noenv + + + +- Do not set the MAIL ++ Do not set the MAIL + environment variable. + + +@@ -153,12 +150,12 @@ + + + +- ++ nopen + + + + Don't print any mail information on login. This flag is +- useful to get the MAIL ++ useful to get the MAIL + environment variable set, but to not display any information + about it. + +@@ -167,7 +164,7 @@ + + + +- ++ quiet + + + +@@ -178,7 +175,7 @@ + + + +- ++ standard + + + +@@ -193,7 +190,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The and +@@ -202,7 +199,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -244,7 +241,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/login to +@@ -255,7 +252,7 @@ session optional pam_mail.so standard + + + +- ++ + SEE ALSO + + +@@ -270,11 +267,11 @@ session optional pam_mail.so standard + + + +- ++ + AUTHOR + + pam_mail was written by Andrew G. Morgan <morgan@kernel.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_mkhomedir/README.xml b/modules/pam_mkhomedir/README.xml +index 978cbe776..ef9989563 100644 +--- a/modules/pam_mkhomedir/README.xml ++++ b/modules/pam_mkhomedir/README.xml +@@ -1,36 +1,23 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_mkhomedir.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mkhomedir-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mkhomedir.8.xml" xpointer='xpointer(id("pam_mkhomedir-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8.xml b/modules/pam_mkhomedir/mkhomedir_helper.8.xml +index 8a76f2d6c..0f4c4b401 100644 +--- a/modules/pam_mkhomedir/mkhomedir_helper.8.xml ++++ b/modules/pam_mkhomedir/mkhomedir_helper.8.xml +@@ -1,31 +1,28 @@ +- +- +- +- ++ + + + mkhomedir_helper + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + mkhomedir_helper + Helper binary that creates home directories + + + +- ++ + mkhomedir_helper +- ++ + user + +- ++ + umask +- ++ + path-to-skel +- ++ + home_mode + + +@@ -33,7 +30,7 @@ + + + +- ++ + + DESCRIPTION + +@@ -63,7 +60,7 @@ + + + +- ++ + SEE ALSO + + +@@ -72,7 +69,7 @@ + + + +- ++ + AUTHOR + + Written by Tomas Mraz based on the code originally in +@@ -80,4 +77,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml +index 10109067c..ad957248c 100644 +--- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml ++++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_mkhomedir + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_mkhomedir + + PAM module to create users home directory +@@ -20,25 +17,25 @@ + + + +- ++ + pam_mkhomedir.so +- ++ + silent + +- ++ + debug + +- ++ + umask=mode + +- ++ + skel=skeldir + + + + + +- ++ + DESCRIPTION + + The pam_mkhomedir PAM module will create a users home directory +@@ -55,13 +52,13 @@ + + + +- ++ + OPTIONS + + + + +- ++ silent + + + +@@ -72,7 +69,7 @@ + + + +- ++ debug + + + +@@ -86,7 +83,7 @@ + + + +- ++ umask=mask + + + +@@ -106,7 +103,7 @@ + + + +- ++ skel=/path/to/skel/directory + + + +@@ -119,14 +116,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -165,11 +162,11 @@ + + + +- ++ + FILES + + +- /etc/skel ++ /etc/skel + + Default skel directory + +@@ -177,7 +174,7 @@ + + + +- ++ + EXAMPLES + + A sample /etc/pam.d/login file: +@@ -198,7 +195,7 @@ + + + +- ++ + SEE ALSO + + +@@ -210,10 +207,10 @@ + + + +- ++ + AUTHOR + + pam_mkhomedir was written by Jason Gunthorpe <jgg@debian.org>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_motd/README.xml b/modules/pam_motd/README.xml +index 779e4d171..9e8edadff 100644 +--- a/modules/pam_motd/README.xml ++++ b/modules/pam_motd/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_motd.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_motd-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml +index 0afd4c99e..74420371f 100644 +--- a/modules/pam_motd/pam_motd.8.xml ++++ b/modules/pam_motd/pam_motd.8.xml +@@ -1,33 +1,30 @@ +- +- +- +- ++ + + + pam_motd + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_motd + Display the motd file + + + +- ++ + pam_motd.so +- ++ + motd=/path/filename + +- ++ + motd_dir=/path/dirname.d + + + + +- ++ + + DESCRIPTION + +@@ -38,7 +35,7 @@ + following locations: + + +- ++ + /etc/motd + /run/motd + /usr/lib/motd +@@ -79,19 +76,19 @@ + ln -s /dev/null /etc/motd.d/my_motd + + +- The MOTD_SHOWN=pam environment variable ++ The MOTD_SHOWN=pam environment variable + is set after showing the motd files, even when all of them were silenced + using symbolic links. + + + +- ++ + + OPTIONS + + + +- ++ motd=/path/filename + + + +@@ -104,7 +101,7 @@ + + + +- ++ motd_dir=/path/dirname.d + + + +@@ -123,14 +120,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -160,7 +157,7 @@ + + + +- ++ + EXAMPLES + + The suggested usage for /etc/pam.d/login is: +@@ -183,7 +180,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d + + + +- ++ + SEE ALSO + + +@@ -201,7 +198,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d + + + +- ++ + AUTHOR + + pam_motd was written by Ben Collins <bcollins@debian.org>. +@@ -212,4 +209,4 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_namespace/README.xml b/modules/pam_namespace/README.xml +index 4ef99c9fd..f94cb0650 100644 +--- a/modules/pam_namespace/README.xml ++++ b/modules/pam_namespace/README.xml +@@ -1,44 +1,27 @@ +- +- +---> +- +-]> +- +-
+- +- ++
++ ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_namespace.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_namespace-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_namespace.8.xml" xpointer='xpointer(id("pam_namespace-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml +index 67f8c043e..d398639b2 100644 +--- a/modules/pam_namespace/namespace.conf.5.xml ++++ b/modules/pam_namespace/namespace.conf.5.xml +@@ -1,13 +1,10 @@ +- +- +- +- ++ + + + namespace.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + + +@@ -16,7 +13,7 @@ + + + +- ++ + DESCRIPTION + + +@@ -175,7 +172,7 @@ + + + +- ++ + EXAMPLES + + These are some example lines which might be specified in +@@ -220,7 +217,7 @@ + + + +- ++ + SEE ALSO + + pam_namespace8, +@@ -229,11 +226,11 @@ + + + +- ++ + AUTHORS + + The namespace.conf manual page was written by Janak Desai <janak@us.ibm.com>. + More features added by Tomas Mraz <tmraz@redhat.com>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml +index ddaa00b4f..598037a49 100644 +--- a/modules/pam_namespace/pam_namespace.8.xml ++++ b/modules/pam_namespace/pam_namespace.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_namespace + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_namespace + + PAM module for configuring namespace for a session +@@ -20,46 +17,46 @@ + + + +- ++ + pam_namespace.so +- ++ + debug + +- ++ + unmnt_remnt + +- ++ + unmnt_only + +- ++ + require_selinux + +- ++ + gen_hash + +- ++ + ignore_config_error + +- ++ + ignore_instance_parent_mode + +- ++ + unmount_on_close + +- ++ + use_current_context + +- ++ + use_default_context + +- ++ + mount_private + + + + + +- ++ + DESCRIPTION + + The pam_namespace PAM module sets up a private namespace for a session +@@ -94,13 +91,13 @@ + + + +- ++ + OPTIONS + + + + +- ++ debug + + + +@@ -111,7 +108,7 @@ + + + +- ++ unmnt_remnt + + + +@@ -131,7 +128,7 @@ + + + +- ++ unmnt_only + + + +@@ -146,7 +143,7 @@ + + + +- ++ require_selinux + + + +@@ -157,7 +154,7 @@ + + + +- ++ gen_hash + + + +@@ -170,7 +167,7 @@ + + + +- ++ ignore_config_error + + + +@@ -186,7 +183,7 @@ + + + +- ++ ignore_instance_parent_mode + + + +@@ -201,7 +198,7 @@ + + + +- ++ unmount_on_close + + + +@@ -218,7 +215,7 @@ + + + +- ++ use_current_context + + + +@@ -232,7 +229,7 @@ + + + +- ++ use_default_context + + + +@@ -246,7 +243,7 @@ + + + +- ++ mount_private + + + +@@ -271,7 +268,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. +@@ -279,7 +276,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -309,18 +306,18 @@ + + + +- ++ + FILES + + +- /etc/security/namespace.conf ++ /etc/security/namespace.conf + + Main configuration file + + + + +- %vendordir%/security/namespace.conf ++ %vendordir%/security/namespace.conf + + Default configuration file if + /etc/security/namespace.conf does not exist. +@@ -328,28 +325,28 @@ + + + +- /etc/security/namespace.d ++ /etc/security/namespace.d + + Directory for additional configuration files + + + + +- %vendordir%/security/namespace.d ++ %vendordir%/security/namespace.d + + Directory for additional vendor specific configuration files. + + + + +- /etc/security/namespace.init ++ /etc/security/namespace.init + + Init script for instance directories + + + + +- %vendordir%/security/namespace.init ++ %vendordir%/security/namespace.init + + Vendor init script for instance directories if + /etc/security/namespace.init does not exist. +@@ -359,7 +356,7 @@ + + + +- ++ + EXAMPLES + + +@@ -379,7 +376,7 @@ + + + +- ++ + SEE ALSO + + +@@ -397,7 +394,7 @@ + + + +- ++ + AUTHORS + + The namespace setup scheme was designed by Stephen Smalley, Janak Desai +@@ -408,4 +405,4 @@ + <tmraz@redhat.com>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_namespace/pam_namespace_helper.8.xml b/modules/pam_namespace/pam_namespace_helper.8.xml +index 2f5adbed7..002c254a1 100644 +--- a/modules/pam_namespace/pam_namespace_helper.8.xml ++++ b/modules/pam_namespace/pam_namespace_helper.8.xml +@@ -1,27 +1,24 @@ +- +- +- +- ++ + + + pam_namespace_helper + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_namespace_helper + Helper binary that creates home directories + + + +- ++ + pam_namespace_helper + + + +- ++ + + DESCRIPTION + +@@ -43,7 +40,7 @@ + + + +- ++ + SEE ALSO + + +@@ -52,11 +49,11 @@ + + + +- ++ + AUTHOR + + Written by Topi Miettinen. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_nologin/README.xml b/modules/pam_nologin/README.xml +index bc0808e73..5a9933244 100644 +--- a/modules/pam_nologin/README.xml ++++ b/modules/pam_nologin/README.xml +@@ -1,46 +1,31 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_nologin.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_nologin-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_nologin.8.xml" xpointer='xpointer(id("pam_nologin-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml +index c86e3763d..1ea725ce8 100644 +--- a/modules/pam_nologin/pam_nologin.8.xml ++++ b/modules/pam_nologin/pam_nologin.8.xml +@@ -1,33 +1,30 @@ +- +- +- +- ++ + + + pam_nologin + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_nologin + Prevent non-root users from login + + + +- ++ + pam_nologin.so +- ++ + file=/path/nologin + +- ++ + successok + + + + +- ++ + + DESCRIPTION + +@@ -40,13 +37,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ file=/path/nologin + + + +@@ -58,7 +55,7 @@ + + + +- ++ successok + + + +@@ -69,7 +66,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The and module +@@ -77,7 +74,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -123,7 +120,7 @@ + + + +- ++ + EXAMPLES + + The suggested usage for /etc/pam.d/login is: +@@ -132,7 +129,7 @@ auth required pam_nologin.so + + + +- ++ + NOTES + + In order to make this module effective, all login methods should be +@@ -147,7 +144,7 @@ auth required pam_nologin.so + + + +- ++ + SEE ALSO + + +@@ -165,11 +162,11 @@ auth required pam_nologin.so + + + +- ++ + AUTHOR + + pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_permit/README.xml b/modules/pam_permit/README.xml +index acb38b512..c08425f81 100644 +--- a/modules/pam_permit/README.xml ++++ b/modules/pam_permit/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_permit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_permit-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_permit.8.xml" xpointer='xpointer(id("pam_permit-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml +index 6bb496583..0634e5eb6 100644 +--- a/modules/pam_permit/pam_permit.8.xml ++++ b/modules/pam_permit/pam_permit.8.xml +@@ -1,27 +1,24 @@ +- +- +- +- ++ + + + pam_permit + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_permit + The promiscuous module + + + +- ++ + pam_permit.so + + + +- ++ + + DESCRIPTION + +@@ -41,13 +38,13 @@ + + + +- ++ + + OPTIONS + This module does not recognise any options. + + +- ++ + MODULE TYPES PROVIDED + + The , , +@@ -56,7 +53,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -70,7 +67,7 @@ + + + +- ++ + EXAMPLES + + Add this line to your other login entries to disable account +@@ -81,7 +78,7 @@ account required pam_permit.so + + + +- ++ + SEE ALSO + + +@@ -96,11 +93,11 @@ account required pam_permit.so + + + +- ++ + AUTHOR + + pam_permit was written by Andrew G. Morgan, <morgan@kernel.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_pwhistory/README.xml b/modules/pam_pwhistory/README.xml +index f048e321c..194edbc73 100644 +--- a/modules/pam_pwhistory/README.xml ++++ b/modules/pam_pwhistory/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_pwhistory.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_pwhistory-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_pwhistory.8.xml" xpointer='xpointer(id("pam_pwhistory-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml +index 2a8fa7f6a..62848666b 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.8.xml ++++ b/modules/pam_pwhistory/pam_pwhistory.8.xml +@@ -1,52 +1,49 @@ +- +- +- +- ++ + + + pam_pwhistory + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_pwhistory + PAM module to remember last passwords + + + +- ++ + pam_pwhistory.so +- ++ + debug + +- ++ + use_authtok + +- ++ + enforce_for_root + +- ++ + remember=N + +- ++ + retry=N + +- ++ + authtok_type=STRING + +- ++ + file=/path/filename + +- ++ + conf=/path/to/config-file + + + + + +- ++ + + DESCRIPTION + +@@ -64,12 +61,12 @@ + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -82,7 +79,7 @@ + + + +- ++ use_authtok + + + +@@ -95,7 +92,7 @@ + + + +- ++ enforce_for_root + + + +@@ -105,7 +102,7 @@ + + + +- ++ remember=N + + + +@@ -119,7 +116,7 @@ + + + +- ++ retry=N + + + +@@ -132,7 +129,7 @@ + + + +- ++ authtok_type=STRING + + + +@@ -145,7 +142,7 @@ + + + +- ++ file=/path/filename + + + +@@ -158,7 +155,7 @@ + + + +- ++ conf=/path/to/config-file + + + +@@ -178,14 +175,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -224,7 +221,7 @@ + + + +- ++ + EXAMPLES + + An example password section would be: +@@ -245,11 +242,11 @@ password required pam_unix.so use_authtok + + + +- ++ + FILES + + +- /etc/security/opasswd ++ /etc/security/opasswd + + Default file with password history + +@@ -257,7 +254,7 @@ password required pam_unix.so use_authtok + + + +- ++ + SEE ALSO + + +@@ -278,11 +275,11 @@ password required pam_unix.so use_authtok + + + +- ++ + AUTHOR + + pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml +index bac5ffed5..2a2dfd3a6 100644 +--- a/modules/pam_pwhistory/pwhistory.conf.5.xml ++++ b/modules/pam_pwhistory/pwhistory.conf.5.xml +@@ -1,25 +1,22 @@ +- +- +- +- ++ + + + pwhistory.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pwhistory.conf + pam_pwhistory configuration file + + +- ++ + + DESCRIPTION + +- pwhistory.conf provides a way to configure the ++ pwhistory.conf provides a way to configure the + default settings for saving the last passwords for each user. + This file is read by the pam_pwhistory module and is the + preferred method over configuring pam_pwhistory directly. +@@ -31,13 +28,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ debug + + + +@@ -50,7 +47,7 @@ + + + +- ++ enforce_for_root + + + +@@ -60,7 +57,7 @@ + + + +- ++ remember=N + + + +@@ -74,7 +71,7 @@ + + + +- ++ retry=N + + + +@@ -85,7 +82,7 @@ + + + +- ++ file=/path/filename + + + +@@ -99,7 +96,7 @@ + + + +- ++ + EXAMPLES + + /etc/security/pwhistory.conf file example: +@@ -111,11 +108,11 @@ file=/tmp/opasswd + + + +- ++ + FILES + + +- /etc/security/pwhistory.conf ++ /etc/security/pwhistory.conf + + the config file for custom options + +@@ -123,7 +120,7 @@ file=/tmp/opasswd + + + +- ++ + SEE ALSO + + +@@ -144,7 +141,7 @@ file=/tmp/opasswd + + + +- ++ + AUTHOR + + pam_pwhistory was written by Thorsten Kukuk. The support for +@@ -152,4 +149,4 @@ file=/tmp/opasswd + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_pwhistory/pwhistory_helper.8.xml b/modules/pam_pwhistory/pwhistory_helper.8.xml +index a03017645..8370a485c 100644 +--- a/modules/pam_pwhistory/pwhistory_helper.8.xml ++++ b/modules/pam_pwhistory/pwhistory_helper.8.xml +@@ -1,30 +1,27 @@ +- +- +- +- ++ + + + pwhistory_helper + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pwhistory_helper + Helper binary that transfers password hashes from passwd or shadow to opasswd + + + +- ++ + pwhistory_helper +- ++ + ... + + + + +- ++ + + DESCRIPTION + +@@ -48,7 +45,7 @@ + + + +- ++ + SEE ALSO + + +@@ -57,7 +54,7 @@ + + + +- ++ + AUTHOR + + Written by Tomas Mraz based on the code originally in +@@ -65,4 +62,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_rhosts/README.xml b/modules/pam_rhosts/README.xml +index 5d3307e73..2345dffda 100644 +--- a/modules/pam_rhosts/README.xml ++++ b/modules/pam_rhosts/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_rhosts.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rhosts-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rhosts.8.xml" xpointer='xpointer(id("pam_rhosts-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml +index eb96371d2..b8a5c1cbb 100644 +--- a/modules/pam_rhosts/pam_rhosts.8.xml ++++ b/modules/pam_rhosts/pam_rhosts.8.xml +@@ -1,27 +1,24 @@ +- +- +- +- ++ + + + pam_rhosts + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_rhosts + The rhosts PAM module + + + +- ++ + pam_rhosts.so + + + +- ++ + + DESCRIPTION + +@@ -53,12 +50,12 @@ + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -68,7 +65,7 @@ + + + +- ++ silent + + + +@@ -78,7 +75,7 @@ + + + +- ++ superuser=account + + + +@@ -89,14 +86,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -120,7 +117,7 @@ + + + +- ++ + EXAMPLES + + To grant a remote user access by /etc/hosts.equiv +@@ -137,7 +134,7 @@ auth required pam_unix.so + + + +- ++ + SEE ALSO + + +@@ -161,11 +158,11 @@ auth required pam_unix.so + + + +- ++ + AUTHOR + + pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de> + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_rootok/README.xml b/modules/pam_rootok/README.xml +index 6fb58cd04..58f77967b 100644 +--- a/modules/pam_rootok/README.xml ++++ b/modules/pam_rootok/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_rootok.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rootok-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rootok.8.xml" xpointer='xpointer(id("pam_rootok-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml +index 06457bf5e..a79c073af 100644 +--- a/modules/pam_rootok/pam_rootok.8.xml ++++ b/modules/pam_rootok/pam_rootok.8.xml +@@ -1,30 +1,27 @@ +- +- +- +- ++ + + + pam_rootok + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_rootok + Gain only root access + + + +- ++ + pam_rootok.so +- ++ + debug + + + + +- ++ + + DESCRIPTION + +@@ -38,12 +35,12 @@ + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -54,7 +51,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The , and +@@ -62,7 +59,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -77,7 +74,7 @@ + PAM_AUTH_ERR + + +- The UID is not ++ The UID is not + 0. + + +@@ -85,7 +82,7 @@ + + + +- ++ + EXAMPLES + + In the case of the +@@ -103,7 +100,7 @@ auth required pam_unix.so + + + +- ++ + SEE ALSO + + +@@ -121,11 +118,11 @@ auth required pam_unix.so + + + +- ++ + AUTHOR + + pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_securetty/README.xml b/modules/pam_securetty/README.xml +index a8c098a04..70176d758 100644 +--- a/modules/pam_securetty/README.xml ++++ b/modules/pam_securetty/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_securetty.8.xml" xpointer='xpointer(id("pam_securetty-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml +index e49d572b2..9038f5b2b 100644 +--- a/modules/pam_securetty/pam_securetty.8.xml ++++ b/modules/pam_securetty/pam_securetty.8.xml +@@ -1,30 +1,27 @@ +- +- +- +- ++ + + + pam_securetty + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_securetty + Limit root login to special devices + + + +- ++ + pam_securetty.so +- ++ + debug + + + + +- ++ + + DESCRIPTION + +@@ -43,23 +40,23 @@ + + + This module has no effect on non-root users and requires that the +- application fills in the PAM_TTY ++ application fills in the PAM_TTY + item correctly. + + + For canonical usage, should be listed as a +- required authentication method +- before any sufficient ++ required authentication method ++ before any sufficient + authentication methods. + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -69,7 +66,7 @@ + + + +- ++ noconsole + + + +@@ -83,14 +80,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -164,7 +161,7 @@ + + + +- ++ + EXAMPLES + + +@@ -174,7 +171,7 @@ auth required pam_unix.so + + + +- ++ + SEE ALSO + + +@@ -192,11 +189,11 @@ auth required pam_unix.so + + + +- ++ + AUTHOR + + pam_securetty was written by Elliot Lee <sopwith@cuc.edu>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_selinux/README.xml b/modules/pam_selinux/README.xml +index 7e1baf555..dc1b5697f 100644 +--- a/modules/pam_selinux/README.xml ++++ b/modules/pam_selinux/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_selinux.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_selinux-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml +index 28d465f56..3aa632cf6 100644 +--- a/modules/pam_selinux/pam_selinux.8.xml ++++ b/modules/pam_selinux/pam_selinux.8.xml +@@ -1,54 +1,51 @@ +- +- +- +- ++ + + + pam_selinux + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_selinux + PAM module to set the default security context + + + +- ++ + pam_selinux.so +- ++ + open + +- ++ + close + +- ++ + restore + +- ++ + nottys + +- ++ + debug + +- ++ + verbose + +- ++ + select_context + +- ++ + env_params + +- ++ + use_current_range + + + + +- ++ + DESCRIPTION + + pam_selinux is a PAM module that sets up the default SELinux security +@@ -79,12 +76,12 @@ + + + +- ++ + OPTIONS + + + +- ++ open + + + +@@ -94,7 +91,7 @@ + + + +- ++ close + + + +@@ -104,7 +101,7 @@ + + + +- ++ restore + + + +@@ -117,7 +114,7 @@ + + + +- ++ nottys + + + +@@ -127,7 +124,7 @@ + + + +- ++ debug + + + +@@ -140,7 +137,7 @@ + + + +- ++ verbose + + + +@@ -150,7 +147,7 @@ + + + +- ++ select_context + + + +@@ -161,7 +158,7 @@ + + + +- ++ env_params + + + +@@ -178,7 +175,7 @@ + + + +- ++ use_current_range + + + +@@ -191,14 +188,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -236,7 +233,7 @@ + + + +- ++ + EXAMPLES + + auth required pam_unix.so +@@ -245,7 +242,7 @@ session optional pam_selinux.so + + + +- ++ + SEE ALSO + + +@@ -266,11 +263,11 @@ session optional pam_selinux.so + + + +- ++ + AUTHOR + + pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_sepermit/README.xml b/modules/pam_sepermit/README.xml +index bb65951c0..a8d31d8c1 100644 +--- a/modules/pam_sepermit/README.xml ++++ b/modules/pam_sepermit/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_sepermit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_sepermit-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_sepermit.8.xml" xpointer='xpointer(id("pam_sepermit-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml +index 5763c3466..791d2bbec 100644 +--- a/modules/pam_sepermit/pam_sepermit.8.xml ++++ b/modules/pam_sepermit/pam_sepermit.8.xml +@@ -1,33 +1,30 @@ +- +- +- +- ++ + + + pam_sepermit + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_sepermit + PAM module to allow/deny login depending on SELinux enforcement state + + + +- ++ + pam_sepermit.so +- ++ + debug + +- ++ + conf=/path/to/config/file + + + + +- ++ + DESCRIPTION + + The pam_sepermit module allows or denies login depending on SELinux +@@ -61,12 +58,12 @@ + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -79,7 +76,7 @@ + + + +- ++ conf=/path/to/config/file + + + +@@ -90,7 +87,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The and +@@ -98,7 +95,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -145,11 +142,11 @@ + + + +- ++ + FILES + + +- /etc/security/sepermit.conf ++ /etc/security/sepermit.conf + + Default configuration file + +@@ -157,7 +154,7 @@ + + + +- ++ + EXAMPLES + + auth [success=done ignore=ignore default=bad] pam_sepermit.so +@@ -167,7 +164,7 @@ session required pam_permit.so + + + +- ++ + SEE ALSO + + +@@ -188,11 +185,11 @@ session required pam_permit.so + + + +- ++ + AUTHOR + + pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_sepermit/sepermit.conf.5.xml b/modules/pam_sepermit/sepermit.conf.5.xml +index 511480f61..ff924ce1a 100644 +--- a/modules/pam_sepermit/sepermit.conf.5.xml ++++ b/modules/pam_sepermit/sepermit.conf.5.xml +@@ -1,13 +1,10 @@ +- +- +- +- ++ + + + sepermit.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + + +@@ -15,7 +12,7 @@ + configuration file for the pam_sepermit module + + +- ++ + DESCRIPTION + + The lines of the configuration file have the following syntax: +@@ -24,7 +21,7 @@ + <user>[:<option>:<option>...] + + +- The user can be specified in the following manner: ++ The user can be specified in the following manner: + + + +@@ -34,13 +31,13 @@ + + + +- a groupname, with @group syntax. ++ a groupname, with @group syntax. + This should not be confused with netgroups. + + + + +- a SELinux user name with %seuser syntax. ++ a SELinux user name with %seuser syntax. + + + +@@ -51,7 +48,7 @@ + + + +- ++ exclusive + + + Only single login session will be allowed for the user +@@ -60,7 +57,7 @@ + + + +- ++ ignore + + + The module will never return PAM_SUCCESS status for the user. +@@ -78,7 +75,7 @@ + + + +- ++ + EXAMPLES + + These are some example lines which might be specified in +@@ -91,7 +88,7 @@ + + + +- ++ + SEE ALSO + + pam_sepermit8, +@@ -101,10 +98,10 @@ + + + +- ++ + AUTHOR + + pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com> + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_setquota/README.xml b/modules/pam_setquota/README.xml +index 4eeddecc5..7f5e429d6 100644 +--- a/modules/pam_setquota/README.xml ++++ b/modules/pam_setquota/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_setquota.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_setquota-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_setquota.8.xml" xpointer='xpointer(id("pam_setquota-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_setquota/pam_setquota.8.xml b/modules/pam_setquota/pam_setquota.8.xml +index fe83c8053..41644eeb9 100644 +--- a/modules/pam_setquota/pam_setquota.8.xml ++++ b/modules/pam_setquota/pam_setquota.8.xml +@@ -1,53 +1,51 @@ +- +- +- +- ++ + + + pam_setquota + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_setquota + PAM module to set or modify disk quotas on session start + + + +- ++ + pam_setquota.so +- ++ + fs=/home + +- ++ + overwrite=0 + +- ++ + debug=0 + +- ++ + startuid=1000 + +- ++ + enduid=0 + +- ++ + bsoftlimit=19000 + +- ++ + bhardlimit=20000 + +- ++ + isoftlimit=3000 + +- ++ + ihardlimit=4000 + + + + +- ++ + + DESCRIPTION + +@@ -60,14 +58,14 @@ + + + +- ++ + + OPTIONS + + + + +- ++ fs=/home + + + +@@ -78,7 +76,7 @@ + + + +- ++ overwrite=0 + + + +@@ -91,7 +89,7 @@ + + + +- ++ debug=0 + + + +@@ -103,7 +101,7 @@ + + + +- ++ startuid=1000 + + + +@@ -115,7 +113,7 @@ + + + +- ++ enduid=0 + + + +@@ -128,7 +126,7 @@ + + + +- ++ bsoftlimit=19000 + + + +@@ -142,7 +140,7 @@ + + + +- ++ bhardlimit=20000 + + + +@@ -156,7 +154,7 @@ + + + +- ++ isoftlimit=3000 + + + +@@ -169,7 +167,7 @@ + + + +- ++ ihardlimit=4000 + + + +@@ -184,14 +182,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the module type is provided. + + + +- ++ + RETURN VALUES + + +@@ -255,7 +253,7 @@ + + + +- ++ + EXAMPLES + + A single invocation of `pam_setquota` applies a specific policy to a UID +@@ -270,7 +268,7 @@ + + + +- ++ + SEE ALSO + + +@@ -285,7 +283,7 @@ + + + +- ++ + AUTHOR + + pam_setquota was originally written by +@@ -298,4 +296,4 @@ + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_shells/README.xml b/modules/pam_shells/README.xml +index 154b97b51..c4da1a060 100644 +--- a/modules/pam_shells/README.xml ++++ b/modules/pam_shells/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_shells.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_shells-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml +index 15f476717..67d8ecf16 100644 +--- a/modules/pam_shells/pam_shells.8.xml ++++ b/modules/pam_shells/pam_shells.8.xml +@@ -1,27 +1,24 @@ +- +- +- +- ++ + + + pam_shells + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_shells + PAM module to check for valid login shell + + + +- ++ + pam_shells.so + + + +- ++ + + DESCRIPTION + +@@ -35,13 +32,13 @@ + + + +- ++ + + OPTIONS + This module does not recognise any options. + + +- ++ + MODULE TYPES PROVIDED + + The and +@@ -49,7 +46,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -80,7 +77,7 @@ + + + +- ++ + EXAMPLES + + +@@ -89,7 +86,7 @@ auth required pam_shells.so + + + +- ++ + SEE ALSO + + +@@ -107,11 +104,11 @@ auth required pam_shells.so + + + +- ++ + AUTHOR + + pam_shells was written by Erik Troan <ewt@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_stress/README.xml b/modules/pam_stress/README.xml +index 6f94685e1..cc7a1848d 100644 +--- a/modules/pam_stress/README.xml ++++ b/modules/pam_stress/README.xml +@@ -1,31 +1,19 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_stress.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_stress-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_stress.8.xml" xpointer='xpointer(id("pam_stress-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_stress/pam_stress.8.xml b/modules/pam_stress/pam_stress.8.xml +index 98888b1ce..617b7aae1 100644 +--- a/modules/pam_stress/pam_stress.8.xml ++++ b/modules/pam_stress/pam_stress.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_stress + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_stress + The stress-testing PAM module + +@@ -18,42 +15,42 @@ + + + +- ++ + pam_stress.so +- ++ + debug + +- ++ + no_warn + +- ++ + use_first_pass + +- ++ + try_first_pass + +- ++ + rootok + +- ++ + expired + +- ++ + fail_1 + +- ++ + fail_2 + +- ++ + prelim + +- ++ + required + + + + +- ++ + DESCRIPTION + + The pam_stress PAM module is mainly intended to give the impression of failing as a fully +@@ -61,13 +58,13 @@ functioning module might. + + + +- ++ + OPTIONS + + + + +- ++ debug + + + +@@ -79,7 +76,7 @@ functioning module might. + + + +- ++ no_warn + + + +@@ -91,7 +88,7 @@ functioning module might. + + + +- ++ use_first_pass + + + +@@ -103,7 +100,7 @@ functioning module might. + + + +- ++ try_first_pass + + + +@@ -115,7 +112,7 @@ functioning module might. + + + +- ++ rootok + + + +@@ -128,7 +125,7 @@ functioning module might. + + + +- ++ expired + + + +@@ -141,7 +138,7 @@ functioning module might. + + + +- ++ fail_1 + + + +@@ -152,7 +149,7 @@ functioning module might. + + + +- ++ fail_2 + + + +@@ -164,7 +161,7 @@ functioning module might. + + + +- ++ prelim + + + +@@ -175,7 +172,7 @@ functioning module might. + + + +- ++ required + + + +@@ -189,7 +186,7 @@ functioning module might. + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -197,7 +194,7 @@ functioning module might. + + + +- ++ + RETURN VALUES + + +@@ -307,7 +304,7 @@ functioning module might. + + + +- ++ + NOTES + + This module uses the stress_new_pwd data string which tells +@@ -316,7 +313,7 @@ functioning module might. + + + +- ++ + EXAMPLES + + #%PAM-1.0 +@@ -329,7 +326,7 @@ session required pam_stress.so + + + +- ++ + SEE ALSO + + +@@ -344,7 +341,7 @@ session required pam_stress.so + + + +- ++ + AUTHORS + + The pam_stress PAM module was developed by +@@ -353,4 +350,4 @@ session required pam_stress.so + Lucas Ramage <ramage.lucas@protonmail.com>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_succeed_if/README.xml b/modules/pam_succeed_if/README.xml +index c52f00a0f..1c174af05 100644 +--- a/modules/pam_succeed_if/README.xml ++++ b/modules/pam_succeed_if/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_succeed_if.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_succeed_if-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml +index 14d939a3e..90fd11454 100644 +--- a/modules/pam_succeed_if/pam_succeed_if.8.xml ++++ b/modules/pam_succeed_if/pam_succeed_if.8.xml +@@ -1,34 +1,30 @@ +- +- +- +- +- ++ + + + + + pam_succeed_if + 8 +- Linux-PAM ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_succeed_if + test account characteristics + + + + +- ++ + pam_succeed_if.so +- flag +- condition ++ flag ++ condition + + + + +- ++ + DESCRIPTION + + pam_succeed_if.so is designed to succeed or fail authentication +@@ -43,7 +39,7 @@ + + + +- ++ + OPTIONS + + The following flags are supported: +@@ -51,13 +47,13 @@ + + + +- ++ debug + + Turns on debugging messages sent to syslog. + + + +- ++ use_uid + + + Evaluate conditions using the account of the user whose UID +@@ -67,13 +63,13 @@ + + + +- ++ quiet + + Don't log failure or success to the system log. + + + +- ++ quiet_fail + + + Don't log failure to the system log. +@@ -81,7 +77,7 @@ + + + +- ++ quiet_success + + + Don't log success to the system log. +@@ -89,7 +85,7 @@ + + + +- ++ audit + + + Log unknown users to the system log. +@@ -112,13 +108,13 @@ + + + +- ++ field < number + + Field has a value numerically less than number. + + + +- ++ field <= number + + + Field has a value numerically less than or equal to number. +@@ -126,7 +122,7 @@ + + + +- ++ field eq number + + + Field has a value numerically equal to number. +@@ -134,7 +130,7 @@ + + + +- ++ field >= number + + + Field has a value numerically greater than or equal to number. +@@ -142,7 +138,7 @@ + + + +- ++ field > number + + + Field has a value numerically greater than number. +@@ -150,7 +146,7 @@ + + + +- ++ field ne number + + + Field has a value numerically different from number. +@@ -158,7 +154,7 @@ + + + +- ++ field = string + + + Field exactly matches the given string. +@@ -166,7 +162,7 @@ + + + +- ++ field != string + + + Field does not match the given string. +@@ -174,49 +170,49 @@ + + + +- ++ field =~ glob + + Field matches the given glob. + + + +- ++ field !~ glob + + Field does not match the given glob. + + + +- ++ field in item:item:... + + Field is contained in the list of items separated by colons. + + + +- ++ field notin item:item:... + + Field is not contained in the list of items separated by colons. + + + +- ++ user ingroup group[:group:....] + + User is in given group(s). + + + +- ++ user notingroup group[:group:....] + + User is not in given group(s). + + + +- ++ user innetgr netgroup + + (user,host) is in given netgroup. + + + +- ++ user notinnetgr group + + (user,host) is not in given netgroup. + +@@ -224,7 +220,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -232,7 +228,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -267,7 +263,7 @@ + + + +- ++ + EXAMPLES + + To emulate the behaviour of pam_wheel, except +@@ -288,7 +284,7 @@ type required othermodule.so arguments... + + + +- ++ + SEE ALSO + + +@@ -300,8 +296,8 @@ type required othermodule.so arguments... + + + +- ++ + AUTHOR + Nalin Dahyabhai <nalin@redhat.com> + +- ++ +\ No newline at end of file +diff --git a/modules/pam_time/README.xml b/modules/pam_time/README.xml +index 6c11eec1f..8a2faa0b8 100644 +--- a/modules/pam_time/README.xml ++++ b/modules/pam_time/README.xml +@@ -1,34 +1,19 @@ +- +- +---> +- +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_time.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_time-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_time.8.xml" xpointer='xpointer(id("pam_time-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml +index a33744ead..1fa60a104 100644 +--- a/modules/pam_time/pam_time.8.xml ++++ b/modules/pam_time/pam_time.8.xml +@@ -1,16 +1,13 @@ +- +- +- +- ++ + + + pam_time + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_time + + PAM module for time control access +@@ -20,22 +17,22 @@ + + + +- ++ + pam_time.so +- ++ + conffile=conf-file + +- ++ + debug + +- ++ + noaudit + + + + + +- ++ + DESCRIPTION + + The pam_time PAM module does not authenticate the user, but instead +@@ -62,13 +59,13 @@ + + + +- ++ + OPTIONS + + + + +- ++ conffile=/path/to/time.conf + + + +@@ -79,7 +76,7 @@ + + + +- ++ debug + + + +@@ -91,7 +88,7 @@ + + + +- ++ noaudit + + + +@@ -103,14 +100,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the type is provided. + + + +- ++ + RETURN VALUES + + +@@ -156,11 +153,11 @@ + + + +- ++ + FILES + + +- /etc/security/time.conf ++ /etc/security/time.conf + + Default configuration file + +@@ -168,7 +165,7 @@ + + + +- ++ + EXAMPLES + + #%PAM-1.0 +@@ -179,7 +176,7 @@ login account required pam_time.so + + + +- ++ + SEE ALSO + + +@@ -194,10 +191,10 @@ login account required pam_time.so + + + +- ++ + AUTHOR + + pam_time was written by Andrew G. Morgan <morgan@kernel.org>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml +index acbe23294..3fe263d5e 100644 +--- a/modules/pam_time/time.conf.5.xml ++++ b/modules/pam_time/time.conf.5.xml +@@ -1,13 +1,10 @@ +- +- +- +- ++ + + + time.conf + 5 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + + +@@ -15,7 +12,7 @@ + configuration file for the pam_time module + + +- ++ + DESCRIPTION + + +@@ -43,9 +40,9 @@ + + + In words, each rule occupies a line, terminated with a newline +- or the beginning of a comment; a '#'. ++ or the beginning of a comment; a '#'. + It contains four fields separated with semicolons, +- ';'. ++ ';'. + + + +@@ -107,7 +104,7 @@ + + + +- ++ + EXAMPLES + + These are some example lines which might be specified in +@@ -131,7 +128,7 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 + + + +- ++ + SEE ALSO + + pam_time8, +@@ -140,10 +137,10 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 + + + +- ++ + AUTHOR + + pam_time was written by Andrew G. Morgan <morgan@kernel.org>. + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_timestamp/README.xml b/modules/pam_timestamp/README.xml +index 5b72deb13..fe01080b9 100644 +--- a/modules/pam_timestamp/README.xml ++++ b/modules/pam_timestamp/README.xml +@@ -1,46 +1,31 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_timestamp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_timestamp-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_timestamp.8.xml" xpointer='xpointer(id("pam_timestamp-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml +index 83e5aea88..a763ad862 100644 +--- a/modules/pam_timestamp/pam_timestamp.8.xml ++++ b/modules/pam_timestamp/pam_timestamp.8.xml +@@ -1,39 +1,36 @@ +- +- +- +- ++ + + + pam_timestamp + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_timestamp + Authenticate using cached successful authentication attempts + + + +- ++ + pam_timestamp.so +- ++ + timestampdir=directory + +- ++ + timestamp_timeout=number + +- ++ + verbose + +- ++ + debug + + + + +- ++ + + DESCRIPTION + +@@ -52,18 +49,18 @@ file as grounds for succeeding. + + + The default encryption hash is taken from the +- HMAC_CRYPTO_ALGO variable from ++ HMAC_CRYPTO_ALGO variable from + /etc/login.defs. + + + +- ++ + + OPTIONS + + + +- ++ timestampdir=directory + + + +@@ -74,7 +71,7 @@ file as grounds for succeeding. + + + +- ++ timestamp_timeout=number + + + +@@ -86,7 +83,7 @@ file as grounds for succeeding. + + + +- ++ verbose + + + +@@ -96,7 +93,7 @@ file as grounds for succeeding. + + + +- ++ debug + + + +@@ -109,7 +106,7 @@ file as grounds for succeeding. + + + +- ++ + MODULE TYPES PROVIDED + + The and +@@ -117,7 +114,7 @@ file as grounds for succeeding. + + + +- ++ + RETURN VALUES + + +@@ -148,7 +145,7 @@ file as grounds for succeeding. + + + +- ++ + NOTES + + Users can get confused when they are not always asked for passwords when +@@ -157,7 +154,7 @@ noticing that it is not being asked for. + + + +- ++ + EXAMPLES + + auth sufficient pam_timestamp.so verbose +@@ -168,11 +165,11 @@ session optional pam_timestamp.so + + + +- ++ + FILES + + +- /var/run/pam_timestamp/... ++ /var/run/pam_timestamp/... + + timestamp files and directories + +@@ -180,7 +177,7 @@ session optional pam_timestamp.so + + + +- ++ + SEE ALSO + + +@@ -198,11 +195,11 @@ session optional pam_timestamp.so + + + +- ++ + AUTHOR + + pam_timestamp was written by Nalin Dahyabhai. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml +index 3a65d7ef9..f0c095607 100644 +--- a/modules/pam_timestamp/pam_timestamp_check.8.xml ++++ b/modules/pam_timestamp/pam_timestamp_check.8.xml +@@ -1,36 +1,33 @@ +- +- +- +- ++ + + + pam_timestamp_check + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_timestamp_check + Check to see if the default timestamp is valid + + + +- ++ + pam_timestamp_check +- ++ + -k + +- ++ + -d + +- ++ + target_user + + + + +- ++ + + DESCRIPTION + +@@ -40,13 +37,13 @@ see if the default timestamp is valid, or optionally remove it. + + + +- ++ + + OPTIONS + + + +- ++ -k + + + +@@ -57,7 +54,7 @@ see if the default timestamp is valid, or optionally remove it. + + + +- ++ -d + + + +@@ -69,7 +66,7 @@ see if the default timestamp is valid, or optionally remove it. + + + +- ++ target_user + + + +@@ -85,7 +82,7 @@ see if the default timestamp is valid, or optionally remove it. + + + +- ++ + RETURN VALUES + + +@@ -147,7 +144,7 @@ see if the default timestamp is valid, or optionally remove it. + + + +- ++ + NOTES + + Users can get confused when they are not always asked for passwords when +@@ -156,7 +153,7 @@ noticing that it is not being asked for. + + + +- ++ + EXAMPLES + + auth sufficient pam_timestamp.so verbose +@@ -167,11 +164,11 @@ session optional pam_timestamp.so + + + +- ++ + FILES + + +- /var/run/sudo/... ++ /var/run/sudo/... + + timestamp files and directories + +@@ -179,7 +176,7 @@ session optional pam_timestamp.so + + + +- ++ + SEE ALSO + + +@@ -197,11 +194,11 @@ session optional pam_timestamp.so + + + +- ++ + AUTHOR + + pam_timestamp was written by Nalin Dahyabhai. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_tty_audit/README.xml b/modules/pam_tty_audit/README.xml +index 4dad6bbe7..95b851cba 100644 +--- a/modules/pam_tty_audit/README.xml ++++ b/modules/pam_tty_audit/README.xml +@@ -1,41 +1,31 @@ +- +- ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_tty_audit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tty_audit-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_tty_audit.8.xml" xpointer='xpointer(id("pam_tty_audit-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml +index 1c0ba5c4e..b46bbf7b6 100644 +--- a/modules/pam_tty_audit/pam_tty_audit.8.xml ++++ b/modules/pam_tty_audit/pam_tty_audit.8.xml +@@ -1,33 +1,30 @@ +- +- +- +- ++ + + + pam_tty_audit + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_tty_audit + Enable or disable TTY auditing for specified users + + + +- ++ + pam_tty_audit.so +- ++ + disable=patterns + +- ++ + enable=patterns + + + + +- ++ + DESCRIPTION + + The pam_tty_audit PAM module is used to enable or disable TTY auditing. +@@ -35,12 +32,12 @@ + + + +- ++ + OPTIONS + + + +- ++ disable=patterns + + + +@@ -53,7 +50,7 @@ + + + +- ++ enable=patterns + + + +@@ -66,7 +63,7 @@ + + + +- ++ open_only + + + +@@ -79,7 +76,7 @@ + + + +- ++ log_passwd + + + +@@ -93,14 +90,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + +- Only the session type is supported. ++ Only the session type is supported. + + + +- ++ + RETURN VALUES + + +@@ -125,7 +122,7 @@ + + + +- ++ + NOTES + + When TTY auditing is enabled, it is inherited by all processes started by +@@ -158,7 +155,7 @@ + + + +- ++ + EXAMPLES + + Audit all administrative actions. +@@ -168,7 +165,7 @@ session required pam_tty_audit.so disable=* enable=root + + + +- ++ + SEE ALSO + + +@@ -186,14 +183,14 @@ session required pam_tty_audit.so disable=* enable=root + + + +- ++ + AUTHOR + +- pam_tty_audit was written by Miloslav Trmač ++ pam_tty_audit was written by Miloslav Trmač + <mitr@redhat.com>. + The log_passwd option was added by Richard Guy Briggs + <rgb@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_umask/README.xml b/modules/pam_umask/README.xml +index 9afbe5431..d2b82d10d 100644 +--- a/modules/pam_umask/README.xml ++++ b/modules/pam_umask/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_umask.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_umask-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_umask.8.xml" xpointer='xpointer(id("pam_umask-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml +index 7c4a310b7..052766728 100644 +--- a/modules/pam_umask/pam_umask.8.xml ++++ b/modules/pam_umask/pam_umask.8.xml +@@ -1,42 +1,39 @@ +- +- +- +- ++ + + + pam_umask + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_umask + PAM module to set the file mode creation mask + + + +- ++ + pam_umask.so +- ++ + debug + +- ++ + silent + +- ++ + usergroups + +- ++ + nousergroups + +- ++ + umask=mask + + + + +- ++ + + DESCRIPTION + +@@ -81,7 +78,7 @@ + + + +- ++ + + OPTIONS + +@@ -89,7 +86,7 @@ + + + +- ++ debug + + + +@@ -100,7 +97,7 @@ + + + +- ++ silent + + + +@@ -111,20 +108,20 @@ + + + +- ++ usergroups + + + + If the user is not root and the username is the same as + primary group name, the umask group bits are set to be the +- same as owner bits (examples: 022 -> 002, 077 -> 007). ++ same as owner bits (examples: 022 -> 002, 077 -> 007). + + + + + + +- ++ nousergroups + + + +@@ -137,7 +134,7 @@ + + + +- ++ umask=mask + + + +@@ -153,14 +150,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + + Only the type is provided. + + + +- ++ + RETURN VALUES + + +@@ -225,7 +222,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/login to +@@ -236,7 +233,7 @@ + + + +- ++ + SEE ALSO + + +@@ -251,11 +248,11 @@ + + + +- ++ + AUTHOR + + pam_umask was written by Thorsten Kukuk <kukuk@thkukuk.de>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_unix/README.xml b/modules/pam_unix/README.xml +index 7fd340b33..49a65946b 100644 +--- a/modules/pam_unix/README.xml ++++ b/modules/pam_unix/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_unix.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_unix-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_unix.8.xml" xpointer='xpointer(id("pam_unix-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml +index 9f9c8185f..dfc04274c 100644 +--- a/modules/pam_unix/pam_unix.8.xml ++++ b/modules/pam_unix/pam_unix.8.xml +@@ -1,30 +1,27 @@ +- +- +- +- ++ + + + pam_unix + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_unix + Module for traditional password authentication + + + +- ++ + pam_unix.so +- ++ + ... + + + + +- ++ + + DESCRIPTION + +@@ -42,7 +39,7 @@ + shadow elements: expire, last_change, max_change, + min_change, warn_change. In the case of the latter, it may offer advice + to the user on changing their password or, through the +- PAM_AUTHTOKEN_REQD return, delay ++ PAM_AUTHTOKEN_REQD return, delay + giving service to the user until they have established a new password. + The entries listed above are documented in the + shadow5 +@@ -89,7 +86,7 @@ + + The password component of this module performs the task of updating + the user's password. The default encryption hash is taken from the +- ENCRYPT_METHOD variable from ++ ENCRYPT_METHOD variable from + /etc/login.defs + + +@@ -107,13 +104,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ debug + + + +@@ -127,7 +124,7 @@ + + + +- ++ audit + + + +@@ -138,7 +135,7 @@ + + + +- ++ quiet + + + +@@ -153,7 +150,7 @@ + + + +- ++ nullok + + + +@@ -165,7 +162,7 @@ + + + +- ++ nullresetok + + + +@@ -178,7 +175,7 @@ + + + +- ++ try_first_pass + + + +@@ -190,7 +187,7 @@ + + + +- ++ use_first_pass + + + +@@ -203,7 +200,7 @@ + + + +- ++ nodelay + + + +@@ -216,7 +213,7 @@ + + + +- ++ use_authtok + + + +@@ -230,7 +227,7 @@ + + + +- ++ authtok_type=type + + + +@@ -242,7 +239,7 @@ + + + +- ++ nis + + + +@@ -252,7 +249,7 @@ + + + +- ++ remember=n + + + +@@ -269,7 +266,7 @@ + + + +- ++ shadow + + + +@@ -279,7 +276,7 @@ + + + +- ++ md5 + + + +@@ -290,7 +287,7 @@ + + + +- ++ bigcrypt + + + +@@ -301,7 +298,7 @@ + + + +- ++ sha256 + + + +@@ -315,7 +312,7 @@ + + + +- ++ sha512 + + + +@@ -329,7 +326,7 @@ + + + +- ++ blowfish + + + +@@ -343,7 +340,7 @@ + + + +- ++ gost_yescrypt + + + +@@ -357,7 +354,7 @@ + + + +- ++ yescrypt + + + +@@ -371,7 +368,7 @@ + + + +- ++ rounds=n + + + +@@ -384,7 +381,7 @@ + + + +- ++ broken_shadow + + + +@@ -395,7 +392,7 @@ + + + +- ++ minlen=n + + + +@@ -407,7 +404,7 @@ + + + +- ++ no_pass_expiry + + + +@@ -418,9 +415,9 @@ + meaning that other authentication source or method succeeded. + The example can be public key authentication in + sshd. The module will return +- PAM_SUCCESS instead of eventual +- PAM_NEW_AUTHTOK_REQD or +- PAM_AUTHTOK_EXPIRED. ++ PAM_SUCCESS instead of eventual ++ PAM_NEW_AUTHTOK_REQD or ++ PAM_AUTHTOK_EXPIRED. + + + +@@ -432,7 +429,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -440,7 +437,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -454,7 +451,7 @@ + + + +- ++ + EXAMPLES + + An example usage for /etc/pam.d/login +@@ -473,7 +470,7 @@ session required pam_unix.so + + + +- ++ + SEE ALSO + + +@@ -491,11 +488,11 @@ session required pam_unix.so + + + +- ++ + AUTHOR + + pam_unix was written by various people. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_unix/unix_chkpwd.8.xml b/modules/pam_unix/unix_chkpwd.8.xml +index a10dbe330..ca0fa109f 100644 +--- a/modules/pam_unix/unix_chkpwd.8.xml ++++ b/modules/pam_unix/unix_chkpwd.8.xml +@@ -1,30 +1,27 @@ +- +- +- +- ++ + + + unix_chkpwd + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + unix_chkpwd + Helper binary that verifies the password of the current user + + + +- ++ + unix_chkpwd +- ++ + ... + + + + +- ++ + + DESCRIPTION + +@@ -48,7 +45,7 @@ + + + +- ++ + SEE ALSO + + +@@ -57,11 +54,11 @@ + + + +- ++ + AUTHOR + + Written by Andrew Morgan and other various people. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_unix/unix_update.8.xml b/modules/pam_unix/unix_update.8.xml +index 6c7467b90..1a9686529 100644 +--- a/modules/pam_unix/unix_update.8.xml ++++ b/modules/pam_unix/unix_update.8.xml +@@ -1,30 +1,27 @@ +- +- +- +- ++ + + + unix_update + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + unix_update + Helper binary that updates the password of a given user + + + +- ++ + unix_update +- ++ + ... + + + + +- ++ + + DESCRIPTION + +@@ -48,7 +45,7 @@ + + + +- ++ + SEE ALSO + + +@@ -57,11 +54,11 @@ + + + +- ++ + AUTHOR + + Written by Tomas Mraz and other various people. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_userdb/README.xml b/modules/pam_userdb/README.xml +index b22c09e74..4e8f8ee7a 100644 +--- a/modules/pam_userdb/README.xml ++++ b/modules/pam_userdb/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_userdb.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_userdb-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_userdb.8.xml" xpointer='xpointer(id("pam_userdb-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml +index bce92850a..0f9641024 100644 +--- a/modules/pam_userdb/pam_userdb.8.xml ++++ b/modules/pam_userdb/pam_userdb.8.xml +@@ -1,54 +1,51 @@ +- +- +- +- ++ + + + pam_userdb + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_userdb + PAM module to authenticate against a db database + + + +- ++ + pam_userdb.so +- ++ + db=/path/database + +- ++ + debug + +- ++ + crypt=[crypt|none] + +- ++ + icase + +- ++ + dump + +- ++ + try_first_pass + +- ++ + use_first_pass + +- ++ + unknown_ok + +- ++ + key_only + + + + +- ++ + + DESCRIPTION + +@@ -60,13 +57,13 @@ + + + +- ++ + + OPTIONS + + + +- ++ crypt=[crypt|none] + + + +@@ -82,13 +79,13 @@ + + + +- ++ db=/path/database + + + + Use the /path/database database for + performing lookup. There is no default; the module will +- return PAM_IGNORE if no ++ return PAM_IGNORE if no + database is provided. Note that the path to the database file + should be specified without the .db suffix. + +@@ -96,7 +93,7 @@ + + + +- ++ debug + + + +@@ -107,7 +104,7 @@ + + + +- ++ dump + + + +@@ -118,7 +115,7 @@ + + + +- ++ icase + + + +@@ -131,7 +128,7 @@ + + + +- ++ try_first_pass + + + +@@ -146,7 +143,7 @@ + + + +- ++ use_first_pass + + + +@@ -161,7 +158,7 @@ + + + +- ++ unknown_ok + + + +@@ -174,7 +171,7 @@ + + + +- ++ key_only + + + +@@ -191,7 +188,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + The and module +@@ -199,7 +196,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -259,14 +256,14 @@ + + + +- ++ + EXAMPLES + + auth sufficient pam_userdb.so icase db=/etc/dbtest + + + +- ++ + SEE ALSO + + +@@ -284,11 +281,11 @@ auth sufficient pam_userdb.so icase db=/etc/dbtest + + + +- ++ + AUTHOR + + pam_userdb was written by Cristian Gafton >gafton@redhat.com<. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_usertype/README.xml b/modules/pam_usertype/README.xml +index 585504654..7faf549e2 100644 +--- a/modules/pam_usertype/README.xml ++++ b/modules/pam_usertype/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_usertype.8.xml" xpointer='xpointer(id("pam_usertype-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml +index d9307ba3a..87ad0796c 100644 +--- a/modules/pam_usertype/pam_usertype.8.xml ++++ b/modules/pam_usertype/pam_usertype.8.xml +@@ -1,31 +1,27 @@ +- +- +- +- +- ++ + + pam_usertype + 8 +- Linux-PAM ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_usertype + check if the authenticated user is a system or regular account + + + + +- ++ + pam_usertype.so +- flag +- condition ++ flag ++ condition + + + + +- ++ + DESCRIPTION + + pam_usertype.so is designed to succeed or fail authentication +@@ -42,7 +38,7 @@ + + + +- ++ + OPTIONS + + The following flags are supported: +@@ -50,7 +46,7 @@ + + + +- ++ use_uid + + + Evaluate conditions using the account of the user whose UID +@@ -60,7 +56,7 @@ + + + +- ++ audit + + + Log unknown users to the system log. +@@ -75,13 +71,13 @@ + + + +- ++ issystem + + Succeed if the user is a system user. + + + +- ++ isregular + + Succeed if the user is a regular user. + +@@ -89,7 +85,7 @@ + + + +- ++ + MODULE TYPES PROVIDED + + All module types (, , +@@ -97,7 +93,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -170,7 +166,7 @@ + + + +- ++ + EXAMPLES + + Skip remaining modules if the user is a system user: +@@ -180,7 +176,7 @@ account sufficient pam_usertype.so issystem + + + +- ++ + SEE ALSO + + +@@ -192,8 +188,8 @@ account sufficient pam_usertype.so issystem + + + +- ++ + AUTHOR + Pavel Březina <pbrezina@redhat.com> + +- ++ +\ No newline at end of file +diff --git a/modules/pam_warn/README.xml b/modules/pam_warn/README.xml +index 4367c28f4..56093f805 100644 +--- a/modules/pam_warn/README.xml ++++ b/modules/pam_warn/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_warn.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_warn-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_warn.8.xml" xpointer='xpointer(id("pam_warn-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml +index 1764ec924..a20c5f718 100644 +--- a/modules/pam_warn/pam_warn.8.xml ++++ b/modules/pam_warn/pam_warn.8.xml +@@ -1,25 +1,22 @@ +- +- +- +- ++ + + + pam_warn + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + +- ++ + pam_warn + PAM module which logs all PAM items if called + + +- ++ + pam_warn.so + + + +- ++ + DESCRIPTION + + pam_warn is a PAM module that logs the service, terminal, user, +@@ -28,17 +25,17 @@ + syslog3 + . The items are not probed for, but instead obtained + from the standard PAM items. The module always returns +- PAM_IGNORE, indicating that it ++ PAM_IGNORE, indicating that it + does not want to affect the authentication process. + + + +- ++ + OPTIONS + This module does not recognise any options. + + +- ++ + MODULE TYPES PROVIDED + + The , , +@@ -47,7 +44,7 @@ + + + +- ++ + RETURN VALUES + + +@@ -61,7 +58,7 @@ + + + +- ++ + EXAMPLES + + #%PAM-1.0 +@@ -80,7 +77,7 @@ other session required pam_deny.so + + + +- ++ + SEE ALSO + + +@@ -95,11 +92,11 @@ other session required pam_deny.so + + + +- ++ + AUTHOR + + pam_warn was written by Andrew G. Morgan <morgan@kernel.org>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_wheel/README.xml b/modules/pam_wheel/README.xml +index 9e33d7ff2..e40c46e84 100644 +--- a/modules/pam_wheel/README.xml ++++ b/modules/pam_wheel/README.xml +@@ -1,41 +1,27 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_wheel.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_wheel-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_wheel.8.xml" xpointer='xpointer(id("pam_wheel-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml +index ee8c7d269..af0fd6199 100644 +--- a/modules/pam_wheel/pam_wheel.8.xml ++++ b/modules/pam_wheel/pam_wheel.8.xml +@@ -1,45 +1,42 @@ +- +- +- +- ++ + + + pam_wheel + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_wheel + Only permit root access to members of group wheel + + + +- ++ + pam_wheel.so +- ++ + debug + +- ++ + deny + +- ++ + group=name + +- ++ + root_only + +- ++ + trust + +- ++ + use_uid + + + + +- ++ + DESCRIPTION + + The pam_wheel PAM module is used to enforce the so-called +@@ -47,16 +44,16 @@ + access to the target user if the applicant user is a member of the + wheel group. If no group with this name exist, + the module is using the group with the group-ID +- 0. ++ 0. + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -66,7 +63,7 @@ + + + +- ++ deny + + + +@@ -81,7 +78,7 @@ + + + +- ++ group=name + + + +@@ -93,7 +90,7 @@ + + + +- ++ root_only + + + +@@ -104,7 +101,7 @@ + + + +- ++ trust + + + +@@ -118,7 +115,7 @@ + + + +- ++ use_uid + + + +@@ -131,15 +128,15 @@ + + + +- ++ + MODULE TYPES PROVIDED + +- The auth and +- account module types are provided. ++ The auth and ++ account module types are provided. + + + +- ++ + RETURN VALUES + + +@@ -204,7 +201,7 @@ + + + +- ++ + EXAMPLES + + The root account gains access by default (rootok), only wheel +@@ -218,7 +215,7 @@ su auth required pam_unix.so + + + +- ++ + SEE ALSO + + +@@ -233,11 +230,11 @@ su auth required pam_unix.so + + + +- ++ + AUTHOR + + pam_wheel was written by Cristian Gafton <gafton@redhat.com>. + + + +- ++ +\ No newline at end of file +diff --git a/modules/pam_xauth/README.xml b/modules/pam_xauth/README.xml +index adefbd98e..04fc24683 100644 +--- a/modules/pam_xauth/README.xml ++++ b/modules/pam_xauth/README.xml +@@ -1,46 +1,31 @@ +- +- +---> +-]> ++
+ +-
+- +- ++ + + +- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" +- href="pam_xauth.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_xauth-name"]/*)'/> ++ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_xauth.8.xml" xpointer='xpointer(id("pam_xauth-name")/*)'/> + + +- ++ + +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +
+- ++ +
+ +-
++
+\ No newline at end of file +diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml +index 08c06cf84..f5fc5a3c3 100644 +--- a/modules/pam_xauth/pam_xauth.8.xml ++++ b/modules/pam_xauth/pam_xauth.8.xml +@@ -1,39 +1,36 @@ +- +- +- +- ++ + + + pam_xauth + 8 +- Linux-PAM Manual ++ Linux-PAM ++ Linux-PAM Manual + + +- ++ + pam_xauth + PAM module to forward xauth keys between users + + + +- ++ + pam_xauth.so +- ++ + debug + +- ++ + xauthpath=/path/to/xauth + +- ++ + systemuser=UID + +- ++ + targetuser=UID + + + + +- ++ + DESCRIPTION + + The pam_xauth PAM module is designed to forward xauth keys +@@ -81,25 +78,25 @@ + If a user has a .xauth/export file, the user will + only forward cookies to users listed in the file. If there is no + ~/.xauth/export file, and the invoking user is +- not root, the user will forward cookies ++ not root, the user will forward cookies + to any other user. If there is no ~/.xauth/export +- file, and the invoking user is root, +- the user will not forward cookies to ++ file, and the invoking user is root, ++ the user will not forward cookies to + other users. + + + Both the import and export files support wildcards (such as +- *). Both the import and export files ++ *). Both the import and export files + can be empty, signifying that no users are allowed. + + + +- ++ + OPTIONS + + + +- ++ debug + + + +@@ -109,7 +106,7 @@ + + + +- ++ xauthpath=/path/to/xauth + + + +@@ -122,7 +119,7 @@ + + + +- ++ systemuser=UID + + + +@@ -135,7 +132,7 @@ + + + +- ++ targetuser=UID + + + +@@ -147,14 +144,14 @@ + + + +- ++ + MODULE TYPES PROVIDED + +- Only the session type is provided. ++ Only the session type is provided. + + + +- ++ + RETURN VALUES + + +@@ -205,7 +202,7 @@ + + + +- ++ + EXAMPLES + + Add the following line to /etc/pam.d/su to +@@ -216,10 +213,10 @@ session optional pam_xauth.so + + + +- ++ + IMPLEMENTATION DETAILS + +- pam_xauth will work only if it is ++ pam_xauth will work only if it is + used from a setuid application in which the + getuid() call returns the id of the user + running the application, and for which PAM can supply the name +@@ -247,17 +244,17 @@ session optional pam_xauth.so + + + +- ++ + FILES + + +- ~/.xauth/import ++ ~/.xauth/import + + XXX + + + +- ~/.xauth/export ++ ~/.xauth/export + + XXX + +@@ -266,7 +263,7 @@ session optional pam_xauth.so + + + +- ++ + SEE ALSO + + +@@ -281,7 +278,7 @@ session optional pam_xauth.so + + + +- ++ + AUTHOR + + pam_xauth was written by Nalin Dahyabhai <nalin@redhat.com>, +@@ -290,4 +287,4 @@ session optional pam_xauth.so + + + +- ++ +\ No newline at end of file diff --git a/pam-git.diff b/pam-git.diff index 3f05e3c..813aa2d 100644 --- a/pam-git.diff +++ b/pam-git.diff @@ -3,28 +3,66 @@ index 21af8c4c..aa99927e 100644 --- a/README +++ b/README @@ -6,7 +6,7 @@ NOTES: - + How to use it is as follows: - + -Please look at the ci/install_dependencies.sh for the necessary +Please look at the ci/install-dependencies.sh for the necessary prerequisite packages to be able to build the Linux-PAM. The script is targeted at Debian based Linux distributions so the package names and availability might differ on other distributions. diff --git a/configure.ac b/configure.ac -index c06bc7dd..639fc1ad 100644 +index c06bc7dd..2f74d1b4 100644 --- a/configure.ac +++ b/configure.ac -@@ -259,6 +259,8 @@ AC_MSG_RESULT([Defining \$ISA to "$ISA"]) +@@ -243,6 +243,29 @@ if test x"$enable_debug" = x"yes" ; then + [lots of stuff gets written to /var/run/pam-debug.log]) + fi + ++AC_ARG_ENABLE(html_stylesheet, ++ AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl@:>@]), ++ HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl) ++AC_SUBST(HTML_STYLESHEET) ++ ++AC_ARG_ENABLE(txt_stylesheet, ++ AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl@:>@]), ++ TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl) ++AC_SUBST(TXT_STYLESHEET) ++# It has to be TXT_STYLESHEET otherwise a html tree will be generated while generating all README files. ++sed "s+HTML_STYLESHEET+$TXT_STYLESHEET+g" doc/custom-html.xsl ++ ++AC_ARG_ENABLE(pdf_stylesheet, ++ AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl@:>@]), ++ PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl) ++AC_SUBST(PDF_STYLESHEET) ++ ++AC_ARG_ENABLE(man_stylesheet, ++ AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl@:>@]), ++ MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl) ++AC_SUBST(MAN_STYLESHEET) ++sed "s+MAN_STYLESHEET+$MAN_STYLESHEET+g" doc/custom-man.xsl ++ + AC_ARG_ENABLE(securedir, + AS_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]), + SECUREDIR=$enableval, SECUREDIR=$libdir/security) +@@ -259,6 +282,8 @@ AC_MSG_RESULT([Defining \$ISA to "$ISA"]) AC_ARG_ENABLE(sconfigdir, AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]), SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security) +AC_DEFINE_UNQUOTED([SCONFIGDIR], ["$SCONFIGDIR"], + [Directory for PAM modules system configuration files]) AC_SUBST(SCONFIGDIR) - + AC_ARG_ENABLE(pamlocking, -@@ -507,9 +509,11 @@ AC_ARG_ENABLE([vendordir], +@@ -295,6 +320,7 @@ if test x$with_mailspool != x ; then + else + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include ++#include + int main() { + #ifdef _PATH_MAILDIR + exit(0); +@@ -507,9 +533,11 @@ AC_ARG_ENABLE([vendordir], if test -n "$enable_vendordir"; then AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], [Directory for distribution provided configuration files]) @@ -37,7 +75,81 @@ index c06bc7dd..639fc1ad 100644 + STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" fi AC_SUBST([STRINGPARAM_VENDORDIR]) - + +@@ -628,11 +656,6 @@ test -n "$opt_uidmin" || + opt_uidmin=1000 + AC_DEFINE_UNQUOTED(PAM_USERTYPE_UIDMIN, $opt_uidmin, [Minimum regular user uid.]) + +-AC_ARG_WITH([sysuidmin], AS_HELP_STRING([--with-sysuidmin=],[default value for system user min uid (101)]), opt_sysuidmin=$withval) +-test -n "$opt_sysuidmin" || +- opt_sysuidmin=101 +-AC_DEFINE_UNQUOTED(PAM_USERTYPE_SYSUIDMIN, $opt_sysuidmin, [Minimum system user uid.]) +- + AC_ARG_WITH([kernel-overflow-uid], AS_HELP_STRING([--with-kernel-overflow-uid=],[kernel overflow uid, default (uint16_t)-2=65534]), opt_kerneloverflowuid=$withval) + test -n "$opt_kerneloverflowuid" || + opt_kerneloverflowuid=65534 +diff --git a/doc/adg/Makefile.am b/doc/adg/Makefile.am +index 77bd7a99..b795b1a4 100644 +--- a/doc/adg/Makefile.am ++++ b/doc/adg/Makefile.am +@@ -21,7 +21,7 @@ if ENABLE_GENERATE_PDF + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 3 --xinclude --nonet \ +- http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_ADG.fo ++ $(PDF_STYLESHEET) $< > Linux-PAM_ADG.fo + $(FO2PDF) Linux-PAM_ADG.fo $@ + else + echo "No fo2pdf processor installed, skip PDF generation" +@@ -33,7 +33,7 @@ Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 3 --xinclude --nonet \ +- http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ ++ $(TXT_STYLESHEET) $< | $(BROWSER) > $@ + + html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) + @test -d html || mkdir -p html +@@ -46,7 +46,7 @@ html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 3 --xinclude --nonet \ + --stringparam chunker.output.encoding UTF-8 \ +- http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< ++ $(HTML_STYLESHEET) $< + + distclean-local: + -rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf +diff --git a/doc/custom-html.xsl b/doc/custom-html.xsl.in +similarity index 87% +rename from doc/custom-html.xsl +rename to doc/custom-html.xsl.in +index fdd5df7d..b2eaf150 100644 +--- a/doc/custom-html.xsl ++++ b/doc/custom-html.xsl.in +@@ -3,7 +3,7 @@ + xmlns:ss="http://docbook.sf.net/xmlns/string.subst/1.0" + xmlns:exsl="http://exslt.org/common" version="1.0"> + +- ++ + + + +diff --git a/doc/custom-man.xsl b/doc/custom-man.xsl.in +similarity index 77% +rename from doc/custom-man.xsl +rename to doc/custom-man.xsl.in +index a3408e6c..258627bf 100644 +--- a/doc/custom-man.xsl ++++ b/doc/custom-man.xsl.in +@@ -1,6 +1,6 @@ + + +- ++ + + + diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am index 78c891df..c6fd73db 100644 --- a/doc/man/Makefile.am @@ -48,7 +160,7 @@ index 78c891df..c6fd73db 100644 misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ - pam_misc_setenv.3.xml + pam_misc_setenv.3.xml pam_xauth_data.3.xml - + if ENABLE_REGENERATE_MAN PAM.8: pam.8 diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml @@ -73,6 +185,81 @@ index 464af0e5..8eef665a 100644 +diff --git a/doc/mwg/Makefile.am b/doc/mwg/Makefile.am +index 2bbb2d0b..688e6cb3 100644 +--- a/doc/mwg/Makefile.am ++++ b/doc/mwg/Makefile.am +@@ -21,7 +21,7 @@ if ENABLE_GENERATE_PDF + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 3 --xinclude --nonet \ +- http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_MWG.fo ++ $(PDF_STYLESHEET) $< > Linux-PAM_MWG.fo + $(FO2PDF) Linux-PAM_MWG.fo $@ + else + echo "No fo2pdf processor installed, skip PDF generation" +@@ -33,7 +33,7 @@ Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 3 --xinclude --nonet \ +- http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ ++ $(TXT_STYLESHEET) $< | $(BROWSER) > $@ + + html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) + @test -d html || mkdir -p html +@@ -46,7 +46,7 @@ html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 3 --xinclude --nonet \ + --stringparam chunker.output.encoding UTF-8 \ +- http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< ++ $(HTML_STYLESHEET) $< + + distclean-local: + -rm -rf html Linux-PAM_MWG.txt Linux-PAM_MWG.pdf +diff --git a/doc/sag/Linux-PAM_SAG.xml b/doc/sag/Linux-PAM_SAG.xml +index 0f33e0f6..2adaef7d 100644 +--- a/doc/sag/Linux-PAM_SAG.xml ++++ b/doc/sag/Linux-PAM_SAG.xml +@@ -408,6 +408,8 @@ session required pam_warn.so + href="pam_exec.xml"/> + ++ + + Linux-PAM_SAG.fo ++ $(PDF_STYLESHEET) $< > Linux-PAM_SAG.fo + $(FO2PDF) Linux-PAM_SAG.fo $@ + else + echo "No fo2pdf processor installed, skip PDF generation" +@@ -34,7 +34,7 @@ Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) + --stringparam section.autolabel 1 \ + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 2 --xinclude --nonet \ +- http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ ++ $(TXT_STYLESHEET) $< | $(BROWSER) > $@ + + html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) + @test -d html || mkdir -p html +@@ -47,7 +47,7 @@ html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) + --stringparam section.label.includes.component.label 1 \ + --stringparam toc.max.depth 2 --xinclude --nonet \ + --stringparam chunker.output.encoding UTF-8 \ +- http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< ++ $(HTML_STYLESHEET) $< + + distclean-local: + -rm -rf html Linux-PAM_SAG.txt Linux-PAM_SAG.pdf diff --git a/examples/Makefile.am b/examples/Makefile.am index 722ec686..c4c3c261 100644 --- a/examples/Makefile.am @@ -80,7 +267,7 @@ index 722ec686..c4c3c261 100644 @@ -11,4 +11,4 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ LDADD = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la - + -noinst_PROGRAMS = xsh vpass blank check_user +noinst_PROGRAMS = xsh vpass blank check_user tty_conv diff --git a/examples/tty_conv.c b/examples/tty_conv.c @@ -278,27 +465,128 @@ index ef4dca0c..5b34fc17 100644 + bail_out(pamh,1,retcode,"pam_set_item(PAM_TTY)"); } } - + diff --git a/libpam/Makefile.am b/libpam/Makefile.am index 55222afc..389d5d02 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -21,7 +21,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ include/pam_inline.h include/test_assert.h - + libpam_la_LDFLAGS = -no-undefined -version-info 85:1:85 -libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ +libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ @LTLIBINTL@ - + if HAVE_VERSIONING libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map +diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h +index 33f87b90..c2578323 100644 +--- a/libpam/include/security/pam_modutil.h ++++ b/libpam/include/security/pam_modutil.h +@@ -147,7 +147,16 @@ pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, + enum pam_modutil_redirect_fd redirect_stdout, + enum pam_modutil_redirect_fd redirect_stderr); + +-/* lookup a value for key in login.defs file or similar key value format */ ++/************************************************** ++ * @brief Lookup a value for the key in the file (i.e. login.defs or a similar ++ * key-value format file). ++ * ++ * @param[in] pamh The pam handle structure ++ * @param[in] file_name Configuration file name ++ * @param[in] key Lookup key ++ * ++ * @return value, or NULL if key was not found. ++ **************************************************/ + extern char * PAM_NONNULL((1,2,3)) + pam_modutil_search_key(pam_handle_t *pamh, + const char *file_name, +diff --git a/libpam/pam.pc.in b/libpam/pam.pc.in +index a7cf852d..c3fafe4b 100644 +--- a/libpam/pam.pc.in ++++ b/libpam/pam.pc.in +@@ -1,3 +1,5 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ + libdir=@libdir@ + includedir=@includedir@ + +diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c +index ffa5e4ae..12ebb8fc 100644 +--- a/libpam/pam_handlers.c ++++ b/libpam/pam_handlers.c +@@ -889,8 +889,8 @@ int _pam_add_handler(pam_handle_t *pamh + handler_p = &((*handler_p)->next); + } + +- if ((*handler_p = malloc(sizeof(struct handler))) == NULL) { +- pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #1"); ++ if ((*handler_p = calloc(1, sizeof(struct handler))) == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "cannot allocate struct handler #1"); + return (PAM_ABORT); + } + +@@ -904,8 +904,6 @@ int _pam_add_handler(pam_handle_t *pamh + (*handler_p)->argv = argv; /* not a copy */ + if (((*handler_p)->mod_name = extract_modulename(mod_path)) == NULL) + return PAM_ABORT; +- (*handler_p)->grantor = 0; +- (*handler_p)->next = NULL; + + /* some of the modules have a second calling function */ + if (handler_p2) { +@@ -914,8 +912,8 @@ int _pam_add_handler(pam_handle_t *pamh + handler_p2 = &((*handler_p2)->next); + } + +- if ((*handler_p2 = malloc(sizeof(struct handler))) == NULL) { +- pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #2"); ++ if ((*handler_p2 = calloc(1, sizeof(struct handler))) == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "cannot allocate struct handler #2"); + return (PAM_ABORT); + } + +@@ -933,13 +931,9 @@ int _pam_add_handler(pam_handle_t *pamh + return (PAM_ABORT); + } + memcpy((*handler_p2)->argv, argv, argvlen); +- } else { +- (*handler_p2)->argv = NULL; /* no arguments */ + } + if (((*handler_p2)->mod_name = extract_modulename(mod_path)) == NULL) + return PAM_ABORT; +- (*handler_p2)->grantor = 0; +- (*handler_p2)->next = NULL; + } + + D(("_pam_add_handler: returning successfully")); +diff --git a/libpam_misc/pam_misc.pc.in b/libpam_misc/pam_misc.pc.in +index 0c8898cd..c3e03c4f 100644 +--- a/libpam_misc/pam_misc.pc.in ++++ b/libpam_misc/pam_misc.pc.in +@@ -1,3 +1,5 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ + libdir=@libdir@ + includedir=@includedir@ + +diff --git a/libpamc/pamc.pc.in b/libpamc/pamc.pc.in +index 25a63854..2d841ebb 100644 +--- a/libpamc/pamc.pc.in ++++ b/libpamc/pamc.pc.in +@@ -1,3 +1,5 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ + libdir=@libdir@ + includedir=@includedir@ + diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am index 5723dd59..b9fbefdb 100644 --- a/modules/pam_access/Makefile.am +++ b/modules/pam_access/Makefile.am @@ -18,8 +18,7 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) - + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \ - -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS) @@ -306,103 +594,2101 @@ index 5723dd59..b9fbefdb 100644 AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index 9a6556cc..db853410 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -53,7 +53,7 @@ + or on terminal line names, X $DISPLAY values, + or PAM service names in case of non-networked logins. + +- ++ + By default rules for access management are taken from config file + /etc/security/access.conf if you don't specify + another file. +@@ -66,6 +66,26 @@ + If a config file is explicitly specified with the + option the files in the above directory are not parsed. + ++ ++ By default rules for access management are taken from config file ++ /etc/security/access.conf or, if that one is not ++ present, the file %vendordir%/security/access.conf. ++ These settings can be overruled by setting in a config file explicitly ++ specified with the option. ++ Then individual *.conf files from the ++ /etc/security/access.d/ and ++ %vendordir%/security/access.d directories are read. ++ If /etc/security/access.d/@filename@.conf exists, then ++ %vendordir%/security/access.d/@filename@.conf will not be used. ++ All access.d/*.conf files are sorted by their ++ @filename@.conf in lexicographic order regardless of which ++ of the directories they reside in. ++ The effect of the individual files is the same as if all the files were ++ concatenated together in the order of parsing. This means that once ++ a pattern is matched in some file no further files are parsed. ++ If a config file is explicitly specified with the ++ option the files in the above directories are not parsed. ++ + + If Linux PAM is compiled with audit support the module will report + when it denies access based on origin (host, tty, etc.). +@@ -233,6 +253,13 @@ + Default configuration file + + ++ ++ %vendordir%/security/access.conf ++ ++ Default configuration file if ++ /etc/security/access.conf does not exist. ++ ++ + + + diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 277192b9..0d033aa2 100644 +index 277192b9..f7b47227 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c -@@ -56,6 +56,9 @@ +@@ -56,6 +56,13 @@ #include "pam_cc_compat.h" #include "pam_inline.h" - + +#define PAM_ACCESS_CONFIG (SCONFIGDIR "/access.conf") +#define ACCESS_CONF_GLOB (SCONFIGDIR "/access.d/*.conf") ++#ifdef VENDOR_SCONFIGDIR ++#define VENDOR_PAM_ACCESS_CONFIG (VENDOR_SCONFIGDIR "/access.conf") ++#define VENDOR_ACCESS_CONF_GLOB (VENDOR_SCONFIGDIR "/access.d/*.conf") ++#endif + /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */ - + /* +@@ -151,6 +158,95 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, + return 1; /* OK */ + } + ++/* --- evaluting all files in VENDORDIR/security/access.d and /etc/security/access.d --- */ ++static const char *base_name(const char *path) ++{ ++ const char *base = strrchr(path, '/'); ++ return base ? base+1 : path; ++} ++ ++static int ++compare_filename(const void *a, const void *b) ++{ ++ return strcmp(base_name(* (const char * const *) a), ++ base_name(* (const char * const *) b)); ++} ++ ++/* Evaluating a list of files which have to be parsed in the right order: ++ * ++ * - If etc/security/access.d/@filename@.conf exists, then ++ * %vendordir%/security/access.d/@filename@.conf should not be used. ++ * - All files in both access.d directories are sorted by their @filename@.conf in ++ * lexicographic order regardless of which of the directories they reside in. */ ++static char **read_access_dir(pam_handle_t *pamh) ++{ ++ glob_t globbuf; ++ size_t i=0; ++ int glob_rv = glob(ACCESS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf); ++ char **file_list; ++ size_t file_list_size = glob_rv == 0 ? globbuf.gl_pathc : 0; ++ ++#ifdef VENDOR_ACCESS_CONF_GLOB ++ glob_t globbuf_vendor; ++ int glob_rv_vendor = glob(VENDOR_ACCESS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf_vendor); ++ if (glob_rv_vendor == 0) ++ file_list_size += globbuf_vendor.gl_pathc; ++#endif ++ file_list = malloc((file_list_size + 1) * sizeof(char*)); ++ if (file_list == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for file list: %m"); ++#ifdef VENDOR_ACCESS_CONF_GLOB ++ if (glob_rv_vendor == 0) ++ globfree(&globbuf_vendor); ++#endif ++ if (glob_rv == 0) ++ globfree(&globbuf); ++ return NULL; ++ } ++ ++ if (glob_rv == 0) { ++ for (i = 0; i < globbuf.gl_pathc; i++) { ++ file_list[i] = strdup(globbuf.gl_pathv[i]); ++ if (file_list[i] == NULL) { ++ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); ++ break; ++ } ++ } ++ } ++#ifdef VENDOR_ACCESS_CONF_GLOB ++ if (glob_rv_vendor == 0) { ++ for (size_t j = 0; j < globbuf_vendor.gl_pathc; j++) { ++ if (glob_rv == 0 && globbuf.gl_pathc > 0) { ++ int double_found = 0; ++ for (size_t k = 0; k < globbuf.gl_pathc; k++) { ++ if (strcmp(base_name(globbuf.gl_pathv[k]), ++ base_name(globbuf_vendor.gl_pathv[j])) == 0) { ++ double_found = 1; ++ break; ++ } ++ } ++ if (double_found) ++ continue; ++ } ++ file_list[i] = strdup(globbuf_vendor.gl_pathv[j]); ++ if (file_list[i] == NULL) { ++ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); ++ break; ++ } ++ i++; ++ } ++ globfree(&globbuf_vendor); ++ } ++#endif ++ file_list[i] = NULL; ++ qsort(file_list, i, sizeof(char *), compare_filename); ++ ++ if (glob_rv == 0) ++ globfree(&globbuf); ++ ++ return file_list; ++} ++ + /* --- static functions for checking whether the user should be let in --- */ + + typedef int match_func (pam_handle_t *, char *, struct login_info *); +@@ -637,7 +733,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -678,7 +774,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + return NO; + } + +- /* Assume network/netmask with an IP of a host. */ ++ /* Assume network/netmask, IP address or hostname. */ + return network_netmask_match(pamh, tok, string, item); + } + +@@ -696,7 +792,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. +- * "NONE" token matches NULL string. ++ * "NONE" token matches NULL string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ +@@ -714,7 +810,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok +- * represents either a single ip (v4,v6) address or a network/netmask ++ * represents either a hostname, a single ip (v4,v6) address ++ * or a network/netmask + */ + static int + network_netmask_match (pam_handle_t *pamh, +@@ -723,10 +820,12 @@ network_netmask_match (pam_handle_t *pamh, + char *netmask_ptr; + char netmask_string[MAXHOSTNAMELEN + 1]; + int addr_type; ++ struct addrinfo *ai = NULL; + + if (item->debug) +- pam_syslog (pamh, LOG_DEBUG, ++ pam_syslog (pamh, LOG_DEBUG, + "network_netmask_match: tok=%s, item=%s", tok, string); ++ + /* OK, check if tok is of type addr/mask */ + if ((netmask_ptr = strchr(tok, '/')) != NULL) + { +@@ -760,54 +859,108 @@ network_netmask_match (pam_handle_t *pamh, + netmask_ptr = number_to_netmask(netmask, addr_type, + netmask_string, MAXHOSTNAMELEN); + } +- } ++ ++ /* ++ * Construct an addrinfo list from the IP address. ++ * This should not fail as the input is a correct IP address... ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ return NO; ++ } ++ } + else +- /* NO, then check if it is only an addr */ +- if (isipaddr(tok, NULL, NULL) != YES) ++ { ++ /* ++ * It is either an IP address or a hostname. ++ * Let getaddrinfo sort everything out ++ */ ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) + { ++ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); ++ + return NO; + } ++ netmask_ptr = NULL; ++ } + + if (isipaddr(string, NULL, NULL) != YES) + { +- /* Assume network/netmask with a name of a host. */ + struct addrinfo hint; + ++ /* Assume network/netmask with a name of a host. */ + memset (&hint, '\0', sizeof (hint)); + hint.ai_flags = AI_CANONNAME; + hint.ai_family = AF_UNSPEC; + + if (item->gai_rv != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else if (!item->res && + (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) ++ { ++ freeaddrinfo(ai); + return NO; ++ } + else + { + struct addrinfo *runp = item->res; ++ struct addrinfo *runp1; + + while (runp != NULL) + { + char buf[INET6_ADDRSTRLEN]; + +- DIAG_PUSH_IGNORE_CAST_ALIGN; +- inet_ntop (runp->ai_family, +- runp->ai_family == AF_INET +- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr +- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, +- buf, sizeof (buf)); +- DIAG_POP_IGNORE_CAST_ALIGN; ++ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } + +- if (are_addresses_equal(buf, tok, netmask_ptr)) ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) + { +- return YES; ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ if (runp->ai_family != runp1->ai_family) ++ continue; ++ ++ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) ++ { ++ freeaddrinfo(ai); ++ return NO; ++ } ++ ++ if (are_addresses_equal (buf, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } + } + runp = runp->ai_next; + } + } + } + else +- return (are_addresses_equal(string, tok, netmask_ptr)); ++ { ++ struct addrinfo *runp1; ++ ++ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) ++ { ++ char buf1[INET6_ADDRSTRLEN]; ++ ++ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); ++ ++ if (are_addresses_equal(string, buf1, netmask_ptr)) ++ { ++ freeaddrinfo(ai); ++ return YES; ++ } ++ } ++ } ++ ++ freeaddrinfo(ai); + + return NO; + } +@@ -828,7 +981,6 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + char hostname[MAXHOSTNAMELEN + 1]; + int rv; + +- + /* set username */ + + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { +@@ -853,6 +1005,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + return PAM_ABORT; + } + ++#ifdef VENDOR_PAM_ACCESS_CONFIG ++ if (loginfo.config_file == default_config) { ++ /* Check whether PAM_ACCESS_CONFIG file is available. ++ * If it does not exist, fall back to VENDOR_PAM_ACCESS_CONFIG file. */ ++ struct stat buffer; ++ if (stat(loginfo.config_file, &buffer) != 0 && errno == ENOENT) { ++ default_config = VENDOR_PAM_ACCESS_CONFIG; ++ loginfo.config_file = default_config; ++ } ++ } ++#endif ++ + /* remote host name */ + + if (pam_get_item(pamh, PAM_RHOST, &void_from) +@@ -916,23 +1080,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + rv = login_access(pamh, &loginfo); + + if (rv == NOMATCH && loginfo.config_file == default_config) { +- glob_t globbuf; +- int i, glob_rv; +- +- /* We do not manipulate locale as setlocale() is not +- * thread safe. We could use uselocale() in future. +- */ +- glob_rv = glob(ACCESS_CONF_GLOB, GLOB_ERR, NULL, &globbuf); +- if (!glob_rv) { +- /* Parse the *.conf files. */ +- for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { +- loginfo.config_file = globbuf.gl_pathv[i]; +- rv = login_access(pamh, &loginfo); +- if (rv != NOMATCH) +- break; +- } +- globfree(&globbuf); +- } ++ char **filename_list = read_access_dir(pamh); ++ if (filename_list != NULL) { ++ for (int i = 0; filename_list[i] != NULL; i++) { ++ loginfo.config_file = filename_list[i]; ++ rv = login_access(pamh, &loginfo); ++ if (rv != NOMATCH) ++ break; ++ } ++ for (int i = 0; filename_list[i] != NULL; i++) ++ free(filename_list[i]); ++ free(filename_list); ++ } + } + + if (loginfo.gai_rv == 0 && loginfo.res) diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am -index c66112d6..beca8e1a 100644 +index c66112d6..02cd9d37 100644 --- a/modules/pam_env/Makefile.am +++ b/modules/pam_env/Makefile.am -@@ -18,7 +18,7 @@ securelibdir = $(SECUREDIR) +@@ -12,13 +12,13 @@ dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5 + endif + XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml + dist_check_SCRIPTS = tst-pam_env +-TESTS = $(dist_check_SCRIPTS) ++TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) + + securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) - + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS) + $(WARN_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +@@ -27,6 +27,9 @@ endif + securelib_LTLIBRARIES = pam_env.la + pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la + ++check_PROGRAMS = tst-pam_env-retval ++tst_pam_env_retval_LDADD = $(top_builddir)/libpam/libpam.la ++ + dist_secureconf_DATA = pam_env.conf + dist_sysconf_DATA = environment + diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index f5f8cead..c03ec3a3 100644 +index f5f8cead..66fbe240 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -41,6 +41,8 @@ typedef struct var { char *override; } VAR; - + +#define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") + #define BUF_SIZE 8192 #define MAX_ENV 8192 - + +@@ -51,15 +53,6 @@ typedef struct var { + #define UNDEFINE_VAR 102 + #define ILLEGAL_VAR 103 + +-static int _assemble_line(FILE *, char *, int); +-static int _parse_line(const pam_handle_t *, const char *, VAR *); +-static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */ +-static void _clean_var(VAR *); +-static int _expand_arg(pam_handle_t *, char **); +-static const char * _pam_get_item_byname(pam_handle_t *, const char *); +-static int _define_var(pam_handle_t *, int, VAR *); +-static int _undefine_var(pam_handle_t *, int, VAR *); +- + /* This is a special value used to designate an empty string */ + static char quote='\0'; + +@@ -126,166 +119,12 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, + return ctrl; + } + +-static int +-_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) +-{ +- int retval; +- char buffer[BUF_SIZE]; +- FILE *conf; +- VAR Var, *var=&Var; +- +- D(("Called.")); +- +- var->name=NULL; var->defval=NULL; var->override=NULL; +- +- D(("Config file name is: %s", file)); +- +- /* +- * Lets try to open the config file, parse it and process +- * any variables found. +- */ +- +- if ((conf = fopen(file,"r")) == NULL) { +- pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); +- return PAM_IGNORE; +- } +- +- /* _pam_assemble_line will provide a complete line from the config file, +- * with all comments removed and any escaped newlines fixed up +- */ +- +- while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { +- D(("Read line: %s", buffer)); +- +- if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { +- retval = _check_var(pamh, var); +- +- if (DEFINE_VAR == retval) { +- retval = _define_var(pamh, ctrl, var); +- +- } else if (UNDEFINE_VAR == retval) { +- retval = _undefine_var(pamh, ctrl, var); +- } +- } +- if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval +- && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; +- +- _clean_var(var); +- +- } /* while */ +- +- (void) fclose(conf); +- +- /* tidy up */ +- _clean_var(var); /* We could have got here prematurely, +- * this is safe though */ +- D(("Exit.")); +- return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); +-} +- +-static int +-_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) +-{ +- int retval=PAM_SUCCESS, i, t; +- char buffer[BUF_SIZE], *key, *mark; +- FILE *conf; +- +- D(("Env file name is: %s", file)); +- +- if ((conf = fopen(file,"r")) == NULL) { +- pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); +- return PAM_IGNORE; +- } +- +- while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { +- D(("Read line: %s", buffer)); +- key = buffer; +- +- /* skip leading white space */ +- key += strspn(key, " \n\t"); +- +- /* skip blanks lines and comments */ +- if (key[0] == '#') +- continue; +- +- /* skip over "export " if present so we can be compat with +- bash type declarations */ +- if (strncmp(key, "export ", (size_t) 7) == 0) +- key += 7; +- +- /* now find the end of value */ +- mark = key; +- while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') +- mark++; +- if (mark[0] != '\0') +- mark[0] = '\0'; +- +- /* +- * sanity check, the key must be alphanumeric +- */ +- +- if (key[0] == '=') { +- pam_syslog(pamh, LOG_ERR, +- "missing key name '%s' in %s', ignoring", +- key, file); +- continue; +- } +- +- for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) +- if (!isalnum(key[i]) && key[i] != '_') { +- pam_syslog(pamh, LOG_ERR, +- "non-alphanumeric key '%s' in %s', ignoring", +- key, file); +- break; +- } +- /* non-alphanumeric key, ignore this line */ +- if (key[i] != '=' && key[i] != '\0') +- continue; +- +- /* now we try to be smart about quotes around the value, +- but not too smart, we can't get all fancy with escaped +- values like bash */ +- if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { +- for ( t = i+1 ; key[t] != '\0' ; t++) +- if (key[t] != '\"' && key[t] != '\'') +- key[i++] = key[t]; +- else if (key[t+1] != '\0') +- key[i++] = key[t]; +- key[i] = '\0'; +- } +- +- /* if this is a request to delete a variable, check that it's +- actually set first, so we don't get a vague error back from +- pam_putenv() */ +- for (i = 0; key[i] != '=' && key[i] != '\0'; i++); +- +- if (key[i] == '\0' && !pam_getenv(pamh,key)) +- continue; +- +- /* set the env var, if it fails, we break out of the loop */ +- retval = pam_putenv(pamh, key); +- if (retval != PAM_SUCCESS) { +- D(("error setting env \"%s\"", key)); +- break; +- } else if (ctrl & PAM_DEBUG_ARG) { +- pam_syslog(pamh, LOG_DEBUG, +- "pam_putenv(\"%s\")", key); +- } +- } +- +- (void) fclose(conf); +- +- /* tidy up */ +- D(("Exit.")); +- return retval; +-} +- + /* + * This is where we read a line of the PAM config file. The line may be + * preceded by lines of comments and also extended with "\\\n" + */ +- +-static int _assemble_line(FILE *f, char *buffer, int buf_len) ++static int ++_assemble_line(FILE *f, char *buffer, int buf_len) + { + char *p = buffer; + char *s, *os; +@@ -374,7 +213,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) + } + + static int +-_parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) ++_parse_line(const pam_handle_t *pamh, const char *buffer, VAR *var) + { + /* + * parse buffer into var, legal syntax is +@@ -469,75 +308,57 @@ _parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) + return GOOD_LINE; + } + +-static int _check_var(pam_handle_t *pamh, VAR *var) ++static const char * ++_pam_get_item_byname(pam_handle_t *pamh, const char *name) + { + /* +- * Examine the variable and determine what action to take. +- * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take +- * or a PAM_* error code if passed back from other routines +- * +- * if no DEFAULT provided, the empty string is assumed +- * if no OVERRIDE provided, the empty string is assumed +- * if DEFAULT= and OVERRIDE evaluates to the empty string, +- * this variable should be undefined +- * if DEFAULT="" and OVERRIDE evaluates to the empty string, +- * this variable should be defined with no value +- * if OVERRIDE=value and value turns into the empty string, DEFAULT is used +- * +- * If DEFINE_VAR is to be returned, the correct value to define will +- * be pointed to by var->value ++ * This function just allows me to use names as given in the config ++ * file and translate them into the appropriate PAM_ITEM macro + */ + +- int retval; ++ int item; ++ const void *itemval; + + D(("Called.")); +- +- /* +- * First thing to do is to expand any arguments, but only +- * if they are not the special quote values (cause expand_arg +- * changes memory). +- */ +- +- if (var->defval && ("e != var->defval) && +- ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { +- return retval; +- } +- if (var->override && ("e != var->override) && +- ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { +- return retval; ++ if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { ++ item = PAM_USER; ++ } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { ++ item = PAM_USER_PROMPT; ++ } else if (strcmp(name, "PAM_TTY") == 0) { ++ item = PAM_TTY; ++ } else if (strcmp(name, "PAM_RUSER") == 0) { ++ item = PAM_RUSER; ++ } else if (strcmp(name, "PAM_RHOST") == 0) { ++ item = PAM_RHOST; ++ } else { ++ D(("Unknown PAM_ITEM: <%s>", name)); ++ pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); ++ return NULL; + } + +- /* Now its easy */ +- +- if (var->override && *(var->override)) { +- /* if there is a non-empty string in var->override, we use it */ +- D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); +- var->value = var->override; +- retval = DEFINE_VAR; +- } else { ++ if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { ++ D(("pam_get_item failed")); ++ return NULL; /* let pam_get_item() log the error */ ++ } + +- var->value = var->defval; +- if ("e == var->defval) { +- /* +- * This means that the empty string was given for defval value +- * which indicates that a variable should be defined with no value +- */ +- D(("An empty variable: <%s>", var->name)); +- retval = DEFINE_VAR; +- } else if (var->defval) { +- D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); +- retval = DEFINE_VAR; +- } else { +- D(("UNDEFINE variable <%s>", var->name)); +- retval = UNDEFINE_VAR; ++ if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { ++ struct passwd *user_entry; ++ user_entry = pam_modutil_getpwnam (pamh, itemval); ++ if (!user_entry) { ++ pam_syslog(pamh, LOG_ERR, "No such user!?"); ++ return NULL; + } ++ return (strcmp(name, "SHELL") == 0) ? ++ user_entry->pw_shell : ++ user_entry->pw_dir; + } + + D(("Exit.")); +- return retval; ++ return itemval; + } + +-static int _expand_arg(pam_handle_t *pamh, char **value) ++static int ++_expand_arg(pam_handle_t *pamh, char **value) + { + const char *orig=*value, *tmpptr=NULL; + char *ptr; /* +@@ -677,55 +498,96 @@ static int _expand_arg(pam_handle_t *pamh, char **value) + return PAM_SUCCESS; + } + +-static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) ++static int ++_check_var(pam_handle_t *pamh, VAR *var) + { + /* +- * This function just allows me to use names as given in the config +- * file and translate them into the appropriate PAM_ITEM macro ++ * Examine the variable and determine what action to take. ++ * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take ++ * or a PAM_* error code if passed back from other routines ++ * ++ * if no DEFAULT provided, the empty string is assumed ++ * if no OVERRIDE provided, the empty string is assumed ++ * if DEFAULT= and OVERRIDE evaluates to the empty string, ++ * this variable should be undefined ++ * if DEFAULT="" and OVERRIDE evaluates to the empty string, ++ * this variable should be defined with no value ++ * if OVERRIDE=value and value turns into the empty string, DEFAULT is used ++ * ++ * If DEFINE_VAR is to be returned, the correct value to define will ++ * be pointed to by var->value + */ + +- int item; +- const void *itemval; ++ int retval; + + D(("Called.")); +- if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { +- item = PAM_USER; +- } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { +- item = PAM_USER_PROMPT; +- } else if (strcmp(name, "PAM_TTY") == 0) { +- item = PAM_TTY; +- } else if (strcmp(name, "PAM_RUSER") == 0) { +- item = PAM_RUSER; +- } else if (strcmp(name, "PAM_RHOST") == 0) { +- item = PAM_RHOST; +- } else { +- D(("Unknown PAM_ITEM: <%s>", name)); +- pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); +- return NULL; +- } + +- if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { +- D(("pam_get_item failed")); +- return NULL; /* let pam_get_item() log the error */ ++ /* ++ * First thing to do is to expand any arguments, but only ++ * if they are not the special quote values (cause expand_arg ++ * changes memory). ++ */ ++ ++ if (var->defval && ("e != var->defval) && ++ ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { ++ return retval; ++ } ++ if (var->override && ("e != var->override) && ++ ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { ++ return retval; + } + +- if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { +- struct passwd *user_entry; +- user_entry = pam_modutil_getpwnam (pamh, itemval); +- if (!user_entry) { +- pam_syslog(pamh, LOG_ERR, "No such user!?"); +- return NULL; ++ /* Now its easy */ ++ ++ if (var->override && *(var->override)) { ++ /* if there is a non-empty string in var->override, we use it */ ++ D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); ++ var->value = var->override; ++ retval = DEFINE_VAR; ++ } else { ++ ++ var->value = var->defval; ++ if ("e == var->defval) { ++ /* ++ * This means that the empty string was given for defval value ++ * which indicates that a variable should be defined with no value ++ */ ++ D(("An empty variable: <%s>", var->name)); ++ retval = DEFINE_VAR; ++ } else if (var->defval) { ++ D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); ++ retval = DEFINE_VAR; ++ } else { ++ D(("UNDEFINE variable <%s>", var->name)); ++ retval = UNDEFINE_VAR; + } +- return (strcmp(name, "SHELL") == 0) ? +- user_entry->pw_shell : +- user_entry->pw_dir; + } + + D(("Exit.")); +- return itemval; ++ return retval; ++} ++ ++static void ++_clean_var(VAR *var) ++{ ++ if (var->name) { ++ free(var->name); ++ } ++ if (var->defval && ("e != var->defval)) { ++ free(var->defval); ++ } ++ if (var->override && ("e != var->override)) { ++ free(var->override); ++ } ++ var->name = NULL; ++ var->value = NULL; /* never has memory specific to it */ ++ var->defval = NULL; ++ var->override = NULL; ++ return; + } + +-static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) ++static int ++_define_var(pam_handle_t *pamh, int ctrl, VAR *var) + { + /* We have a variable to define, this is a simple function */ + +@@ -747,7 +609,8 @@ static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) + return retval; + } + +-static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) ++static int ++_undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) + { + /* We have a variable to undefine, this is a simple function */ + +@@ -758,25 +621,159 @@ static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) + return pam_putenv(pamh, var->name); + } + +-static void _clean_var(VAR *var) ++static int ++_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) + { +- if (var->name) { +- free(var->name); ++ int retval; ++ char buffer[BUF_SIZE]; ++ FILE *conf; ++ VAR Var, *var=&Var; ++ ++ D(("Called.")); ++ ++ var->name=NULL; var->defval=NULL; var->override=NULL; ++ ++ D(("Config file name is: %s", file)); ++ ++ /* ++ * Lets try to open the config file, parse it and process ++ * any variables found. ++ */ ++ ++ if ((conf = fopen(file,"r")) == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); ++ return PAM_IGNORE; + } +- if (var->defval && ("e != var->defval)) { +- free(var->defval); ++ ++ /* _pam_assemble_line will provide a complete line from the config file, ++ * with all comments removed and any escaped newlines fixed up ++ */ ++ ++ while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { ++ D(("Read line: %s", buffer)); ++ ++ if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { ++ retval = _check_var(pamh, var); ++ ++ if (DEFINE_VAR == retval) { ++ retval = _define_var(pamh, ctrl, var); ++ ++ } else if (UNDEFINE_VAR == retval) { ++ retval = _undefine_var(pamh, ctrl, var); ++ } ++ } ++ if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval ++ && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; ++ ++ _clean_var(var); ++ ++ } /* while */ ++ ++ (void) fclose(conf); ++ ++ /* tidy up */ ++ _clean_var(var); /* We could have got here prematurely, ++ * this is safe though */ ++ D(("Exit.")); ++ return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); ++} ++ ++static int ++_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) ++{ ++ int retval=PAM_SUCCESS, i, t; ++ char buffer[BUF_SIZE], *key, *mark; ++ FILE *conf; ++ ++ D(("Env file name is: %s", file)); ++ ++ if ((conf = fopen(file,"r")) == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); ++ return PAM_IGNORE; + } +- if (var->override && ("e != var->override)) { +- free(var->override); ++ ++ while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { ++ D(("Read line: %s", buffer)); ++ key = buffer; ++ ++ /* skip leading white space */ ++ key += strspn(key, " \n\t"); ++ ++ /* skip blanks lines and comments */ ++ if (key[0] == '#') ++ continue; ++ ++ /* skip over "export " if present so we can be compat with ++ bash type declarations */ ++ if (strncmp(key, "export ", (size_t) 7) == 0) ++ key += 7; ++ ++ /* now find the end of value */ ++ mark = key; ++ while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') ++ mark++; ++ if (mark[0] != '\0') ++ mark[0] = '\0'; ++ ++ /* ++ * sanity check, the key must be alphanumeric ++ */ ++ ++ if (key[0] == '=') { ++ pam_syslog(pamh, LOG_ERR, ++ "missing key name '%s' in %s', ignoring", ++ key, file); ++ continue; ++ } ++ ++ for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) ++ if (!isalnum(key[i]) && key[i] != '_') { ++ pam_syslog(pamh, LOG_ERR, ++ "non-alphanumeric key '%s' in %s', ignoring", ++ key, file); ++ break; ++ } ++ /* non-alphanumeric key, ignore this line */ ++ if (key[i] != '=' && key[i] != '\0') ++ continue; ++ ++ /* now we try to be smart about quotes around the value, ++ but not too smart, we can't get all fancy with escaped ++ values like bash */ ++ if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { ++ for ( t = i+1 ; key[t] != '\0' ; t++) ++ if (key[t] != '\"' && key[t] != '\'') ++ key[i++] = key[t]; ++ else if (key[t+1] != '\0') ++ key[i++] = key[t]; ++ key[i] = '\0'; ++ } ++ ++ /* if this is a request to delete a variable, check that it's ++ actually set first, so we don't get a vague error back from ++ pam_putenv() */ ++ for (i = 0; key[i] != '=' && key[i] != '\0'; i++); ++ ++ if (key[i] == '\0' && !pam_getenv(pamh,key)) ++ continue; ++ ++ /* set the env var, if it fails, we break out of the loop */ ++ retval = pam_putenv(pamh, key); ++ if (retval != PAM_SUCCESS) { ++ D(("error setting env \"%s\"", key)); ++ break; ++ } else if (ctrl & PAM_DEBUG_ARG) { ++ pam_syslog(pamh, LOG_DEBUG, ++ "pam_putenv(\"%s\")", key); ++ } + } +- var->name = NULL; +- var->value = NULL; /* never has memory specific to it */ +- var->defval = NULL; +- var->override = NULL; +- return; +-} + ++ (void) fclose(conf); + ++ /* tidy up */ ++ D(("Exit.")); ++ return retval; ++} + + /* --- authentication management functions (only) --- */ + +diff --git a/modules/pam_env/tst-pam_env-retval.c b/modules/pam_env/tst-pam_env-retval.c +new file mode 100644 +index 00000000..6b9b3065 +--- /dev/null ++++ b/modules/pam_env/tst-pam_env-retval.c +@@ -0,0 +1,199 @@ ++/* ++ * Check pam_env return values. ++ * ++ * Copyright (c) 2020-2022 Dmitry V. Levin ++ * Copyright (c) 2022 Stefan Schubert ++ */ ++ ++#include "test_assert.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define MODULE_NAME "pam_env" ++#define TEST_NAME "tst-" MODULE_NAME "-retval" ++ ++static const char service_file[] = TEST_NAME ".service"; ++static const char missing_file[] = TEST_NAME ".missing"; ++static const char my_conf[] = TEST_NAME ".conf"; ++static const char my_env[] = TEST_NAME ".env"; ++ ++static struct pam_conv conv; ++ ++static void ++setup(void) ++{ ++ FILE *fp; ++ ++ ASSERT_NE(NULL, fp = fopen(my_conf, "w")); ++ ASSERT_LT(0, fprintf(fp, ++ "EDITOR\tDEFAULT=vim\n" ++ "PAGER\tDEFAULT=more\n")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_NE(NULL, fp = fopen(my_env, "w")); ++ ASSERT_LT(0, fprintf(fp, ++ "test_value=foo\n" ++ "test2_value=bar\n")); ++ ASSERT_EQ(0, fclose(fp)); ++} ++ ++static void ++cleanup(void) ++{ ++ ASSERT_EQ(0, unlink(my_conf)); ++ ASSERT_EQ(0, unlink(my_env)); ++} ++ ++static void ++check_array(const char **array1, char **array2) ++{ ++ for (const char **a1 = array1; *a1 != NULL; ++a1) { ++ char **a2; ++ for (a2 = array2; *a2 != NULL; ++a2) { ++ if (strcmp(*a1, *a2) == 0) ++ break; ++ } ++ ASSERT_NE(NULL, *a2); ++ } ++} ++ ++static void ++check_env(const char **list) ++{ ++ pam_handle_t *pamh = NULL; ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ++ ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); ++ ++ char **env_list = pam_getenvlist(pamh); ++ ASSERT_NE(NULL, env_list); ++ ++ check_array(list, env_list); ++ ++ for (char **e = env_list; *e != NULL; ++e) ++ free(*e); ++ free(env_list); ++ ++ ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++} ++ ++int ++main(void) ++{ ++ pam_handle_t *pamh = NULL; ++ FILE *fp; ++ char cwd[PATH_MAX]; ++ ++ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); ++ ++ setup(); ++ ++ /* ++ * When conffile= specifies a missing file, all methods except ++ * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. ++ * The return code of the stack where every module returns PAM_IGNORE ++ * is PAM_PERM_DENIED. ++ */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so conffile=%s/%s\n" ++ "account required %s/.libs/%s.so conffile=%s/%s\n" ++ "password required %s/.libs/%s.so conffile=%s/%s\n" ++ "session required %s/.libs/%s.so conffile=%s/%s\n", ++ cwd, MODULE_NAME, cwd, missing_file, ++ cwd, MODULE_NAME, cwd, missing_file, ++ cwd, MODULE_NAME, cwd, missing_file, ++ cwd, MODULE_NAME, cwd, missing_file)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ /* ++ * When conffile= specifies a missing file, all methods except ++ * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. ++ * pam_permit is added after pam_env to convert PAM_IGNORE to PAM_SUCCESS. ++ */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so conffile=%s/%s\n" ++ "auth required %s/../pam_permit/.libs/pam_permit.so\n" ++ "account required %s/.libs/%s.so conffile=%s/%s\n" ++ "account required %s/../pam_permit/.libs/pam_permit.so\n" ++ "password required %s/.libs/%s.so conffile=%s/%s\n" ++ "password required %s/../pam_permit/.libs/pam_permit.so\n" ++ "session required %s/.libs/%s.so conffile=%s/%s\n" ++ "session required %s/../pam_permit/.libs/pam_permit.so\n", ++ cwd, MODULE_NAME, cwd, missing_file, cwd, ++ cwd, MODULE_NAME, cwd, missing_file, cwd, ++ cwd, MODULE_NAME, cwd, missing_file, cwd, ++ cwd, MODULE_NAME, cwd, missing_file, cwd)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ /* ++ * conffile= specifies an existing file, ++ * envfile= specifies an empty file. ++ */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "session required %s/.libs/%s.so" ++ " conffile=%s/%s envfile=%s\n", ++ cwd, MODULE_NAME, ++ cwd, my_conf, "/dev/null")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ const char *env1[] = { "EDITOR=vim", "PAGER=more", NULL }; ++ check_env(env1); ++ ++ /* ++ * conffile= specifies an empty file, ++ * envfile= specifies an existing file. ++ */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "session required %s/.libs/%s.so" ++ " conffile=%s envfile=%s/%s\n", ++ cwd, MODULE_NAME, ++ "/dev/null", cwd, my_env)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; ++ check_env(env2); ++ ++ /* cleanup */ ++ cleanup(); ++ ASSERT_EQ(0, unlink(service_file)); ++ ++ return 0; ++} +diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c +index 05dec167..aeb98cdc 100644 +--- a/modules/pam_exec/pam_exec.c ++++ b/modules/pam_exec/pam_exec.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -105,6 +106,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + FILE *stdout_file = NULL; + int retval; + const char *name; ++ struct sigaction newsa, oldsa; + + if (argc < 1) { + pam_syslog (pamh, LOG_ERR, +@@ -226,6 +228,13 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + return PAM_SERVICE_ERR; + } + ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { ++ pam_syslog(pamh, LOG_ERR, "failed to reset SIGCHLD handler: %m"); ++ return PAM_SYSTEM_ERR; ++ } ++ + pid = fork(); + if (pid == -1) + return PAM_SYSTEM_ERR; +@@ -263,6 +272,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + + while ((rc = waitpid (pid, &status, 0)) == -1 && + errno == EINTR); ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + if (rc == (pid_t)-1) + { + pam_syslog (pamh, LOG_ERR, "waitpid returns with -1: %m"); +@@ -305,9 +315,9 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + } + else /* child */ + { +- char **arggv; ++ const char **arggv; + int i; +- char **envlist, **tmp; ++ char **envlist; + int envlen, nitems; + char *envstr; + enum pam_modutil_redirect_fd redirect_stdin = +@@ -418,7 +428,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + _exit (ENOMEM); + + for (i = 0; i < (argc - optargc); i++) +- arggv[i] = strdup(argv[i+optargc]); ++ arggv[i] = argv[i+optargc]; + arggv[i] = NULL; + + /* +@@ -430,14 +440,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + /* nothing */ ; + nitems = PAM_ARRAY_SIZE(env_items); + /* + 2 because of PAM_TYPE and NULL entry */ +- tmp = realloc(envlist, (envlen + nitems + 2) * sizeof(*envlist)); +- if (tmp == NULL) ++ envlist = realloc(envlist, (envlen + nitems + 2) * sizeof(*envlist)); ++ if (envlist == NULL) + { +- free(envlist); + pam_syslog (pamh, LOG_CRIT, "realloc environment failed: %m"); + _exit (ENOMEM); + } +- envlist = tmp; + for (i = 0; i < nitems; ++i) + { + const void *item; +@@ -446,7 +454,6 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + continue; + if (asprintf(&envstr, "%s=%s", env_items[i].name, (const char *)item) < 0) + { +- free(envlist); + pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m"); + _exit (ENOMEM); + } +@@ -456,7 +463,6 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + + if (asprintf(&envstr, "PAM_TYPE=%s", pam_type) < 0) + { +- free(envlist); + pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m"); + _exit (ENOMEM); + } +@@ -466,10 +472,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh, + if (debug) + pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]); + +- execve (arggv[0], arggv, envlist); ++ DIAG_PUSH_IGNORE_CAST_QUAL; ++ execve (arggv[0], (char **) arggv, envlist); ++ DIAG_POP_IGNORE_CAST_QUAL; + i = errno; + pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", arggv[0]); +- free(envlist); + _exit (i); + } + return PAM_SYSTEM_ERR; /* will never be reached. */ diff --git a/modules/pam_faillock/Makefile.am b/modules/pam_faillock/Makefile.am -index 44a49660..16d9f8bc 100644 +index 44a49660..ca73bd05 100644 --- a/modules/pam_faillock/Makefile.am +++ b/modules/pam_faillock/Makefile.am -@@ -15,7 +15,7 @@ endif +@@ -15,12 +15,12 @@ endif XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml - + dist_check_SCRIPTS = tst-pam_faillock -TESTS = $(dist_check_SCRIPTS) +TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) - + securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) + +-noinst_HEADERS = faillock.h ++noinst_HEADERS = faillock.h faillock_config.h + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + $(WARN_CFLAGS) @@ -33,6 +33,9 @@ if HAVE_VERSIONING pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif - + +check_PROGRAMS = tst-pam_faillock-retval +tst_pam_faillock_retval_LDADD = $(top_builddir)/libpam/libpam.la + faillock_LDFLAGS = @EXE_LDFLAGS@ faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) - + +@@ -41,8 +44,8 @@ dist_secureconf_DATA = faillock.conf + securelib_LTLIBRARIES = pam_faillock.la + sbin_PROGRAMS = faillock + +-pam_faillock_la_SOURCES = pam_faillock.c faillock.c +-faillock_SOURCES = main.c faillock.c ++pam_faillock_la_SOURCES = pam_faillock.c faillock.c faillock_config.c ++faillock_SOURCES = main.c faillock.c faillock_config.c + + if ENABLE_REGENERATE_MAN + dist_noinst_DATA = README +diff --git a/modules/pam_faillock/faillock.8.xml b/modules/pam_faillock/faillock.8.xml +index 6c20593c..81d2107c 100644 +--- a/modules/pam_faillock/faillock.8.xml ++++ b/modules/pam_faillock/faillock.8.xml +@@ -55,14 +55,31 @@ + + OPTIONS + ++ ++ ++ ++ ++ ++ ++ The file where the configuration is located. The default is ++ /etc/security/faillock.conf. ++ ++ ++ + + + + + + +- The directory where the user files with the failure records are kept. The +- default is /var/run/faillock. ++ The directory where the user files with the failure records are kept. ++ ++ ++ The priority to set this option is to use the value provided ++ from the command line. If this isn't provided, then the value ++ from the configuration file is used. Finally, if neither of ++ them has been provided, then ++ /var/run/faillock is used. + + + +diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml +index 04a84107..8faa5915 100644 +--- a/modules/pam_faillock/faillock.conf.5.xml ++++ b/modules/pam_faillock/faillock.conf.5.xml +@@ -44,6 +44,10 @@ + The directory where the user files with the failure records are kept. The + default is /var/run/faillock. + ++ ++ Note: These files will disappear after reboot on systems configured with ++ directory /var/run/faillock mounted on virtual memory. ++ + + + diff --git a/modules/pam_faillock/faillock.h b/modules/pam_faillock/faillock.h -index b22a9dfb..c3f157ef 100644 +index b22a9dfb..0ea0ffba 100644 --- a/modules/pam_faillock/faillock.h +++ b/modules/pam_faillock/faillock.h -@@ -67,7 +67,10 @@ struct tally_data { +@@ -67,7 +67,6 @@ struct tally_data { }; - + #define FAILLOCK_DEFAULT_TALLYDIR "/var/run/faillock" -#define FAILLOCK_DEFAULT_CONF "/etc/security/faillock.conf" + + int open_tally(const char *dir, const char *user, uid_t uid, int create); + int read_tally(int fd, struct tally_data *tallies); +diff --git a/modules/pam_faillock/faillock_config.c b/modules/pam_faillock/faillock_config.c +new file mode 100644 +index 00000000..0d14aad1 +--- /dev/null ++++ b/modules/pam_faillock/faillock_config.c +@@ -0,0 +1,266 @@ ++/* ++ * Copyright (c) 2022 Tomas Mraz ++ * Copyright (c) 2022 Iker Pedrosa ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include "config.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++#include "faillock_config.h" ++#include "faillock.h" ++ +#define FAILLOCK_DEFAULT_CONF SCONFIGDIR "/faillock.conf" +#ifdef VENDOR_SCONFIGDIR +#define VENDOR_FAILLOCK_DEFAULT_CONF VENDOR_SCONFIGDIR "/faillock.conf" +#endif - - int open_tally(const char *dir, const char *user, uid_t uid, int create); - int read_tally(int fd, struct tally_data *tallies); ++ ++static void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3)) ++config_log(const pam_handle_t *pamh, int priority, const char *fmt, ...) ++{ ++ va_list args; ++ ++ va_start(args, fmt); ++ if (pamh) { ++ pam_vsyslog(pamh, priority, fmt, args); ++ } else { ++ char *buf = NULL; ++ ++ if (vasprintf(&buf, fmt, args) < 0) { ++ fprintf(stderr, "vasprintf: %m"); ++ va_end(args); ++ return; ++ } ++ fprintf(stderr, "%s\n", buf); ++ free(buf); ++ } ++ va_end(args); ++} ++ ++/* parse a single configuration file */ ++int ++read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile) ++{ ++ char linebuf[FAILLOCK_CONF_MAX_LINELEN+1]; ++ const char *fname = (cfgfile != NULL) ? cfgfile : FAILLOCK_DEFAULT_CONF; ++ FILE *f = fopen(fname, "r"); ++ ++#ifdef VENDOR_FAILLOCK_DEFAULT_CONF ++ if (f == NULL && errno == ENOENT && cfgfile == NULL) { ++ /* ++ * If the default configuration file in /etc does not exist, ++ * try the vendor configuration file as fallback. ++ */ ++ f = fopen(VENDOR_FAILLOCK_DEFAULT_CONF, "r"); ++ } ++#endif /* VENDOR_FAILLOCK_DEFAULT_CONF */ ++ ++ if (f == NULL) { ++ /* ignore non-existent default config file */ ++ if (errno == ENOENT && cfgfile == NULL) ++ return PAM_SUCCESS; ++ return PAM_SERVICE_ERR; ++ } ++ ++ while (fgets(linebuf, sizeof(linebuf), f) != NULL) { ++ size_t len; ++ char *ptr; ++ char *name; ++ int eq; ++ ++ len = strlen(linebuf); ++ /* len cannot be 0 unless there is a bug in fgets */ ++ if (len && linebuf[len - 1] != '\n' && !feof(f)) { ++ (void) fclose(f); ++ return PAM_SERVICE_ERR; ++ } ++ ++ if ((ptr=strchr(linebuf, '#')) != NULL) { ++ *ptr = '\0'; ++ } else { ++ ptr = linebuf + len; ++ } ++ ++ /* drop terminating whitespace including the \n */ ++ while (ptr > linebuf) { ++ if (!isspace(*(ptr-1))) { ++ *ptr = '\0'; ++ break; ++ } ++ --ptr; ++ } ++ ++ /* skip initial whitespace */ ++ for (ptr = linebuf; isspace(*ptr); ptr++); ++ if (*ptr == '\0') ++ continue; ++ ++ /* grab the key name */ ++ eq = 0; ++ name = ptr; ++ while (*ptr != '\0') { ++ if (isspace(*ptr) || *ptr == '=') { ++ eq = *ptr == '='; ++ *ptr = '\0'; ++ ++ptr; ++ break; ++ } ++ ++ptr; ++ } ++ ++ /* grab the key value */ ++ while (*ptr != '\0') { ++ if (*ptr != '=' || eq) { ++ if (!isspace(*ptr)) { ++ break; ++ } ++ } else { ++ eq = 1; ++ } ++ ++ptr; ++ } ++ ++ /* set the key:value pair on opts */ ++ set_conf_opt(pamh, opts, name, ptr); ++ } ++ ++ (void)fclose(f); ++ return PAM_SUCCESS; ++} ++ ++void ++set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, ++ const char *value) ++{ ++ if (strcmp(name, "dir") == 0) { ++ if (value[0] != '/') { ++ config_log(pamh, LOG_ERR, ++ "Tally directory is not absolute path (%s); keeping value", ++ value); ++ } else { ++ free(opts->dir); ++ opts->dir = strdup(value); ++ if (opts->dir == NULL) { ++ opts->fatal_error = 1; ++ config_log(pamh, LOG_CRIT, "Error allocating memory: %m"); ++ } ++ } ++ } ++ else if (strcmp(name, "deny") == 0) { ++ if (sscanf(value, "%hu", &opts->deny) != 1) { ++ config_log(pamh, LOG_ERR, ++ "Bad number supplied for deny argument"); ++ } ++ } ++ else if (strcmp(name, "fail_interval") == 0) { ++ unsigned int temp; ++ if (sscanf(value, "%u", &temp) != 1 || ++ temp > MAX_TIME_INTERVAL) { ++ config_log(pamh, LOG_ERR, ++ "Bad number supplied for fail_interval argument"); ++ } else { ++ opts->fail_interval = temp; ++ } ++ } ++ else if (strcmp(name, "unlock_time") == 0) { ++ unsigned int temp; ++ ++ if (strcmp(value, "never") == 0) { ++ opts->unlock_time = 0; ++ } ++ else if (sscanf(value, "%u", &temp) != 1 || ++ temp > MAX_TIME_INTERVAL) { ++ config_log(pamh, LOG_ERR, ++ "Bad number supplied for unlock_time argument"); ++ } ++ else { ++ opts->unlock_time = temp; ++ } ++ } ++ else if (strcmp(name, "root_unlock_time") == 0) { ++ unsigned int temp; ++ ++ if (strcmp(value, "never") == 0) { ++ opts->root_unlock_time = 0; ++ } ++ else if (sscanf(value, "%u", &temp) != 1 || ++ temp > MAX_TIME_INTERVAL) { ++ config_log(pamh, LOG_ERR, ++ "Bad number supplied for root_unlock_time argument"); ++ } else { ++ opts->root_unlock_time = temp; ++ } ++ } ++ else if (strcmp(name, "admin_group") == 0) { ++ free(opts->admin_group); ++ opts->admin_group = strdup(value); ++ if (opts->admin_group == NULL) { ++ opts->fatal_error = 1; ++ config_log(pamh, LOG_CRIT, "Error allocating memory: %m"); ++ } ++ } ++ else if (strcmp(name, "even_deny_root") == 0) { ++ opts->flags |= FAILLOCK_FLAG_DENY_ROOT; ++ } ++ else if (strcmp(name, "audit") == 0) { ++ opts->flags |= FAILLOCK_FLAG_AUDIT; ++ } ++ else if (strcmp(name, "silent") == 0) { ++ opts->flags |= FAILLOCK_FLAG_SILENT; ++ } ++ else if (strcmp(name, "no_log_info") == 0) { ++ opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO; ++ } ++ else if (strcmp(name, "local_users_only") == 0) { ++ opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY; ++ } ++ else if (strcmp(name, "nodelay") == 0) { ++ opts->flags |= FAILLOCK_FLAG_NO_DELAY; ++ } ++ else { ++ config_log(pamh, LOG_ERR, "Unknown option: %s", name); ++ } ++} ++ ++const char *get_tally_dir(const struct options *opts) ++{ ++ return (opts->dir != NULL) ? opts->dir : FAILLOCK_DEFAULT_TALLYDIR; ++} +diff --git a/modules/pam_faillock/faillock_config.h b/modules/pam_faillock/faillock_config.h +new file mode 100644 +index 00000000..04bc699b +--- /dev/null ++++ b/modules/pam_faillock/faillock_config.h +@@ -0,0 +1,90 @@ ++/* ++ * Copyright (c) 2022 Tomas Mraz ++ * Copyright (c) 2022 Iker Pedrosa ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++/* ++ * faillock_config.h - load configuration options from file ++ * ++ */ ++ ++#ifndef _FAILLOCK_CONFIG_H ++#define _FAILLOCK_CONFIG_H ++ ++#include ++#include ++#include ++ ++#include ++ ++#define FAILLOCK_FLAG_DENY_ROOT 0x1 ++#define FAILLOCK_FLAG_AUDIT 0x2 ++#define FAILLOCK_FLAG_SILENT 0x4 ++#define FAILLOCK_FLAG_NO_LOG_INFO 0x8 ++#define FAILLOCK_FLAG_UNLOCKED 0x10 ++#define FAILLOCK_FLAG_LOCAL_ONLY 0x20 ++#define FAILLOCK_FLAG_NO_DELAY 0x40 ++ ++#define FAILLOCK_CONF_MAX_LINELEN 1023 ++#define MAX_TIME_INTERVAL 604800 /* 7 days */ ++ ++struct options { ++ unsigned int action; ++ unsigned int flags; ++ unsigned short deny; ++ unsigned int fail_interval; ++ unsigned int unlock_time; ++ unsigned int root_unlock_time; ++ char *dir; ++ const char *user; ++ char *admin_group; ++ int failures; ++ uint64_t latest_time; ++ uid_t uid; ++ int is_admin; ++ uint64_t now; ++ int fatal_error; ++ ++ unsigned int reset; ++ const char *progname; ++ int legacy_output; /* show failure info in pam_tally2 style */ ++}; ++ ++int read_config_file(pam_handle_t *pamh, struct options *opts, ++ const char *cfgfile); ++void set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, ++ const char *value); ++const char *get_tally_dir(const struct options *opts); ++ ++#endif /* _FAILLOCK_CONFIG_H */ diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c -index f62e1bb2..ea6329ca 100644 +index f62e1bb2..136be834 100644 --- a/modules/pam_faillock/main.c +++ b/modules/pam_faillock/main.c -@@ -174,6 +174,11 @@ do_user(struct options *opts, const char *user) - time_t when = tallies.records[i].time; - - tm = localtime(&when); -+ if(tm == NULL) { -+ fprintf(stderr, "%s: Invalid timestamp in the tally record\n", -+ opts->progname); -+ continue; +@@ -51,32 +51,40 @@ + #define AUDIT_NO_ID ((unsigned int) -1) + #endif + ++#include "pam_inline.h" + #include "faillock.h" +- +-struct options { +- unsigned int reset; +- const char *dir; +- const char *user; +- const char *progname; +-}; ++#include "faillock_config.h" + + static int + args_parse(int argc, char **argv, struct options *opts) + { + int i; ++ int rv; ++ const char *dir = NULL; ++ const char *conf = NULL; ++ + memset(opts, 0, sizeof(*opts)); + +- opts->dir = FAILLOCK_DEFAULT_TALLYDIR; + opts->progname = argv[0]; + + for (i = 1; i < argc; ++i) { +- if (strcmp(argv[i], "--dir") == 0) { ++ if (strcmp(argv[i], "--conf") == 0) { ++ ++i; ++ if (i >= argc || strlen(argv[i]) == 0) { ++ fprintf(stderr, "%s: No configuration file supplied.\n", ++ argv[0]); ++ return -1; + } - strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm); - printf("%-19s %-5s %-52.52s %s\n", timebuf, - status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"), ++ conf = argv[i]; ++ } ++ else if (strcmp(argv[i], "--dir") == 0) { + ++i; + if (i >= argc || strlen(argv[i]) == 0) { +- fprintf(stderr, "%s: No directory supplied.\n", argv[0]); ++ fprintf(stderr, "%s: No records directory supplied.\n", ++ argv[0]); + return -1; + } +- opts->dir = argv[i]; ++ dir = argv[i]; + } + else if (strcmp(argv[i], "--user") == 0) { + ++i; +@@ -89,19 +97,113 @@ args_parse(int argc, char **argv, struct options *opts) + else if (strcmp(argv[i], "--reset") == 0) { + opts->reset = 1; + } ++ else if (!strcmp(argv[i], "--legacy-output")) { ++ opts->legacy_output = 1; ++ } + else { + fprintf(stderr, "%s: Unknown option: %s\n", argv[0], argv[i]); + return -1; + } + } ++ ++ if ((rv = read_config_file(NULL, opts, conf)) != PAM_SUCCESS) { ++ fprintf(stderr, "Configuration file missing or broken"); ++ return rv; ++ } ++ ++ if (dir != NULL) { ++ free(opts->dir); ++ opts->dir = strdup(dir); ++ if (opts->dir == NULL) { ++ fprintf(stderr, "Error allocating memory: %m"); ++ return -1; ++ } ++ } ++ + return 0; + } + + static void + usage(const char *progname) + { +- fprintf(stderr, _("Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"), +- progname); ++ fprintf(stderr, ++ _("Usage: %s [--dir /path/to/tally-directory]" ++ " [--user username] [--reset] [--legacy-output]\n"), progname); ++ ++} ++ ++static int ++get_local_time(time_t when, char *timebuf, size_t timebuf_size) ++{ ++ struct tm *tm; ++ ++ tm = localtime(&when); ++ if (tm == NULL) { ++ return -1; ++ } ++ strftime(timebuf, timebuf_size, "%Y-%m-%d %H:%M:%S", tm); ++ return 0; ++} ++ ++static void ++print_in_new_format(struct options *opts, const struct tally_data *tallies, const char *user) ++{ ++ uint32_t i; ++ ++ printf("%s:\n", user); ++ printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid"); ++ ++ for (i = 0; i < tallies->count; i++) { ++ uint16_t status; ++ char timebuf[80]; ++ ++ if (get_local_time(tallies->records[i].time, timebuf, sizeof(timebuf)) != 0) { ++ fprintf(stderr, "%s: Invalid timestamp in the tally record\n", ++ opts->progname); ++ continue; ++ } ++ ++ status = tallies->records[i].status; ++ ++ printf("%-19s %-5s %-52.52s %s\n", timebuf, ++ status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"), ++ tallies->records[i].source, status & TALLY_STATUS_VALID ? "V":"I"); ++ } ++} ++ ++static void ++print_in_legacy_format(struct options *opts, const struct tally_data *tallies, const char *user) ++{ ++ uint32_t tally_count; ++ static uint32_t pr_once; ++ ++ if (pr_once == 0) { ++ printf(_("Login Failures Latest failure From\n")); ++ pr_once = 1; ++ } ++ ++ printf("%-15.15s ", user); ++ ++ tally_count = tallies->count; ++ ++ if (tally_count > 0) { ++ uint32_t i; ++ char timebuf[80]; ++ ++ i = tally_count - 1; ++ ++ if (get_local_time(tallies->records[i].time, timebuf, sizeof(timebuf)) != 0) { ++ fprintf(stderr, "%s: Invalid timestamp in the tally record\n", ++ opts->progname); ++ return; ++ } ++ ++ printf("%5u %25s %s\n", ++ tally_count, timebuf, tallies->records[i].source); ++ } ++ else { ++ printf("%5u\n", tally_count); ++ } + } + + static int +@@ -111,10 +213,15 @@ do_user(struct options *opts, const char *user) + int rv; + struct tally_data tallies; + struct passwd *pwd; ++ const char *dir = get_tally_dir(opts); + + pwd = getpwnam(user); ++ if (pwd == NULL) { ++ fprintf(stderr, "%s: Error no such user: %s\n", opts->progname, user); ++ return 1; ++ } + +- fd = open_tally(opts->dir, user, pwd != NULL ? pwd->pw_uid : 0, 0); ++ fd = open_tally(dir, user, pwd->pw_uid, 1); + + if (fd == -1) { + if (errno == ENOENT) { +@@ -153,8 +260,6 @@ do_user(struct options *opts, const char *user) + } + } + else { +- unsigned int i; +- + memset(&tallies, 0, sizeof(tallies)); + if (read_tally(fd, &tallies) == -1) { + fprintf(stderr, "%s: Error reading the tally file for %s:", +@@ -164,21 +269,13 @@ do_user(struct options *opts, const char *user) + return 5; + } + +- printf("%s:\n", user); +- printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid"); +- +- for (i = 0; i < tallies.count; i++) { +- struct tm *tm; +- char timebuf[80]; +- uint16_t status = tallies.records[i].status; +- time_t when = tallies.records[i].time; +- +- tm = localtime(&when); +- strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm); +- printf("%-19s %-5s %-52.52s %s\n", timebuf, +- status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"), +- tallies.records[i].source, status & TALLY_STATUS_VALID ? "V":"I"); ++ if (opts->legacy_output == 0) { ++ print_in_new_format(opts, &tallies, user); + } ++ else { ++ print_in_legacy_format(opts, &tallies, user); ++ } ++ + free(tallies.records); + } + close(fd); +@@ -190,8 +287,9 @@ do_allusers(struct options *opts) + { + struct dirent **userlist; + int rv, i; ++ const char *dir = get_tally_dir(opts); + +- rv = scandir(opts->dir, &userlist, NULL, alphasort); ++ rv = scandir(dir, &userlist, NULL, alphasort); + if (rv < 0) { + fprintf(stderr, "%s: Error reading tally directory: %m\n", opts->progname); + return 2; diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml -index 58c16442..79bcbbd0 100644 +index 58c16442..b7b7b0db 100644 --- a/modules/pam_faillock/pam_faillock.8.xml +++ b/modules/pam_faillock/pam_faillock.8.xml @@ -134,10 +134,17 @@ @@ -424,7 +2710,20 @@ index 58c16442..79bcbbd0 100644 -@@ -328,6 +335,15 @@ session required pam_selinux.so open +@@ -320,6 +327,12 @@ session required pam_selinux.so open + /var/run/faillock/* + + the files logging the authentication failures for users ++ ++ Note: These files will disappear after reboot on systems configured with ++ directory /var/run/faillock mounted on virtual memory. ++ For persistent storage use the option dir= in ++ file /etc/security/faillock.conf. ++ + + + +@@ -328,6 +341,15 @@ session required pam_selinux.so open the config file for pam_faillock options @@ -439,27 +2738,327 @@ index 58c16442..79bcbbd0 100644 + - + diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c -index 8328fbae..932d4281 100644 +index 8328fbae..ca1c7035 100644 --- a/modules/pam_faillock/pam_faillock.c +++ b/modules/pam_faillock/pam_faillock.c -@@ -192,6 +192,15 @@ read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile) - char linebuf[FAILLOCK_CONF_MAX_LINELEN+1]; - - f = fopen(cfgfile, "r"); -+#ifdef VENDOR_FAILLOCK_DEFAULT_CONF -+ if (f == NULL && errno == ENOENT && cfgfile == default_faillock_conf) { -+ /* -+ * If the default configuration file in /etc does not exist, -+ * try the vendor configuration file as fallback. -+ */ -+ f = fopen(VENDOR_FAILLOCK_DEFAULT_CONF, "r"); -+ } -+#endif - if (f == NULL) { - /* ignore non-existent default config file */ - if (errno == ENOENT && cfgfile == default_faillock_conf) +@@ -38,7 +38,6 @@ + #include + #include + #include +-#include + #include + #include + #include +@@ -56,55 +55,12 @@ + + #include "pam_inline.h" + #include "faillock.h" ++#include "faillock_config.h" + + #define FAILLOCK_ACTION_PREAUTH 0 + #define FAILLOCK_ACTION_AUTHSUCC 1 + #define FAILLOCK_ACTION_AUTHFAIL 2 + +-#define FAILLOCK_FLAG_DENY_ROOT 0x1 +-#define FAILLOCK_FLAG_AUDIT 0x2 +-#define FAILLOCK_FLAG_SILENT 0x4 +-#define FAILLOCK_FLAG_NO_LOG_INFO 0x8 +-#define FAILLOCK_FLAG_UNLOCKED 0x10 +-#define FAILLOCK_FLAG_LOCAL_ONLY 0x20 +-#define FAILLOCK_FLAG_NO_DELAY 0x40 +- +-#define MAX_TIME_INTERVAL 604800 /* 7 days */ +-#define FAILLOCK_CONF_MAX_LINELEN 1023 +- +-static const char default_faillock_conf[] = FAILLOCK_DEFAULT_CONF; +- +-struct options { +- unsigned int action; +- unsigned int flags; +- unsigned short deny; +- unsigned int fail_interval; +- unsigned int unlock_time; +- unsigned int root_unlock_time; +- char *dir; +- const char *user; +- char *admin_group; +- int failures; +- uint64_t latest_time; +- uid_t uid; +- int is_admin; +- uint64_t now; +- int fatal_error; +-}; +- +-static int read_config_file( +- pam_handle_t *pamh, +- struct options *opts, +- const char *cfgfile +-); +- +-static void set_conf_opt( +- pam_handle_t *pamh, +- struct options *opts, +- const char *name, +- const char *value +-); +- + static int + args_parse(pam_handle_t *pamh, int argc, const char **argv, + int flags, struct options *opts) +@@ -112,11 +68,10 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv, + int i; + int config_arg_index = -1; + int rv; +- const char *conf = default_faillock_conf; ++ const char *conf = NULL; + + memset(opts, 0, sizeof(*opts)); + +- opts->dir = strdup(FAILLOCK_DEFAULT_TALLYDIR); + opts->deny = 3; + opts->fail_interval = 900; + opts->unlock_time = 600; +@@ -174,185 +129,11 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv, + if (flags & PAM_SILENT) + opts->flags |= FAILLOCK_FLAG_SILENT; + +- if (opts->dir == NULL) { +- pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m"); +- opts->fatal_error = 1; +- } +- + if (opts->fatal_error) + return PAM_BUF_ERR; + return PAM_SUCCESS; + } + +-/* parse a single configuration file */ +-static int +-read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile) +-{ +- FILE *f; +- char linebuf[FAILLOCK_CONF_MAX_LINELEN+1]; +- +- f = fopen(cfgfile, "r"); +- if (f == NULL) { +- /* ignore non-existent default config file */ +- if (errno == ENOENT && cfgfile == default_faillock_conf) +- return PAM_SUCCESS; +- return PAM_SERVICE_ERR; +- } +- +- while (fgets(linebuf, sizeof(linebuf), f) != NULL) { +- size_t len; +- char *ptr; +- char *name; +- int eq; +- +- len = strlen(linebuf); +- /* len cannot be 0 unless there is a bug in fgets */ +- if (len && linebuf[len - 1] != '\n' && !feof(f)) { +- (void) fclose(f); +- return PAM_SERVICE_ERR; +- } +- +- if ((ptr=strchr(linebuf, '#')) != NULL) { +- *ptr = '\0'; +- } else { +- ptr = linebuf + len; +- } +- +- /* drop terminating whitespace including the \n */ +- while (ptr > linebuf) { +- if (!isspace(*(ptr-1))) { +- *ptr = '\0'; +- break; +- } +- --ptr; +- } +- +- /* skip initial whitespace */ +- for (ptr = linebuf; isspace(*ptr); ptr++); +- if (*ptr == '\0') +- continue; +- +- /* grab the key name */ +- eq = 0; +- name = ptr; +- while (*ptr != '\0') { +- if (isspace(*ptr) || *ptr == '=') { +- eq = *ptr == '='; +- *ptr = '\0'; +- ++ptr; +- break; +- } +- ++ptr; +- } +- +- /* grab the key value */ +- while (*ptr != '\0') { +- if (*ptr != '=' || eq) { +- if (!isspace(*ptr)) { +- break; +- } +- } else { +- eq = 1; +- } +- ++ptr; +- } +- +- /* set the key:value pair on opts */ +- set_conf_opt(pamh, opts, name, ptr); +- } +- +- (void)fclose(f); +- return PAM_SUCCESS; +-} +- +-static void +-set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const char *value) +-{ +- if (strcmp(name, "dir") == 0) { +- if (value[0] != '/') { +- pam_syslog(pamh, LOG_ERR, +- "Tally directory is not absolute path (%s); keeping default", value); +- } else { +- free(opts->dir); +- opts->dir = strdup(value); +- } +- } +- else if (strcmp(name, "deny") == 0) { +- if (sscanf(value, "%hu", &opts->deny) != 1) { +- pam_syslog(pamh, LOG_ERR, +- "Bad number supplied for deny argument"); +- } +- } +- else if (strcmp(name, "fail_interval") == 0) { +- unsigned int temp; +- if (sscanf(value, "%u", &temp) != 1 || +- temp > MAX_TIME_INTERVAL) { +- pam_syslog(pamh, LOG_ERR, +- "Bad number supplied for fail_interval argument"); +- } else { +- opts->fail_interval = temp; +- } +- } +- else if (strcmp(name, "unlock_time") == 0) { +- unsigned int temp; +- +- if (strcmp(value, "never") == 0) { +- opts->unlock_time = 0; +- } +- else if (sscanf(value, "%u", &temp) != 1 || +- temp > MAX_TIME_INTERVAL) { +- pam_syslog(pamh, LOG_ERR, +- "Bad number supplied for unlock_time argument"); +- } +- else { +- opts->unlock_time = temp; +- } +- } +- else if (strcmp(name, "root_unlock_time") == 0) { +- unsigned int temp; +- +- if (strcmp(value, "never") == 0) { +- opts->root_unlock_time = 0; +- } +- else if (sscanf(value, "%u", &temp) != 1 || +- temp > MAX_TIME_INTERVAL) { +- pam_syslog(pamh, LOG_ERR, +- "Bad number supplied for root_unlock_time argument"); +- } else { +- opts->root_unlock_time = temp; +- } +- } +- else if (strcmp(name, "admin_group") == 0) { +- free(opts->admin_group); +- opts->admin_group = strdup(value); +- if (opts->admin_group == NULL) { +- opts->fatal_error = 1; +- pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m"); +- } +- } +- else if (strcmp(name, "even_deny_root") == 0) { +- opts->flags |= FAILLOCK_FLAG_DENY_ROOT; +- } +- else if (strcmp(name, "audit") == 0) { +- opts->flags |= FAILLOCK_FLAG_AUDIT; +- } +- else if (strcmp(name, "silent") == 0) { +- opts->flags |= FAILLOCK_FLAG_SILENT; +- } +- else if (strcmp(name, "no_log_info") == 0) { +- opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO; +- } +- else if (strcmp(name, "local_users_only") == 0) { +- opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY; +- } +- else if (strcmp(name, "nodelay") == 0) { +- opts->flags |= FAILLOCK_FLAG_NO_DELAY; +- } +- else { +- pam_syslog(pamh, LOG_ERR, "Unknown option: %s", name); +- } +-} +- + static int + check_local_user (pam_handle_t *pamh, const char *user) + { +@@ -406,10 +187,11 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies + unsigned int i; + uint64_t latest_time; + int failures; ++ const char *dir = get_tally_dir(opts); + + opts->now = time(NULL); + +- tfd = open_tally(opts->dir, opts->user, opts->uid, 0); ++ tfd = open_tally(dir, opts->user, opts->uid, 0); + + *fd = tfd; + +@@ -483,9 +265,10 @@ static void + reset_tally(pam_handle_t *pamh, struct options *opts, int *fd) + { + int rv; ++ const char *dir = get_tally_dir(opts); + + if (*fd == -1) { +- *fd = open_tally(opts->dir, opts->user, opts->uid, 1); ++ *fd = open_tally(dir, opts->user, opts->uid, 1); + } + else { + while ((rv=ftruncate(*fd, 0)) == -1 && errno == EINTR); +@@ -504,9 +287,10 @@ write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies + unsigned int oldest; + uint64_t oldtime; + const void *source = NULL; ++ const char *dir = get_tally_dir(opts); + + if (*fd == -1) { +- *fd = open_tally(opts->dir, opts->user, opts->uid, 1); ++ *fd = open_tally(dir, opts->user, opts->uid, 1); + } + if (*fd == -1) { + if (errno == EACCES) { +@@ -590,9 +374,11 @@ write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies + } + close(audit_fd); + #endif +- if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) { +- pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked", +- opts->user); ++ if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO) && ++ ((opts->flags & FAILLOCK_FLAG_DENY_ROOT) || (opts->uid != 0))) { ++ pam_syslog(pamh, LOG_INFO, ++ "Consecutive login failures for user %s account temporarily locked", ++ opts->user); + } + } + diff --git a/modules/pam_faillock/tst-pam_faillock-retval.c b/modules/pam_faillock/tst-pam_faillock-retval.c new file mode 100644 index 00000000..133026cb @@ -591,7 +3190,7 @@ index a9a0a1ef..fd88b952 100644 +++ b/modules/pam_group/Makefile.am @@ -18,7 +18,7 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) - + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" $(WARN_CFLAGS) + $(WARN_CFLAGS) @@ -622,23 +3221,23 @@ index d9a35ea6..c49358a1 100644 #include #include +#include - + #include #include @@ -23,6 +24,10 @@ #include #include - + +#define PAM_GROUP_CONF SCONFIGDIR "/group.conf" +#ifdef VENDOR_SCONFIGDIR +# define VENDOR_PAM_GROUP_CONF VENDOR_SCONFIGDIR "/group.conf" +#endif #define PAM_GROUP_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ - + @@ -70,7 +75,8 @@ trim_spaces(char *buf, char *from) #define STATE_EOF 3 /* end of file or error */ - + static int -read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) +read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, @@ -683,31 +3282,31 @@ index d9a35ea6..c49358a1 100644 + conf_filename = VENDOR_PAM_GROUP_CONF; + } +#endif - + /* * first we get the current list of groups - the application @@ -611,7 +629,7 @@ static int check_account(pam_handle_t *pamh, const char *service, - + /* here we get the service name field */ - + - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); if (!buffer || !buffer[0]) { /* empty line .. ? */ continue; @@ -621,7 +639,7 @@ static int check_account(pam_handle_t *pamh, const char *service, - + if (state != STATE_FIELD) { pam_syslog(pamh, LOG_ERR, - "%s: malformed rule #%d", PAM_GROUP_CONF, count); + "%s: malformed rule #%d", conf_filename, count); continue; } - + @@ -630,10 +648,10 @@ static int check_account(pam_handle_t *pamh, const char *service, - + /* here we get the terminal name field */ - + - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); if (state != STATE_FIELD) { @@ -718,9 +3317,9 @@ index d9a35ea6..c49358a1 100644 } good &= logic_field(pamh,tty, buffer, count, is_same); @@ -641,10 +659,10 @@ static int check_account(pam_handle_t *pamh, const char *service, - + /* here we get the username field */ - + - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); if (state != STATE_FIELD) { @@ -731,9 +3330,9 @@ index d9a35ea6..c49358a1 100644 } /* If buffer starts with @, we are using netgroups */ @@ -663,20 +681,20 @@ static int check_account(pam_handle_t *pamh, const char *service, - + /* here we get the time field */ - + - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); if (state != STATE_FIELD) { @@ -742,10 +3341,10 @@ index d9a35ea6..c49358a1 100644 + "%s: malformed rule #%d", conf_filename, count); continue; } - + good &= logic_field(pamh,&here_and_now, buffer, count, check_time); D(("with time: %s", good ? "passes":"fails" )); - + - fd = read_field(pamh, fd, &buffer, &from, &state); + fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); if (state == STATE_FIELD) { @@ -754,14 +3353,442 @@ index d9a35ea6..c49358a1 100644 + "%s: poorly terminated rule #%d", conf_filename, count); continue; } - + +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index 5b6a4669..2f53440f 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -36,98 +36,6 @@ + + static int _user_prompt_set = 0; + +-static int read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt); +-static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt); +- +-/* --- authentication management functions (only) --- */ +- +-int +-pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, +- int argc, const char **argv) +-{ +- int retval = PAM_SERVICE_ERR; +- FILE *fp; +- const char *issue_file = NULL; +- int parse_esc = 1; +- const void *item = NULL; +- const char *cur_prompt; +- char *issue_prompt = NULL; +- +- /* If we've already set the prompt, don't set it again */ +- if(_user_prompt_set) +- return PAM_IGNORE; +- +- /* We set this here so if we fail below, we won't get further +- than this next time around (only one real failure) */ +- _user_prompt_set = 1; +- +- for ( ; argc-- > 0 ; ++argv ) { +- const char *str; +- +- if ((str = pam_str_skip_prefix(*argv, "issue=")) != NULL) { +- issue_file = str; +- D(("set issue_file to: %s", issue_file)); +- } else if (!strcmp(*argv,"noesc")) { +- parse_esc = 0; +- D(("turning off escape parsing by request")); +- } else +- D(("unknown option passed: %s", *argv)); +- } +- +- if (issue_file == NULL) +- issue_file = "/etc/issue"; +- +- if ((fp = fopen(issue_file, "r")) == NULL) { +- pam_syslog(pamh, LOG_ERR, "error opening %s: %m", issue_file); +- return PAM_SERVICE_ERR; +- } +- +- if ((retval = pam_get_item(pamh, PAM_USER_PROMPT, &item)) != PAM_SUCCESS) { +- fclose(fp); +- return retval; +- } +- +- cur_prompt = item; +- if (cur_prompt == NULL) +- cur_prompt = ""; +- +- if (parse_esc) +- retval = read_issue_quoted(pamh, fp, &issue_prompt); +- else +- retval = read_issue_raw(pamh, fp, &issue_prompt); +- +- fclose(fp); +- +- if (retval != PAM_SUCCESS) +- goto out; +- +- { +- size_t size = strlen(issue_prompt) + strlen(cur_prompt) + 1; +- char *new_prompt = realloc(issue_prompt, size); +- +- if (new_prompt == NULL) { +- pam_syslog(pamh, LOG_CRIT, "out of memory"); +- retval = PAM_BUF_ERR; +- goto out; +- } +- issue_prompt = new_prompt; +- } +- +- strcat(issue_prompt, cur_prompt); +- retval = pam_set_item(pamh, PAM_USER_PROMPT, +- (const void *) issue_prompt); +- out: +- _pam_drop(issue_prompt); +- return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; +-} +- +-int +-pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, +- int argc UNUSED, const char **argv UNUSED) +-{ +- return PAM_IGNORE; +-} +- + static int + read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt) + { +@@ -303,4 +211,91 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + return PAM_SUCCESS; + } + +-/* end of module definition */ ++/* --- authentication management functions (only) --- */ ++ ++int ++pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, ++ int argc, const char **argv) ++{ ++ int retval = PAM_SERVICE_ERR; ++ FILE *fp; ++ const char *issue_file = NULL; ++ int parse_esc = 1; ++ const void *item = NULL; ++ const char *cur_prompt; ++ char *issue_prompt = NULL; ++ ++ /* If we've already set the prompt, don't set it again */ ++ if(_user_prompt_set) ++ return PAM_IGNORE; ++ ++ /* We set this here so if we fail below, we won't get further ++ than this next time around (only one real failure) */ ++ _user_prompt_set = 1; ++ ++ for ( ; argc-- > 0 ; ++argv ) { ++ const char *str; ++ ++ if ((str = pam_str_skip_prefix(*argv, "issue=")) != NULL) { ++ issue_file = str; ++ D(("set issue_file to: %s", issue_file)); ++ } else if (!strcmp(*argv,"noesc")) { ++ parse_esc = 0; ++ D(("turning off escape parsing by request")); ++ } else ++ D(("unknown option passed: %s", *argv)); ++ } ++ ++ if (issue_file == NULL) ++ issue_file = "/etc/issue"; ++ ++ if ((fp = fopen(issue_file, "r")) == NULL) { ++ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", issue_file); ++ return PAM_SERVICE_ERR; ++ } ++ ++ if ((retval = pam_get_item(pamh, PAM_USER_PROMPT, &item)) != PAM_SUCCESS) { ++ fclose(fp); ++ return retval; ++ } ++ ++ cur_prompt = item; ++ if (cur_prompt == NULL) ++ cur_prompt = ""; ++ ++ if (parse_esc) ++ retval = read_issue_quoted(pamh, fp, &issue_prompt); ++ else ++ retval = read_issue_raw(pamh, fp, &issue_prompt); ++ ++ fclose(fp); ++ ++ if (retval != PAM_SUCCESS) ++ goto out; ++ ++ { ++ size_t size = strlen(issue_prompt) + strlen(cur_prompt) + 1; ++ char *new_prompt = realloc(issue_prompt, size); ++ ++ if (new_prompt == NULL) { ++ pam_syslog(pamh, LOG_CRIT, "out of memory"); ++ retval = PAM_BUF_ERR; ++ goto out; ++ } ++ issue_prompt = new_prompt; ++ } ++ ++ strcat(issue_prompt, cur_prompt); ++ retval = pam_set_item(pamh, PAM_USER_PROMPT, ++ (const void *) issue_prompt); ++ out: ++ _pam_drop(issue_prompt); ++ return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; ++} ++ ++int ++pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, ++ int argc UNUSED, const char **argv UNUSED) ++{ ++ return PAM_IGNORE; ++} +diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c +index 92e4953b..df9804b9 100644 +--- a/modules/pam_keyinit/pam_keyinit.c ++++ b/modules/pam_keyinit/pam_keyinit.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + + #define KEY_SPEC_SESSION_KEYRING -3 /* ID for session keyring */ + #define KEY_SPEC_USER_KEYRING -4 /* ID for UID-specific keyring */ +@@ -31,12 +32,12 @@ + #define KEYCTL_REVOKE 3 /* revoke a key */ + #define KEYCTL_LINK 8 /* link a key into a keyring */ + +-static int my_session_keyring = 0; +-static int session_counter = 0; +-static int do_revoke = 0; +-static uid_t revoke_as_uid; +-static gid_t revoke_as_gid; +-static int xdebug = 0; ++static _Thread_local int my_session_keyring = 0; ++static _Atomic int session_counter = 0; ++static _Thread_local int do_revoke = 0; ++static _Thread_local uid_t revoke_as_uid; ++static _Thread_local gid_t revoke_as_gid; ++static _Thread_local int xdebug = 0; + + static void debug(pam_handle_t *pamh, const char *fmt, ...) + __attribute__((format(printf, 2, 3))); +@@ -64,6 +65,33 @@ static void error(pam_handle_t *pamh, const char *fmt, ...) + va_end(va); + } + ++static int pam_setreuid(uid_t ruid, uid_t euid) ++{ ++#if defined(SYS_setreuid32) ++ return syscall(SYS_setreuid32, ruid, euid); ++#else ++ return syscall(SYS_setreuid, ruid, euid); ++#endif ++} ++ ++static int pam_setregid(gid_t rgid, gid_t egid) ++{ ++#if defined(SYS_setregid32) ++ return syscall(SYS_setregid32, rgid, egid); ++#else ++ return syscall(SYS_setregid, rgid, egid); ++#endif ++} ++ ++static int pam_setresuid(uid_t ruid, uid_t euid, uid_t suid) ++{ ++#if defined(SYS_setresuid32) ++ return syscall(SYS_setresuid32, ruid, euid, suid); ++#else ++ return syscall(SYS_setresuid, ruid, euid, suid); ++#endif ++} ++ + /* + * initialise the session keyring for this process + */ +@@ -140,14 +168,14 @@ static int kill_keyrings(pam_handle_t *pamh, int error_ret) + + /* switch to the real UID and GID so that we have permission to + * revoke the key */ +- if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0) { ++ if (revoke_as_gid != old_gid && pam_setregid(-1, revoke_as_gid) < 0) { + error(pamh, "Unable to change GID to %d temporarily\n", revoke_as_gid); + return error_ret; + } + +- if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0) { ++ if (revoke_as_uid != old_uid && pam_setresuid(-1, revoke_as_uid, old_uid) < 0) { + error(pamh, "Unable to change UID to %d temporarily\n", revoke_as_uid); +- if (getegid() != old_gid && setregid(-1, old_gid) < 0) ++ if (getegid() != old_gid && pam_setregid(-1, old_gid) < 0) + error(pamh, "Unable to change GID back to %d\n", old_gid); + return error_ret; + } +@@ -157,12 +185,12 @@ static int kill_keyrings(pam_handle_t *pamh, int error_ret) + } + + /* return to the original UID and GID (probably root) */ +- if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0) { ++ if (revoke_as_uid != old_uid && pam_setreuid(-1, old_uid) < 0) { + error(pamh, "Unable to change UID back to %d\n", old_uid); + ret = error_ret; + } + +- if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0) { ++ if (revoke_as_gid != old_gid && pam_setregid(-1, old_gid) < 0) { + error(pamh, "Unable to change GID back to %d\n", old_gid); + ret = error_ret; + } +@@ -215,14 +243,14 @@ static int do_keyinit(pam_handle_t *pamh, int argc, const char **argv, int error + + /* switch to the real UID and GID so that the keyring ends up owned by + * the right user */ +- if (gid != old_gid && setregid(gid, -1) < 0) { ++ if (gid != old_gid && pam_setregid(gid, -1) < 0) { + error(pamh, "Unable to change GID to %d temporarily\n", gid); + return error_ret; + } + +- if (uid != old_uid && setreuid(uid, -1) < 0) { ++ if (uid != old_uid && pam_setreuid(uid, -1) < 0) { + error(pamh, "Unable to change UID to %d temporarily\n", uid); +- if (setregid(old_gid, -1) < 0) ++ if (pam_setregid(old_gid, -1) < 0) + error(pamh, "Unable to change GID back to %d\n", old_gid); + return error_ret; + } +@@ -230,12 +258,12 @@ static int do_keyinit(pam_handle_t *pamh, int argc, const char **argv, int error + ret = init_keyrings(pamh, force, error_ret); + + /* return to the original UID and GID (probably root) */ +- if (uid != old_uid && setreuid(old_uid, -1) < 0) { ++ if (uid != old_uid && pam_setreuid(old_uid, -1) < 0) { + error(pamh, "Unable to change UID back to %d\n", old_uid); + ret = error_ret; + } + +- if (gid != old_gid && setregid(old_gid, -1) < 0) { ++ if (gid != old_gid && pam_setregid(old_gid, -1) < 0) { + error(pamh, "Unable to change GID back to %d\n", old_gid); + ret = error_ret; + } +diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c +index abd048df..797a61ce 100644 +--- a/modules/pam_lastlog/pam_lastlog.c ++++ b/modules/pam_lastlog/pam_lastlog.c +@@ -57,14 +57,13 @@ struct lastlog { + # define PATH_LOGIN_DEFS "/etc/login.defs" + #endif + +-/* XXX - time before ignoring lock. Is 1 sec enough? */ +-#define LASTLOG_IGNORE_LOCK_TIME 1 +- + #define DEFAULT_HOST "" /* "[no.where]" */ + #define DEFAULT_TERM "" /* "tt???" */ + + #define DEFAULT_INACTIVE_DAYS 90 + #define MAX_INACTIVE_DAYS 100000 ++#define LOCK_RETRIES 3 /* number of file lock retries */ ++#define LOCK_RETRY_DELAY 1 /* seconds to wait between lock attempts */ + + #include + #include +@@ -266,6 +265,7 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t + { + struct flock last_lock; + struct lastlog last_login; ++ int lock_retries = LOCK_RETRIES; + int retval = PAM_SUCCESS; + char the_time[256]; + char *date = NULL; +@@ -278,11 +278,19 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t + last_lock.l_start = sizeof(last_login) * (off_t) uid; + last_lock.l_len = sizeof(last_login); + +- if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { ++ while (fcntl(last_fd, F_SETLK, &last_lock) < 0) { ++ if (0 == --lock_retries) { ++ /* read lock failed, proceed anyway to avoid possible DoS */ ++ D(("locking %s failed", _PATH_LASTLOG)); ++ pam_syslog(pamh, LOG_INFO, ++ "file %s is locked/read, proceeding anyway", ++ _PATH_LASTLOG); ++ break; ++ } + D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); +- pam_syslog(pamh, LOG_WARNING, +- "file %s is locked/read", _PATH_LASTLOG); +- sleep(LASTLOG_IGNORE_LOCK_TIME); ++ pam_syslog(pamh, LOG_INFO, ++ "file %s is locked/read, retrying", _PATH_LASTLOG); ++ sleep(LOCK_RETRY_DELAY); + } + + if (pam_modutil_read(last_fd, (char *) &last_login, +@@ -380,6 +388,7 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, + int setrlimit_res; + struct flock last_lock; + struct lastlog last_login; ++ int lock_retries = LOCK_RETRIES; + time_t ll_time; + const void *void_remote_host = NULL; + const char *remote_host; +@@ -426,10 +435,17 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, + last_lock.l_start = sizeof(last_login) * (off_t) uid; + last_lock.l_len = sizeof(last_login); + +- if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { ++ while (fcntl(last_fd, F_SETLK, &last_lock) < 0) { ++ if (0 == --lock_retries) { ++ D(("locking %s failed", _PATH_LASTLOG)); ++ pam_syslog(pamh, LOG_ERR, ++ "file %s is locked/write", _PATH_LASTLOG); ++ return PAM_SERVICE_ERR; ++ } + D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); +- pam_syslog(pamh, LOG_WARNING, "file %s is locked/write", _PATH_LASTLOG); +- sleep(LASTLOG_IGNORE_LOCK_TIME); ++ pam_syslog(pamh, LOG_INFO, ++ "file %s is locked/write, retrying", _PATH_LASTLOG); ++ sleep(LOCK_RETRY_DELAY); + } + + /* +@@ -573,12 +589,12 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt + time_t lf_time; + + lf_time = utuser.ut_tv.tv_sec; +- tm = localtime_r (&lf_time, &tm_buf); +- strftime (the_time, sizeof (the_time), +- /* TRANSLATORS: "strftime options for date of last login" */ +- _(" %a %b %e %H:%M:%S %Z %Y"), tm); +- +- date = the_time; ++ if ((tm = localtime_r (&lf_time, &tm_buf)) != NULL) { ++ strftime (the_time, sizeof (the_time), ++ /* TRANSLATORS: "strftime options for date of last login" */ ++ _(" %a %b %e %H:%M:%S %Z %Y"), tm); ++ date = the_time; ++ } + } + + /* we want & have the host? */ diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am index 911b07b3..9ae1794d 100644 --- a/modules/pam_limits/Makefile.am +++ b/modules/pam_limits/Makefile.am @@ -19,8 +19,8 @@ secureconfdir = $(SCONFIGDIR) limits_conf_dir = $(SCONFIGDIR)/limits.d - + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \ - -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" $(WARN_CFLAGS) @@ -771,120 +3798,898 @@ index 911b07b3..9ae1794d 100644 if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml -index bc46cbf4..08c6fc4d 100644 +index bc46cbf4..422924fe 100644 --- a/modules/pam_limits/pam_limits.8.xml +++ b/modules/pam_limits/pam_limits.8.xml -@@ -57,6 +57,11 @@ +@@ -48,7 +48,7 @@ + obtained in a user-session. Users of uid=0 are affected + by this limits, too. + +- ++ + By default limits are taken from the /etc/security/limits.conf + config file. Then individual *.conf files from the /etc/security/limits.d/ + directory are read. The files are parsed one after another in the order of "C" locale. +@@ -57,6 +57,23 @@ If a config file is explicitly specified with a module option then the files in the above directory are not parsed. + -+ If there is no explicitly specified configuration file and -+ /etc/security/limits.conf does not exist, -+ %vendordir%/security/limits.conf is used. ++ By default limits are taken from the /etc/security/limits.conf ++ config file or, if that one is not present, the file ++ %vendordir%/security/limits.conf. ++ Then individual *.conf files from the ++ /etc/security/limits.d/ and ++ %vendordir%/security/limits.d directories are read. ++ If /etc/security/limits.d/@filename@.conf exists, then ++ %vendordir%/security/limits.d/@filename@.conf will not be used. ++ All limits.d/*.conf files are sorted by their ++ @filename@.conf in lexicographic order regardless of which ++ of the directories they reside in. ++ The effect of the individual files is the same as if all the files were ++ concatenated together in the order of parsing. ++ If a config file is explicitly specified with the ++ option the files in the above directories are not parsed. + The module must not be called by a multithreaded application. +@@ -211,6 +228,13 @@ + Default configuration file + + ++ ++ %vendordir%/security/limits.conf ++ ++ Default configuration file if ++ /etc/security/limits.conf does not exist. ++ ++ + + + diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 7cc45d77..6fbe95fc 100644 +index 7cc45d77..f9489dbe 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -47,6 +47,10 @@ #include #endif - + +#ifndef PR_SET_NO_NEW_PRIVS +# define PR_SET_NO_NEW_PRIVS 38 /* from */ +#endif + /* Module defines */ #define LINE_LENGTH 1024 - -@@ -119,9 +123,10 @@ struct pam_limit_s { + +@@ -119,9 +123,14 @@ struct pam_limit_s { #define PAM_SET_ALL 0x0010 - + /* Limits from globbed files. */ -#define LIMITS_CONF_GLOB LIMITS_FILE_DIR +#define LIMITS_CONF_GLOB (LIMITS_FILE_DIR "/*.conf") - --#define CONF_FILE (pl->conf_file != NULL)?pl->conf_file:LIMITS_FILE ++ +#define LIMITS_FILE (SCONFIGDIR "/limits.conf") -+#define CONF_FILE ((pl->conf_file != NULL) ? pl->conf_file : LIMITS_FILE) - + +-#define CONF_FILE (pl->conf_file != NULL)?pl->conf_file:LIMITS_FILE ++#ifdef VENDOR_SCONFIGDIR ++#define VENDOR_LIMITS_FILE (VENDOR_SCONFIGDIR "/limits.conf") ++#define VENDOR_LIMITS_CONF_GLOB (VENDOR_SCONFIGDIR "/limits.d/*.conf") ++#endif + static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, -@@ -811,14 +816,30 @@ parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, +@@ -806,18 +815,22 @@ parse_uid_range(pam_handle_t *pamh, const char *domain, + + static int + parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, +- int ctrl, struct pam_limit_s *pl) ++ int ctrl, struct pam_limit_s *pl, const int conf_file_set_by_user) + { FILE *fil; char buf[LINE_LENGTH]; - + - /* check for the LIMITS_FILE */ -+ /* check for the CONF_FILE */ ++ /* check for the conf_file */ if (ctrl & PAM_DEBUG_ARG) - pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); - fil = fopen(CONF_FILE, "r"); +- pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); +- fil = fopen(CONF_FILE, "r"); ++ pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", pl->conf_file); ++ fil = fopen(pl->conf_file, "r"); if (fil == NULL) { - pam_syslog (pamh, LOG_WARNING, - "cannot read settings from %s: %m", CONF_FILE); -- return PAM_SERVICE_ERR; -+ int err = errno; ++ if (errno == ENOENT && !conf_file_set_by_user) ++ return PAM_SUCCESS; /* file is not there and it has not been set by the conf= argument */ + -+#ifdef VENDOR_SCONFIGDIR -+ /* if the specified file does not exist, and it is not provided by -+ the user, try the vendor file as fallback. */ -+ if (pl->conf_file == NULL && err == ENOENT) -+ fil = fopen(VENDOR_SCONFIGDIR "/limits.conf", "r"); -+ -+ if (fil == NULL) -+#endif -+ { -+ if (err == ENOENT) -+ return PAM_SUCCESS; -+ -+ pam_syslog (pamh, LOG_WARNING, -+ "cannot read settings from %s: %s", CONF_FILE, -+ strerror(err)); -+ return PAM_SERVICE_ERR; -+ } ++ pam_syslog(pamh, LOG_WARNING, ++ "cannot read settings from %s: %s", pl->conf_file, ++ strerror(errno)); + return PAM_SERVICE_ERR; } - - /* start the show */ + +@@ -1074,33 +1087,132 @@ static int setup_limits(pam_handle_t *pamh, + return retval; + } + ++/* --- evaluting all files in VENDORDIR/security/limits.d and /etc/security/limits.d --- */ ++static const char * ++base_name(const char *path) ++{ ++ const char *base = strrchr(path, '/'); ++ return base ? base+1 : path; ++} ++ ++static int ++compare_filename(const void *a, const void *b) ++{ ++ return strcmp(base_name(* (const char * const *) a), ++ base_name(* (const char * const *) b)); ++} ++ ++/* Evaluating a list of files which have to be parsed in the right order: ++ * ++ * - If etc/security/limits.d/@filename@.conf exists, then ++ * %vendordir%/security/limits.d/@filename@.conf should not be used. ++ * - All files in both limits.d directories are sorted by their @filename@.conf in ++ * lexicographic order regardless of which of the directories they reside in. */ ++static char ** ++read_limits_dir(pam_handle_t *pamh) ++{ ++ glob_t globbuf; ++ size_t i=0; ++ int glob_rv = glob(LIMITS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf); ++ char **file_list; ++ size_t file_list_size = glob_rv == 0 ? globbuf.gl_pathc : 0; ++ ++#ifdef VENDOR_LIMITS_CONF_GLOB ++ glob_t globbuf_vendor; ++ int glob_rv_vendor = glob(VENDOR_LIMITS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf_vendor); ++ if (glob_rv_vendor == 0) ++ file_list_size += globbuf_vendor.gl_pathc; ++#endif ++ file_list = malloc((file_list_size + 1) * sizeof(char*)); ++ if (file_list == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for file list: %m"); ++#ifdef VENDOR_ACCESS_CONF_GLOB ++ if (glob_rv_vendor == 0) ++ globfree(&globbuf_vendor); ++#endif ++ if (glob_rv == 0) ++ globfree(&globbuf); ++ return NULL; ++ } ++ ++ if (glob_rv == 0) { ++ for (i = 0; i < globbuf.gl_pathc; i++) { ++ file_list[i] = strdup(globbuf.gl_pathv[i]); ++ if (file_list[i] == NULL) { ++ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); ++ break; ++ } ++ } ++ } ++#ifdef VENDOR_LIMITS_CONF_GLOB ++ if (glob_rv_vendor == 0) { ++ for (size_t j = 0; j < globbuf_vendor.gl_pathc; j++) { ++ if (glob_rv == 0 && globbuf.gl_pathc > 0) { ++ int double_found = 0; ++ for (size_t k = 0; k < globbuf.gl_pathc; k++) { ++ if (strcmp(base_name(globbuf.gl_pathv[k]), ++ base_name(globbuf_vendor.gl_pathv[j])) == 0) { ++ double_found = 1; ++ break; ++ } ++ } ++ if (double_found) ++ continue; ++ } ++ file_list[i] = strdup(globbuf_vendor.gl_pathv[j]); ++ if (file_list[i] == NULL) { ++ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); ++ break; ++ } ++ i++; ++ } ++ globfree(&globbuf_vendor); ++ } ++#endif ++ file_list[i] = NULL; ++ qsort(file_list, i, sizeof(char *), compare_filename); ++ if (glob_rv == 0) ++ globfree(&globbuf); ++ ++ return file_list; ++} ++ + /* now the session stuff */ + int + pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) + { +- int retval; +- int i; +- int glob_rc; ++ int retval, i; + char *user_name; + struct passwd *pwd; + int ctrl; + struct pam_limit_s plstruct; + struct pam_limit_s *pl = &plstruct; +- glob_t globbuf; +- const char *oldlocale; + + D(("called.")); + + memset(pl, 0, sizeof(*pl)); +- memset(&globbuf, 0, sizeof(globbuf)); + + ctrl = _pam_parse(pamh, argc, argv, pl); + retval = pam_get_item( pamh, PAM_USER, (void*) &user_name ); + if ( user_name == NULL || retval != PAM_SUCCESS ) { + pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); + return PAM_SESSION_ERR; +- } ++ } ++ ++ int conf_file_set_by_user = (pl->conf_file != NULL); ++ if (pl->conf_file == NULL) { ++ pl->conf_file = LIMITS_FILE; ++#ifdef VENDOR_LIMITS_FILE ++ /* ++ * Check whether LIMITS_FILE file is available. ++ * If it does not exist, fall back to VENDOR_LIMITS_FILE file. ++ */ ++ struct stat buffer; ++ if (stat(pl->conf_file, &buffer) != 0 && errno == ENOENT) ++ pl->conf_file = VENDOR_LIMITS_FILE; ++#endif ++ } + + pwd = pam_modutil_getpwnam(pamh, user_name); + if (!pwd) { +@@ -1116,46 +1228,39 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + return PAM_ABORT; + } + +- retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); ++ retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ++ ctrl, pl, conf_file_set_by_user); + if (retval == PAM_IGNORE) { +- D(("the configuration file ('%s') has an applicable ' -' entry", CONF_FILE)); ++ D(("the configuration file ('%s') has an applicable ' -' entry", pl->conf_file)); + return PAM_SUCCESS; + } +- if (retval != PAM_SUCCESS || pl->conf_file != NULL) ++ if (retval != PAM_SUCCESS || conf_file_set_by_user) + /* skip reading limits.d if config file explicitly specified */ + goto out; + + /* Read subsequent *.conf files, if they exist. */ +- +- /* set the LC_COLLATE so the sorting order doesn't depend +- on system locale */ +- +- oldlocale = setlocale(LC_COLLATE, "C"); +- glob_rc = glob(LIMITS_CONF_GLOB, GLOB_ERR, NULL, &globbuf); +- +- if (oldlocale != NULL) +- setlocale (LC_COLLATE, oldlocale); +- +- if (!glob_rc) { +- /* Parse the *.conf files. */ +- for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { +- pl->conf_file = globbuf.gl_pathv[i]; +- retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); +- if (retval == PAM_IGNORE) { +- D(("the configuration file ('%s') has an applicable ' -' entry", pl->conf_file)); +- globfree(&globbuf); +- return PAM_SUCCESS; +- } +- if (retval != PAM_SUCCESS) +- goto out; ++ char **filename_list = read_limits_dir(pamh); ++ if (filename_list != NULL) { ++ for (i = 0; filename_list[i] != NULL; i++) { ++ pl->conf_file = filename_list[i]; ++ retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl, 0); ++ if (retval != PAM_SUCCESS) ++ break; + } ++ for (i = 0; filename_list[i] != NULL; i++) ++ free(filename_list[i]); ++ free(filename_list); ++ } ++ ++ if (retval == PAM_IGNORE) { ++ D(("the configuration file ('%s') has an applicable ' -' entry", pl->conf_file)); ++ return PAM_SUCCESS; + } + + out: +- globfree(&globbuf); + if (retval != PAM_SUCCESS) + { +- pam_syslog(pamh, LOG_ERR, "error parsing the configuration file: '%s' ",CONF_FILE); ++ pam_syslog(pamh, LOG_ERR, "error parsing the configuration file: '%s' ", pl->conf_file); + return retval; + } + +diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c +index 17383c7b..7eb94fc7 100644 +--- a/modules/pam_mail/pam_mail.c ++++ b/modules/pam_mail/pam_mail.c +@@ -286,7 +286,7 @@ report_mail(pam_handle_t *pamh, int ctrl, int type, const char *folder) + switch (type) + { + case HAVE_NO_MAIL: +- retval = pam_info (pamh, "%s", _("You have no mail.")); ++ retval = pam_info (pamh, "%s", _("You do not have any new mail.")); + break; + case HAVE_NEW_MAIL: + retval = pam_info (pamh, "%s", _("You have new mail.")); +diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c +index 48e578fa..6ddcd5a8 100644 +--- a/modules/pam_mkhomedir/pam_mkhomedir.c ++++ b/modules/pam_mkhomedir/pam_mkhomedir.c +@@ -125,15 +125,6 @@ create_homedir (pam_handle_t *pamh, options_t *opt, + + D(("called.")); + +- /* +- * This code arranges that the demise of the child does not cause +- * the application to receive a signal it is not expecting - which +- * may kill the application or worse. +- */ +- memset(&newsa, '\0', sizeof(newsa)); +- newsa.sa_handler = SIG_DFL; +- sigaction(SIGCHLD, &newsa, &oldsa); +- + if (opt->ctrl & MKHOMEDIR_DEBUG) { + pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); + } +@@ -153,6 +144,15 @@ create_homedir (pam_handle_t *pamh, options_t *opt, + login_homemode = _pam_conv_str_umask_to_homemode(opt->umask); + } + ++ /* ++ * This code arranges that the demise of the child does not cause ++ * the application to receive a signal it is not expecting - which ++ * may kill the application or worse. ++ */ ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ sigaction(SIGCHLD, &newsa, &oldsa); ++ + /* fork */ + child = fork(); + if (child == 0) { +diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c +index 6ac8cba2..5ca486e4 100644 +--- a/modules/pam_motd/pam_motd.c ++++ b/modules/pam_motd/pam_motd.c +@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) + } + } + +-static int filter_dirents(const struct dirent *d) +-{ +- return (d->d_type == DT_REG || d->d_type == DT_LNK); +-} +- + static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) + { +@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + + for (i = 0; i < num_motd_dirs; i++) { + int rv; +- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), +- filter_dirents, alphasort); ++ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); + if (rv < 0) { + if (errno != ENOENT || report_missing) { + pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", +@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + if (dirscans_size_total == 0) + goto out; + ++ /* filter out unwanted names, directories, and complement data with lstat() */ ++ for (i = 0; i < num_motd_dirs; i++) { ++ struct dirent **d = dirscans[i]; ++ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { ++ int rc; ++ char *fullpath; ++ struct stat s; ++ ++ switch(d[j]->d_type) { /* the filetype determines how to proceed */ ++ case DT_REG: /* regular files and */ ++ case DT_LNK: /* symlinks */ ++ continue; /* are good. */ ++ case DT_UNKNOWN: /* for file systems that do not provide */ ++ /* a filetype, we use lstat() */ ++ if (join_dir_strings(&fullpath, motd_dir_path_split[i], ++ d[j]->d_name) <= 0) ++ break; ++ rc = lstat(fullpath, &s); ++ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ ++ if (rc != 0) /* if the lstat() somehow failed */ ++ break; ++ ++ if (S_ISREG(s.st_mode) || /* regular files and */ ++ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ ++ break; ++ case DT_DIR: /* We don't want directories */ ++ default: /* nor anything else */ ++ break; ++ } ++ _pam_drop(d[j]); /* free memory */ ++ d[j] = NULL; /* indicate this one was dropped */ ++ dirscans_size_total--; ++ } ++ } ++ + /* Allocate space for all file names found in the directories, including duplicates. */ + if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { + pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); +@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, + unsigned int j; + + for (j = 0; j < dirscans_sizes[i]; j++) { +- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; +- i_dirnames++; ++ if (NULL != dirscans[i][j]) { ++ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; ++ i_dirnames++; ++ } + } + } + diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am index 47cc38e1..33375857 100644 --- a/modules/pam_namespace/Makefile.am +++ b/modules/pam_namespace/Makefile.am @@ -21,7 +21,7 @@ namespaceddir = $(SCONFIGDIR)/namespace.d servicedir = $(systemdunitdir) - + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) + $(WARN_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml +index a94b49e2..67f8c043 100644 +--- a/modules/pam_namespace/namespace.conf.5.xml ++++ b/modules/pam_namespace/namespace.conf.5.xml +@@ -30,13 +30,29 @@ + directory path and the instance directory path as its arguments. + + +- ++ + The /etc/security/namespace.conf file specifies + which directories are polyinstantiated, how they are polyinstantiated, + how instance directories would be named, and any users for whom + polyinstantiation would not be performed. + + ++ ++ The /etc/security/namespace.conf file ++ ( or %vendordir%/security/namespace.conf if it does ++ not exist) specifies which directories are polyinstantiated, how they are ++ polyinstantiated, how instance directories would be named, and any users ++ for whom polyinstantiation would not be performed. ++ Then individual *.conf files from the ++ /etc/security/namespace.d/ and ++ %vendordir%/security/namespace.d directories are taken too. ++ If /etc/security/namespace.d/@filename@.conf exists, then ++ %vendordir%/security/namespace.d/@filename@.conf will not be used. ++ All namespace.d/*.conf files are sorted by their ++ @filename@.conf in lexicographic order regardless of which ++ of the directories they reside in. ++ ++ + + When someone logs in, the file namespace.conf is + scanned. Comments are marked by # characters. +diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml +index 57c44c4b..ddaa00b4 100644 +--- a/modules/pam_namespace/pam_namespace.8.xml ++++ b/modules/pam_namespace/pam_namespace.8.xml +@@ -74,6 +74,12 @@ + and the user name as its arguments. + + ++ ++ If /etc/security/namespace.init does not exist, ++ %vendordir%/security/namespace.init is the ++ alternative to be used for it. ++ ++ + + The pam_namespace module disassociates the session namespace from + the parent namespace. Any mounts/unmounts performed in the parent +@@ -313,6 +319,14 @@ + + + ++ ++ %vendordir%/security/namespace.conf ++ ++ Default configuration file if ++ /etc/security/namespace.conf does not exist. ++ ++ ++ + + /etc/security/namespace.d + +@@ -320,12 +334,28 @@ + + + ++ ++ %vendordir%/security/namespace.d ++ ++ Directory for additional vendor specific configuration files. ++ ++ ++ + + /etc/security/namespace.init + + Init script for instance directories + + ++ ++ ++ %vendordir%/security/namespace.init ++ ++ Vendor init script for instance directories if ++ /etc/security/namespace.init does not exist. ++ ++ ++ + + + +diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c +index 4d4188d0..f34ce934 100644 +--- a/modules/pam_namespace/pam_namespace.c ++++ b/modules/pam_namespace/pam_namespace.c +@@ -39,6 +39,94 @@ + #include "pam_namespace.h" + #include "argv_parse.h" + ++/* --- evaluting all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ ++static const char *base_name(const char *path) ++{ ++ const char *base = strrchr(path, '/'); ++ return base ? base+1 : path; ++} ++ ++static int ++compare_filename(const void *a, const void *b) ++{ ++ return strcmp(base_name(* (char * const *) a), ++ base_name(* (char * const *) b)); ++} ++ ++/* Evaluating a list of files which have to be parsed in the right order: ++ * ++ * - If etc/security/namespace.d/@filename@.conf exists, then ++ * %vendordir%/security/namespace.d/@filename@.conf should not be used. ++ * - All files in both namespace.d directories are sorted by their @filename@.conf in ++ * lexicographic order regardless of which of the directories they reside in. */ ++static char **read_namespace_dir(struct instance_data *idata) ++{ ++ glob_t globbuf; ++ size_t i=0; ++ int glob_rv = glob(NAMESPACE_D_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf); ++ char **file_list; ++ size_t file_list_size = glob_rv == 0 ? globbuf.gl_pathc : 0; ++ ++#ifdef VENDOR_NAMESPACE_D_GLOB ++ glob_t globbuf_vendor; ++ int glob_rv_vendor = glob(VENDOR_NAMESPACE_D_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf_vendor); ++ if (glob_rv_vendor == 0) ++ file_list_size += globbuf_vendor.gl_pathc; ++#endif ++ file_list = malloc((file_list_size + 1) * sizeof(char*)); ++ if (file_list == NULL) { ++ pam_syslog(idata->pamh, LOG_ERR, "Cannot allocate memory for file list: %m"); ++#ifdef VENDOR_NAMESPACE_D_GLOB ++ if (glob_rv_vendor == 0) ++ globfree(&globbuf_vendor); ++#endif ++ if (glob_rv == 0) ++ globfree(&globbuf); ++ return NULL; ++ } ++ ++ if (glob_rv == 0) { ++ for (i = 0; i < globbuf.gl_pathc; i++) { ++ file_list[i] = strdup(globbuf.gl_pathv[i]); ++ if (file_list[i] == NULL) { ++ pam_syslog(idata->pamh, LOG_ERR, "strdup failed: %m"); ++ break; ++ } ++ } ++ } ++#ifdef VENDOR_NAMESPACE_D_GLOB ++ if (glob_rv_vendor == 0) { ++ for (size_t j = 0; j < globbuf_vendor.gl_pathc; j++) { ++ if (glob_rv == 0 && globbuf.gl_pathc > 0) { ++ int double_found = 0; ++ for (size_t k = 0; k < globbuf.gl_pathc; k++) { ++ if (strcmp(base_name(globbuf.gl_pathv[k]), ++ base_name(globbuf_vendor.gl_pathv[j])) == 0) { ++ double_found = 1; ++ break; ++ } ++ } ++ if (double_found) ++ continue; ++ } ++ file_list[i] = strdup(globbuf_vendor.gl_pathv[j]); ++ if (file_list[i] == NULL) { ++ pam_syslog(idata->pamh, LOG_ERR, "strdup failed: %m"); ++ break; ++ } ++ i++; ++ } ++ globfree(&globbuf_vendor); ++ } ++#endif ++ file_list[i] = NULL; ++ qsort(file_list, i, sizeof(char *), compare_filename); ++ if (glob_rv == 0) ++ globfree(&globbuf); ++ ++ return file_list; ++} ++ + /* + * Adds an entry for a polyinstantiated directory to the linked list of + * polyinstantiated directories. It is called from process_line() while +@@ -624,8 +712,6 @@ static int parse_config_file(struct instance_data *idata) + char *line; + int retval; + size_t len = 0; +- glob_t globbuf; +- const char *oldlocale; + size_t n; + + /* +@@ -664,13 +750,16 @@ static int parse_config_file(struct instance_data *idata) + * process_line to process each line. + */ + +- memset(&globbuf, '\0', sizeof(globbuf)); +- oldlocale = setlocale(LC_COLLATE, "C"); +- glob(NAMESPACE_D_GLOB, 0, NULL, &globbuf); +- if (oldlocale != NULL) +- setlocale(LC_COLLATE, oldlocale); +- + confname = PAM_NAMESPACE_CONFIG; ++#ifdef VENDOR_PAM_NAMESPACE_CONFIG ++ /* Check whether PAM_NAMESPACE_CONFIG file is available. ++ * If it does not exist, fall back to VENDOR_PAM_NAMESPACE_CONFIG file. */ ++ struct stat buffer; ++ if (stat(confname, &buffer) != 0 && errno == ENOENT) { ++ confname = VENDOR_PAM_NAMESPACE_CONFIG; ++ } ++#endif ++ char **filename_list = read_namespace_dir(idata); + n = 0; + for (;;) { + if (idata->flags & PAMNS_DEBUG) +@@ -680,7 +769,6 @@ static int parse_config_file(struct instance_data *idata) + if (fil == NULL) { + pam_syslog(idata->pamh, LOG_ERR, "Error opening config file %s", + confname); +- globfree(&globbuf); + free(rhome); + free(home); + return PAM_SERVICE_ERR; +@@ -698,7 +786,6 @@ static int parse_config_file(struct instance_data *idata) + "Error processing conf file %s line %s", confname, line); + fclose(fil); + free(line); +- globfree(&globbuf); + free(rhome); + free(home); + return PAM_SERVICE_ERR; +@@ -707,14 +794,18 @@ static int parse_config_file(struct instance_data *idata) + fclose(fil); + free(line); + +- if (n >= globbuf.gl_pathc) ++ if (filename_list == NULL || filename_list[n] == NULL) + break; + +- confname = globbuf.gl_pathv[n]; +- n++; ++ confname = filename_list[n++]; ++ } ++ ++ if (filename_list != NULL) { ++ for (size_t i = 0; filename_list[i] != NULL; i++) ++ free(filename_list[i]); ++ free(filename_list); + } + +- globfree(&globbuf); + free(rhome); + free(home); + +@@ -1250,16 +1341,17 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + struct instance_data *idata, int newdir) + { + pid_t rc, pid; +- struct sigaction newsa, oldsa; + int status; + const char *init_script = NAMESPACE_INIT_SCRIPT; + +- memset(&newsa, '\0', sizeof(newsa)); +- newsa.sa_handler = SIG_DFL; +- if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { +- pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); +- return PAM_SESSION_ERR; ++#ifdef VENDOR_NAMESPACE_INIT_SCRIPT ++ /* Check whether NAMESPACE_INIT_SCRIPT file is available. ++ * If it does not exist, fall back to VENDOR_NAMESPACE_INIT_SCRIPT file. */ ++ struct stat buffer; ++ if (stat(init_script, &buffer) != 0 && errno == ENOENT) { ++ init_script = VENDOR_NAMESPACE_INIT_SCRIPT; + } ++#endif + + if ((polyptr->flags & POLYDIR_ISCRIPT) && polyptr->init_script) + init_script = polyptr->init_script; +@@ -1269,9 +1361,17 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + if (idata->flags & PAMNS_DEBUG) + pam_syslog(idata->pamh, LOG_ERR, + "Namespace init script not executable"); +- rc = PAM_SESSION_ERR; +- goto out; ++ return PAM_SESSION_ERR; + } else { ++ struct sigaction newsa, oldsa; ++ ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { ++ pam_syslog(idata->pamh, LOG_ERR, "failed to reset SIGCHLD handler"); ++ return PAM_SESSION_ERR; ++ } ++ + pid = fork(); + if (pid == 0) { + static char *envp[] = { NULL }; +@@ -1309,13 +1409,13 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, + rc = PAM_SESSION_ERR; + goto out; + } ++ rc = PAM_SUCCESS; ++out: ++ (void) sigaction(SIGCHLD, &oldsa, NULL); ++ return rc; + } + } +- rc = PAM_SUCCESS; +-out: +- (void) sigaction(SIGCHLD, &oldsa, NULL); +- +- return rc; ++ return PAM_SUCCESS; + } + + static int create_polydir(struct polydir_s *polyptr, diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h -index b51f2841..169bd59f 100644 +index b51f2841..0b974ea7 100644 --- a/modules/pam_namespace/pam_namespace.h +++ b/modules/pam_namespace/pam_namespace.h -@@ -90,14 +90,10 @@ +@@ -90,15 +90,17 @@ /* * Module defines */ -#ifndef SECURECONF_DIR -#define SECURECONF_DIR "/etc/security/" --#endif -- --#define PAM_NAMESPACE_CONFIG (SECURECONF_DIR "namespace.conf") --#define NAMESPACE_INIT_SCRIPT (SECURECONF_DIR "namespace.init") --#define NAMESPACE_D_DIR (SECURECONF_DIR "namespace.d/") --#define NAMESPACE_D_GLOB (SECURECONF_DIR "namespace.d/*.conf") +#define PAM_NAMESPACE_CONFIG (SCONFIGDIR "/namespace.conf") +#define NAMESPACE_INIT_SCRIPT (SCONFIGDIR "/namespace.init") +#define NAMESPACE_D_DIR (SCONFIGDIR "/namespace.d/") +#define NAMESPACE_D_GLOB (SCONFIGDIR "/namespace.d/*.conf") - ++#ifdef VENDOR_SCONFIGDIR ++#define VENDOR_NAMESPACE_INIT_SCRIPT (VENDOR_SCONFIGDIR "/namespace.init") ++#define VENDOR_PAM_NAMESPACE_CONFIG (VENDOR_SCONFIGDIR "/namespace.conf") ++#define VENDOR_NAMESPACE_D_DIR (VENDOR_SCONFIGDIR "/namespace.d/") ++#define VENDOR_NAMESPACE_D_GLOB (VENDOR_SCONFIGDIR "/namespace.d/*.conf") + #endif + +-#define PAM_NAMESPACE_CONFIG (SECURECONF_DIR "namespace.conf") +-#define NAMESPACE_INIT_SCRIPT (SECURECONF_DIR "namespace.init") +-#define NAMESPACE_D_DIR (SECURECONF_DIR "namespace.d/") +-#define NAMESPACE_D_GLOB (SECURECONF_DIR "namespace.d/*.conf") +- /* module flags */ #define PAMNS_DEBUG 0x00000100 /* Running in debug mode */ + #define PAMNS_SELINUX_ENABLED 0x00000400 /* SELinux is enabled */ +diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c +index b7f9bab0..d7f83e0c 100644 +--- a/modules/pam_nologin/pam_nologin.c ++++ b/modules/pam_nologin/pam_nologin.c +@@ -79,7 +79,6 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) + + if (fd >= 0) { + +- char *mtmp=NULL; + int msg_style = PAM_TEXT_INFO; + struct passwd *user_pwd; + struct stat st; +@@ -99,21 +98,25 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) + goto clean_up_fd; + } + +- mtmp = malloc(st.st_size+1); +- if (!mtmp) { +- pam_syslog(pamh, LOG_CRIT, "out of memory"); +- retval = PAM_BUF_ERR; +- goto clean_up_fd; +- } +- +- if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { +- mtmp[st.st_size] = '\0'; +- (void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp); ++ /* Don't print anything if the message is empty, will only ++ disturb the output with empty lines */ ++ if (st.st_size > 0) { ++ char *mtmp = malloc(st.st_size+1); ++ if (!mtmp) { ++ pam_syslog(pamh, LOG_CRIT, "out of memory"); ++ retval = PAM_BUF_ERR; ++ goto clean_up_fd; ++ } ++ ++ if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { ++ mtmp[st.st_size] = '\0'; ++ (void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp); ++ } ++ else ++ retval = PAM_SYSTEM_ERR; ++ ++ free(mtmp); + } +- else +- retval = PAM_SYSTEM_ERR; +- +- free(mtmp); + + clean_up_fd: + +diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am +index 8a4dbcb2..c29a8e11 100644 +--- a/modules/pam_pwhistory/Makefile.am ++++ b/modules/pam_pwhistory/Makefile.am +@@ -26,12 +27,14 @@ if HAVE_VERSIONING + pam_pwhistory_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + +-noinst_HEADERS = opasswd.h ++noinst_HEADERS = opasswd.h pwhistory_config.h ++ ++dist_secureconf_DATA = pwhistory.conf + + securelib_LTLIBRARIES = pam_pwhistory.la + pam_pwhistory_la_CFLAGS = $(AM_CFLAGS) + pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@ +-pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c ++pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c pwhistory_config.c + + sbin_PROGRAMS = pwhistory_helper + pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @EXE_CFLAGS@ diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c index a6cd3d2a..1d3242ca 100644 --- a/modules/pam_pwhistory/opasswd.c @@ -900,15 +4705,15 @@ index a6cd3d2a..1d3242ca 100644 @@ -74,8 +75,7 @@ #define RANDOM_DEVICE "/dev/urandom" #endif - + -#define OLD_PASSWORDS_FILE "/etc/security/opasswd" -#define TMP_PASSWORDS_FILE OLD_PASSWORDS_FILE".tmpXXXXXX" +#define DEFAULT_OLD_PASSWORDS_FILE SCONFIGDIR "/opasswd" - + #define DEFAULT_BUFLEN 4096 - + @@ -142,7 +142,7 @@ compare_password(const char *newpass, const char *oldpass) - + /* Check, if the new password is already in the opasswd file. */ PAMH_ARG_DECL(int -check_old_pass, const char *user, const char *newpass, int debug) @@ -919,7 +4724,7 @@ index a6cd3d2a..1d3242ca 100644 @@ -156,10 +156,13 @@ check_old_pass, const char *user, const char *newpass, int debug) return PAM_PWHISTORY_RUN_HELPER; #endif - + - if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) + const char *opasswd_file = + (filename != NULL ? filename : DEFAULT_OLD_PASSWORDS_FILE); @@ -931,10 +4736,10 @@ index a6cd3d2a..1d3242ca 100644 + pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", opasswd_file); return PAM_SUCCESS; } - + @@ -242,9 +245,8 @@ check_old_pass, const char *user, const char *newpass, int debug) } - + PAMH_ARG_DECL(int -save_old_pass, const char *user, int howmany, int debug UNUSED) +save_old_pass, const char *user, int howmany, const char *filename, int debug UNUSED) @@ -946,7 +4751,7 @@ index a6cd3d2a..1d3242ca 100644 @@ -256,6 +258,15 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) struct passwd *pwd; const char *oldpass; - + + /* Define opasswd file and temp file for opasswd */ + const char *opasswd_file = + (filename != NULL ? filename : DEFAULT_OLD_PASSWORDS_FILE); @@ -962,7 +4767,7 @@ index a6cd3d2a..1d3242ca 100644 @@ -285,24 +296,22 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) if (oldpass == NULL || *oldpass == '\0') return PAM_SUCCESS; - + - if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) + if ((oldpf = fopen (opasswd_file, "r")) == NULL) { @@ -1028,7 +4833,7 @@ index a6cd3d2a..1d3242ca 100644 @@ -550,12 +555,20 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) goto error_opasswd; } - + - unlink (OLD_PASSWORDS_FILE".old"); - if (link (OLD_PASSWORDS_FILE, OLD_PASSWORDS_FILE".old") != 0 && + char opasswd_backup[PATH_MAX]; @@ -1057,74 +4862,39 @@ index 3f257288..19a4062c 100644 @@ -57,10 +57,10 @@ void helper_log_err(int err, const char *format, ...); #endif - + -PAMH_ARG_DECL(int -check_old_pass, const char *user, const char *newpass, int debug); +PAMH_ARG_DECL(int check_old_pass, const char *user, const char *newpass, + const char *filename, int debug); - + -PAMH_ARG_DECL(int -save_old_pass, const char *user, int howmany, int debug); +PAMH_ARG_DECL(int save_old_pass, const char *user, int howmany, + const char *filename, int debug); - + #endif /* __OPASSWD_H__ */ -diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml -index d88115c2..df16a776 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.8.xml -+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml -@@ -36,6 +36,9 @@ - - authtok_type=STRING - -+ -+ file=/path/filename -+ - - - -@@ -137,6 +140,19 @@ - - - -+ -+ -+ -+ -+ -+ -+ Store password history in file /path/filename -+ rather than the default location. The default location is -+ /etc/security/opasswd. -+ -+ -+ -+ - - - -@@ -213,7 +229,7 @@ password required pam_unix.so use_authtok - - /etc/security/opasswd - -- File with password history -+ Default file with password history - - - diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c -index ce2c21f5..9c1bdd87 100644 +index ce2c21f5..5a7fb811 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c -@@ -69,6 +69,7 @@ struct options_t { - int enforce_for_root; - int remember; - int tries; -+ const char *filename; - }; - typedef struct options_t options_t; - -@@ -104,13 +105,23 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) +@@ -63,14 +63,8 @@ + + #include "opasswd.h" + #include "pam_inline.h" ++#include "pwhistory_config.h" + +-struct options_t { +- int debug; +- int enforce_for_root; +- int remember; +- int tries; +-}; +-typedef struct options_t options_t; + + + static void +@@ -104,13 +98,23 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) options->enforce_for_root = 1; else if (pam_str_skip_icase_prefix(argv, "authtok_type=") != NULL) { /* ignore, for pam_get_authtok */; } @@ -1141,7 +4911,7 @@ index ce2c21f5..9c1bdd87 100644 else pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); } - + static int run_save_helper(pam_handle_t *pamh, const char *user, - int howmany, int debug) @@ -1149,16 +4919,16 @@ index ce2c21f5..9c1bdd87 100644 { int retval, child; struct sigaction newsa, oldsa; -@@ -123,7 +134,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, +@@ -123,7 +127,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, if (child == 0) { static char *envp[] = { NULL }; - char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; + char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; - + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, PAM_MODUTIL_PIPE_FD, -@@ -137,9 +148,10 @@ run_save_helper(pam_handle_t *pamh, const char *user, +@@ -137,9 +141,10 @@ run_save_helper(pam_handle_t *pamh, const char *user, args[0] = (char *)PWHISTORY_HELPER; args[1] = (char *)"save"; args[2] = (char *)user; @@ -1171,8 +4941,8 @@ index ce2c21f5..9c1bdd87 100644 { pam_syslog(pamh, LOG_ERR, "asprintf: %m"); _exit(PAM_SYSTEM_ERR); -@@ -185,7 +197,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, - +@@ -185,7 +190,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, + static int run_check_helper(pam_handle_t *pamh, const char *user, - const char *newpass, int debug) @@ -1180,16 +4950,16 @@ index ce2c21f5..9c1bdd87 100644 { int retval, child, fds[2]; struct sigaction newsa, oldsa; -@@ -202,7 +214,7 @@ run_check_helper(pam_handle_t *pamh, const char *user, +@@ -202,7 +207,7 @@ run_check_helper(pam_handle_t *pamh, const char *user, if (child == 0) { static char *envp[] = { NULL }; - char *args[] = { NULL, NULL, NULL, NULL, NULL }; + char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; - + /* reopen stdin as pipe */ if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) -@@ -223,8 +235,9 @@ run_check_helper(pam_handle_t *pamh, const char *user, +@@ -223,8 +228,9 @@ run_check_helper(pam_handle_t *pamh, const char *user, args[0] = (char *)PWHISTORY_HELPER; args[1] = (char *)"check"; args[2] = (char *)user; @@ -1200,38 +4970,263 @@ index ce2c21f5..9c1bdd87 100644 { pam_syslog(pamh, LOG_ERR, "asprintf: %m"); _exit(PAM_SYSTEM_ERR); -@@ -323,10 +336,10 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) +@@ -299,6 +305,8 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) + options.remember = 10; + options.tries = 1; + ++ parse_config_file(pamh, argc, argv, &options); ++ + /* Parse parameters for module */ + for ( ; argc-- > 0; argv++) + parse_option (pamh, *argv, &options); +@@ -306,7 +314,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) + if (options.debug) + pam_syslog (pamh, LOG_DEBUG, "pam_sm_chauthtok entered"); + +- + if (options.remember == 0) + return PAM_IGNORE; + +@@ -323,10 +330,10 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_SUCCESS; } - + - retval = save_old_pass (pamh, user, options.remember, options.debug); + retval = save_old_pass (pamh, user, options.remember, options.filename, options.debug); - + if (retval == PAM_PWHISTORY_RUN_HELPER) - retval = run_save_helper(pamh, user, options.remember, options.debug); + retval = run_save_helper(pamh, user, options.remember, options.filename, options.debug); - + if (retval != PAM_SUCCESS) return retval; -@@ -358,9 +371,9 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) +@@ -358,9 +365,9 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (options.debug) pam_syslog (pamh, LOG_DEBUG, "check against old password file"); - + - retval = check_old_pass (pamh, user, newpass, options.debug); + retval = check_old_pass (pamh, user, newpass, options.filename, options.debug); if (retval == PAM_PWHISTORY_RUN_HELPER) - retval = run_check_helper(pamh, user, newpass, options.debug); + retval = run_check_helper(pamh, user, newpass, options.filename, options.debug); - + if (retval != PAM_SUCCESS) { +diff --git a/modules/pam_pwhistory/pwhistory.conf b/modules/pam_pwhistory/pwhistory.conf +new file mode 100644 +index 00000000..070b7197 +--- /dev/null ++++ b/modules/pam_pwhistory/pwhistory.conf +@@ -0,0 +1,21 @@ ++# Configuration for remembering the last passwords used by a user. ++# ++# Enable the debugging logs. ++# Enabled if option is present. ++# debug ++# ++# root account's passwords are also remembered. ++# Enabled if option is present. ++# enforce_for_root ++# ++# Number of passwords to remember. ++# The default is 10. ++# remember = 10 ++# ++# Number of times to prompt for the password. ++# The default is 1. ++# retry = 1 ++# ++# The directory where the last passwords are kept. ++# The default is /etc/security/opasswd. ++# file = /etc/security/opasswd +diff --git a/modules/pam_pwhistory/pwhistory_config.c b/modules/pam_pwhistory/pwhistory_config.c +new file mode 100644 +index 00000000..b21879c6 +--- /dev/null ++++ b/modules/pam_pwhistory/pwhistory_config.c +@@ -0,0 +1,115 @@ ++/* ++ * Copyright (c) 2022 Iker Pedrosa ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include "config.h" ++ ++#include ++#include ++#include ++#include ++ ++#include ++ ++#include "pam_inline.h" ++#include "pwhistory_config.h" ++ ++#define PWHISTORY_DEFAULT_CONF SCONFIGDIR "/pwhistory.conf" ++ ++void ++parse_config_file(pam_handle_t *pamh, int argc, const char **argv, ++ struct options_t *options) ++{ ++ const char *fname = NULL; ++ int i; ++ char *val; ++ ++ for (i = 0; i < argc; ++i) { ++ const char *str = pam_str_skip_prefix(argv[i], "conf="); ++ ++ if (str != NULL) { ++ fname = str; ++ } ++ } ++ ++ if (fname == NULL) { ++ fname = PWHISTORY_DEFAULT_CONF; ++ } ++ ++ val = pam_modutil_search_key (pamh, fname, "debug"); ++ if (val != NULL) { ++ options->debug = 1; ++ free(val); ++ } ++ ++ val = pam_modutil_search_key (pamh, fname, "enforce_for_root"); ++ if (val != NULL) { ++ options->enforce_for_root = 1; ++ free(val); ++ } ++ ++ val = pam_modutil_search_key (pamh, fname, "remember"); ++ if (val != NULL) { ++ unsigned int temp; ++ if (sscanf(val, "%u", &temp) != 1) { ++ pam_syslog(pamh, LOG_ERR, ++ "Bad number supplied for remember argument"); ++ } else { ++ options->remember = temp; ++ } ++ free(val); ++ } ++ ++ val = pam_modutil_search_key (pamh, fname, "retry"); ++ if (val != NULL) { ++ unsigned int temp; ++ if (sscanf(val, "%u", &temp) != 1) { ++ pam_syslog(pamh, LOG_ERR, ++ "Bad number supplied for retry argument"); ++ } else { ++ options->tries = temp; ++ } ++ free(val); ++ } ++ ++ val = pam_modutil_search_key (pamh, fname, "file"); ++ if (val != NULL) { ++ if (*val != '/') { ++ pam_syslog (pamh, LOG_ERR, ++ "File path should be absolute: %s", val); ++ } else { ++ options->filename = val; ++ } ++ } ++} +diff --git a/modules/pam_pwhistory/pwhistory_config.h b/modules/pam_pwhistory/pwhistory_config.h +new file mode 100644 +index 00000000..e2b3bc83 +--- /dev/null ++++ b/modules/pam_pwhistory/pwhistory_config.h +@@ -0,0 +1,54 @@ ++/* ++ * Copyright (c) 2022 Iker Pedrosa ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef _PWHISTORY_CONFIG_H ++#define _PWHISTORY_CONFIG_H ++ ++#include ++ ++struct options_t { ++ int debug; ++ int enforce_for_root; ++ int remember; ++ int tries; ++ const char *filename; ++}; ++typedef struct options_t options_t; ++ ++void ++parse_config_file(pam_handle_t *pamh, int argc, const char **argv, ++ struct options_t *options); ++ ++#endif /* _PWHISTORY_CONFIG_H */ diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c index b08a14a7..7a61ae53 100644 --- a/modules/pam_pwhistory/pwhistory_helper.c +++ b/modules/pam_pwhistory/pwhistory_helper.c @@ -51,7 +51,7 @@ - - + + static int -check_history(const char *user, const char *debug) +check_history(const char *user, const char *filename, const char *debug) @@ -1241,15 +5236,15 @@ index b08a14a7..7a61ae53 100644 @@ -68,7 +68,7 @@ check_history(const char *user, const char *debug) return PAM_AUTHTOK_ERR; } - + - retval = check_old_pass(user, pass, dbg); + retval = check_old_pass(user, pass, filename, dbg); - + memset(pass, '\0', PAM_MAX_RESP_SIZE); /* clear memory of the password */ - + @@ -76,13 +76,13 @@ check_history(const char *user, const char *debug) } - + static int -save_history(const char *user, const char *howmany, const char *debug) +save_history(const char *user, const char *filename, const char *howmany, const char *debug) @@ -1257,10 +5252,10 @@ index b08a14a7..7a61ae53 100644 int num = atoi(howmany); int dbg = atoi(debug); /* no need to be too fancy here */ int retval; - + - retval = save_old_pass(user, num, dbg); + retval = save_old_pass(user, num, filename, dbg); - + return retval; } @@ -92,13 +92,14 @@ main(int argc, char *argv[]) @@ -1268,23 +5263,23 @@ index b08a14a7..7a61ae53 100644 const char *option; const char *user; + const char *filename; - + /* * we establish that this program is running with non-tty stdin. * this is to discourage casual use. */ - + - if (isatty(STDIN_FILENO) || argc < 4) + if (isatty(STDIN_FILENO) || argc < 5) { fprintf(stderr, "This binary is not designed for running in this way.\n"); @@ -107,11 +108,12 @@ main(int argc, char *argv[]) - + option = argv[1]; user = argv[2]; + filename = argv[3]; - + - if (strcmp(option, "check") == 0 && argc == 4) - return check_history(user, argv[3]); - else if (strcmp(option, "save") == 0 && argc == 5) @@ -1293,9 +5288,9 @@ index b08a14a7..7a61ae53 100644 + return check_history(user, filename, argv[4]); + else if (strcmp(option, "save") == 0 && argc == 6) + return save_history(user, filename, argv[4], argv[5]); - + fprintf(stderr, "This binary is not designed for running in this way.\n"); - + diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c index dd374c53..9bc15abf 100644 --- a/modules/pam_rootok/pam_rootok.c @@ -1306,11 +5301,11 @@ index dd374c53..9bc15abf 100644 { - int audit_fd; va_list ap; - + #ifdef HAVE_LIBAUDIT - audit_fd = audit_open(); + int audit_fd = audit_open(); - + if (audit_fd >= 0) { char *buf; diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am @@ -1323,27 +5318,27 @@ index 18a89b60..bed3b149 100644 dist_check_SCRIPTS = tst-pam_sepermit -TESTS = $(dist_check_SCRIPTS) +TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) - + securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) @@ -21,7 +21,6 @@ sepermitlockdir = ${localstatedir}/run/sepermit - + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(top_srcdir)/libpam_misc/include \ - -D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \ -D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\" $(WARN_CFLAGS) - + pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @@ -33,6 +32,9 @@ endif dist_secureconf_DATA = sepermit.conf securelib_LTLIBRARIES = pam_sepermit.la - + +check_PROGRAMS = tst-pam_sepermit-retval +tst_pam_sepermit_retval_LDADD = $(top_builddir)/libpam/libpam.la + install-data-local: mkdir -p $(DESTDIR)$(sepermitlockdir) - + diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml index 30d9cc54..5763c346 100644 --- a/modules/pam_sepermit/pam_sepermit.8.xml @@ -1359,16 +5354,16 @@ index 30d9cc54..5763c346 100644 + %vendordir%/security/sepermit.conf is used. + - + diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c index f7d98d5b..5fbc8fdd 100644 --- a/modules/pam_sepermit/pam_sepermit.c +++ b/modules/pam_sepermit/pam_sepermit.c @@ -61,6 +61,12 @@ - + #include - + +#include "pam_inline.h" + +#define SEPERMIT_CONF_FILE (SCONFIGDIR "/sepermit.conf") @@ -1377,14 +5372,14 @@ index f7d98d5b..5fbc8fdd 100644 +#endif #define MODULE "pam_sepermit" #define OPT_DELIM ":" - + @@ -370,16 +376,31 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, const char *user = NULL; char *seuser = NULL; char *level = NULL; - const char *cfgfile = SEPERMIT_CONF_FILE; + const char *cfgfile = NULL; - + /* Parse arguments. */ for (i = 0; i < argc; i++) { + const char *str; @@ -1412,7 +5407,7 @@ index f7d98d5b..5fbc8fdd 100644 + cfgfile = SEPERMIT_CONF_FILE; +#endif } - + if (debug) diff --git a/modules/pam_sepermit/tst-pam_sepermit-retval.c b/modules/pam_sepermit/tst-pam_sepermit-retval.c new file mode 100644 @@ -1579,42 +5574,221 @@ index 00000000..321bd6d1 + return 0; +} diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am -index 833d51a6..f34f8dce 100644 +index 833d51a6..ad53f1cc 100644 --- a/modules/pam_time/Makefile.am +++ b/modules/pam_time/Makefile.am -@@ -18,7 +18,7 @@ securelibdir = $(SECUREDIR) +@@ -12,13 +12,13 @@ dist_man_MANS = time.conf.5 pam_time.8 + endif + XMLS = README.xml time.conf.5.xml pam_time.8.xml + dist_check_SCRIPTS = tst-pam_time +-TESTS = $(dist_check_SCRIPTS) ++TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) + + securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) - + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS) + $(WARN_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +@@ -28,6 +28,9 @@ pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la + securelib_LTLIBRARIES = pam_time.la + dist_secureconf_DATA = time.conf + ++check_PROGRAMS = tst-pam_time-retval ++tst_pam_time_retval_LDADD = $(top_builddir)/libpam/libpam.la ++ + if ENABLE_REGENERATE_MAN + dist_noinst_DATA = README + -include $(top_srcdir)/Make.xml.rules +diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml +index 4708220c..a33744ea 100644 +--- a/modules/pam_time/pam_time.8.xml ++++ b/modules/pam_time/pam_time.8.xml +@@ -51,6 +51,11 @@ + /etc/security/time.conf. + An alternative file can be specified with the conffile option. + ++ ++ If there is no explicitly specified configuration file and ++ /etc/security/time.conf does not exist, ++ %vendordir%/security/time.conf is used. ++ + + If Linux PAM is compiled with audit support the module will report + when it denies access. diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c -index 089ae22d..8eebc914 100644 +index 089ae22d..9092597a 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c -@@ -33,6 +33,8 @@ +@@ -33,6 +33,11 @@ #include #endif - + +#define PAM_TIME_CONF (SCONFIGDIR "/time.conf") ++#ifdef VENDOR_SCONFIGDIR ++#define VENDOR_PAM_TIME_CONF (VENDOR_SCONFIGDIR "/time.conf") ++#endif + #define PAM_TIME_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ - + +@@ -53,7 +58,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char ** + { + int ctrl = 0; + +- *conffile = PAM_TIME_CONF; ++ *conffile = NULL; + /* step through arguments */ + for (; argc-- > 0; ++argv) { + const char *str; +@@ -77,6 +82,20 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char ** + } + } + ++ if (*conffile == NULL) { ++ *conffile = PAM_TIME_CONF; ++#ifdef VENDOR_PAM_TIME_CONF ++ /* ++ * Check whether PAM_TIME_CONF file is available. ++ * If it does not exist, fall back to VENDOR_PAM_TIME_CONF file. ++ */ ++ struct stat buffer; ++ if (stat(*conffile, &buffer) != 0 && errno == ENOENT) { ++ *conffile = VENDOR_PAM_TIME_CONF; ++ } ++#endif ++ } ++ + return ctrl; + } + +diff --git a/modules/pam_time/tst-pam_time-retval.c b/modules/pam_time/tst-pam_time-retval.c +new file mode 100644 +index 00000000..281ac80d +--- /dev/null ++++ b/modules/pam_time/tst-pam_time-retval.c +@@ -0,0 +1,107 @@ ++/* ++ * Check pam_time return values. ++ * ++ * Copyright (c) 2020-2022 Dmitry V. Levin ++ * Copyright (c) 2022 Stefan Schubert ++ */ ++ ++#include "test_assert.h" ++ ++#include ++#include ++#include ++#include ++#include ++ ++#define MODULE_NAME "pam_time" ++#define TEST_NAME "tst-" MODULE_NAME "-retval" ++ ++static const char service_file[] = TEST_NAME ".service"; ++static const char config_file[] = TEST_NAME ".conf"; ++static struct pam_conv conv; ++ ++int ++main(void) ++{ ++ pam_handle_t *pamh = NULL; ++ FILE *fp; ++ char cwd[PATH_MAX]; ++ ++ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); ++ ++ /* PAM_USER_UNKNOWN */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, ++ fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so\n" ++ "account required %s/.libs/%s.so\n" ++ "password required %s/.libs/%s.so\n" ++ "session required %s/.libs/%s.so\n", ++ cwd, MODULE_NAME, ++ cwd, MODULE_NAME, ++ cwd, MODULE_NAME, ++ cwd, MODULE_NAME)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_USER_UNKNOWN, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ ASSERT_NE(NULL, fp = fopen(config_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "# only root can access %s\n" ++ "%s ; * ; !root ; !Al0000-2400\n", ++ service_file, service_file)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ /* conffile= specifies an existing file */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, ++ fprintf(fp, "#%%PAM-1.0\n" ++ "auth required %s/.libs/%s.so conffile=%s\n" ++ "account required %s/.libs/%s.so conffile=%s\n" ++ "password required %s/.libs/%s.so conffile=%s\n" ++ "session required %s/.libs/%s.so conffile=%s\n", ++ cwd, MODULE_NAME, config_file, ++ cwd, MODULE_NAME, config_file, ++ cwd, MODULE_NAME, config_file, ++ cwd, MODULE_NAME, config_file)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ ASSERT_EQ(PAM_SUCCESS, ++ pam_start_confdir(service_file, "noone", &conv, ".", &pamh)); ++ ASSERT_NE(NULL, pamh); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0)); ++ ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); ++ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); ++ pamh = NULL; ++ ++ /* cleanup */ ++ ASSERT_EQ(0, unlink(config_file)); ++ ASSERT_EQ(0, unlink(service_file)); ++ ++ return 0; ++} diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index f2474a5b..c8ab49f3 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -334,7 +334,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, - + #define PW_TMPFILE "/etc/npasswd" #define SH_TMPFILE "/etc/nshadow" -#define OPW_TMPFILE "/etc/security/nopasswd" +#define OPW_TMPFILE SCONFIGDIR "/nopasswd" - + /* * i64c - convert an integer to a radix 64 character diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h @@ -1622,20 +5796,135 @@ index c07037d2..463ef185 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -8,7 +8,7 @@ - + #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT - + -#define OLD_PASSWORDS_FILE "/etc/security/opasswd" +#define OLD_PASSWORDS_FILE SCONFIGDIR "/opasswd" - + int is_pwd_shadowed(const struct passwd *pwd); +diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml +index 7651da6e..d9307ba3 100644 +--- a/modules/pam_usertype/pam_usertype.8.xml ++++ b/modules/pam_usertype/pam_usertype.8.xml +@@ -31,7 +31,7 @@ + pam_usertype.so is designed to succeed or fail authentication + based on type of the account of the authenticated user. + The type of the account is decided with help of +- SYS_UID_MIN and SYS_UID_MAX ++ SYS_UID_MAX + settings in /etc/login.defs. One use is to select + whether to load other modules based on this test. + +diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c +index d03b73b5..cfd9c8bb 100644 +--- a/modules/pam_usertype/pam_usertype.c ++++ b/modules/pam_usertype/pam_usertype.c +@@ -194,7 +194,6 @@ static int + pam_usertype_is_system(pam_handle_t *pamh, uid_t uid) + { + uid_t uid_min; +- uid_t sys_min; + uid_t sys_max; + + if (uid == (uid_t)-1) { +@@ -202,21 +201,19 @@ pam_usertype_is_system(pam_handle_t *pamh, uid_t uid) + return PAM_USER_UNKNOWN; + } + +- if (uid <= 99) { +- /* Reserved. */ +- return PAM_SUCCESS; +- } +- + if (uid == PAM_USERTYPE_OVERFLOW_UID) { + /* nobody */ + return PAM_SUCCESS; + } + + uid_min = pam_usertype_get_id(pamh, "UID_MIN", PAM_USERTYPE_UIDMIN); +- sys_min = pam_usertype_get_id(pamh, "SYS_UID_MIN", PAM_USERTYPE_SYSUIDMIN); + sys_max = pam_usertype_get_id(pamh, "SYS_UID_MAX", uid_min - 1); + +- return uid >= sys_min && uid <= sys_max ? PAM_SUCCESS : PAM_AUTH_ERR; ++ if (uid <= sys_max && uid < uid_min) { ++ return PAM_SUCCESS; ++ } ++ ++ return PAM_AUTH_ERR; + } + + static int +@@ -253,7 +250,7 @@ pam_usertype_evaluate(struct pam_usertype_opts *opts, + + /** + * Arguments: +- * - issystem: uid in ++ * - issystem: uid less than SYS_UID_MAX + * - isregular: not issystem + * - use_uid: use user that runs application not that is being authenticate (same as in pam_succeed_if) + * - audit: log unknown users to syslog +diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c +index 03f8dc78..bbb7743b 100644 +--- a/modules/pam_xauth/pam_xauth.c ++++ b/modules/pam_xauth/pam_xauth.c +@@ -52,6 +52,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -99,6 +100,7 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, + char *buffer = NULL; + size_t buffer_size = 0; + va_list ap; ++ struct sigaction newsa, oldsa; + + *output = NULL; + +@@ -114,6 +116,17 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, + return -1; + } + ++ memset(&newsa, '\0', sizeof(newsa)); ++ newsa.sa_handler = SIG_DFL; ++ if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { ++ pam_syslog(pamh, LOG_ERR, "failed to reset SIGCHLD handler: %m"); ++ close(ipipe[0]); ++ close(ipipe[1]); ++ close(opipe[0]); ++ close(opipe[1]); ++ return -1; ++ } ++ + /* Fork off a child. */ + child = fork(); + if (child == -1) { +@@ -209,6 +222,7 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, + } + close(opipe[0]); + waitpid(child, NULL, 0); ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + return -1; + } + /* Save the new buffer location, copy the newly-read data into +@@ -225,6 +239,7 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, + close(opipe[0]); + *output = buffer; + waitpid(child, NULL, 0); ++ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + return 0; + } + diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh index 14f585d9..ff9a4dc1 100755 --- a/xtests/run-xtests.sh +++ b/xtests/run-xtests.sh @@ -18,10 +18,12 @@ all=0 - + mkdir -p /etc/security for config in access.conf group.conf time.conf limits.conf ; do - cp /etc/security/$config /etc/security/$config-pam-xtests @@ -1646,7 +5935,7 @@ index 14f585d9..ff9a4dc1 100755 -mv /etc/security/opasswd /etc/security/opasswd-pam-xtests +[ -f /etc/security/opasswd ] && + mv /etc/security/opasswd /etc/security/opasswd-pam-xtests - + for testname in $XTESTS ; do for cfg in "${SRCDIR}"/$testname*.pamd ; do @@ -47,11 +49,15 @@ for testname in $XTESTS ; do @@ -1670,3 +5959,56 @@ index 14f585d9..ff9a4dc1 100755 if test "$failed" -ne 0; then echo "===================" echo "$failed of $all tests failed" +--- /dev/null 2022-12-04 11:36:15.304093045 +0100 ++++ a/doc/man/pam.conf.5.xml 2022-12-06 17:06:03.623994042 +0100 +@@ -0,0 +1,50 @@ ++ ++ ++ ++ ++ ++ pam.conf ++ 5 ++ Linux-PAM Manual ++ ++ ++ ++ pam.conf ++ pam.d ++ PAM configuration files ++ ++ ++ ++ ++ ++ DESCRIPTION ++ ++ ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ pam3 ++ , ++ ++ PAM8 ++ , ++ ++ pam_start3 ++ ++ ++ ++ ++ diff --git a/pam-hostnames-in-access_conf.patch b/pam-hostnames-in-access_conf.patch deleted file mode 100644 index 076ff17..0000000 --- a/pam-hostnames-in-access_conf.patch +++ /dev/null @@ -1,194 +0,0 @@ -From d275f22cf28da287e93b5e5a1fdb8a68b2815982 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Thu, 24 Feb 2022 10:37:32 +0100 -Subject: [PATCH] pam_access: handle hostnames in access.conf - -According to the manual page, the following entry is valid but does not -work: --:root:ALL EXCEPT localhost - -See https://bugzilla.suse.com/show_bug.cgi?id=1019866 - -Patched is based on PR#226 from Josef Moellers ---- - modules/pam_access/pam_access.c | 95 ++++++++++++++++++++++++++------- - 1 file changed, 76 insertions(+), 19 deletions(-) - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 0d033aa20..3cec542be 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -640,7 +640,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - if ((str_len = strlen(string)) > tok_len - && strcasecmp(tok, string + str_len - tok_len) == 0) - return YES; -- } else if (tok[tok_len - 1] == '.') { -+ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ - struct addrinfo hint; - - memset (&hint, '\0', sizeof (hint)); -@@ -681,7 +681,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - return NO; - } - -- /* Assume network/netmask with an IP of a host. */ -+ /* Assume network/netmask, IP address or hostname. */ - return network_netmask_match(pamh, tok, string, item); - } - -@@ -699,7 +699,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the string. -- * "NONE" token matches NULL string. -+ * "NONE" token matches NULL string. - */ - - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ -@@ -717,7 +717,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - - /* network_netmask_match - match a string against one token - * where string is a hostname or ip (v4,v6) address and tok -- * represents either a single ip (v4,v6) address or a network/netmask -+ * represents either a hostname, a single ip (v4,v6) address -+ * or a network/netmask - */ - static int - network_netmask_match (pam_handle_t *pamh, -@@ -726,10 +727,12 @@ network_netmask_match (pam_handle_t *pamh, - char *netmask_ptr; - char netmask_string[MAXHOSTNAMELEN + 1]; - int addr_type; -+ struct addrinfo *ai = NULL; - - if (item->debug) -- pam_syslog (pamh, LOG_DEBUG, -+ pam_syslog (pamh, LOG_DEBUG, - "network_netmask_match: tok=%s, item=%s", tok, string); -+ - /* OK, check if tok is of type addr/mask */ - if ((netmask_ptr = strchr(tok, '/')) != NULL) - { -@@ -763,54 +766,108 @@ network_netmask_match (pam_handle_t *pamh, - netmask_ptr = number_to_netmask(netmask, addr_type, - netmask_string, MAXHOSTNAMELEN); - } -- } -+ -+ /* -+ * Construct an addrinfo list from the IP address. -+ * This should not fail as the input is a correct IP address... -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) -+ { -+ return NO; -+ } -+ } - else -- /* NO, then check if it is only an addr */ -- if (isipaddr(tok, NULL, NULL) != YES) -+ { -+ /* -+ * It is either an IP address or a hostname. -+ * Let getaddrinfo sort everything out -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) - { -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); -+ - return NO; - } -+ netmask_ptr = NULL; -+ } - - if (isipaddr(string, NULL, NULL) != YES) - { -- /* Assume network/netmask with a name of a host. */ - struct addrinfo hint; - -+ /* Assume network/netmask with a name of a host. */ - memset (&hint, '\0', sizeof (hint)); - hint.ai_flags = AI_CANONNAME; - hint.ai_family = AF_UNSPEC; - - if (item->gai_rv != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else if (!item->res && - (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else - { - struct addrinfo *runp = item->res; -+ struct addrinfo *runp1; - - while (runp != NULL) - { - char buf[INET6_ADDRSTRLEN]; - -- DIAG_PUSH_IGNORE_CAST_ALIGN; -- inet_ntop (runp->ai_family, -- runp->ai_family == AF_INET -- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr -- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, -- buf, sizeof (buf)); -- DIAG_POP_IGNORE_CAST_ALIGN; -+ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } - -- if (are_addresses_equal(buf, tok, netmask_ptr)) -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) - { -- return YES; -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ if (runp->ai_family != runp1->ai_family) -+ continue; -+ -+ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } -+ -+ if (are_addresses_equal (buf, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } - } - runp = runp->ai_next; - } - } - } - else -- return (are_addresses_equal(string, tok, netmask_ptr)); -+ { -+ struct addrinfo *runp1; -+ -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) -+ { -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); -+ -+ if (are_addresses_equal(string, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } -+ } -+ } -+ -+ freeaddrinfo(ai); - - return NO; - } diff --git a/pam.changes b/pam.changes index db5f842..8f923b1 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + ------------------------------------------------------------------- Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index a09aebc..128d034 100644 --- a/pam.spec +++ b/pam.spec @@ -64,14 +64,14 @@ Source12: pam-login_defs-check.sh Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc -Source16: tst-pam_env-retval.c Patch1: pam-limit-nproc.patch -Patch2: pam-hostnames-in-access_conf.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch Patch10: pam_xauth_data.3.xml.patch Patch11: pam-git.diff Patch12: pam_env_econf.patch +Patch13: pam_pwhistory-docu.patch +Patch14: docbook5.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -147,7 +147,7 @@ Summary: Manualpages for Pluggable Authentication Modules Group: Documentation/HTML Provides: pam:/%{_mandir}/man8/PAM.8.gz BuildArch: noarch -BuildRequires: docbook-xsl-stylesheets +BuildRequires: docbook5-xsl-stylesheets BuildRequires: elinks BuildRequires: xmlgraphics-fop @@ -177,14 +177,16 @@ building both PAM-aware applications and modules for use with PAM. %prep %setup -q -n Linux-PAM-%{version} -b 1 cp -a %{SOURCE12} . -cp %{SOURCE16} ./modules/pam_env +%patch11 -p1 %patch1 -p1 -%patch2 -p1 %patch3 -p1 %patch4 -p1 %patch10 -p1 -%patch11 -p1 %patch12 -p1 +%if %{build_doc} +%patch13 -p1 +%patch14 -p1 +%endif %build bash ./pam-login_defs-check.sh @@ -343,6 +345,7 @@ done %config(noreplace) %{_pam_secconfdir}/time.conf %config(noreplace) %{_pam_secconfdir}/namespace.conf %config(noreplace) %{_pam_secconfdir}/namespace.init +%config(noreplace) %{_pam_secconfdir}/pwhistory.conf %dir %{_pam_secconfdir}/namespace.d %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} diff --git a/pam_env_econf.patch b/pam_env_econf.patch index e2db6d9..d79d82d 100644 --- a/pam_env_econf.patch +++ b/pam_env_econf.patch @@ -1,7 +1,38 @@ -diff -Naur org/configure.ac patch/configure.ac ---- org/configure.ac 2022-10-11 12:35:53.558193223 +0200 -+++ patch/configure.ac 2022-10-11 12:36:32.502192985 +0200 -@@ -511,7 +511,11 @@ +From 4b427724082fa2b77cccfa572881c5d2940c754e Mon Sep 17 00:00:00 2001 +From: Stefan Schubert +Date: Fri, 3 Dec 2021 14:33:20 +0100 +Subject: [PATCH] pam_env: Use vendor specific pam_env.conf and environment as + fallback + +Use the vendor directory as fallback for a distribution provided default +config if there is no one in /etc. + +* Makefile.am: Add libeconf setting. +* pam_env.c: Take care about the fallback configuration in the vendor directory. +* tst-pam_env-retval.c: Added tests for libeconf. +* configure.ac: Added ECONF settings for building man pages. +--- + configure.ac | 7 +- + modules/pam_env/.gitignore | 1 + + modules/pam_env/Makefile.am | 4 +- + modules/pam_env/pam_env.c | 298 +++++++++++++++++++++++---- + modules/pam_env/tst-pam_env-retval.c | 60 ++++++ + 7 files changed, 394 insertions(+), 44 deletions(-) + create mode 100644 modules/pam_env/.gitignore + +diff --git a/configure.ac b/configure.ac +index 2f74d1b49..51ca0ad25 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -523,6 +523,7 @@ if test "$WITH_ECONF" = "yes" ; then + PKG_CHECK_MODULES([ECONF], [libeconf], [], + [AC_CHECK_LIB([econf],[econf_readDirs],[ECONF_LIBS="-leconf"],[ECONF_LIBS=""])]) + if test -n "$ECONF_LIBS" ; then ++ AC_CHECK_LIB([econf],[econf_errLocation], [], [AC_MSG_ERROR([Please update libeconf])]) + ECONF_CFLAGS="-DUSE_ECONF=1 $ECONF_CFLAGS" + fi + fi +@@ -535,7 +536,11 @@ if test -n "$enable_vendordir"; then [Directory for distribution provided configuration files]) AC_DEFINE_UNQUOTED([VENDOR_SCONFIGDIR], ["$enable_vendordir/security"], [Directory for PAM modules distribution provided configuration files]) @@ -14,17 +45,18 @@ diff -Naur org/configure.ac patch/configure.ac else STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" fi -diff -Naur org/modules/pam_env/Makefile.am patch/modules/pam_env/Makefile.am ---- org/modules/pam_env/Makefile.am 2022-10-11 12:35:53.574193223 +0200 -+++ patch/modules/pam_env/Makefile.am 2022-10-11 12:36:32.518192985 +0200 -@@ -12,20 +12,23 @@ - endif - XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml - dist_check_SCRIPTS = tst-pam_env --TESTS = $(dist_check_SCRIPTS) -+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) - - securelibdir = $(SECUREDIR) +diff --git a/modules/pam_env/.gitignore b/modules/pam_env/.gitignore +new file mode 100644 +index 000000000..4c5b234b1 +--- /dev/null ++++ b/modules/pam_env/.gitignore +@@ -0,0 +1 @@ ++tst-pam_env-retval +diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am +index 02cd9d375..b99a83ecb 100644 +--- a/modules/pam_env/Makefile.am ++++ b/modules/pam_env/Makefile.am +@@ -18,14 +18,14 @@ securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ @@ -38,91 +70,13 @@ diff -Naur org/modules/pam_env/Makefile.am patch/modules/pam_env/Makefile.am securelib_LTLIBRARIES = pam_env.la -pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la +pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS) -+ -+check_PROGRAMS = tst-pam_env-retval -+tst_pam_env_retval_LDADD = $(top_builddir)/libpam/libpam.la - dist_secureconf_DATA = pam_env.conf - dist_sysconf_DATA = environment -diff -Naur org/modules/pam_env/pam_env.8.xml patch/modules/pam_env/pam_env.8.xml ---- org/modules/pam_env/pam_env.8.xml 2022-10-11 12:35:53.574193223 +0200 -+++ patch/modules/pam_env/pam_env.8.xml 2022-10-11 12:36:32.518192985 +0200 -@@ -52,13 +52,55 @@ - variables as well as PAM_ITEMs such as - PAM_RHOST. - -- -+ -+ Rules for (un)setting of variables can be defined in an own config -+ file. The path to this file can be specified with the -+ conffile option. -+ If this file does not exist, the default rules are taken from the -+ config files /etc/security/pam_env.conf and -+ /etc/security/pam_env.conf.d/*.conf. -+ If the file /etc/security/pam_env.conf does not -+ exist, the rules are taken from the files -+ %vendordir%/security/pam_env.conf, -+ %vendordir%/security/pam_env.conf.d/*.conf and -+ /etc/security/pam_env.conf.d/*.conf in that order. -+ -+ -+ By default rules for (un)setting of variables are taken from the -+ config file /etc/security/pam_env.conf. -+ If this file does not exist %vendordir%/security/pam_env.conf is used. -+ An alternate file can be specified with the conffile -+ option, which overrules all other files. -+ -+ - By default rules for (un)setting of variables are taken from the - config file /etc/security/pam_env.conf. An - alternate file can be specified with the conffile - option. - -- -+ -+ Environment variables can be defined in a file with simple KEY=VAL -+ pairs on separate lines. The path to this file can be specified with the -+ envfile option. -+ If this file has not been defined, the settings are read from the -+ files /etc/security/environment and -+ /etc/security/environment.d/*. -+ If the file /etc/environment does not exist, the -+ settings are read from the files %vendordir%/environment, -+ %vendordir%/environment.d/* and -+ /etc/environment.d/* in that order. -+ And last but not least, with the readenv option this mechanism can -+ be completely disabled. -+ -+ -+ Second a file (/etc/environment by default) with simple -+ KEY=VAL pairs on separate lines will be read. -+ If this file does not exist, %vendordir%/etc/environment is used. -+ With the envfile option an alternate file can be specified, -+ which overrules all other files. -+ And with the readenv option this can be completely disabled. -+ -+ - Second a file (/etc/environment by default) with simple - KEY=VAL pairs on separate lines will be read. - With the envfile option an alternate file can be specified. -@@ -224,12 +266,14 @@ - FILES - - -+ /usr/etc/security/pam_env.conf - /etc/security/pam_env.conf - - Default configuration file - - - -+ /usr/etc/environment - /etc/environment - - Default environment file -diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c ---- org/modules/pam_env/pam_env.c 2022-10-11 12:35:53.574193223 +0200 -+++ patch/modules/pam_env/pam_env.c 2022-10-11 12:36:32.518192985 +0200 + check_PROGRAMS = tst-pam_env-retval + tst_pam_env_retval_LDADD = $(top_builddir)/libpam/libpam.la +diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c +index 64a586454..aabab7992 100644 +--- a/modules/pam_env/pam_env.c ++++ b/modules/pam_env/pam_env.c @@ -7,6 +7,9 @@ */ @@ -143,7 +97,7 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c #include #include -@@ -42,6 +48,9 @@ +@@ -42,6 +48,9 @@ typedef struct var { } VAR; #define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") @@ -153,19 +107,7 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c #define BUF_SIZE 8192 #define MAX_ENV 8192 -@@ -53,18 +62,19 @@ - #define UNDEFINE_VAR 102 - #define ILLEGAL_VAR 103 - --static int _assemble_line(FILE *, char *, int); --static int _parse_line(const pam_handle_t *, const char *, VAR *); --static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */ --static void _clean_var(VAR *); --static int _expand_arg(pam_handle_t *, char **); --static const char * _pam_get_item_byname(pam_handle_t *, const char *); --static int _define_var(pam_handle_t *, int, VAR *); --static int _undefine_var(pam_handle_t *, int, VAR *); -- +@@ -56,6 +65,16 @@ typedef struct var { /* This is a special value used to designate an empty string */ static char quote='\0'; @@ -182,7 +124,7 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c /* argument parsing */ #define PAM_DEBUG_ARG 0x01 -@@ -77,10 +87,10 @@ +@@ -68,10 +87,10 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, int ctrl=0; *user_envfile = DEFAULT_USER_ENVFILE; @@ -195,31 +137,15 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c /* step through arguments */ for (; argc-- > 0; ++argv) { -@@ -128,166 +138,145 @@ +@@ -119,6 +138,148 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, return ctrl; } --static int --_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) --{ -- int retval; -- char buffer[BUF_SIZE]; -- FILE *conf; -- VAR Var, *var=&Var; -- -- D(("Called.")); -- -- var->name=NULL; var->defval=NULL; var->override=NULL; +#ifdef USE_ECONF - -- D(("Config file name is: %s", file)); ++ +#define ENVIRONMENT "environment" +#define PAM_ENV "pam_env" - -- /* -- * Lets try to open the config file, parse it and process -- * any variables found. -- */ ++ +static int +isDirectory(const char *path) { + struct stat statbuf; @@ -227,10 +153,7 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + return 0; + return S_ISDIR(statbuf.st_mode); +} - -- if ((conf = fopen(file,"r")) == NULL) { -- pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); -- return PAM_IGNORE; ++ +static int +econf_read_file(const pam_handle_t *pamh, const char *filename, const char *delim, + const char *name, const char *suffix, const char *subpath, @@ -260,23 +183,7 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + return PAM_ABORT; + } + } - } -- -- /* _pam_assemble_line will provide a complete line from the config file, -- * with all comments removed and any escaped newlines fixed up -- */ -- -- while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { -- D(("Read line: %s", buffer)); -- -- if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { -- retval = _check_var(pamh, var); -- -- if (DEFINE_VAR == retval) { -- retval = _define_var(pamh, ctrl, var); -- -- } else if (UNDEFINE_VAR == retval) { -- retval = _undefine_var(pamh, ctrl, var); ++ } + if (filename == NULL || base_dir[0] != '\0') { + /* Read and merge all setting in e.g. /usr/etc and /etc */ + char *vendor_dir = NULL, *sysconf_dir; @@ -303,95 +210,33 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); + free(vendor_dir); + return PAM_BUF_ERR; - } - } -- if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval -- && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; -- -- _clean_var(var); -- -- } /* while */ -- -- (void) fclose(conf); -- -- /* tidy up */ -- _clean_var(var); /* We could have got here prematurely, -- * this is safe though */ -- D(("Exit.")); -- return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); --} - --static int --_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) --{ -- int retval=PAM_SUCCESS, i, t; -- char buffer[BUF_SIZE], *key, *mark; -- FILE *conf; -- -- D(("Env file name is: %s", file)); -- -- if ((conf = fopen(file,"r")) == NULL) { -- pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); -- return PAM_IGNORE; ++ } ++ } ++ + D(("Read configuration from directory %s and %s", vendor_dir, sysconf_dir)); + error = econf_readDirs (&key_file, vendor_dir, sysconf_dir, name, suffix, + delim, "#"); + free(vendor_dir); + free(sysconf_dir); + if (error != ECONF_SUCCESS) { -+ pam_syslog(pamh, LOG_ERR, "Unable to read configuration in different directories: %s", -+ econf_errString(error)); -+ if (error == ECONF_NOFILE) ++ if (error == ECONF_NOFILE) { ++ pam_syslog(pamh, LOG_ERR, "Configuration file not found: %s%s", name, suffix); + return PAM_IGNORE; -+ else ++ } else { ++ char *error_filename = NULL; ++ uint64_t error_line = 0; ++ ++ econf_errLocation(&error_filename, &error_line); ++ pam_syslog(pamh, LOG_ERR, "Unable to read configuration file %s line %ld: %s", ++ error_filename, ++ error_line, ++ econf_errString(error)); ++ free(error_filename); + return PAM_ABORT; ++ } + } - } - -- while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { -- D(("Read line: %s", buffer)); -- key = buffer; -- -- /* skip leading white space */ -- key += strspn(key, " \n\t"); -- -- /* skip blanks lines and comments */ -- if (key[0] == '#') -- continue; -- -- /* skip over "export " if present so we can be compat with -- bash type declarations */ -- if (strncmp(key, "export ", (size_t) 7) == 0) -- key += 7; -- -- /* now find the end of value */ -- mark = key; -- while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') -- mark++; -- if (mark[0] != '\0') -- mark[0] = '\0'; -- -- /* -- * sanity check, the key must be alphanumeric -- */ -- -- if (key[0] == '=') { -- pam_syslog(pamh, LOG_ERR, -- "missing key name '%s' in %s', ignoring", -- key, file); -- continue; -- } -- -- for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) -- if (!isalnum(key[i]) && key[i] != '_') { -- pam_syslog(pamh, LOG_ERR, -- "non-alphanumeric key '%s' in %s', ignoring", -- key, file); -- break; -- } -- /* non-alphanumeric key, ignore this line */ -- if (key[i] != '=' && key[i] != '\0') -- continue; ++ } ++ + error = econf_getKeys(key_file, NULL, &key_number, &keys); + if (error != ECONF_SUCCESS && error != ECONF_NOKEY) { + pam_syslog(pamh, LOG_ERR, "Unable to read keys: %s", @@ -399,18 +244,7 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + econf_freeFile(key_file); + return PAM_ABORT; + } - -- /* now we try to be smart about quotes around the value, -- but not too smart, we can't get all fancy with escaped -- values like bash */ -- if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { -- for ( t = i+1 ; key[t] != '\0' ; t++) -- if (key[t] != '\"' && key[t] != '\'') -- key[i++] = key[t]; -- else if (key[t+1] != '\0') -- key[i++] = key[t]; -- key[i] = '\0'; -- } ++ + *lines = malloc((key_number +1)* sizeof(char**)); + if (*lines == NULL) { + pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); @@ -418,26 +252,12 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + econf_freeFile(key_file); + return PAM_BUF_ERR; + } - -- /* if this is a request to delete a variable, check that it's -- actually set first, so we don't get a vague error back from -- pam_putenv() */ -- for (i = 0; key[i] != '=' && key[i] != '\0'; i++); ++ + (*lines)[key_number] = 0; - -- if (key[i] == '\0' && !pam_getenv(pamh,key)) -- continue; ++ + for (size_t i = 0; i < key_number; i++) { + char *val; - -- /* set the env var, if it fails, we break out of the loop */ -- retval = pam_putenv(pamh, key); -- if (retval != PAM_SUCCESS) { -- D(("error setting env \"%s\"", key)); -- break; -- } else if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_DEBUG, -- "pam_putenv(\"%s\")", key); ++ + error = econf_getStringValue (key_file, NULL, keys[i], &val); + if (error != ECONF_SUCCESS) { + pam_syslog(pamh, LOG_ERR, "Unable to get string from key %s: %s", @@ -451,35 +271,22 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + free_string_array(*lines); + free (val); + return PAM_BUF_ERR; - } ++ } + free (val); + } - } - -- (void) fclose(conf); -- -- /* tidy up */ -- D(("Exit.")); -- return retval; ++ } ++ + econf_free(keys); + econf_free(key_file); + return PAM_SUCCESS; - } - ++} ++ +#else + /* * This is where we read a line of the PAM config file. The line may be * preceded by lines of comments and also extended with "\\\n" - */ -- --static int _assemble_line(FILE *f, char *buffer, int buf_len) -+static int -+_assemble_line(FILE *f, char *buffer, int buf_len) - { - char *p = buffer; - char *s, *os; -@@ -375,8 +364,54 @@ +@@ -212,6 +373,52 @@ _assemble_line(FILE *f, char *buffer, int buf_len) return used; } @@ -530,294 +337,24 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c +#endif + static int --_parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) -+_parse_line(const pam_handle_t *pamh, const char *buffer, VAR *var) + _parse_line(const pam_handle_t *pamh, const char *buffer, VAR *var) { - /* - * parse buffer into var, legal syntax is -@@ -471,75 +506,57 @@ - return GOOD_LINE; - } - --static int _check_var(pam_handle_t *pamh, VAR *var) -+static const char * -+_pam_get_item_byname(pam_handle_t *pamh, const char *name) +@@ -626,34 +833,38 @@ static int + _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) { - /* -- * Examine the variable and determine what action to take. -- * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take -- * or a PAM_* error code if passed back from other routines -- * -- * if no DEFAULT provided, the empty string is assumed -- * if no OVERRIDE provided, the empty string is assumed -- * if DEFAULT= and OVERRIDE evaluates to the empty string, -- * this variable should be undefined -- * if DEFAULT="" and OVERRIDE evaluates to the empty string, -- * this variable should be defined with no value -- * if OVERRIDE=value and value turns into the empty string, DEFAULT is used -- * -- * If DEFINE_VAR is to be returned, the correct value to define will -- * be pointed to by var->value -+ * This function just allows me to use names as given in the config -+ * file and translate them into the appropriate PAM_ITEM macro - */ - -- int retval; -+ int item; -+ const void *itemval; - - D(("Called.")); + int retval; +- char buffer[BUF_SIZE]; +- FILE *conf; + VAR Var, *var=&Var; - -- /* -- * First thing to do is to expand any arguments, but only -- * if they are not the special quote values (cause expand_arg -- * changes memory). -- */ -- -- if (var->defval && ("e != var->defval) && -- ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { -- return retval; -- } -- if (var->override && ("e != var->override) && -- ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { -- return retval; -+ if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { -+ item = PAM_USER; -+ } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { -+ item = PAM_USER_PROMPT; -+ } else if (strcmp(name, "PAM_TTY") == 0) { -+ item = PAM_TTY; -+ } else if (strcmp(name, "PAM_RUSER") == 0) { -+ item = PAM_RUSER; -+ } else if (strcmp(name, "PAM_RHOST") == 0) { -+ item = PAM_RHOST; -+ } else { -+ D(("Unknown PAM_ITEM: <%s>", name)); -+ pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); -+ return NULL; - } - -- /* Now its easy */ -- -- if (var->override && *(var->override)) { -- /* if there is a non-empty string in var->override, we use it */ -- D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); -- var->value = var->override; -- retval = DEFINE_VAR; -- } else { -+ if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { -+ D(("pam_get_item failed")); -+ return NULL; /* let pam_get_item() log the error */ -+ } - -- var->value = var->defval; -- if ("e == var->defval) { -- /* -- * This means that the empty string was given for defval value -- * which indicates that a variable should be defined with no value -- */ -- D(("An empty variable: <%s>", var->name)); -- retval = DEFINE_VAR; -- } else if (var->defval) { -- D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); -- retval = DEFINE_VAR; -- } else { -- D(("UNDEFINE variable <%s>", var->name)); -- retval = UNDEFINE_VAR; -+ if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { -+ struct passwd *user_entry; -+ user_entry = pam_modutil_getpwnam (pamh, itemval); -+ if (!user_entry) { -+ pam_syslog(pamh, LOG_ERR, "No such user!?"); -+ return NULL; - } -+ return (strcmp(name, "SHELL") == 0) ? -+ user_entry->pw_shell : -+ user_entry->pw_dir; - } - - D(("Exit.")); -- return retval; -+ return itemval; - } - --static int _expand_arg(pam_handle_t *pamh, char **value) -+static int -+_expand_arg(pam_handle_t *pamh, char **value) - { - const char *orig=*value, *tmpptr=NULL; - char *ptr; /* -@@ -679,55 +696,96 @@ - return PAM_SUCCESS; - } - --static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) -+static int -+_check_var(pam_handle_t *pamh, VAR *var) - { - /* -- * This function just allows me to use names as given in the config -- * file and translate them into the appropriate PAM_ITEM macro -+ * Examine the variable and determine what action to take. -+ * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take -+ * or a PAM_* error code if passed back from other routines -+ * -+ * if no DEFAULT provided, the empty string is assumed -+ * if no OVERRIDE provided, the empty string is assumed -+ * if DEFAULT= and OVERRIDE evaluates to the empty string, -+ * this variable should be undefined -+ * if DEFAULT="" and OVERRIDE evaluates to the empty string, -+ * this variable should be defined with no value -+ * if OVERRIDE=value and value turns into the empty string, DEFAULT is used -+ * -+ * If DEFINE_VAR is to be returned, the correct value to define will -+ * be pointed to by var->value - */ - -- int item; -- const void *itemval; -+ int retval; - - D(("Called.")); -- if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { -- item = PAM_USER; -- } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { -- item = PAM_USER_PROMPT; -- } else if (strcmp(name, "PAM_TTY") == 0) { -- item = PAM_TTY; -- } else if (strcmp(name, "PAM_RUSER") == 0) { -- item = PAM_RUSER; -- } else if (strcmp(name, "PAM_RHOST") == 0) { -- item = PAM_RHOST; -- } else { -- D(("Unknown PAM_ITEM: <%s>", name)); -- pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); -- return NULL; -- } - -- if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { -- D(("pam_get_item failed")); -- return NULL; /* let pam_get_item() log the error */ -+ /* -+ * First thing to do is to expand any arguments, but only -+ * if they are not the special quote values (cause expand_arg -+ * changes memory). -+ */ -+ -+ if (var->defval && ("e != var->defval) && -+ ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { -+ return retval; -+ } -+ if (var->override && ("e != var->override) && -+ ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { -+ return retval; - } - -- if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { -- struct passwd *user_entry; -- user_entry = pam_modutil_getpwnam (pamh, itemval); -- if (!user_entry) { -- pam_syslog(pamh, LOG_ERR, "No such user!?"); -- return NULL; -+ /* Now its easy */ -+ -+ if (var->override && *(var->override)) { -+ /* if there is a non-empty string in var->override, we use it */ -+ D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); -+ var->value = var->override; -+ retval = DEFINE_VAR; -+ } else { -+ -+ var->value = var->defval; -+ if ("e == var->defval) { -+ /* -+ * This means that the empty string was given for defval value -+ * which indicates that a variable should be defined with no value -+ */ -+ D(("An empty variable: <%s>", var->name)); -+ retval = DEFINE_VAR; -+ } else if (var->defval) { -+ D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); -+ retval = DEFINE_VAR; -+ } else { -+ D(("UNDEFINE variable <%s>", var->name)); -+ retval = UNDEFINE_VAR; - } -- return (strcmp(name, "SHELL") == 0) ? -- user_entry->pw_shell : -- user_entry->pw_dir; - } - - D(("Exit.")); -- return itemval; -+ return retval; - } - --static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) -+static void -+_clean_var(VAR *var) -+{ -+ if (var->name) { -+ free(var->name); -+ } -+ if (var->defval && ("e != var->defval)) { -+ free(var->defval); -+ } -+ if (var->override && ("e != var->override)) { -+ free(var->override); -+ } -+ var->name = NULL; -+ var->value = NULL; /* never has memory specific to it */ -+ var->defval = NULL; -+ var->override = NULL; -+ return; -+} -+ -+static int -+_define_var(pam_handle_t *pamh, int ctrl, VAR *var) - { - /* We have a variable to define, this is a simple function */ - -@@ -749,7 +807,8 @@ - return retval; - } - --static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) -+static int -+_undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) - { - /* We have a variable to undefine, this is a simple function */ - -@@ -760,25 +819,176 @@ - return pam_putenv(pamh, var->name); - } - --static void _clean_var(VAR *var) -+static int -+_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) - { -- if (var->name) { -- free(var->name); -- } -- if (var->defval && ("e != var->defval)) { -- free(var->defval); -- } -- if (var->override && ("e != var->override)) { -- free(var->override); -- } -- var->name = NULL; -- var->value = NULL; /* never has memory specific to it */ -- var->defval = NULL; -- var->override = NULL; -- return; -+ int retval; -+ VAR Var, *var=&Var; +- D(("Called.")); + char **conf_list = NULL; -+ -+ var->name=NULL; var->defval=NULL; var->override=NULL; -+ + + var->name=NULL; var->defval=NULL; var->override=NULL; + +- D(("Config file name is: %s", file)); + D(("Called.")); -+ + +#ifdef USE_ECONF + /* If "file" is not NULL, only this file will be parsed. */ + retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); @@ -826,51 +363,66 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + if (file == NULL) /* No filename has been set via argv. */ + file = DEFAULT_CONF_FILE; +#ifdef VENDOR_DEFAULT_CONF_FILE -+ /* + /* +- * Lets try to open the config file, parse it and process +- * any variables found. +- */ +- +- if ((conf = fopen(file,"r")) == NULL) { +- pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); +- return PAM_IGNORE; + * Check whether file is available. + * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. + */ + struct stat stat_buffer; + if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { + file = VENDOR_DEFAULT_CONF_FILE; -+ } + } +#endif + retval = read_file(pamh, file, &conf_list); +#endif -+ + +- /* _pam_assemble_line will provide a complete line from the config file, +- * with all comments removed and any escaped newlines fixed up +- */ +- +- while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { +- D(("Read line: %s", buffer)); + if (retval != PAM_SUCCESS) + return retval; -+ + +- if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { + for (char **conf = conf_list; *conf != NULL; ++conf) { + if ((retval = _parse_line(pamh, *conf, var)) == GOOD_LINE) { -+ retval = _check_var(pamh, var); -+ -+ if (DEFINE_VAR == retval) { -+ retval = _define_var(pamh, ctrl, var); -+ -+ } else if (UNDEFINE_VAR == retval) { -+ retval = _undefine_var(pamh, ctrl, var); -+ } -+ } -+ if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval -+ && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; -+ -+ _clean_var(var); -+ -+ } /* for */ -+ -+ /* tidy up */ -+ free_string_array(conf_list); -+ _clean_var(var); /* We could have got here prematurely, -+ * this is safe though */ -+ D(("Exit.")); -+ return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); - } + retval = _check_var(pamh, var); -+static int -+_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) -+{ -+ int retval=PAM_SUCCESS, i, t; + if (DEFINE_VAR == retval) { +@@ -668,11 +879,10 @@ _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) + + _clean_var(var); + +- } /* while */ +- +- (void) fclose(conf); ++ } /* for */ + + /* tidy up */ ++ free_string_array(conf_list); + _clean_var(var); /* We could have got here prematurely, + * this is safe though */ + D(("Exit.")); +@@ -683,19 +893,33 @@ static int + _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) + { + int retval=PAM_SUCCESS, i, t; +- char buffer[BUF_SIZE], *key, *mark; +- FILE *conf; +- +- D(("Env file name is: %s", file)); +- +- if ((conf = fopen(file,"r")) == NULL) { +- pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); +- return PAM_IGNORE; + char *key, *mark; + char **env_list = NULL; + @@ -888,132 +440,137 @@ diff -Naur org/modules/pam_env/pam_env.c patch/modules/pam_env/pam_env.c + struct stat stat_buffer; + if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { + file = VENDOR_DEFAULT_ETC_ENVFILE; -+ } + } +#endif + retval = read_file(pamh, file, &env_list); +#endif -+ + +- while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { +- D(("Read line: %s", buffer)); +- key = buffer; + if (retval != PAM_SUCCESS) + return retval == PAM_IGNORE ? PAM_SUCCESS : retval; + + for (char **env = env_list; *env != NULL; ++env) { + key = *env; -+ -+ /* skip leading white space */ -+ key += strspn(key, " \n\t"); -+ -+ /* skip blanks lines and comments */ -+ if (key[0] == '#') -+ continue; -+ -+ /* skip over "export " if present so we can be compat with -+ bash type declarations */ -+ if (strncmp(key, "export ", (size_t) 7) == 0) -+ key += 7; -+ -+ /* now find the end of value */ -+ mark = key; -+ while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') -+ mark++; -+ if (mark[0] != '\0') -+ mark[0] = '\0'; -+ -+ /* -+ * sanity check, the key must be alphanumeric -+ */ -+ -+ if (key[0] == '=') { -+ pam_syslog(pamh, LOG_ERR, -+ "missing key name '%s' in %s', ignoring", -+ key, file); -+ continue; -+ } -+ -+ for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) -+ if (!isalnum(key[i]) && key[i] != '_') { -+ pam_syslog(pamh, LOG_ERR, -+ "non-alphanumeric key '%s' in %s', ignoring", -+ key, file); -+ break; -+ } -+ /* non-alphanumeric key, ignore this line */ -+ if (key[i] != '=' && key[i] != '\0') -+ continue; -+ -+ /* now we try to be smart about quotes around the value, -+ but not too smart, we can't get all fancy with escaped -+ values like bash */ -+ if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { -+ for ( t = i+1 ; key[t] != '\0' ; t++) -+ if (key[t] != '\"' && key[t] != '\'') -+ key[i++] = key[t]; -+ else if (key[t+1] != '\0') -+ key[i++] = key[t]; -+ key[i] = '\0'; -+ } -+ -+ /* if this is a request to delete a variable, check that it's -+ actually set first, so we don't get a vague error back from -+ pam_putenv() */ -+ for (i = 0; key[i] != '=' && key[i] != '\0'; i++); -+ -+ if (key[i] == '\0' && !pam_getenv(pamh,key)) -+ continue; -+ -+ /* set the env var, if it fails, we break out of the loop */ -+ retval = pam_putenv(pamh, key); -+ if (retval != PAM_SUCCESS) { -+ D(("error setting env \"%s\"", key)); -+ break; -+ } else if (ctrl & PAM_DEBUG_ARG) { -+ pam_syslog(pamh, LOG_DEBUG, -+ "pam_putenv(\"%s\")", key); -+ } + + /* skip leading white space */ + key += strspn(key, " \n\t"); +@@ -767,11 +991,11 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) + pam_syslog(pamh, LOG_DEBUG, + "pam_putenv(\"%s\")", key); + } + free(*env); -+ } + } -+ /* tidy up */ +- (void) fclose(conf); +- + /* tidy up */ + free(env_list); -+ D(("Exit.")); -+ return retval; -+} + D(("Exit.")); + return retval; + } +diff --git a/modules/pam_env/tst-pam_env-retval.c b/modules/pam_env/tst-pam_env-retval.c +index 6b9b3065a..99e2e2a54 100644 +--- a/modules/pam_env/tst-pam_env-retval.c ++++ b/modules/pam_env/tst-pam_env-retval.c +@@ -17,11 +17,18 @@ - /* --- authentication management functions (only) --- */ + #define MODULE_NAME "pam_env" + #define TEST_NAME "tst-" MODULE_NAME "-retval" ++#define TEST_NAME_DIR TEST_NAME ".dir" -diff -Naur org/modules/pam_env/pam_env.conf.5.xml patch/modules/pam_env/pam_env.conf.5.xml ---- org/modules/pam_env/pam_env.conf.5.xml 2022-10-11 12:35:53.574193223 +0200 -+++ patch/modules/pam_env/pam_env.conf.5.xml 2022-10-11 12:36:32.518192985 +0200 -@@ -20,7 +20,15 @@ - - DESCRIPTION + static const char service_file[] = TEST_NAME ".service"; + static const char missing_file[] = TEST_NAME ".missing"; ++static const char dir[] = TEST_NAME_DIR; ++static const char dir_usr[] = TEST_NAME_DIR "/usr"; ++static const char dir_usr_etc[] = TEST_NAME_DIR "/usr/etc"; ++static const char dir_usr_etc_security[] = TEST_NAME_DIR "/usr/etc/security"; + static const char my_conf[] = TEST_NAME ".conf"; + static const char my_env[] = TEST_NAME ".env"; ++static const char usr_env[] = TEST_NAME_DIR "/usr/etc/environment"; ++static const char usr_conf[] = TEST_NAME_DIR "/usr/etc/security/pam_env.conf"; -- -+ -+ The /usr/etc/security/pam_env.conf and -+ /etc/security/pam_env.conf files specify -+ the environment variables to be set, unset or modified by -+ pam_env8. -+ When someone logs in, these files are read and the environment -+ variables are set according. -+ -+ - The /etc/security/pam_env.conf file specifies - the environment variables to be set, unset or modified by - pam_env8. -@@ -61,7 +69,15 @@ - at front) can be used to mark this line as a comment line. - + static struct pam_conv conv; -- -+ -+ The /usr/etc/environment and /etc/environment files specify -+ the environment variables to be set. These files must consist of simple -+ NAME=VALUE pairs on separate lines. -+ The pam_env8 -+ module will read these files after the pam_env.conf -+ file. -+ -+ - The /etc/environment file specifies - the environment variables to be set. The file must consist of simple - NAME=VALUE pairs on separate lines. +@@ -30,6 +37,11 @@ setup(void) + { + FILE *fp; + ++ ASSERT_EQ(0, mkdir(dir, 0755)); ++ ASSERT_EQ(0, mkdir(dir_usr, 0755)); ++ ASSERT_EQ(0, mkdir(dir_usr_etc, 0755)); ++ ASSERT_EQ(0, mkdir(dir_usr_etc_security, 0755)); ++ + ASSERT_NE(NULL, fp = fopen(my_conf, "w")); + ASSERT_LT(0, fprintf(fp, + "EDITOR\tDEFAULT=vim\n" +@@ -41,6 +53,18 @@ setup(void) + "test_value=foo\n" + "test2_value=bar\n")); + ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_NE(NULL, fp = fopen(usr_env, "w")); ++ ASSERT_LT(0, fprintf(fp, ++ "usr_etc_test=foo\n" ++ "usr_etc_test2=bar\n")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_NE(NULL, fp = fopen(usr_conf, "w")); ++ ASSERT_LT(0, fprintf(fp, ++ "PAGER DEFAULT=emacs\n" ++ "MANPAGER DEFAULT=less\n")); ++ ASSERT_EQ(0, fclose(fp)); + } + + static void +@@ -48,6 +72,12 @@ cleanup(void) + { + ASSERT_EQ(0, unlink(my_conf)); + ASSERT_EQ(0, unlink(my_env)); ++ ASSERT_EQ(0, unlink(usr_env)); ++ ASSERT_EQ(0, unlink(usr_conf)); ++ ASSERT_EQ(0, rmdir(dir_usr_etc_security)); ++ ASSERT_EQ(0, rmdir(dir_usr_etc)); ++ ASSERT_EQ(0, rmdir(dir_usr)); ++ ASSERT_EQ(0, rmdir(dir)); + } + + static void +@@ -191,6 +221,36 @@ main(void) + const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; + check_env(env2); + ++#if defined (USE_ECONF) && defined (VENDORDIR) ++ ++ /* envfile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "session required %s/.libs/%s.so" ++ " conffile=%s envfile=%s/%s/\n", ++ cwd, MODULE_NAME, ++ "/dev/null", ++ cwd, dir)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ const char *env3[] = {"usr_etc_test=foo", "usr_etc_test2=bar", NULL}; ++ check_env(env3); ++ ++ /* conffile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "session required %s/.libs/%s.so" ++ " conffile=%s/%s/ envfile=%s\n", ++ cwd, MODULE_NAME, ++ cwd, dir, ++ "/dev/null")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ const char *env4[] = {"PAGER=emacs", "MANPAGER=less", NULL}; ++ check_env(env4); ++ ++#endif ++ + /* cleanup */ + cleanup(); + ASSERT_EQ(0, unlink(service_file)); diff --git a/pam_pwhistory-docu.patch b/pam_pwhistory-docu.patch new file mode 100644 index 0000000..499fbc6 --- /dev/null +++ b/pam_pwhistory-docu.patch @@ -0,0 +1,264 @@ +diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am +index 8a4dbcb2..c29a8e11 100644 +--- a/modules/pam_pwhistory/Makefile.am ++++ b/modules/pam_pwhistory/Makefile.am +@@ -9,9 +9,10 @@ MAINTAINERCLEANFILES = $(MANS) README + EXTRA_DIST = $(XMLS) + + if HAVE_DOC +-dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 ++dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 pwhistory.conf.5 + endif +-XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml ++XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml \ ++ pwhistory.conf.5.xml + dist_check_SCRIPTS = tst-pam_pwhistory + TESTS = $(dist_check_SCRIPTS) + +diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml +index d88115c2..2a8fa7f6 100644 +--- a/modules/pam_pwhistory/pam_pwhistory.8.xml ++++ b/modules/pam_pwhistory/pam_pwhistory.8.xml +@@ -36,6 +36,12 @@ + + authtok_type=STRING + ++ ++ file=/path/filename ++ ++ ++ conf=/path/to/config-file ++ + + + +@@ -104,7 +110,7 @@ + + + The last N passwords for each +- user are saved in /etc/security/opasswd. ++ user are saved. + The default is 10. Value of + 0 makes the module to keep the existing + contents of the opasswd file unchanged. +@@ -137,7 +143,39 @@ + + + ++ ++ ++ ++ ++ ++ ++ Store password history in file /path/filename ++ rather than the default location. The default location is ++ /etc/security/opasswd. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Use another configuration file instead of the default ++ /etc/security/pwhistory.conf. ++ ++ ++ ++ + ++ ++ The options for configuring the module behavior are described in the ++ pwhistory.conf ++ 5 manual page. The options ++ specified on the module command line override the values from the ++ configuration file. ++ + + + +@@ -213,7 +251,7 @@ password required pam_unix.so use_authtok + + /etc/security/opasswd + +- File with password history ++ Default file with password history + + + +@@ -222,6 +260,9 @@ password required pam_unix.so use_authtok + + SEE ALSO + ++ ++ pwhistory.conf5 ++ , + + pam.conf5 + , +diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml +new file mode 100644 +index 00000000..bac5ffed +--- /dev/null ++++ b/modules/pam_pwhistory/pwhistory.conf.5.xml +@@ -0,0 +1,155 @@ ++ ++ ++ ++ ++ ++ ++ pwhistory.conf ++ 5 ++ Linux-PAM Manual ++ ++ ++ ++ pwhistory.conf ++ pam_pwhistory configuration file ++ ++ ++ ++ ++ DESCRIPTION ++ ++ pwhistory.conf provides a way to configure the ++ default settings for saving the last passwords for each user. ++ This file is read by the pam_pwhistory module and is the ++ preferred method over configuring pam_pwhistory directly. ++ ++ ++ The file has a very simple name = value format with possible comments ++ starting with # character. The whitespace at the beginning of line, end ++ of line, and around the = sign is ignored. ++ ++ ++ ++ ++ ++ OPTIONS ++ ++ ++ ++ ++ ++ ++ ++ Turns on debugging via ++ ++ syslog3 ++ . ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ If this option is set, the check is enforced for root, too. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ The last N passwords for each ++ user are saved. ++ The default is 10. Value of ++ 0 makes the module to keep the existing ++ contents of the opasswd file unchanged. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Prompt user at most N times ++ before returning with error. The default is 1. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ Store password history in file ++ /path/filename rather than the default ++ location. The default location is ++ /etc/security/opasswd. ++ ++ ++ ++ ++ ++ ++ ++ EXAMPLES ++ ++ /etc/security/pwhistory.conf file example: ++ ++ ++debug ++remember=5 ++file=/tmp/opasswd ++ ++ ++ ++ ++ FILES ++ ++ ++ /etc/security/pwhistory.conf ++ ++ the config file for custom options ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ pwhistory8 ++ , ++ ++ pam_pwhistory8 ++ , ++ ++ pam.conf5 ++ , ++ ++ pam.d5 ++ , ++ ++ pam8 ++ ++ ++ ++ ++ ++ AUTHOR ++ ++ pam_pwhistory was written by Thorsten Kukuk. The support for ++ pwhistory.conf was written by Iker Pedrosa. ++ ++ ++ ++ + diff --git a/tst-pam_env-retval.c b/tst-pam_env-retval.c deleted file mode 100644 index 524d183..0000000 --- a/tst-pam_env-retval.c +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Check pam_env return values. - * - * Copyright (c) 2020-2022 Dmitry V. Levin - * Copyright (c) 2022 Stefan Schubert - */ - -#include "test_assert.h" - -#include -#include -#include -#include -#include -#include -#include - -#define MODULE_NAME "pam_env" -#define TEST_NAME "tst-" MODULE_NAME "-retval" -#define TEST_NAME_DIR TEST_NAME ".dir" - -static const char service_file[] = TEST_NAME ".service"; -static const char missing_file[] = TEST_NAME ".missing"; -static const char dir[] = TEST_NAME_DIR; -static const char dir_usr[] = TEST_NAME_DIR "/usr"; -static const char dir_usr_etc[] = TEST_NAME_DIR "/usr/etc"; -static const char dir_usr_etc_security[] = TEST_NAME_DIR "/usr/etc/security"; -static const char my_conf[] = TEST_NAME ".conf"; -static const char my_env[] = TEST_NAME ".env"; -static const char usr_env[] = TEST_NAME_DIR "/usr/etc/environment"; -static const char usr_conf[] = TEST_NAME_DIR "/usr/etc/security/pam_env.conf"; - -static struct pam_conv conv; - -static void -setup(void) -{ - FILE *fp; - - ASSERT_EQ(0, mkdir(dir, 0755)); - ASSERT_EQ(0, mkdir(dir_usr, 0755)); - ASSERT_EQ(0, mkdir(dir_usr_etc, 0755)); - ASSERT_EQ(0, mkdir(dir_usr_etc_security, 0755)); - - ASSERT_NE(NULL, fp = fopen(my_conf, "w")); - ASSERT_LT(0, fprintf(fp, - "EDITOR\tDEFAULT=vim\n" - "PAGER\tDEFAULT=more\n")); - ASSERT_EQ(0, fclose(fp)); - - ASSERT_NE(NULL, fp = fopen(my_env, "w")); - ASSERT_LT(0, fprintf(fp, - "test_value=foo\n" - "test2_value=bar\n")); - ASSERT_EQ(0, fclose(fp)); - - ASSERT_NE(NULL, fp = fopen(usr_env, "w")); - ASSERT_LT(0, fprintf(fp, - "usr_etc_test=foo\n" - "usr_etc_test2=bar\n")); - ASSERT_EQ(0, fclose(fp)); - - ASSERT_NE(NULL, fp = fopen(usr_conf, "w")); - ASSERT_LT(0, fprintf(fp, - "PAGER DEFAULT=emacs\n" - "MANPAGER DEFAULT=less\n")); - ASSERT_EQ(0, fclose(fp)); -} - -static void -cleanup(void) -{ - ASSERT_EQ(0, unlink(my_conf)); - ASSERT_EQ(0, unlink(my_env)); - ASSERT_EQ(0, unlink(usr_env)); - ASSERT_EQ(0, unlink(usr_conf)); - ASSERT_EQ(0, rmdir(dir_usr_etc_security)); - ASSERT_EQ(0, rmdir(dir_usr_etc)); - ASSERT_EQ(0, rmdir(dir_usr)); - ASSERT_EQ(0, rmdir(dir)); -} - -static void -check_array(const char **array1, char **array2) -{ - for (const char **a1 = array1; *a1 != NULL; ++a1) { - char **a2; - for (a2 = array2; *a2 != NULL; ++a2) { - if (strcmp(*a1, *a2) == 0) - break; - } - ASSERT_NE(NULL, *a2); - } -} - -static void -check_env(const char **list) -{ - pam_handle_t *pamh = NULL; - - ASSERT_EQ(PAM_SUCCESS, - pam_start_confdir(service_file, "", &conv, ".", &pamh)); - ASSERT_NE(NULL, pamh); - - ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); - - char **env_list = pam_getenvlist(pamh); - ASSERT_NE(NULL, env_list); - - check_array(list, env_list); - - for (char **e = env_list; *e != NULL; ++e) - free(*e); - free(env_list); - - ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); - ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -} - -int -main(void) -{ - pam_handle_t *pamh = NULL; - FILE *fp; - char cwd[PATH_MAX]; - - ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); - - setup(); - - /* - * When conffile= specifies a missing file, all methods except - * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. - * The return code of the stack where every module returns PAM_IGNORE - * is PAM_PERM_DENIED. - */ - ASSERT_NE(NULL, fp = fopen(service_file, "w")); - ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" - "auth required %s/.libs/%s.so conffile=%s/%s\n" - "account required %s/.libs/%s.so conffile=%s/%s\n" - "password required %s/.libs/%s.so conffile=%s/%s\n" - "session required %s/.libs/%s.so conffile=%s/%s\n", - cwd, MODULE_NAME, cwd, missing_file, - cwd, MODULE_NAME, cwd, missing_file, - cwd, MODULE_NAME, cwd, missing_file, - cwd, MODULE_NAME, cwd, missing_file)); - ASSERT_EQ(0, fclose(fp)); - - ASSERT_EQ(PAM_SUCCESS, - pam_start_confdir(service_file, "", &conv, ".", &pamh)); - ASSERT_NE(NULL, pamh); - ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); - ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); - ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); - ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); - ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, 0)); - ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0)); - ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); - pamh = NULL; - - /* - * When conffile= specifies a missing file, all methods except - * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. - * pam_permit is added after pam_env to convert PAM_IGNORE to PAM_SUCCESS. - */ - ASSERT_NE(NULL, fp = fopen(service_file, "w")); - ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" - "auth required %s/.libs/%s.so conffile=%s/%s\n" - "auth required %s/../pam_permit/.libs/pam_permit.so\n" - "account required %s/.libs/%s.so conffile=%s/%s\n" - "account required %s/../pam_permit/.libs/pam_permit.so\n" - "password required %s/.libs/%s.so conffile=%s/%s\n" - "password required %s/../pam_permit/.libs/pam_permit.so\n" - "session required %s/.libs/%s.so conffile=%s/%s\n" - "session required %s/../pam_permit/.libs/pam_permit.so\n", - cwd, MODULE_NAME, cwd, missing_file, cwd, - cwd, MODULE_NAME, cwd, missing_file, cwd, - cwd, MODULE_NAME, cwd, missing_file, cwd, - cwd, MODULE_NAME, cwd, missing_file, cwd)); - ASSERT_EQ(0, fclose(fp)); - - ASSERT_EQ(PAM_SUCCESS, - pam_start_confdir(service_file, "", &conv, ".", &pamh)); - ASSERT_NE(NULL, pamh); - ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); - ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); - ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); - ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); - ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); - ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); - ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); - pamh = NULL; - - /* - * conffile= specifies an existing file, - * envfile= specifies an empty file. - */ - ASSERT_NE(NULL, fp = fopen(service_file, "w")); - ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" - "session required %s/.libs/%s.so" - " conffile=%s/%s envfile=%s\n", - cwd, MODULE_NAME, - cwd, my_conf, "/dev/null")); - ASSERT_EQ(0, fclose(fp)); - - const char *env1[] = { "EDITOR=vim", "PAGER=more", NULL }; - check_env(env1); - - /* - * conffile= specifies an empty file, - * envfile= specifies an existing file. - */ - ASSERT_NE(NULL, fp = fopen(service_file, "w")); - ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" - "session required %s/.libs/%s.so" - " conffile=%s envfile=%s/%s\n", - cwd, MODULE_NAME, - "/dev/null", cwd, my_env)); - ASSERT_EQ(0, fclose(fp)); - - const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; - check_env(env2); - -#if defined (USE_ECONF) && defined (VENDORDIR) - - /* envfile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ - ASSERT_NE(NULL, fp = fopen(service_file, "w")); - ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" - "session required %s/.libs/%s.so" - " conffile=%s envfile=%s/%s/\n", - cwd, MODULE_NAME, - "/dev/null", - cwd, dir)); - ASSERT_EQ(0, fclose(fp)); - - const char *env3[] = {"usr_etc_test=foo", "usr_etc_test2=bar", NULL}; - check_env(env3); - - /* conffile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ - ASSERT_NE(NULL, fp = fopen(service_file, "w")); - ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" - "session required %s/.libs/%s.so" - " conffile=%s/%s/ envfile=%s\n", - cwd, MODULE_NAME, - cwd, dir, - "/dev/null")); - ASSERT_EQ(0, fclose(fp)); - - const char *env4[] = {"PAGER=emacs", "MANPAGER=less", NULL}; - check_env(env4); - -#endif - - /* cleanup */ - cleanup(); - ASSERT_EQ(0, unlink(service_file)); - - return 0; -} -- 2.51.1 From 0d564d8dbe25032138ecf63f8bd9971fe582c7446103c5b3055efbfdf54a5bac Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 16 Dec 2022 09:50:49 +0000 Subject: [PATCH 184/226] Accepting request 1043306 from home:kukuk:tiu - Merge pam_unix back into pam, seperate package not needed anymore - Update pam-git.diff to current upstream - pam_env: Use vendor specific pam_env.conf and environment as fallback - pam_shells: Use the vendor directory obsoletes pam_env_econf.patch - Refresh docbook5.patch OBS-URL: https://build.opensuse.org/request/show/1043306 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=268 --- docbook5.patch | 63 +-- pam-git.diff | 1151 +++++++++++++++++++++++++++++++++++++++---- pam.changes | 14 + pam.spec | 35 +- pam_env_econf.patch | 576 ---------------------- 5 files changed, 1107 insertions(+), 732 deletions(-) delete mode 100644 pam_env_econf.patch diff --git a/docbook5.patch b/docbook5.patch index 3e23423..7adfcb2 100644 --- a/docbook5.patch +++ b/docbook5.patch @@ -1,4 +1,4 @@ -From 681e88a5428904b478a37e65154d7cf0ba1a9eb5 Mon Sep 17 00:00:00 2001 +From 55e4d5c4aac39602518dd5d4ce03a4313775180f Mon Sep 17 00:00:00 2001 From: Stefan Schubert Date: Tue, 25 Oct 2022 16:29:41 +0200 Subject: [PATCH] doc: Update PAM documentation from DockBook 4 to DocBook 5 @@ -14,7 +14,7 @@ doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am: - Using RNG file instead of DTD file for checking XML files. configure.ac: -- Added a new option for selecting RNG check file (-enable-docbook-rng) +- Adding a new option for selecting RNG check file (-enable-docbook-rng) - Switching stylesheets to docbook 5 - Checking DocBook 5 environment instead of DocBook 4 environment @@ -152,7 +152,6 @@ Update from DockBook 4 to DocBook 5 doc/sag/pam_warn.xml | 42 ++-- doc/sag/pam_wheel.xml | 42 ++-- doc/sag/pam_xauth.xml | 42 ++-- - examples/.gitignore | 2 +- modules/pam_access/README.xml | 32 +-- modules/pam_access/access.conf.5.xml | 20 +- modules/pam_access/pam_access.8.xml | 63 +++-- @@ -163,7 +162,7 @@ Update from DockBook 4 to DocBook 5 modules/pam_echo/README.xml | 29 +-- modules/pam_echo/pam_echo.8.xml | 45 ++-- modules/pam_env/README.xml | 34 +-- - modules/pam_env/pam_env.8.xml | 59 +++-- + modules/pam_env/pam_env.8.xml | 63 +++-- modules/pam_env/pam_env.conf.5.xml | 19 +- modules/pam_exec/README.xml | 32 +-- modules/pam_exec/pam_exec.8.xml | 65 +++-- @@ -257,7 +256,7 @@ Update from DockBook 4 to DocBook 5 modules/pam_wheel/pam_wheel.8.xml | 59 +++-- modules/pam_xauth/README.xml | 35 +-- modules/pam_xauth/pam_xauth.8.xml | 65 +++-- - 236 files changed, 3398 insertions(+), 5101 deletions(-) + 235 files changed, 3399 insertions(+), 5102 deletions(-) diff --git a/Make.xml.rules.in b/Make.xml.rules.in index 27bb510ec..98beb9ed7 100644 @@ -292,7 +291,7 @@ index 27bb510ec..98beb9ed7 100644 #CLEANFILES += $(man_MANS) README diff --git a/configure.ac b/configure.ac -index 2f74d1b49..84cda219d 100644 +index 538195e55..afa749cf6 100644 --- a/configure.ac +++ b/configure.ac @@ -243,26 +243,35 @@ if test x"$enable_debug" = x"yes" ; then @@ -339,7 +338,7 @@ index 2f74d1b49..84cda219d 100644 AC_SUBST(MAN_STYLESHEET) sed "s+MAN_STYLESHEET+$MAN_STYLESHEET+g" doc/custom-man.xsl -@@ -605,10 +614,10 @@ if test -z "$XSLTPROC"; then +@@ -608,10 +617,10 @@ if test -z "$XSLTPROC"; then enable_docu=no fi AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true]) @@ -9561,7 +9560,7 @@ index 21a9b8555..8becf8700 100644 + \ No newline at end of file diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml -index 75ff862be..bcb16036f 100644 +index d7687d6c9..fb172e17b 100644 --- a/modules/pam_env/pam_env.8.xml +++ b/modules/pam_env/pam_env.8.xml @@ -1,16 +1,13 @@ @@ -9625,7 +9624,7 @@ index 75ff862be..bcb16036f 100644 DESCRIPTION The pam_env PAM module allows the (un)setting of environment -@@ -77,13 +74,13 @@ +@@ -119,13 +116,13 @@ @@ -9641,7 +9640,7 @@ index 75ff862be..bcb16036f 100644 -@@ -96,7 +93,7 @@ +@@ -138,7 +135,7 @@ @@ -9650,7 +9649,7 @@ index 75ff862be..bcb16036f 100644 -@@ -108,7 +105,7 @@ +@@ -150,7 +147,7 @@ @@ -9659,7 +9658,7 @@ index 75ff862be..bcb16036f 100644 -@@ -124,7 +121,7 @@ +@@ -166,7 +163,7 @@ @@ -9668,7 +9667,7 @@ index 75ff862be..bcb16036f 100644 -@@ -137,7 +134,7 @@ +@@ -179,7 +176,7 @@ @@ -9677,7 +9676,7 @@ index 75ff862be..bcb16036f 100644 -@@ -153,7 +150,7 @@ +@@ -195,7 +192,7 @@ @@ -9686,7 +9685,7 @@ index 75ff862be..bcb16036f 100644 -@@ -174,7 +171,7 @@ +@@ -216,7 +213,7 @@ @@ -9695,7 +9694,7 @@ index 75ff862be..bcb16036f 100644 MODULE TYPES PROVIDED The and module -@@ -182,7 +179,7 @@ +@@ -224,7 +221,7 @@ @@ -9704,7 +9703,7 @@ index 75ff862be..bcb16036f 100644 RETURN VALUES -@@ -220,23 +217,23 @@ +@@ -262,25 +259,25 @@ @@ -9713,14 +9712,18 @@ index 75ff862be..bcb16036f 100644 FILES +- /usr/etc/security/pam_env.conf - /etc/security/pam_env.conf ++ %vendordir%/security/pam_env.conf + /etc/security/pam_env.conf Default configuration file +- /usr/etc/environment - /etc/environment ++ %vendordir%/environment + /etc/environment Default environment file @@ -9732,7 +9735,7 @@ index 75ff862be..bcb16036f 100644 User specific environment file -@@ -244,7 +241,7 @@ +@@ -288,7 +285,7 @@ @@ -9741,7 +9744,7 @@ index 75ff862be..bcb16036f 100644 SEE ALSO -@@ -262,10 +259,10 @@ +@@ -306,10 +303,10 @@ @@ -9756,7 +9759,7 @@ index 75ff862be..bcb16036f 100644 + \ No newline at end of file diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml -index fca046fe3..f88791676 100644 +index 5c0dbcb8c..662ff0a00 100644 --- a/modules/pam_env/pam_env.conf.5.xml +++ b/modules/pam_env/pam_env.conf.5.xml @@ -1,13 +1,10 @@ @@ -9784,8 +9787,8 @@ index fca046fe3..f88791676 100644 + DESCRIPTION - -@@ -71,7 +68,7 @@ + +@@ -87,7 +84,7 @@ @@ -9794,7 +9797,7 @@ index fca046fe3..f88791676 100644 EXAMPLES These are some example lines which might be specified in -@@ -117,7 +114,7 @@ +@@ -133,7 +130,7 @@ @@ -9803,7 +9806,7 @@ index fca046fe3..f88791676 100644 SEE ALSO pam_env8, -@@ -127,10 +124,10 @@ +@@ -143,10 +140,10 @@ @@ -16961,7 +16964,7 @@ index 154b97b51..c4da1a060 100644 + \ No newline at end of file diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml -index 15f476717..67d8ecf16 100644 +index 73b4855a3..b9f90e94a 100644 --- a/modules/pam_shells/pam_shells.8.xml +++ b/modules/pam_shells/pam_shells.8.xml @@ -1,27 +1,24 @@ @@ -16998,7 +17001,7 @@ index 15f476717..67d8ecf16 100644 DESCRIPTION -@@ -35,13 +32,13 @@ +@@ -43,13 +40,13 @@ @@ -17014,7 +17017,7 @@ index 15f476717..67d8ecf16 100644 MODULE TYPES PROVIDED The and -@@ -49,7 +46,7 @@ +@@ -57,7 +54,7 @@ @@ -17023,7 +17026,7 @@ index 15f476717..67d8ecf16 100644 RETURN VALUES -@@ -80,7 +77,7 @@ +@@ -88,7 +85,7 @@ @@ -17032,7 +17035,7 @@ index 15f476717..67d8ecf16 100644 EXAMPLES -@@ -89,7 +86,7 @@ auth required pam_shells.so +@@ -97,7 +94,7 @@ auth required pam_shells.so @@ -17041,7 +17044,7 @@ index 15f476717..67d8ecf16 100644 SEE ALSO -@@ -107,11 +104,11 @@ auth required pam_shells.so +@@ -115,11 +112,11 @@ auth required pam_shells.so diff --git a/pam-git.diff b/pam-git.diff index 813aa2d..2dbdb08 100644 --- a/pam-git.diff +++ b/pam-git.diff @@ -12,7 +12,7 @@ index 21af8c4c..aa99927e 100644 is targeted at Debian based Linux distributions so the package names and availability might differ on other distributions. diff --git a/configure.ac b/configure.ac -index c06bc7dd..2f74d1b4 100644 +index c06bc7dd..538195e5 100644 --- a/configure.ac +++ b/configure.ac @@ -243,6 +243,29 @@ if test x"$enable_debug" = x"yes" ; then @@ -62,21 +62,48 @@ index c06bc7dd..2f74d1b4 100644 int main() { #ifdef _PATH_MAILDIR exit(0); -@@ -507,9 +533,11 @@ AC_ARG_ENABLE([vendordir], +@@ -490,26 +516,31 @@ if test -n "$LIBSELINUX" ; then + LIBS=$BACKUP_LIBS + fi + ++ECONF_CFLAGS= ++ECONF_LIBS= + AC_ARG_ENABLE([econf], + AS_HELP_STRING([--disable-econf], [do not use libeconf]), +- [WITH_ECONF=$enableval], WITH_ECONF=yes) +-if test "$WITH_ECONF" = "yes" ; then +- PKG_CHECK_MODULES([ECONF], [libeconf], [], +- [AC_CHECK_LIB([econf],[econf_readDirs],[ECONF_LIBS="-leconf"],[ECONF_LIBS=""])]) +- if test -n "$ECONF_LIBS" ; then +- ECONF_CFLAGS="-DUSE_ECONF=1 $ECONF_CFLAGS" +- fi ++ [WITH_ECONF=$enableval], [WITH_ECONF=yes]) ++if test "$WITH_ECONF" = "yes"; then ++ PKG_CHECK_MODULES([ECONF], [libeconf >= 0.5.0], [ECONF_CFLAGS="-DUSE_ECONF=1 $ECONF_CFLAGS"], [:]) + fi + AC_SUBST([ECONF_CFLAGS]) + AC_SUBST([ECONF_LIBS]) ++ + AC_ARG_ENABLE([vendordir], + AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[]) if test -n "$enable_vendordir"; then AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], [Directory for distribution provided configuration files]) - STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'" + AC_DEFINE_UNQUOTED([VENDOR_SCONFIGDIR], ["$enable_vendordir/security"], + [Directory for PAM modules distribution provided configuration files]) -+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" ++ if test "$WITH_ECONF" = "yes" ; then ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_with_econf'" ++ else ++ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_without_econf" ++ fi else - STRINGPARAM_VENDORDIR="--stringparam vendordir ''" + STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" fi AC_SUBST([STRINGPARAM_VENDORDIR]) -@@ -628,11 +656,6 @@ test -n "$opt_uidmin" || +@@ -628,11 +659,6 @@ test -n "$opt_uidmin" || opt_uidmin=1000 AC_DEFINE_UNQUOTED(PAM_USERTYPE_UIDMIN, $opt_uidmin, [Minimum regular user uid.]) @@ -151,15 +178,44 @@ index a3408e6c..258627bf 100644 diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am -index 78c891df..c6fd73db 100644 +index 78c891df..aec365cf 100644 --- a/doc/man/Makefile.am +++ b/doc/man/Makefile.am -@@ -43,7 +43,7 @@ XMLS = pam.3.xml pam.8.xml \ +@@ -25,25 +25,25 @@ man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ + pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 \ + misc_conv.3 pam_misc_paste_env.3 pam_misc_drop_env.3 \ + pam_misc_setenv.3 +-XMLS = pam.3.xml pam.8.xml \ ++XMLS = pam.3.xml pam.8.xml pam.conf.5.xml \ + pam_acct_mgmt.3.xml pam_authenticate.3.xml \ + pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \ +- pam_end.3.xml pam_error.3.xml \ +- pam_fail_delay.3.xml pam_xauth_data.3 \ ++ pam_end.3.xml pam_error.3.xml pam_fail_delay.3.xml \ + pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \ + pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \ +- pam_info.3.xml \ +- pam_open_session.3.xml \ ++ pam_info.3.xml pam_misc_drop_env.3.xml pam_misc_paste_env.3.xml \ ++ pam_misc_setenv.3.xml pam_open_session.3.xml \ + pam_prompt.3.xml pam_putenv.3.xml \ +- pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \ +- pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ +- pam_sm_close_session.3.xml pam_sm_open_session.3.xml \ +- pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ +- pam_sm_chauthtok.3.xml \ ++ pam_set_data.3.xml pam_set_item.3.xml pam_setcred.3.xml \ ++ pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ ++ pam_sm_chauthtok.3.xml pam_sm_close_session.3.xml \ ++ pam_sm_open_session.3.xml pam_sm_setcred.3.xml \ ++ pam_start.3.xml pam_strerror.3.xml \ ++ pam_syslog.3.xml pam_xauth_data.3.xml \ pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ - misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ +- misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ - pam_misc_setenv.3.xml -+ pam_misc_setenv.3.xml pam_xauth_data.3.xml ++ misc_conv.3.xml ++ if ENABLE_REGENERATE_MAN PAM.8: pam.8 @@ -999,11 +1055,18 @@ index 277192b9..f7b47227 100644 } if (loginfo.gai_rv == 0 && loginfo.res) +diff --git a/modules/pam_env/.gitignore b/modules/pam_env/.gitignore +new file mode 100644 +index 00000000..4c5b234b +--- /dev/null ++++ b/modules/pam_env/.gitignore +@@ -0,0 +1 @@ ++tst-pam_env-retval diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am -index c66112d6..02cd9d37 100644 +index c66112d6..b99a83ec 100644 --- a/modules/pam_env/Makefile.am +++ b/modules/pam_env/Makefile.am -@@ -12,13 +12,13 @@ dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5 +@@ -12,20 +12,23 @@ dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5 endif XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml dist_check_SCRIPTS = tst-pam_env @@ -1015,34 +1078,135 @@ index c66112d6..02cd9d37 100644 AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS) -+ $(WARN_CFLAGS) ++ $(WARN_CFLAGS) -DSYSCONFDIR=\"$(sysconfdir)\" $(ECONF_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -@@ -27,6 +27,9 @@ endif - securelib_LTLIBRARIES = pam_env.la - pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la + endif + securelib_LTLIBRARIES = pam_env.la +-pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la ++pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS) ++ +check_PROGRAMS = tst-pam_env-retval +tst_pam_env_retval_LDADD = $(top_builddir)/libpam/libpam.la -+ + dist_secureconf_DATA = pam_env.conf dist_sysconf_DATA = environment - +diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml +index 75ff862b..d7687d6c 100644 +--- a/modules/pam_env/pam_env.8.xml ++++ b/modules/pam_env/pam_env.8.xml +@@ -52,13 +52,55 @@ + variables as well as PAM_ITEMs such as + PAM_RHOST. + +- ++ ++ Rules for (un)setting of variables can be defined in an own config ++ file. The path to this file can be specified with the ++ conffile option. ++ If this file does not exist, the default rules are taken from the ++ config files /etc/security/pam_env.conf and ++ /etc/security/pam_env.conf.d/*.conf. ++ If the file /etc/security/pam_env.conf does not ++ exist, the rules are taken from the files ++ %vendordir%/security/pam_env.conf, ++ %vendordir%/security/pam_env.conf.d/*.conf and ++ /etc/security/pam_env.conf.d/*.conf in that order. ++ ++ ++ By default rules for (un)setting of variables are taken from the ++ config file /etc/security/pam_env.conf. ++ If this file does not exist %vendordir%/security/pam_env.conf is used. ++ An alternate file can be specified with the conffile ++ option, which overrules all other files. ++ ++ + By default rules for (un)setting of variables are taken from the + config file /etc/security/pam_env.conf. An + alternate file can be specified with the conffile + option. + +- ++ ++ Environment variables can be defined in a file with simple KEY=VAL ++ pairs on separate lines. The path to this file can be specified with the ++ envfile option. ++ If this file has not been defined, the settings are read from the ++ files /etc/security/environment and ++ /etc/security/environment.d/*. ++ If the file /etc/environment does not exist, the ++ settings are read from the files %vendordir%/environment, ++ %vendordir%/environment.d/* and ++ /etc/environment.d/* in that order. ++ And last but not least, with the readenv option this mechanism can ++ be completely disabled. ++ ++ ++ Second a file (/etc/environment by default) with simple ++ KEY=VAL pairs on separate lines will be read. ++ If this file does not exist, %vendordir%/etc/environment is used. ++ With the envfile option an alternate file can be specified, ++ which overrules all other files. ++ And with the readenv option this can be completely disabled. ++ ++ + Second a file (/etc/environment by default) with simple + KEY=VAL pairs on separate lines will be read. + With the envfile option an alternate file can be specified. +@@ -224,12 +266,14 @@ + FILES + + ++ /usr/etc/security/pam_env.conf + /etc/security/pam_env.conf + + Default configuration file + + + ++ /usr/etc/environment + /etc/environment + + Default environment file diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index f5f8cead..66fbe240 100644 +index f5f8cead..aabab799 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c -@@ -41,6 +41,8 @@ typedef struct var { +@@ -7,6 +7,9 @@ + */ + + #define DEFAULT_ETC_ENVFILE "/etc/environment" ++#ifdef VENDORDIR ++#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/etc/environment") ++#endif + #define DEFAULT_READ_ENVFILE 1 + + #define DEFAULT_USER_ENVFILE ".pam_environment" +@@ -25,6 +28,9 @@ + #include + #include + #include ++#ifdef USE_ECONF ++#include ++#endif + + #include + #include +@@ -41,6 +47,11 @@ typedef struct var { char *override; } VAR; +#define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") ++#ifdef VENDOR_SCONFIGDIR ++#define VENDOR_DEFAULT_CONF_FILE (VENDOR_SCONFIGDIR "/pam_env.conf") ++#endif + #define BUF_SIZE 8192 #define MAX_ENV 8192 -@@ -51,15 +53,6 @@ typedef struct var { +@@ -51,18 +62,19 @@ typedef struct var { #define UNDEFINE_VAR 102 #define ILLEGAL_VAR 103 @@ -1058,7 +1222,33 @@ index f5f8cead..66fbe240 100644 /* This is a special value used to designate an empty string */ static char quote='\0'; -@@ -126,166 +119,12 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, ++static void free_string_array(char **array) ++{ ++ if (array == NULL) ++ return; ++ for (char **entry = array; *entry != NULL; ++entry) { ++ free(*entry); ++ } ++ free(array); ++} ++ + /* argument parsing */ + + #define PAM_DEBUG_ARG 0x01 +@@ -75,10 +87,10 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, + int ctrl=0; + + *user_envfile = DEFAULT_USER_ENVFILE; +- *envfile = DEFAULT_ETC_ENVFILE; ++ *envfile = NULL; + *readenv = DEFAULT_READ_ENVFILE; + *user_readenv = DEFAULT_USER_READ_ENVFILE; +- *conffile = DEFAULT_CONF_FILE; ++ *conffile = NULL; + + /* step through arguments */ + for (; argc-- > 0; ++argv) { +@@ -126,166 +138,154 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, return ctrl; } @@ -1071,9 +1261,12 @@ index f5f8cead..66fbe240 100644 - VAR Var, *var=&Var; - - D(("Called.")); -- ++#ifdef USE_ECONF + - var->name=NULL; var->defval=NULL; var->override=NULL; -- ++#define ENVIRONMENT "environment" ++#define PAM_ENV "pam_env" + - D(("Config file name is: %s", file)); - - /* @@ -1117,11 +1310,20 @@ index f5f8cead..66fbe240 100644 - * this is safe though */ - D(("Exit.")); - return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); --} -- --static int ++static int ++isDirectory(const char *path) { ++ struct stat statbuf; ++ if (stat(path, &statbuf) != 0) ++ return 0; ++ return S_ISDIR(statbuf.st_mode); + } + + static int -_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) --{ ++econf_read_file(const pam_handle_t *pamh, const char *filename, const char *delim, ++ const char *name, const char *suffix, const char *subpath, ++ char ***lines) + { - int retval=PAM_SUCCESS, i, t; - char buffer[BUF_SIZE], *key, *mark; - FILE *conf; @@ -1131,8 +1333,60 @@ index f5f8cead..66fbe240 100644 - if ((conf = fopen(file,"r")) == NULL) { - pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); - return PAM_IGNORE; -- } -- ++ econf_file *key_file = NULL; ++ econf_err error; ++ size_t key_number = 0; ++ char **keys = NULL; ++ const char *base_dir = ""; ++ ++ if (filename != NULL) { ++ if (isDirectory(filename)) { ++ /* Set base directory which can be different from root */ ++ D(("filename argument is a directory: %s", filename)); ++ base_dir = filename; ++ } else { ++ /* Read only one file */ ++ error = econf_readFile (&key_file, filename, delim, "#"); ++ D(("File name is: %s", filename)); ++ if (error != ECONF_SUCCESS) { ++ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %s", filename, ++ econf_errString(error)); ++ if (error == ECONF_NOFILE) ++ return PAM_IGNORE; ++ else ++ return PAM_ABORT; ++ } ++ } + } ++ if (filename == NULL || base_dir[0] != '\0') { ++ /* Read and merge all setting in e.g. /usr/etc and /etc */ ++ char *vendor_dir = NULL, *sysconf_dir; ++ if (subpath != NULL && subpath[0] != '\0') { ++#ifdef VENDORDIR ++ if (asprintf(&vendor_dir, "%s%s/%s/", base_dir, VENDORDIR, subpath) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ return PAM_BUF_ERR; ++ } ++#endif ++ if (asprintf(&sysconf_dir, "%s%s/%s/", base_dir, SYSCONFDIR, subpath) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ free(vendor_dir); ++ return PAM_BUF_ERR; ++ } ++ } else { ++#ifdef VENDORDIR ++ if (asprintf(&vendor_dir, "%s%s/", base_dir, VENDORDIR) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ return PAM_BUF_ERR; ++ } ++#endif ++ if (asprintf(&sysconf_dir, "%s%s/", base_dir, SYSCONFDIR) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ free(vendor_dir); ++ return PAM_BUF_ERR; ++ } ++ } + - while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { - D(("Read line: %s", buffer)); - key = buffer; @@ -1165,8 +1419,30 @@ index f5f8cead..66fbe240 100644 - "missing key name '%s' in %s', ignoring", - key, file); - continue; -- } -- ++ D(("Read configuration from directory %s and %s", vendor_dir, sysconf_dir)); ++ error = econf_readDirs (&key_file, vendor_dir, sysconf_dir, name, suffix, ++ delim, "#"); ++ free(vendor_dir); ++ free(sysconf_dir); ++ if (error != ECONF_SUCCESS) { ++ if (error == ECONF_NOFILE) { ++ pam_syslog(pamh, LOG_ERR, "Configuration file not found: %s%s", name, suffix); ++ return PAM_IGNORE; ++ } else { ++ char *error_filename = NULL; ++ uint64_t error_line = 0; ++ ++ econf_errLocation(&error_filename, &error_line); ++ pam_syslog(pamh, LOG_ERR, "Unable to read configuration file %s line %ld: %s", ++ error_filename, ++ error_line, ++ econf_errString(error)); ++ free(error_filename); ++ return PAM_ABORT; + } ++ } ++ } + - for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) - if (!isalnum(key[i]) && key[i] != '_') { - pam_syslog(pamh, LOG_ERR, @@ -1177,7 +1453,14 @@ index f5f8cead..66fbe240 100644 - /* non-alphanumeric key, ignore this line */ - if (key[i] != '=' && key[i] != '\0') - continue; -- ++ error = econf_getKeys(key_file, NULL, &key_number, &keys); ++ if (error != ECONF_SUCCESS && error != ECONF_NOKEY) { ++ pam_syslog(pamh, LOG_ERR, "Unable to read keys: %s", ++ econf_errString(error)); ++ econf_freeFile(key_file); ++ return PAM_ABORT; ++ } + - /* now we try to be smart about quotes around the value, - but not too smart, we can't get all fancy with escaped - values like bash */ @@ -1189,15 +1472,25 @@ index f5f8cead..66fbe240 100644 - key[i++] = key[t]; - key[i] = '\0'; - } -- ++ *lines = malloc((key_number +1)* sizeof(char**)); ++ if (*lines == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ econf_free(keys); ++ econf_freeFile(key_file); ++ return PAM_BUF_ERR; ++ } + - /* if this is a request to delete a variable, check that it's - actually set first, so we don't get a vague error back from - pam_putenv() */ - for (i = 0; key[i] != '=' && key[i] != '\0'; i++); -- ++ (*lines)[key_number] = 0; + - if (key[i] == '\0' && !pam_getenv(pamh,key)) - continue; -- ++ for (size_t i = 0; i < key_number; i++) { ++ char *val; + - /* set the env var, if it fails, we break out of the loop */ - retval = pam_putenv(pamh, key); - if (retval != PAM_SUCCESS) { @@ -1206,16 +1499,36 @@ index f5f8cead..66fbe240 100644 - } else if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_DEBUG, - "pam_putenv(\"%s\")", key); -- } -- } -- ++ error = econf_getStringValue (key_file, NULL, keys[i], &val); ++ if (error != ECONF_SUCCESS) { ++ pam_syslog(pamh, LOG_ERR, "Unable to get string from key %s: %s", ++ keys[i], ++ econf_errString(error)); ++ } else { ++ if (asprintf(&(*lines)[i],"%s%c%s", keys[i], delim[0], val) < 0) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ econf_free(keys); ++ econf_freeFile(key_file); ++ free_string_array(*lines); ++ free (val); ++ return PAM_BUF_ERR; + } ++ free (val); ++ } + } + - (void) fclose(conf); - - /* tidy up */ - D(("Exit.")); - return retval; --} -- ++ econf_free(keys); ++ econf_free(key_file); ++ return PAM_SUCCESS; + } + ++#else ++ /* * This is where we read a line of the PAM config file. The line may be * preceded by lines of comments and also extended with "\\\n" @@ -1227,16 +1540,73 @@ index f5f8cead..66fbe240 100644 { char *p = buffer; char *s, *os; -@@ -374,7 +213,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) +@@ -373,8 +373,54 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) + return used; } ++static int read_file(const pam_handle_t *pamh, const char*filename, char ***lines) ++{ ++ FILE *conf; ++ char buffer[BUF_SIZE]; ++ ++ D(("Parsed file name is: %s", filename)); ++ ++ if ((conf = fopen(filename,"r")) == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s", filename); ++ return PAM_IGNORE; ++ } ++ ++ size_t i = 0; ++ *lines = malloc((i + 1)* sizeof(char**)); ++ if (*lines == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ (void) fclose(conf); ++ return PAM_BUF_ERR; ++ } ++ (*lines)[i] = 0; ++ while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { ++ char **tmp = NULL; ++ D(("Read line: %s", buffer)); ++ tmp = realloc(*lines, (++i + 1) * sizeof(char**)); ++ if (tmp == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ (void) fclose(conf); ++ free_string_array(*lines); ++ return PAM_BUF_ERR; ++ } ++ *lines = tmp; ++ (*lines)[i-1] = strdup(buffer); ++ if ((*lines)[i-1] == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); ++ (void) fclose(conf); ++ free_string_array(*lines); ++ return PAM_BUF_ERR; ++ } ++ (*lines)[i] = 0; ++ } ++ ++ (void) fclose(conf); ++ return PAM_SUCCESS; ++} ++#endif ++ static int -_parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) +_parse_line(const pam_handle_t *pamh, const char *buffer, VAR *var) { /* * parse buffer into var, legal syntax is -@@ -469,75 +308,57 @@ _parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) +@@ -454,7 +500,8 @@ _parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) + } + (void)strncpy(*valptr,ptr,length); + (*valptr)[length]='\0'; +- } else if (quoteflg--) { ++ } else if (quoteflg) { ++ quoteflg--; + *valptr = "e; /* a quick hack to handle the empty string */ + } + ptr = tmpptr; /* Start the search where we stopped */ +@@ -469,75 +516,57 @@ _parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) return GOOD_LINE; } @@ -1348,7 +1718,7 @@ index f5f8cead..66fbe240 100644 { const char *orig=*value, *tmpptr=NULL; char *ptr; /* -@@ -677,55 +498,96 @@ static int _expand_arg(pam_handle_t *pamh, char **value) +@@ -677,55 +706,96 @@ static int _expand_arg(pam_handle_t *pamh, char **value) return PAM_SUCCESS; } @@ -1479,7 +1849,7 @@ index f5f8cead..66fbe240 100644 { /* We have a variable to define, this is a simple function */ -@@ -747,7 +609,8 @@ static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) +@@ -747,7 +817,8 @@ static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) return retval; } @@ -1489,7 +1859,7 @@ index f5f8cead..66fbe240 100644 { /* We have a variable to undefine, this is a simple function */ -@@ -758,25 +621,159 @@ static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) +@@ -758,25 +829,176 @@ static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) return pam_putenv(pamh, var->name); } @@ -1499,37 +1869,50 @@ index f5f8cead..66fbe240 100644 { - if (var->name) { - free(var->name); +- } +- if (var->defval && ("e != var->defval)) { +- free(var->defval); +- } +- if (var->override && ("e != var->override)) { +- free(var->override); + int retval; -+ char buffer[BUF_SIZE]; -+ FILE *conf; + VAR Var, *var=&Var; -+ -+ D(("Called.")); ++ char **conf_list = NULL; + + var->name=NULL; var->defval=NULL; var->override=NULL; + -+ D(("Config file name is: %s", file)); ++ D(("Called.")); + ++#ifdef USE_ECONF ++ /* If "file" is not NULL, only this file will be parsed. */ ++ retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); ++#else ++ /* Only one file will be parsed. So, file has to be set. */ ++ if (file == NULL) /* No filename has been set via argv. */ ++ file = DEFAULT_CONF_FILE; ++#ifdef VENDOR_DEFAULT_CONF_FILE + /* -+ * Lets try to open the config file, parse it and process -+ * any variables found. -+ */ -+ -+ if ((conf = fopen(file,"r")) == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); -+ return PAM_IGNORE; ++ * Check whether file is available. ++ * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. ++ */ ++ struct stat stat_buffer; ++ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { ++ file = VENDOR_DEFAULT_CONF_FILE; } -- if (var->defval && ("e != var->defval)) { -- free(var->defval); +- var->name = NULL; +- var->value = NULL; /* never has memory specific to it */ +- var->defval = NULL; +- var->override = NULL; +- return; ++#endif ++ retval = read_file(pamh, file, &conf_list); ++#endif + -+ /* _pam_assemble_line will provide a complete line from the config file, -+ * with all comments removed and any escaped newlines fixed up -+ */ ++ if (retval != PAM_SUCCESS) ++ return retval; + -+ while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { -+ D(("Read line: %s", buffer)); -+ -+ if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { ++ for (char **conf = conf_list; *conf != NULL; ++conf) { ++ if ((retval = _parse_line(pamh, *conf, var)) == GOOD_LINE) { + retval = _check_var(pamh, var); + + if (DEFINE_VAR == retval) { @@ -1544,36 +1927,47 @@ index f5f8cead..66fbe240 100644 + + _clean_var(var); + -+ } /* while */ -+ -+ (void) fclose(conf); ++ } /* for */ + + /* tidy up */ ++ free_string_array(conf_list); + _clean_var(var); /* We could have got here prematurely, + * this is safe though */ + D(("Exit.")); + return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); -+} -+ + } + +static int +_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) +{ + int retval=PAM_SUCCESS, i, t; -+ char buffer[BUF_SIZE], *key, *mark; -+ FILE *conf; ++ char *key, *mark; ++ char **env_list = NULL; + -+ D(("Env file name is: %s", file)); ++#ifdef USE_ECONF ++ retval = econf_read_file(pamh, file, "=", ENVIRONMENT, "", "", &env_list); ++#else ++ /* Only one file will be parsed. So, file has to be set. */ ++ if (file == NULL) /* No filename has been set via argv. */ ++ file = DEFAULT_ETC_ENVFILE; ++#ifdef VENDOR_DEFAULT_ETC_ENVFILE ++ /* ++ * Check whether file is available. ++ * If it does not exist, fall back to VENDOR_DEFAULT_ETC_ENVFILE; file. ++ */ ++ struct stat stat_buffer; ++ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { ++ file = VENDOR_DEFAULT_ETC_ENVFILE; ++ } ++#endif ++ retval = read_file(pamh, file, &env_list); ++#endif + -+ if ((conf = fopen(file,"r")) == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); -+ return PAM_IGNORE; - } -- if (var->override && ("e != var->override)) { -- free(var->override); ++ if (retval != PAM_SUCCESS) ++ return retval == PAM_IGNORE ? PAM_SUCCESS : retval; + -+ while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { -+ D(("Read line: %s", buffer)); -+ key = buffer; ++ for (char **env = env_list; *env != NULL; ++env) { ++ key = *env; + + /* skip leading white space */ + key += strspn(key, " \n\t"); @@ -1581,7 +1975,7 @@ index f5f8cead..66fbe240 100644 + /* skip blanks lines and comments */ + if (key[0] == '#') + continue; -+ + + /* skip over "export " if present so we can be compat with + bash type declarations */ + if (strncmp(key, "export ", (size_t) 7) == 0) @@ -1645,29 +2039,61 @@ index f5f8cead..66fbe240 100644 + pam_syslog(pamh, LOG_DEBUG, + "pam_putenv(\"%s\")", key); + } - } -- var->name = NULL; -- var->value = NULL; /* never has memory specific to it */ -- var->defval = NULL; -- var->override = NULL; -- return; --} - -+ (void) fclose(conf); - ++ free(*env); ++ } ++ + /* tidy up */ ++ free(env_list); + D(("Exit.")); + return retval; +} /* --- authentication management functions (only) --- */ +diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml +index fca046fe..5c0dbcb8 100644 +--- a/modules/pam_env/pam_env.conf.5.xml ++++ b/modules/pam_env/pam_env.conf.5.xml +@@ -20,7 +20,15 @@ + + DESCRIPTION + +- ++ ++ The /usr/etc/security/pam_env.conf and ++ /etc/security/pam_env.conf files specify ++ the environment variables to be set, unset or modified by ++ pam_env8. ++ When someone logs in, these files are read and the environment ++ variables are set according. ++ ++ + The /etc/security/pam_env.conf file specifies + the environment variables to be set, unset or modified by + pam_env8. +@@ -61,7 +69,15 @@ + at front) can be used to mark this line as a comment line. + + +- ++ ++ The /usr/etc/environment and /etc/environment files specify ++ the environment variables to be set. These files must consist of simple ++ NAME=VALUE pairs on separate lines. ++ The pam_env8 ++ module will read these files after the pam_env.conf ++ file. ++ ++ + The /etc/environment file specifies + the environment variables to be set. The file must consist of simple + NAME=VALUE pairs on separate lines. diff --git a/modules/pam_env/tst-pam_env-retval.c b/modules/pam_env/tst-pam_env-retval.c new file mode 100644 -index 00000000..6b9b3065 +index 00000000..99e2e2a5 --- /dev/null +++ b/modules/pam_env/tst-pam_env-retval.c -@@ -0,0 +1,199 @@ +@@ -0,0 +1,259 @@ +/* + * Check pam_env return values. + * @@ -1687,11 +2113,18 @@ index 00000000..6b9b3065 + +#define MODULE_NAME "pam_env" +#define TEST_NAME "tst-" MODULE_NAME "-retval" ++#define TEST_NAME_DIR TEST_NAME ".dir" + +static const char service_file[] = TEST_NAME ".service"; +static const char missing_file[] = TEST_NAME ".missing"; ++static const char dir[] = TEST_NAME_DIR; ++static const char dir_usr[] = TEST_NAME_DIR "/usr"; ++static const char dir_usr_etc[] = TEST_NAME_DIR "/usr/etc"; ++static const char dir_usr_etc_security[] = TEST_NAME_DIR "/usr/etc/security"; +static const char my_conf[] = TEST_NAME ".conf"; +static const char my_env[] = TEST_NAME ".env"; ++static const char usr_env[] = TEST_NAME_DIR "/usr/etc/environment"; ++static const char usr_conf[] = TEST_NAME_DIR "/usr/etc/security/pam_env.conf"; + +static struct pam_conv conv; + @@ -1700,6 +2133,11 @@ index 00000000..6b9b3065 +{ + FILE *fp; + ++ ASSERT_EQ(0, mkdir(dir, 0755)); ++ ASSERT_EQ(0, mkdir(dir_usr, 0755)); ++ ASSERT_EQ(0, mkdir(dir_usr_etc, 0755)); ++ ASSERT_EQ(0, mkdir(dir_usr_etc_security, 0755)); ++ + ASSERT_NE(NULL, fp = fopen(my_conf, "w")); + ASSERT_LT(0, fprintf(fp, + "EDITOR\tDEFAULT=vim\n" @@ -1711,6 +2149,18 @@ index 00000000..6b9b3065 + "test_value=foo\n" + "test2_value=bar\n")); + ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_NE(NULL, fp = fopen(usr_env, "w")); ++ ASSERT_LT(0, fprintf(fp, ++ "usr_etc_test=foo\n" ++ "usr_etc_test2=bar\n")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ ASSERT_NE(NULL, fp = fopen(usr_conf, "w")); ++ ASSERT_LT(0, fprintf(fp, ++ "PAGER DEFAULT=emacs\n" ++ "MANPAGER DEFAULT=less\n")); ++ ASSERT_EQ(0, fclose(fp)); +} + +static void @@ -1718,6 +2168,12 @@ index 00000000..6b9b3065 +{ + ASSERT_EQ(0, unlink(my_conf)); + ASSERT_EQ(0, unlink(my_env)); ++ ASSERT_EQ(0, unlink(usr_env)); ++ ASSERT_EQ(0, unlink(usr_conf)); ++ ASSERT_EQ(0, rmdir(dir_usr_etc_security)); ++ ASSERT_EQ(0, rmdir(dir_usr_etc)); ++ ASSERT_EQ(0, rmdir(dir_usr)); ++ ASSERT_EQ(0, rmdir(dir)); +} + +static void @@ -1861,6 +2317,36 @@ index 00000000..6b9b3065 + const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; + check_env(env2); + ++#if defined (USE_ECONF) && defined (VENDORDIR) ++ ++ /* envfile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "session required %s/.libs/%s.so" ++ " conffile=%s envfile=%s/%s/\n", ++ cwd, MODULE_NAME, ++ "/dev/null", ++ cwd, dir)); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ const char *env3[] = {"usr_etc_test=foo", "usr_etc_test2=bar", NULL}; ++ check_env(env3); ++ ++ /* conffile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ ++ ASSERT_NE(NULL, fp = fopen(service_file, "w")); ++ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" ++ "session required %s/.libs/%s.so" ++ " conffile=%s/%s/ envfile=%s\n", ++ cwd, MODULE_NAME, ++ cwd, dir, ++ "/dev/null")); ++ ASSERT_EQ(0, fclose(fp)); ++ ++ const char *env4[] = {"PAGER=emacs", "MANPAGER=less", NULL}; ++ check_env(env4); ++ ++#endif ++ + /* cleanup */ + cleanup(); + ASSERT_EQ(0, unlink(service_file)); @@ -5573,6 +6059,172 @@ index 00000000..321bd6d1 + + return 0; +} +diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am +index b91bada5..3ce3e1d0 100644 +--- a/modules/pam_shells/Makefile.am ++++ b/modules/pam_shells/Makefile.am +@@ -18,14 +18,14 @@ securelibdir = $(SECUREDIR) + secureconfdir = $(SCONFIGDIR) + + AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ +- $(WARN_CFLAGS) ++ $(WARN_CFLAGS) $(ECONF_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map + endif + + securelib_LTLIBRARIES = pam_shells.la +-pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la ++pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS) + + if ENABLE_REGENERATE_MAN + dist_noinst_DATA = README +diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml +index 15f47671..73b4855a 100644 +--- a/modules/pam_shells/pam_shells.8.xml ++++ b/modules/pam_shells/pam_shells.8.xml +@@ -29,9 +29,17 @@ + pam_shells is a PAM module that only allows access to the + system if the user's shell is listed in /etc/shells. + ++ ++ ++ If this file does not exist, entries are taken from files ++ %vendordir%/shells, ++ %vendordir%/shells.d/* and ++ /etc/shells.d/* in that order. ++ ++ + +- It also checks if /etc/shells is a plain +- file and not world writable. ++ It also checks if needed files (e.g. /etc/shells) are plain ++ files and not world writable. + + + +diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c +index dc8f4878..abebdd0c 100644 +--- a/modules/pam_shells/pam_shells.c ++++ b/modules/pam_shells/pam_shells.c +@@ -13,27 +13,47 @@ + #include + #include + #include ++#include + #include + #include + #include ++#if defined (USE_ECONF) && defined (VENDORDIR) ++#include ++#endif + + #include + #include + #include + + #define SHELL_FILE "/etc/shells" +- ++#define SHELLS "shells" ++#define ETCDIR "/etc" + #define DEFAULT_SHELL "/bin/sh" + ++static bool check_file(const char *filename, const void *pamh) ++{ ++ struct stat sb; ++ ++ if (stat(filename, &sb)) { ++ pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", filename); ++ return false; /* must have /etc/shells */ ++ } ++ ++ if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) { ++ pam_syslog(pamh, LOG_ERR, ++ "%s is either world writable or not a normal file", ++ filename); ++ return false; ++ } ++ return true; ++} ++ + static int perform_check(pam_handle_t *pamh) + { + int retval = PAM_AUTH_ERR; + const char *userName; + const char *userShell; +- char shellFileLine[256]; +- struct stat sb; + struct passwd * pw; +- FILE * shellFile; + + retval = pam_get_user(pamh, &userName, NULL); + if (retval != PAM_SUCCESS) { +@@ -48,18 +68,50 @@ static int perform_check(pam_handle_t *pamh) + if (userShell[0] == '\0') + userShell = DEFAULT_SHELL; + +- if (stat(SHELL_FILE,&sb)) { +- pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", SHELL_FILE); +- return PAM_AUTH_ERR; /* must have /etc/shells */ ++#if defined (USE_ECONF) && defined (VENDORDIR) ++ size_t size = 0; ++ econf_err error; ++ char **keys; ++ econf_file *key_file; ++ ++ error = econf_readDirsWithCallback(&key_file, ++ VENDORDIR, ++ ETCDIR, ++ SHELLS, ++ NULL, ++ "", /* key only */ ++ "#", /* comment */ ++ check_file, pamh); ++ if (error) { ++ pam_syslog(pamh, LOG_ERR, ++ "Cannot parse shell files: %s", ++ econf_errString(error)); ++ return PAM_AUTH_ERR; + } + +- if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) { ++ error = econf_getKeys(key_file, NULL, &size, &keys); ++ if (error) { + pam_syslog(pamh, LOG_ERR, +- "%s is either world writable or not a normal file", +- SHELL_FILE); ++ "Cannot evaluate entries in shell files: %s", ++ econf_errString(error)); ++ econf_free (key_file); + return PAM_AUTH_ERR; + } + ++ retval = 1; ++ for (size_t i = 0; i < size; i++) { ++ retval = strcmp(keys[i], userShell); ++ if (!retval) ++ break; ++ } ++ econf_free (key_file); ++#else ++ char shellFileLine[256]; ++ FILE * shellFile; ++ ++ if (!check_file(SHELL_FILE, pamh)) ++ return PAM_AUTH_ERR; ++ + shellFile = fopen(SHELL_FILE,"r"); + if (shellFile == NULL) { /* Check that we opened it successfully */ + pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SHELL_FILE); +@@ -75,6 +127,7 @@ static int perform_check(pam_handle_t *pamh) + } + + fclose(shellFile); ++ #endif + + if (retval) { + return PAM_AUTH_ERR; diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am index 833d51a6..ad53f1cc 100644 --- a/modules/pam_time/Makefile.am @@ -5919,11 +6571,195 @@ index 03f8dc78..bbb7743b 100644 return 0; } +diff --git a/po/Linux-PAM.pot b/po/Linux-PAM.pot +index 5e92d7e9..d7cd325d 100644 +--- a/po/Linux-PAM.pot ++++ b/po/Linux-PAM.pot +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: Linux-PAM 1.5.2\n" + "Report-Msgid-Bugs-To: https://github.com/linux-pam/linux-pam/issues\n" +-"POT-Creation-Date: 2021-07-20 20:00+0000\n" ++"POT-Creation-Date: 2022-11-11 11:11+0000\n" + "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" + "Last-Translator: FULL NAME \n" + "Language-Team: LANGUAGE \n" +@@ -18,7 +18,7 @@ msgstr "" + "Content-Transfer-Encoding: 8bit\n" + "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" + +-#: libpam/pam_get_authtok.c:39 modules/pam_exec/pam_exec.c:181 ++#: libpam/pam_get_authtok.c:39 modules/pam_exec/pam_exec.c:183 + #: modules/pam_userdb/pam_userdb.c:53 + msgid "Password: " + msgstr "" +@@ -212,34 +212,40 @@ msgstr "" + msgid "erroneous conversation (%d)\n" + msgstr "" + +-#: modules/pam_exec/pam_exec.c:279 ++#: modules/pam_exec/pam_exec.c:289 + #, c-format + msgid "%s failed: exit code %d" + msgstr "" + +-#: modules/pam_exec/pam_exec.c:289 ++#: modules/pam_exec/pam_exec.c:299 + #, c-format + msgid "%s failed: caught signal %d%s" + msgstr "" + +-#: modules/pam_exec/pam_exec.c:299 ++#: modules/pam_exec/pam_exec.c:309 + #, c-format + msgid "%s failed: unknown status 0x%x" + msgstr "" + +-#: modules/pam_faillock/main.c:103 ++#: modules/pam_faillock/main.c:130 + #, c-format + msgid "" +-"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" ++"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset] [--" ++"legacy-output]\n" + msgstr "" + +-#: modules/pam_faillock/pam_faillock.c:618 ++#: modules/pam_faillock/main.c:181 ++#, c-format ++msgid "Login Failures Latest failure From\n" ++msgstr "" ++ ++#: modules/pam_faillock/pam_faillock.c:404 + #, c-format + msgid "The account is locked due to %u failed logins." + msgstr "" + +-#: modules/pam_faillock/pam_faillock.c:627 +-#: modules/pam_faillock/pam_faillock.c:633 ++#: modules/pam_faillock/pam_faillock.c:413 ++#: modules/pam_faillock/pam_faillock.c:419 + #, c-format + msgid "(%d minute left to unlock)" + msgid_plural "(%d minutes left to unlock)" +@@ -247,45 +253,45 @@ msgstr[0] "" + msgstr[1] "" + + #. TRANSLATORS: only used if dngettext is not supported. +-#: modules/pam_faillock/pam_faillock.c:636 ++#: modules/pam_faillock/pam_faillock.c:422 + #, c-format + msgid "(%d minutes left to unlock)" + msgstr "" + + #. TRANSLATORS: "strftime options for date of last login" +-#: modules/pam_lastlog/pam_lastlog.c:318 modules/pam_lastlog/pam_lastlog.c:579 ++#: modules/pam_lastlog/pam_lastlog.c:326 modules/pam_lastlog/pam_lastlog.c:595 + msgid " %a %b %e %H:%M:%S %Z %Y" + msgstr "" + + #. TRANSLATORS: " from " +-#: modules/pam_lastlog/pam_lastlog.c:327 modules/pam_lastlog/pam_lastlog.c:588 ++#: modules/pam_lastlog/pam_lastlog.c:335 modules/pam_lastlog/pam_lastlog.c:604 + #, c-format + msgid " from %.*s" + msgstr "" + + #. TRANSLATORS: " on " +-#: modules/pam_lastlog/pam_lastlog.c:339 modules/pam_lastlog/pam_lastlog.c:600 ++#: modules/pam_lastlog/pam_lastlog.c:347 modules/pam_lastlog/pam_lastlog.c:616 + #, c-format + msgid " on %.*s" + msgstr "" + + #. TRANSLATORS: "Last login: from on " +-#: modules/pam_lastlog/pam_lastlog.c:349 ++#: modules/pam_lastlog/pam_lastlog.c:357 + #, c-format + msgid "Last login:%s%s%s" + msgstr "" + +-#: modules/pam_lastlog/pam_lastlog.c:355 ++#: modules/pam_lastlog/pam_lastlog.c:363 + msgid "Welcome to your new account!" + msgstr "" + + #. TRANSLATORS: "Last failed login: from on " +-#: modules/pam_lastlog/pam_lastlog.c:610 ++#: modules/pam_lastlog/pam_lastlog.c:626 + #, c-format + msgid "Last failed login:%s%s%s" + msgstr "" + +-#: modules/pam_lastlog/pam_lastlog.c:619 modules/pam_lastlog/pam_lastlog.c:626 ++#: modules/pam_lastlog/pam_lastlog.c:635 modules/pam_lastlog/pam_lastlog.c:642 + #, c-format + msgid "There was %d failed login attempt since the last successful login." + msgid_plural "" +@@ -294,18 +300,18 @@ msgstr[0] "" + msgstr[1] "" + + #. TRANSLATORS: only used if dngettext is not supported +-#: modules/pam_lastlog/pam_lastlog.c:631 ++#: modules/pam_lastlog/pam_lastlog.c:647 + #, c-format + msgid "There were %d failed login attempts since the last successful login." + msgstr "" + +-#: modules/pam_limits/pam_limits.c:1164 ++#: modules/pam_limits/pam_limits.c:1269 + #, c-format + msgid "There were too many logins for '%s'." + msgstr "" + + #: modules/pam_mail/pam_mail.c:289 +-msgid "You have no mail." ++msgid "You do not have any new mail." + msgstr "" + + #: modules/pam_mail/pam_mail.c:292 +@@ -350,12 +356,12 @@ msgstr "" + msgid "Unable to create and initialize directory '%s'." + msgstr "" + +-#: modules/pam_pwhistory/pam_pwhistory.c:371 ++#: modules/pam_pwhistory/pam_pwhistory.c:378 + #: modules/pam_unix/pam_unix_passwd.c:589 + msgid "Password has been already used. Choose another." + msgstr "" + +-#: modules/pam_pwhistory/pam_pwhistory.c:378 ++#: modules/pam_pwhistory/pam_pwhistory.c:385 + msgid "Password has been already used." + msgstr "" + +diff --git a/xtests/Makefile.am b/xtests/Makefile.am +index 70f8441e..acf97469 100644 +--- a/xtests/Makefile.am ++++ b/xtests/Makefile.am +@@ -25,6 +25,7 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ + tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \ + group.conf tst-pam_group1.pamd tst-pam_group1.sh \ + tst-pam_authfail.pamd tst-pam_authsucceed.pamd \ ++ tst-pam_shells.pamd shells.conf tst-pam_shells.sh \ + tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \ + tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \ + tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \ +@@ -43,7 +44,8 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ + tst-pam_access1 tst-pam_access2 tst-pam_access3 \ + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ + tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ +- tst-pam_pwhistory1 tst-pam_time1 tst-pam_motd ++ tst-pam_pwhistory1 tst-pam_time1 tst-pam_motd \ ++ tst-pam_shells + + NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ + tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh -index 14f585d9..ff9a4dc1 100755 +index 14f585d9..e580e0ab 100755 --- a/xtests/run-xtests.sh +++ b/xtests/run-xtests.sh -@@ -18,10 +18,12 @@ all=0 +@@ -18,10 +18,16 @@ all=0 mkdir -p /etc/security for config in access.conf group.conf time.conf limits.conf ; do @@ -5933,12 +6769,16 @@ index 14f585d9..ff9a4dc1 100755 install -m 644 "${SRCDIR}"/$config /etc/security/$config done -mv /etc/security/opasswd /etc/security/opasswd-pam-xtests ++[ -f /etc/shells ] && ++ mv /etc/shells /etc/shells-pam-xtests ++install -m 644 "${SRCDIR}"/shells.conf /etc/shells ++ +[ -f /etc/security/opasswd ] && + mv /etc/security/opasswd /etc/security/opasswd-pam-xtests for testname in $XTESTS ; do for cfg in "${SRCDIR}"/$testname*.pamd ; do -@@ -47,11 +49,15 @@ for testname in $XTESTS ; do +@@ -47,11 +53,18 @@ for testname in $XTESTS ; do all=`expr $all + 1` rm -f /etc/pam.d/$testname* done @@ -5955,12 +6795,123 @@ index 14f585d9..ff9a4dc1 100755 + rm -f /etc/security/$config + fi +done ++ ++[ -f "/etc/shells-pam-xtests" ] && ++ mv /etc/shells-pam-xtests /etc/shells + if test "$failed" -ne 0; then echo "===================" echo "$failed of $all tests failed" ---- /dev/null 2022-12-04 11:36:15.304093045 +0100 -+++ a/doc/man/pam.conf.5.xml 2022-12-06 17:06:03.623994042 +0100 +diff --git a/xtests/shells.conf b/xtests/shells.conf +new file mode 100644 +index 00000000..74776e68 +--- /dev/null ++++ b/xtests/shells.conf +@@ -0,0 +1,3 @@ ++/bin/ash ++/bin/testbash ++/bin/csh +diff --git a/xtests/tst-pam_shells.c b/xtests/tst-pam_shells.c +new file mode 100644 +index 00000000..b6ba938e +--- /dev/null ++++ b/xtests/tst-pam_shells.c +@@ -0,0 +1,68 @@ ++/* ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, and the entire permission notice in its entirety, ++ * including the disclaimer of warranties. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the author may not be used to endorse or promote ++ * products derived from this software without specific prior ++ * written permission. ++ * ++ * ALTERNATIVELY, this product may be distributed under the terms of ++ * the GNU Public License, in which case the provisions of the GPL are ++ * required INSTEAD OF the above restrictions. (This clause is ++ * necessary due to a potential bad interaction between the GPL and ++ * the restrictions contained in a BSD-style copyright.) ++ * ++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED ++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ++ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, ++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR ++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++/* ++ test case: ++ ++ shells.conf: ++ /bin/testbash ++ ++*/ ++ ++#include "test_assert.h" ++ ++#include ++#include ++#include ++#include ++ ++static struct pam_conv conv; ++ ++int ++main(void) ++{ ++ pam_handle_t *pamh = NULL; ++ int retval; ++ ++ // /bin/testbash is defined in shell definition file(s) ++ ASSERT_EQ(PAM_SUCCESS, pam_start("tst-pam_shells", "tstpamshells", &conv, &pamh)); ++ ASSERT_EQ(PAM_SUCCESS, retval=pam_authenticate (pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end (pamh,retval)); ++ ++ // /bin/testnoshell is not defined in shell definition file(s) ++ ASSERT_EQ(PAM_SUCCESS, pam_start("tst-pam_shells", "tstnoshell", &conv, &pamh)); ++ ASSERT_EQ(PAM_AUTH_ERR, retval=pam_authenticate (pamh, 0)); ++ ASSERT_EQ(PAM_SUCCESS, pam_end (pamh,retval)); ++ ++ return 0; ++} +diff --git a/xtests/tst-pam_shells.pamd b/xtests/tst-pam_shells.pamd +new file mode 100644 +index 00000000..6ad4f319 +--- /dev/null ++++ b/xtests/tst-pam_shells.pamd +@@ -0,0 +1,2 @@ ++#%PAM-1.0 ++auth required pam_shells.so +diff --git a/xtests/tst-pam_shells.sh b/xtests/tst-pam_shells.sh +new file mode 100755 +index 00000000..5093f689 +--- /dev/null ++++ b/xtests/tst-pam_shells.sh +@@ -0,0 +1,11 @@ ++#!/bin/sh ++ ++/usr/sbin/groupadd tstpamshells1 ++/usr/sbin/useradd -s /bin/testbash -G tstpamshells1 -p '!!' tstpamshells ++/usr/sbin/useradd -s /bin/testnoshell -G tstpamshells1 -p '!!' tstnoshell ++./tst-pam_shells ++RET=$? ++/usr/sbin/userdel -r tstpamshells 2> /dev/null ++/usr/sbin/userdel -r tstnoshell 2> /dev/null ++/usr/sbin/groupdel tstpamshells1 2> /dev/null ++exit $RET +--- /dev/null 2022-12-11 17:12:47.416337843 +0100 ++++ b/doc/man/pam.conf.5.xml 2019-09-24 13:06:13.527781974 +0200 @@ -0,0 +1,50 @@ + + + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + ------------------------------------------------------------------- Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 128d034..58e913a 100644 --- a/pam.spec +++ b/pam.spec @@ -67,9 +67,8 @@ Source15: Linux-PAM-%{version}.tar.xz.asc Patch1: pam-limit-nproc.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch -Patch10: pam_xauth_data.3.xml.patch +Patch5: pam_xauth_data.3.xml.patch Patch11: pam-git.diff -Patch12: pam_env_econf.patch Patch13: pam_pwhistory-docu.patch Patch14: docbook5.patch BuildRequires: audit-devel @@ -88,8 +87,8 @@ BuildRequires: pkgconfig(libeconf) %if %{enable_selinux} BuildRequires: libselinux-devel %endif -Requires: pam_unix.so -Suggests: pam_unix +Obsoletes: pam_unix +Obsoletes: pam_unix-nis Recommends: pam-manpages %if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) @@ -101,18 +100,6 @@ PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. -%package -n pam_unix -Summary: PAM module for standard UNIX authentication -Group: System/Libraries -Provides: pam:/%{_lib}/security/pam_unix.so -Provides: pam_unix.so -Conflicts: pam_unix-nis - -%description -n pam_unix -This package contains the pam_unix module, which does the standard -UNIX authentication against the passwd and shadow database. This -module does not contain NIS support. - %package extra Summary: PAM module to authenticate against a separate database Group: System/Libraries @@ -181,8 +168,7 @@ cp -a %{SOURCE12} . %patch1 -p1 %patch3 -p1 %patch4 -p1 -%patch10 -p1 -%patch12 -p1 +%patch5 -p1 %if %{build_doc} %patch13 -p1 %patch14 -p1 @@ -396,6 +382,11 @@ done %{_pam_moduledir}/pam_timestamp.so %{_pam_moduledir}/pam_tty_audit.so %{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_unix_acct.so +%{_pam_moduledir}/pam_unix_auth.so +%{_pam_moduledir}/pam_unix_passwd.so +%{_pam_moduledir}/pam_unix_session.so %{_pam_moduledir}/pam_usertype.so %{_pam_moduledir}/pam_warn.so %{_pam_moduledir}/pam_wheel.so @@ -411,14 +402,6 @@ done %{_unitdir}/pam_namespace.service %{_tmpfilesdir}/pam.conf -%files -n pam_unix -%defattr(-,root,root,755) -%{_pam_moduledir}/pam_unix.so -%{_pam_moduledir}/pam_unix_acct.so -%{_pam_moduledir}/pam_unix_auth.so -%{_pam_moduledir}/pam_unix_passwd.so -%{_pam_moduledir}/pam_unix_session.so - %files extra %defattr(-,root,root,755) %{_pam_moduledir}/pam_userdb.so diff --git a/pam_env_econf.patch b/pam_env_econf.patch deleted file mode 100644 index d79d82d..0000000 --- a/pam_env_econf.patch +++ /dev/null @@ -1,576 +0,0 @@ -From 4b427724082fa2b77cccfa572881c5d2940c754e Mon Sep 17 00:00:00 2001 -From: Stefan Schubert -Date: Fri, 3 Dec 2021 14:33:20 +0100 -Subject: [PATCH] pam_env: Use vendor specific pam_env.conf and environment as - fallback - -Use the vendor directory as fallback for a distribution provided default -config if there is no one in /etc. - -* Makefile.am: Add libeconf setting. -* pam_env.c: Take care about the fallback configuration in the vendor directory. -* tst-pam_env-retval.c: Added tests for libeconf. -* configure.ac: Added ECONF settings for building man pages. ---- - configure.ac | 7 +- - modules/pam_env/.gitignore | 1 + - modules/pam_env/Makefile.am | 4 +- - modules/pam_env/pam_env.c | 298 +++++++++++++++++++++++---- - modules/pam_env/tst-pam_env-retval.c | 60 ++++++ - 7 files changed, 394 insertions(+), 44 deletions(-) - create mode 100644 modules/pam_env/.gitignore - -diff --git a/configure.ac b/configure.ac -index 2f74d1b49..51ca0ad25 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -523,6 +523,7 @@ if test "$WITH_ECONF" = "yes" ; then - PKG_CHECK_MODULES([ECONF], [libeconf], [], - [AC_CHECK_LIB([econf],[econf_readDirs],[ECONF_LIBS="-leconf"],[ECONF_LIBS=""])]) - if test -n "$ECONF_LIBS" ; then -+ AC_CHECK_LIB([econf],[econf_errLocation], [], [AC_MSG_ERROR([Please update libeconf])]) - ECONF_CFLAGS="-DUSE_ECONF=1 $ECONF_CFLAGS" - fi - fi -@@ -535,7 +536,11 @@ if test -n "$enable_vendordir"; then - [Directory for distribution provided configuration files]) - AC_DEFINE_UNQUOTED([VENDOR_SCONFIGDIR], ["$enable_vendordir/security"], - [Directory for PAM modules distribution provided configuration files]) -- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir'" -+ if test "$WITH_ECONF" = "yes" ; then -+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_with_econf'" -+ else -+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_without_econf" -+ fi - else - STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" - fi -diff --git a/modules/pam_env/.gitignore b/modules/pam_env/.gitignore -new file mode 100644 -index 000000000..4c5b234b1 ---- /dev/null -+++ b/modules/pam_env/.gitignore -@@ -0,0 +1 @@ -+tst-pam_env-retval -diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am -index 02cd9d375..b99a83ecb 100644 ---- a/modules/pam_env/Makefile.am -+++ b/modules/pam_env/Makefile.am -@@ -18,14 +18,14 @@ securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- $(WARN_CFLAGS) -+ $(WARN_CFLAGS) -DSYSCONFDIR=\"$(sysconfdir)\" $(ECONF_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - - securelib_LTLIBRARIES = pam_env.la --pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la -+pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS) - - check_PROGRAMS = tst-pam_env-retval - tst_pam_env_retval_LDADD = $(top_builddir)/libpam/libpam.la -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index 64a586454..aabab7992 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -7,6 +7,9 @@ - */ - - #define DEFAULT_ETC_ENVFILE "/etc/environment" -+#ifdef VENDORDIR -+#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/etc/environment") -+#endif - #define DEFAULT_READ_ENVFILE 1 - - #define DEFAULT_USER_ENVFILE ".pam_environment" -@@ -25,6 +28,9 @@ - #include - #include - #include -+#ifdef USE_ECONF -+#include -+#endif - - #include - #include -@@ -42,6 +48,9 @@ typedef struct var { - } VAR; - - #define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") -+#ifdef VENDOR_SCONFIGDIR -+#define VENDOR_DEFAULT_CONF_FILE (VENDOR_SCONFIGDIR "/pam_env.conf") -+#endif - - #define BUF_SIZE 8192 - #define MAX_ENV 8192 -@@ -56,6 +65,16 @@ typedef struct var { - /* This is a special value used to designate an empty string */ - static char quote='\0'; - -+static void free_string_array(char **array) -+{ -+ if (array == NULL) -+ return; -+ for (char **entry = array; *entry != NULL; ++entry) { -+ free(*entry); -+ } -+ free(array); -+} -+ - /* argument parsing */ - - #define PAM_DEBUG_ARG 0x01 -@@ -68,10 +87,10 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, - int ctrl=0; - - *user_envfile = DEFAULT_USER_ENVFILE; -- *envfile = DEFAULT_ETC_ENVFILE; -+ *envfile = NULL; - *readenv = DEFAULT_READ_ENVFILE; - *user_readenv = DEFAULT_USER_READ_ENVFILE; -- *conffile = DEFAULT_CONF_FILE; -+ *conffile = NULL; - - /* step through arguments */ - for (; argc-- > 0; ++argv) { -@@ -119,6 +138,148 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, - return ctrl; - } - -+#ifdef USE_ECONF -+ -+#define ENVIRONMENT "environment" -+#define PAM_ENV "pam_env" -+ -+static int -+isDirectory(const char *path) { -+ struct stat statbuf; -+ if (stat(path, &statbuf) != 0) -+ return 0; -+ return S_ISDIR(statbuf.st_mode); -+} -+ -+static int -+econf_read_file(const pam_handle_t *pamh, const char *filename, const char *delim, -+ const char *name, const char *suffix, const char *subpath, -+ char ***lines) -+{ -+ econf_file *key_file = NULL; -+ econf_err error; -+ size_t key_number = 0; -+ char **keys = NULL; -+ const char *base_dir = ""; -+ -+ if (filename != NULL) { -+ if (isDirectory(filename)) { -+ /* Set base directory which can be different from root */ -+ D(("filename argument is a directory: %s", filename)); -+ base_dir = filename; -+ } else { -+ /* Read only one file */ -+ error = econf_readFile (&key_file, filename, delim, "#"); -+ D(("File name is: %s", filename)); -+ if (error != ECONF_SUCCESS) { -+ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %s", filename, -+ econf_errString(error)); -+ if (error == ECONF_NOFILE) -+ return PAM_IGNORE; -+ else -+ return PAM_ABORT; -+ } -+ } -+ } -+ if (filename == NULL || base_dir[0] != '\0') { -+ /* Read and merge all setting in e.g. /usr/etc and /etc */ -+ char *vendor_dir = NULL, *sysconf_dir; -+ if (subpath != NULL && subpath[0] != '\0') { -+#ifdef VENDORDIR -+ if (asprintf(&vendor_dir, "%s%s/%s/", base_dir, VENDORDIR, subpath) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ return PAM_BUF_ERR; -+ } -+#endif -+ if (asprintf(&sysconf_dir, "%s%s/%s/", base_dir, SYSCONFDIR, subpath) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ free(vendor_dir); -+ return PAM_BUF_ERR; -+ } -+ } else { -+#ifdef VENDORDIR -+ if (asprintf(&vendor_dir, "%s%s/", base_dir, VENDORDIR) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ return PAM_BUF_ERR; -+ } -+#endif -+ if (asprintf(&sysconf_dir, "%s%s/", base_dir, SYSCONFDIR) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ free(vendor_dir); -+ return PAM_BUF_ERR; -+ } -+ } -+ -+ D(("Read configuration from directory %s and %s", vendor_dir, sysconf_dir)); -+ error = econf_readDirs (&key_file, vendor_dir, sysconf_dir, name, suffix, -+ delim, "#"); -+ free(vendor_dir); -+ free(sysconf_dir); -+ if (error != ECONF_SUCCESS) { -+ if (error == ECONF_NOFILE) { -+ pam_syslog(pamh, LOG_ERR, "Configuration file not found: %s%s", name, suffix); -+ return PAM_IGNORE; -+ } else { -+ char *error_filename = NULL; -+ uint64_t error_line = 0; -+ -+ econf_errLocation(&error_filename, &error_line); -+ pam_syslog(pamh, LOG_ERR, "Unable to read configuration file %s line %ld: %s", -+ error_filename, -+ error_line, -+ econf_errString(error)); -+ free(error_filename); -+ return PAM_ABORT; -+ } -+ } -+ } -+ -+ error = econf_getKeys(key_file, NULL, &key_number, &keys); -+ if (error != ECONF_SUCCESS && error != ECONF_NOKEY) { -+ pam_syslog(pamh, LOG_ERR, "Unable to read keys: %s", -+ econf_errString(error)); -+ econf_freeFile(key_file); -+ return PAM_ABORT; -+ } -+ -+ *lines = malloc((key_number +1)* sizeof(char**)); -+ if (*lines == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ econf_free(keys); -+ econf_freeFile(key_file); -+ return PAM_BUF_ERR; -+ } -+ -+ (*lines)[key_number] = 0; -+ -+ for (size_t i = 0; i < key_number; i++) { -+ char *val; -+ -+ error = econf_getStringValue (key_file, NULL, keys[i], &val); -+ if (error != ECONF_SUCCESS) { -+ pam_syslog(pamh, LOG_ERR, "Unable to get string from key %s: %s", -+ keys[i], -+ econf_errString(error)); -+ } else { -+ if (asprintf(&(*lines)[i],"%s%c%s", keys[i], delim[0], val) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ econf_free(keys); -+ econf_freeFile(key_file); -+ free_string_array(*lines); -+ free (val); -+ return PAM_BUF_ERR; -+ } -+ free (val); -+ } -+ } -+ -+ econf_free(keys); -+ econf_free(key_file); -+ return PAM_SUCCESS; -+} -+ -+#else -+ - /* - * This is where we read a line of the PAM config file. The line may be - * preceded by lines of comments and also extended with "\\\n" -@@ -212,6 +373,52 @@ _assemble_line(FILE *f, char *buffer, int buf_len) - return used; - } - -+static int read_file(const pam_handle_t *pamh, const char*filename, char ***lines) -+{ -+ FILE *conf; -+ char buffer[BUF_SIZE]; -+ -+ D(("Parsed file name is: %s", filename)); -+ -+ if ((conf = fopen(filename,"r")) == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s", filename); -+ return PAM_IGNORE; -+ } -+ -+ size_t i = 0; -+ *lines = malloc((i + 1)* sizeof(char**)); -+ if (*lines == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ (void) fclose(conf); -+ return PAM_BUF_ERR; -+ } -+ (*lines)[i] = 0; -+ while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { -+ char **tmp = NULL; -+ D(("Read line: %s", buffer)); -+ tmp = realloc(*lines, (++i + 1) * sizeof(char**)); -+ if (tmp == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ (void) fclose(conf); -+ free_string_array(*lines); -+ return PAM_BUF_ERR; -+ } -+ *lines = tmp; -+ (*lines)[i-1] = strdup(buffer); -+ if ((*lines)[i-1] == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ (void) fclose(conf); -+ free_string_array(*lines); -+ return PAM_BUF_ERR; -+ } -+ (*lines)[i] = 0; -+ } -+ -+ (void) fclose(conf); -+ return PAM_SUCCESS; -+} -+#endif -+ - static int - _parse_line(const pam_handle_t *pamh, const char *buffer, VAR *var) - { -@@ -626,34 +833,38 @@ static int - _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) - { - int retval; -- char buffer[BUF_SIZE]; -- FILE *conf; - VAR Var, *var=&Var; -- -- D(("Called.")); -+ char **conf_list = NULL; - - var->name=NULL; var->defval=NULL; var->override=NULL; - -- D(("Config file name is: %s", file)); -+ D(("Called.")); - -+#ifdef USE_ECONF -+ /* If "file" is not NULL, only this file will be parsed. */ -+ retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); -+#else -+ /* Only one file will be parsed. So, file has to be set. */ -+ if (file == NULL) /* No filename has been set via argv. */ -+ file = DEFAULT_CONF_FILE; -+#ifdef VENDOR_DEFAULT_CONF_FILE - /* -- * Lets try to open the config file, parse it and process -- * any variables found. -- */ -- -- if ((conf = fopen(file,"r")) == NULL) { -- pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); -- return PAM_IGNORE; -+ * Check whether file is available. -+ * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. -+ */ -+ struct stat stat_buffer; -+ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { -+ file = VENDOR_DEFAULT_CONF_FILE; - } -+#endif -+ retval = read_file(pamh, file, &conf_list); -+#endif - -- /* _pam_assemble_line will provide a complete line from the config file, -- * with all comments removed and any escaped newlines fixed up -- */ -- -- while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { -- D(("Read line: %s", buffer)); -+ if (retval != PAM_SUCCESS) -+ return retval; - -- if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { -+ for (char **conf = conf_list; *conf != NULL; ++conf) { -+ if ((retval = _parse_line(pamh, *conf, var)) == GOOD_LINE) { - retval = _check_var(pamh, var); - - if (DEFINE_VAR == retval) { -@@ -668,11 +879,10 @@ _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) - - _clean_var(var); - -- } /* while */ -- -- (void) fclose(conf); -+ } /* for */ - - /* tidy up */ -+ free_string_array(conf_list); - _clean_var(var); /* We could have got here prematurely, - * this is safe though */ - D(("Exit.")); -@@ -683,19 +893,33 @@ static int - _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) - { - int retval=PAM_SUCCESS, i, t; -- char buffer[BUF_SIZE], *key, *mark; -- FILE *conf; -- -- D(("Env file name is: %s", file)); -- -- if ((conf = fopen(file,"r")) == NULL) { -- pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); -- return PAM_IGNORE; -+ char *key, *mark; -+ char **env_list = NULL; -+ -+#ifdef USE_ECONF -+ retval = econf_read_file(pamh, file, "=", ENVIRONMENT, "", "", &env_list); -+#else -+ /* Only one file will be parsed. So, file has to be set. */ -+ if (file == NULL) /* No filename has been set via argv. */ -+ file = DEFAULT_ETC_ENVFILE; -+#ifdef VENDOR_DEFAULT_ETC_ENVFILE -+ /* -+ * Check whether file is available. -+ * If it does not exist, fall back to VENDOR_DEFAULT_ETC_ENVFILE; file. -+ */ -+ struct stat stat_buffer; -+ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { -+ file = VENDOR_DEFAULT_ETC_ENVFILE; - } -+#endif -+ retval = read_file(pamh, file, &env_list); -+#endif - -- while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { -- D(("Read line: %s", buffer)); -- key = buffer; -+ if (retval != PAM_SUCCESS) -+ return retval == PAM_IGNORE ? PAM_SUCCESS : retval; -+ -+ for (char **env = env_list; *env != NULL; ++env) { -+ key = *env; - - /* skip leading white space */ - key += strspn(key, " \n\t"); -@@ -767,11 +991,11 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) - pam_syslog(pamh, LOG_DEBUG, - "pam_putenv(\"%s\")", key); - } -+ free(*env); - } - -- (void) fclose(conf); -- - /* tidy up */ -+ free(env_list); - D(("Exit.")); - return retval; - } -diff --git a/modules/pam_env/tst-pam_env-retval.c b/modules/pam_env/tst-pam_env-retval.c -index 6b9b3065a..99e2e2a54 100644 ---- a/modules/pam_env/tst-pam_env-retval.c -+++ b/modules/pam_env/tst-pam_env-retval.c -@@ -17,11 +17,18 @@ - - #define MODULE_NAME "pam_env" - #define TEST_NAME "tst-" MODULE_NAME "-retval" -+#define TEST_NAME_DIR TEST_NAME ".dir" - - static const char service_file[] = TEST_NAME ".service"; - static const char missing_file[] = TEST_NAME ".missing"; -+static const char dir[] = TEST_NAME_DIR; -+static const char dir_usr[] = TEST_NAME_DIR "/usr"; -+static const char dir_usr_etc[] = TEST_NAME_DIR "/usr/etc"; -+static const char dir_usr_etc_security[] = TEST_NAME_DIR "/usr/etc/security"; - static const char my_conf[] = TEST_NAME ".conf"; - static const char my_env[] = TEST_NAME ".env"; -+static const char usr_env[] = TEST_NAME_DIR "/usr/etc/environment"; -+static const char usr_conf[] = TEST_NAME_DIR "/usr/etc/security/pam_env.conf"; - - static struct pam_conv conv; - -@@ -30,6 +37,11 @@ setup(void) - { - FILE *fp; - -+ ASSERT_EQ(0, mkdir(dir, 0755)); -+ ASSERT_EQ(0, mkdir(dir_usr, 0755)); -+ ASSERT_EQ(0, mkdir(dir_usr_etc, 0755)); -+ ASSERT_EQ(0, mkdir(dir_usr_etc_security, 0755)); -+ - ASSERT_NE(NULL, fp = fopen(my_conf, "w")); - ASSERT_LT(0, fprintf(fp, - "EDITOR\tDEFAULT=vim\n" -@@ -41,6 +53,18 @@ setup(void) - "test_value=foo\n" - "test2_value=bar\n")); - ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_NE(NULL, fp = fopen(usr_env, "w")); -+ ASSERT_LT(0, fprintf(fp, -+ "usr_etc_test=foo\n" -+ "usr_etc_test2=bar\n")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_NE(NULL, fp = fopen(usr_conf, "w")); -+ ASSERT_LT(0, fprintf(fp, -+ "PAGER DEFAULT=emacs\n" -+ "MANPAGER DEFAULT=less\n")); -+ ASSERT_EQ(0, fclose(fp)); - } - - static void -@@ -48,6 +72,12 @@ cleanup(void) - { - ASSERT_EQ(0, unlink(my_conf)); - ASSERT_EQ(0, unlink(my_env)); -+ ASSERT_EQ(0, unlink(usr_env)); -+ ASSERT_EQ(0, unlink(usr_conf)); -+ ASSERT_EQ(0, rmdir(dir_usr_etc_security)); -+ ASSERT_EQ(0, rmdir(dir_usr_etc)); -+ ASSERT_EQ(0, rmdir(dir_usr)); -+ ASSERT_EQ(0, rmdir(dir)); - } - - static void -@@ -191,6 +221,36 @@ main(void) - const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; - check_env(env2); - -+#if defined (USE_ECONF) && defined (VENDORDIR) -+ -+ /* envfile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "session required %s/.libs/%s.so" -+ " conffile=%s envfile=%s/%s/\n", -+ cwd, MODULE_NAME, -+ "/dev/null", -+ cwd, dir)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ const char *env3[] = {"usr_etc_test=foo", "usr_etc_test2=bar", NULL}; -+ check_env(env3); -+ -+ /* conffile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "session required %s/.libs/%s.so" -+ " conffile=%s/%s/ envfile=%s\n", -+ cwd, MODULE_NAME, -+ cwd, dir, -+ "/dev/null")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ const char *env4[] = {"PAGER=emacs", "MANPAGER=less", NULL}; -+ check_env(env4); -+ -+#endif -+ - /* cleanup */ - cleanup(); - ASSERT_EQ(0, unlink(service_file)); -- 2.51.1 From e4217a82b65ba8fff4af1327417a6ff25f7249d82e0dc4932ac9a9f3b69ae7c6 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 16 Dec 2022 10:31:29 +0000 Subject: [PATCH 185/226] Accepting request 1043315 from home:kukuk:tiu OBS-URL: https://build.opensuse.org/request/show/1043315 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=269 --- baselibs.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/baselibs.conf b/baselibs.conf index 00ed537..93db8ec 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -2,5 +2,3 @@ pam requires "(systemd- if systemd)" pam-extra pam-devel -pam_unix - conflicts "pam_unix-nis-" -- 2.51.1 From a19e1ad91c03f195cd33cd4f7c877d1eea63f26671fa27f5a2fef880e9f96fa2 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Sat, 24 Dec 2022 13:32:42 +0000 Subject: [PATCH 186/226] - Also obsolete pam_unix-32bit to have clean upgrade path. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=270 --- baselibs.conf | 2 ++ pam.changes | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/baselibs.conf b/baselibs.conf index 93db8ec..aae13c0 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,4 +1,6 @@ pam requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" pam-extra pam-devel diff --git a/pam.changes b/pam.changes index 33349b2..7805273 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + ------------------------------------------------------------------- Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk -- 2.51.1 From 7d61bc6b2af3c7028c2808a01f473641977f54f8a5b2824510e31b2596e15074 Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Wed, 25 Jan 2023 10:56:16 +0000 Subject: [PATCH 187/226] Accepting request 1060632 from home:schubi2 OBS-URL: https://build.opensuse.org/request/show/1060632 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=271 --- macros.pam | 13 +++++++------ pam.changes | 12 ++++++++++++ pam.spec | 37 +++++++++++++++++++++---------------- 3 files changed, 40 insertions(+), 22 deletions(-) diff --git a/macros.pam b/macros.pam index 87a5493..ac665f6 100644 --- a/macros.pam +++ b/macros.pam @@ -1,7 +1,8 @@ -%_pam_libdir %{_libdir} -%_pam_moduledir %{_libdir}/security -%_pam_secconfdir %{_sysconfdir}/security -%_pam_confdir %{_sysconfdir}/pam.d -%_pam_vendordir %{_prefix}/lib/pam.d +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d # legacy, to be retired -%_pamdir %{_pam_moduledir} +%_pamdir %{_pam_moduledir} diff --git a/pam.changes b/pam.changes index 7805273..e855161 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + ------------------------------------------------------------------- Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger diff --git a/pam.spec b/pam.spec index 58e913a..464ce23 100644 --- a/pam.spec +++ b/pam.spec @@ -19,6 +19,10 @@ %define flavor @BUILD_FLAVOR@%{nil} +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + %if "%{flavor}" == "full" %define build_main 0 %define build_doc 1 @@ -247,8 +251,9 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf -mkdir -p %{buildroot}%{_distconfdir}/security -mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf} %{buildroot}%{_distconfdir}/security/ +mkdir -p %{buildroot}%{_pam_secdistconfdir} +mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf,access.conf,limits.d,sepermit.conf,time.conf} %{buildroot}%{_pam_secdistconfdir}/ +mv %{buildroot}%{_sysconfdir}/security/{namespace.conf,namespace.d,namespace.init} %{buildroot}%{_pam_secdistconfdir}/ mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment # Remove manual pages for main package @@ -287,13 +292,13 @@ rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8* %postun -p /sbin/ldconfig %pre -for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do +for i in securetty %{config_files} ; do test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done %posttrans # Migration to /usr/etc. -for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do +for i in securetty %{config_files} ; do test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: done @@ -307,8 +312,8 @@ done %dir %{_pam_confdir} %dir %{_pam_vendordir} %dir %{_pam_secconfdir} -%dir %{_pam_secconfdir}/limits.d -%dir %{_distconfdir}/security +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d # /usr/etc/pam.d is for compat reasons %dir %{_distconfdir}/pam.d %dir %{_prefix}/lib/motd.d @@ -320,19 +325,19 @@ done %{_pam_vendordir}/common-* %endif %{_distconfdir}/environment -%config(noreplace) %{_pam_secconfdir}/access.conf -%{_distconfdir}/security/group.conf -%{_distconfdir}/security/faillock.conf -%{_distconfdir}/security/limits.conf -%{_distconfdir}/security/pam_env.conf +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/limits.conf +%{_pam_secdistconfdir}/pam_env.conf %if %{enable_selinux} -%config(noreplace) %{_pam_secconfdir}/sepermit.conf +%{_pam_secdistconfdir}/sepermit.conf %endif -%config(noreplace) %{_pam_secconfdir}/time.conf -%config(noreplace) %{_pam_secconfdir}/namespace.conf -%config(noreplace) %{_pam_secconfdir}/namespace.init +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init %config(noreplace) %{_pam_secconfdir}/pwhistory.conf -%dir %{_pam_secconfdir}/namespace.d +%dir %{_pam_secdistconfdir}/namespace.d %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} %{_libdir}/libpamc.so.0 -- 2.51.1 From b0799e0d72231a9e9a0930bf3c7cb0b5eadf104755adcbc9788ef5cd2ea28358 Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Wed, 15 Mar 2023 09:05:09 +0000 Subject: [PATCH 188/226] Accepting request 1070768 from home:gbelinassi - Enable livepatching support on x86_64. OBS-URL: https://build.opensuse.org/request/show/1070768 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=272 --- pam.changes | 5 +++++ pam.spec | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/pam.changes b/pam.changes index e855161..b1fb24e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + ------------------------------------------------------------------- Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre diff --git a/pam.spec b/pam.spec index 464ce23..b47f650 100644 --- a/pam.spec +++ b/pam.spec @@ -15,6 +15,26 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + %bcond_with debug %define flavor @BUILD_FLAVOR@%{nil} @@ -184,6 +204,9 @@ export CFLAGS="%{optflags}" %if !%{with debug} CFLAGS="$CFLAGS -DNDEBUG" %endif +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif %configure \ --includedir=%{_includedir}/security \ --docdir=%{_docdir}/pam \ @@ -197,6 +220,33 @@ CFLAGS="$CFLAGS -DNDEBUG" %endif %make_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam %if %{build_main} @@ -213,6 +263,7 @@ mkdir -p %{buildroot}/sbin mkdir -p -m 755 %{buildroot}%{_libdir} # For compat reasons mkdir -p %{buildroot}%{_distconfdir}/pam.d + %make_install /sbin/ldconfig -n %{buildroot}%{libdir} # Install documentation -- 2.51.1 From d8677436cd89bdb72be6c1713cbe30949a0370ea646719d7e472fbf7f11df88f Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 20 Mar 2023 10:36:11 +0000 Subject: [PATCH 189/226] - Add common-session-nonlogin and postlogin-* pam.d config files for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 and upcoming pam_wtmpdb. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=273 --- common-session-nonlogin.pamd | 14 ++++++++++++++ pam.changes | 7 +++++++ pam.spec | 11 +++++++++++ postlogin-account.pamd | 10 ++++++++++ postlogin-auth.pamd | 10 ++++++++++ postlogin-password.pamd | 10 ++++++++++ postlogin-session.pamd | 10 ++++++++++ 7 files changed, 72 insertions(+) create mode 100644 common-session-nonlogin.pamd create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..665a150 --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,14 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_limits.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/pam.changes b/pam.changes index b1fb24e..59323da 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + ------------------------------------------------------------------- Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi diff --git a/pam.spec b/pam.spec index b47f650..41178ef 100644 --- a/pam.spec +++ b/pam.spec @@ -88,6 +88,11 @@ Source12: pam-login_defs-check.sh Source13: pam.tmpfiles Source14: Linux-PAM-%{version}-docs.tar.xz.asc Source15: Linux-PAM-%{version}.tar.xz.asc +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch Patch3: pam-xauth_ownership.patch Patch4: pam-bsc1177858-dont-free-environment-string.patch @@ -276,6 +281,11 @@ install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session mkdir -p %{buildroot}%{_prefix}/lib/motd.d # # Remove crap @@ -374,6 +384,7 @@ done %else %{_pam_vendordir}/other %{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* %endif %{_distconfdir}/environment %{_pam_secdistconfdir}/access.conf diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# -- 2.51.1 From f6b50ba88e9e9e0ce6fceacbc1ed4e2e7b342897e81199785472f384f07f4fd1 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 11 Apr 2023 08:24:03 +0000 Subject: [PATCH 190/226] Accepting request 1078360 from home:kukuk:cleanup - Drop pam-xauth_ownership.patch, got fixed in sudo itself - Drop pam-bsc1177858-dont-free-environment-string.patch, was a fix for above patch - Use bcond selinux to disable SELinux - Remove old pam_unix_* compat symlinks - Move pam_userdb to own pam-userdb sub-package - pam-extra contains now modules having extended dependencies like libsystemd - Update to 1.5.3.90 git snapshot - Drop merged patches: - pam-git.diff - docbook5.patch - pam_pwhistory-docu.patch - pam_xauth_data.3.xml.patch - Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all documentation anyways and don't use the prebuild versions - Move all devel manual pages to pam-manpages, too. Fixes the problem that adjusted defaults not shown correct. docbook5 - For buggy bot: Makefile-pam_unix-nis.diff belonged to the other - add macros.pam to abstract directory for pam modules - pam-limit-nproc.patch: increased process limit to help Chrome/Chromuim users with really lots of tabs. New limit gets - Update to current git (Linux-PAM-git-20140127.diff), which - Explicitly add pam_systemd.so to list of modules in - Remove pam_unix-login.defs.diff, not needed anymore - Added libtool as BuildRequire, and autoreconf -i option to fix * manpage is left intact, as it was OBS-URL: https://build.opensuse.org/request/show/1078360 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=274 --- Linux-PAM-1.5.2-docs.tar.xz | 3 - Linux-PAM-1.5.2-docs.tar.xz.asc | 16 - Linux-PAM-1.5.2.90.tar.xz | 3 + Linux-PAM-1.5.2.tar.xz | 3 - Linux-PAM-1.5.2.tar.xz.asc | 16 - docbook5.patch | 20426 ---------------- ...1177858-dont-free-environment-string.patch | 26 - pam-git.diff | 6965 ------ pam-xauth_ownership.patch | 105 - pam.changes | 106 +- pam.spec | 124 +- pam_pwhistory-docu.patch | 264 - pam_xauth_data.3.xml.patch | 97 - 13 files changed, 130 insertions(+), 28024 deletions(-) delete mode 100644 Linux-PAM-1.5.2-docs.tar.xz delete mode 100644 Linux-PAM-1.5.2-docs.tar.xz.asc create mode 100644 Linux-PAM-1.5.2.90.tar.xz delete mode 100644 Linux-PAM-1.5.2.tar.xz delete mode 100644 Linux-PAM-1.5.2.tar.xz.asc delete mode 100644 docbook5.patch delete mode 100644 pam-bsc1177858-dont-free-environment-string.patch delete mode 100644 pam-git.diff delete mode 100644 pam-xauth_ownership.patch delete mode 100644 pam_pwhistory-docu.patch delete mode 100644 pam_xauth_data.3.xml.patch diff --git a/Linux-PAM-1.5.2-docs.tar.xz b/Linux-PAM-1.5.2-docs.tar.xz deleted file mode 100644 index f0d6411..0000000 --- a/Linux-PAM-1.5.2-docs.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bd75b3474dfbed60dff728721c48a6dd88bfea901b607c469bbe5fa5ccc535e4 -size 443276 diff --git a/Linux-PAM-1.5.2-docs.tar.xz.asc b/Linux-PAM-1.5.2-docs.tar.xz.asc deleted file mode 100644 index 36d23e4..0000000 --- a/Linux-PAM-1.5.2-docs.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABCgAGBQJhMg78AAoJEKgEH6g54W429wIP/1FdfjVSygdVkmCSbMl0Dvbp -7/DOYkDb1W3KSzD4Y0pE76HXAxC5fL32781oioP3vx4YKLfP7VMxHM42ugFhKBcZ -cdXZGwCHxvbfNesjm++Lg5I0w16Qh9BoJ5UNbcLoIur+bpadmhPorj2SutPY/U9j -klKESN5AQtdnqUivTWbm4z8CrmZs3NoQTCfkv+ABW33olrj2gJtZucuMjfwDMQFS -oDikxPUErpz7tUDuWEM5Gp26B9iuz4mX/2pUmta18r0Y6RGSl6QtmjEhTlGR2n5R -XEDIZX4vLAYzWum63bzJH/xiyoRMur0lO55GSPtpLnLYPdaot8fWYzdpvRdfg7DR -rristlSYNtRhs3ORbMvvxqgkdzVKa6CLm9WuJiTHPY2dxNP6q8TYdHxyPtrscyz0 -ijhvxAYGHvJ47JESvV16pLaQhTKdVp95aM+pC8A2WfCMZf8WfKM8ZpT9JtZ6tjwC -wc79KWEX9SARoiqk0ZuqITu1pR9gzzDS5WBehwvJkTFm95PkaxQyPNCYwbUIouUf -c+mg5u2xaXrR4NWLMZZid0HRivwYb3/nK8hqUqRaUEri2KoSl6N5f8KlNiyLQiUN -JYB/GRWFueCkGPzuhCREyxdQ0Pxh3H1Us6TLgFHYv/ZdJjYY9GpqLXx7PuoKhZUU -kfOtmSc7D8FhaXULOtvi -=ijjK ------END PGP SIGNATURE----- diff --git a/Linux-PAM-1.5.2.90.tar.xz b/Linux-PAM-1.5.2.90.tar.xz new file mode 100644 index 0000000..dddda6d --- /dev/null +++ b/Linux-PAM-1.5.2.90.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a819c1b629b8101543e6c964a4e22d23b29f3456d28b4ba403dd280e46a6315 +size 1009900 diff --git a/Linux-PAM-1.5.2.tar.xz b/Linux-PAM-1.5.2.tar.xz deleted file mode 100644 index 6da688b..0000000 --- a/Linux-PAM-1.5.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e4ec7131a91da44512574268f493c6d8ca105c87091691b8e9b56ca685d4f94d -size 988784 diff --git a/Linux-PAM-1.5.2.tar.xz.asc b/Linux-PAM-1.5.2.tar.xz.asc deleted file mode 100644 index 8eddb9d..0000000 --- a/Linux-PAM-1.5.2.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABCgAGBQJhMg48AAoJEKgEH6g54W42TUgP/0feavEYuZpjTWche32Ug2nu -h6TGQbqkAasDexkHf6S2p+LYbt/6Nl+EpzOtELY/F3qRq8aYgTlHpJETSSBcZ++t -tIhoaPAhEt+N5vb4YfTQcYIGihdgAzQCj0LViEuG/1PgSUjPdbW8RyvfJTw6I3Ch -XUulrEwyudPCZHDpdW06DMv2we/7oTzrWHVDEmY/TTFKCvDSuAixLrxZrLO/MRK4 -huhXhe3oGv+TtLCqPcr0nJDTl44XNQOTbP/Dl+EI/5tXlDLXLH+IiPEMvnDRbsdd -ngqdwM6wsOenEtlcA27YkDID/FRwgGJILKNaaUKSIa/uk8Tzy+Lx0j1wKEmE8P4T -JI+24IIP5Gw8Sxd+NB8lSjtHXlyJF8psAFRWnTb67mgVTXruDXo771Mhqqy2Vu74 -sjf03w6jYrcGGKHlr7Q08jncghmMHFdW6jAcOG02oNO1oNrSu67MjAIqFox36Byu -FmCajrGBwCR6bWmHCFRGT9qESWg9zRjPL7vkVBmAQg4J4og8FExUi8wBqt1zFH8W -vGTgCDB/Oue3nYTws27hNKEeYumA8emOHyCG4n80vyA6DbRp+7nrtcDnJQir0lzf -8UfWxooIJNqFH9ohnAqMTqJbKJkjLswLnTVpuyJvgzDwGl4sdSvIToxTo/2jp2W+ -q1y3BpSxAA1wOd9/mTM+ -=KMIz ------END PGP SIGNATURE----- diff --git a/docbook5.patch b/docbook5.patch deleted file mode 100644 index 7adfcb2..0000000 --- a/docbook5.patch +++ /dev/null @@ -1,20426 +0,0 @@ -From 55e4d5c4aac39602518dd5d4ce03a4313775180f Mon Sep 17 00:00:00 2001 -From: Stefan Schubert -Date: Tue, 25 Oct 2022 16:29:41 +0200 -Subject: [PATCH] doc: Update PAM documentation from DockBook 4 to DocBook 5 - -Changed files --------------- - -Make.xml.rules.in: -- Using RNG file instead of DTD file for checking XML files. -- Taking the correct stylesheet for README files. - -doc/sag/Makefile.am, doc/adg/Makefile.am, doc/mwg/Makefile.am: -- Using RNG file instead of DTD file for checking XML files. - -configure.ac: -- Adding a new option for selecting RNG check file (-enable-docbook-rng) -- Switching stylesheets to docbook 5 -- Checking DocBook 5 environment instead of DocBook 4 environment - -*.xml: -Update from DockBook 4 to DocBook 5 ---- - Make.xml.rules.in | 10 +- - ci/install-dependencies.sh | 4 +- - configure.ac | 33 ++- - doc/adg/Linux-PAM_ADG.xml | 199 +++++++-------- - doc/adg/Makefile.am | 6 +- - doc/adg/pam_acct_mgmt.xml | 20 +- - doc/adg/pam_authenticate.xml | 20 +- - doc/adg/pam_chauthtok.xml | 20 +- - doc/adg/pam_close_session.xml | 20 +- - doc/adg/pam_conv.xml | 20 +- - doc/adg/pam_end.xml | 20 +- - doc/adg/pam_fail_delay.xml | 20 +- - doc/adg/pam_get_item.xml | 20 +- - doc/adg/pam_getenv.xml | 20 +- - doc/adg/pam_getenvlist.xml | 20 +- - doc/adg/pam_misc_conv.xml | 15 +- - doc/adg/pam_misc_drop_env.xml | 15 +- - doc/adg/pam_misc_paste_env.xml | 15 +- - doc/adg/pam_misc_setenv.xml | 15 +- - doc/adg/pam_open_session.xml | 20 +- - doc/adg/pam_putenv.xml | 20 +- - doc/adg/pam_set_item.xml | 20 +- - doc/adg/pam_setcred.xml | 20 +- - doc/adg/pam_start.xml | 20 +- - doc/adg/pam_strerror.xml | 20 +- - doc/man/misc_conv.3.xml | 35 ++- - doc/man/pam.3.xml | 40 ++- - doc/man/pam.8.xml | 85 ++++--- - doc/man/pam.conf-desc.xml | 7 +- - doc/man/pam.conf-dir.xml | 9 +- - doc/man/pam.conf-syntax.xml | 12 +- - doc/man/pam.conf.5.xml | 28 +-- - doc/man/pam_acct_mgmt.3.xml | 20 +- - doc/man/pam_authenticate.3.xml | 20 +- - doc/man/pam_chauthtok.3.xml | 20 +- - doc/man/pam_close_session.3.xml | 21 +- - doc/man/pam_conv.3.xml | 20 +- - doc/man/pam_end.3.xml | 21 +- - doc/man/pam_error.3.xml | 23 +- - doc/man/pam_fail_delay.3.xml | 27 +-- - doc/man/pam_get_authtok.3.xml | 33 ++- - doc/man/pam_get_data.3.xml | 21 +- - doc/man/pam_get_item.3.xml | 33 +-- - doc/man/pam_get_user.3.xml | 21 +- - doc/man/pam_getenv.3.xml | 20 +- - doc/man/pam_getenvlist.3.xml | 20 +- - doc/man/pam_info.3.xml | 23 +- - doc/man/pam_item_types_ext.inc.xml | 5 +- - doc/man/pam_item_types_std.inc.xml | 5 +- - doc/man/pam_misc_drop_env.3.xml | 21 +- - doc/man/pam_misc_paste_env.3.xml | 21 +- - doc/man/pam_misc_setenv.3.xml | 21 +- - doc/man/pam_open_session.3.xml | 21 +- - doc/man/pam_prompt.3.xml | 23 +- - doc/man/pam_putenv.3.xml | 20 +- - doc/man/pam_set_data.3.xml | 21 +- - doc/man/pam_set_item.3.xml | 33 +-- - doc/man/pam_setcred.3.xml | 21 +- - doc/man/pam_sm_acct_mgmt.3.xml | 22 +- - doc/man/pam_sm_authenticate.3.xml | 22 +- - doc/man/pam_sm_chauthtok.3.xml | 30 ++- - doc/man/pam_sm_close_session.3.xml | 22 +- - doc/man/pam_sm_open_session.3.xml | 22 +- - doc/man/pam_sm_setcred.3.xml | 24 +- - doc/man/pam_start.3.xml | 21 +- - doc/man/pam_strerror.3.xml | 21 +- - doc/man/pam_syslog.3.xml | 21 +- - doc/man/pam_xauth_data.3.xml | 21 +- - doc/mwg/Linux-PAM_MWG.xml | 178 ++++++-------- - doc/mwg/Makefile.am | 6 +- - doc/mwg/pam_conv.xml | 20 +- - doc/mwg/pam_fail_delay.xml | 20 +- - doc/mwg/pam_get_data.xml | 20 +- - doc/mwg/pam_get_item.xml | 20 +- - doc/mwg/pam_get_user.xml | 20 +- - doc/mwg/pam_getenv.xml | 20 +- - doc/mwg/pam_getenvlist.xml | 20 +- - doc/mwg/pam_putenv.xml | 20 +- - doc/mwg/pam_set_data.xml | 20 +- - doc/mwg/pam_set_item.xml | 20 +- - doc/mwg/pam_sm_acct_mgmt.xml | 20 +- - doc/mwg/pam_sm_authenticate.xml | 20 +- - doc/mwg/pam_sm_chauthtok.xml | 20 +- - doc/mwg/pam_sm_close_session.xml | 20 +- - doc/mwg/pam_sm_open_session.xml | 20 +- - doc/mwg/pam_sm_setcred.xml | 20 +- - doc/mwg/pam_strerror.xml | 20 +- - doc/sag/Linux-PAM_SAG.xml | 229 +++++++----------- - doc/sag/Makefile.am | 7 +- - doc/sag/pam_access.xml | 52 ++-- - doc/sag/pam_debug.xml | 42 ++-- - doc/sag/pam_deny.xml | 42 ++-- - doc/sag/pam_echo.xml | 42 ++-- - doc/sag/pam_env.xml | 52 ++-- - doc/sag/pam_exec.xml | 42 ++-- - doc/sag/pam_faildelay.xml | 42 ++-- - doc/sag/pam_faillock.xml | 47 ++-- - doc/sag/pam_filter.xml | 42 ++-- - doc/sag/pam_ftp.xml | 42 ++-- - doc/sag/pam_group.xml | 52 ++-- - doc/sag/pam_issue.xml | 42 ++-- - doc/sag/pam_keyinit.xml | 42 ++-- - doc/sag/pam_lastlog.xml | 42 ++-- - doc/sag/pam_limits.xml | 52 ++-- - doc/sag/pam_listfile.xml | 42 ++-- - doc/sag/pam_localuser.xml | 42 ++-- - doc/sag/pam_loginuid.xml | 42 ++-- - doc/sag/pam_mail.xml | 42 ++-- - doc/sag/pam_mkhomedir.xml | 42 ++-- - doc/sag/pam_motd.xml | 42 ++-- - doc/sag/pam_namespace.xml | 52 ++-- - doc/sag/pam_nologin.xml | 42 ++-- - doc/sag/pam_permit.xml | 42 ++-- - doc/sag/pam_pwhistory.xml | 47 ++-- - doc/sag/pam_rhosts.xml | 42 ++-- - doc/sag/pam_rootok.xml | 42 ++-- - doc/sag/pam_securetty.xml | 42 ++-- - doc/sag/pam_selinux.xml | 42 ++-- - doc/sag/pam_sepermit.xml | 47 ++-- - doc/sag/pam_setquota.xml | 42 ++-- - doc/sag/pam_shells.xml | 42 ++-- - doc/sag/pam_succeed_if.xml | 42 ++-- - doc/sag/pam_time.xml | 52 ++-- - doc/sag/pam_timestamp.xml | 52 ++-- - doc/sag/pam_tty_audit.xml | 47 ++-- - doc/sag/pam_umask.xml | 42 ++-- - doc/sag/pam_unix.xml | 42 ++-- - doc/sag/pam_userdb.xml | 42 ++-- - doc/sag/pam_warn.xml | 42 ++-- - doc/sag/pam_wheel.xml | 42 ++-- - doc/sag/pam_xauth.xml | 42 ++-- - modules/pam_access/README.xml | 32 +-- - modules/pam_access/access.conf.5.xml | 20 +- - modules/pam_access/pam_access.8.xml | 63 +++-- - modules/pam_debug/README.xml | 32 +-- - modules/pam_debug/pam_debug.8.xml | 61 +++-- - modules/pam_deny/README.xml | 29 +-- - modules/pam_deny/pam_deny.8.xml | 29 +-- - modules/pam_echo/README.xml | 29 +-- - modules/pam_echo/pam_echo.8.xml | 45 ++-- - modules/pam_env/README.xml | 34 +-- - modules/pam_env/pam_env.8.xml | 63 +++-- - modules/pam_env/pam_env.conf.5.xml | 19 +- - modules/pam_exec/README.xml | 32 +-- - modules/pam_exec/pam_exec.8.xml | 65 +++-- - modules/pam_faildelay/README.xml | 32 +-- - modules/pam_faildelay/pam_faildelay.8.xml | 37 ++- - modules/pam_faillock/README.xml | 35 +-- - modules/pam_faillock/faillock.8.xml | 41 ++-- - modules/pam_faillock/faillock.conf.5.xml | 53 ++-- - modules/pam_faillock/pam_faillock.8.xml | 74 +++--- - modules/pam_filter/README.xml | 32 +-- - modules/pam_filter/pam_filter.8.xml | 51 ++-- - modules/pam_ftp/README.xml | 32 +-- - modules/pam_ftp/pam_ftp.8.xml | 41 ++-- - modules/pam_group/README.xml | 29 +-- - modules/pam_group/group.conf.5.xml | 19 +- - modules/pam_group/pam_group.8.xml | 31 ++- - modules/pam_issue/README.xml | 32 +-- - modules/pam_issue/pam_issue.8.xml | 63 +++-- - modules/pam_keyinit/README.xml | 32 +-- - modules/pam_keyinit/pam_keyinit.8.xml | 47 ++-- - modules/pam_lastlog/README.xml | 32 +-- - modules/pam_lastlog/pam_lastlog.8.xml | 77 +++--- - modules/pam_limits/README.xml | 32 +-- - modules/pam_limits/limits.conf.5.xml | 111 ++++----- - modules/pam_limits/pam_limits.8.xml | 55 ++--- - modules/pam_listfile/README.xml | 32 +-- - modules/pam_listfile/pam_listfile.8.xml | 53 ++-- - modules/pam_localuser/README.xml | 32 +-- - modules/pam_localuser/pam_localuser.8.xml | 41 ++-- - modules/pam_loginuid/README.xml | 29 +-- - modules/pam_loginuid/pam_loginuid.8.xml | 33 ++- - modules/pam_mail/README.xml | 32 +-- - modules/pam_mail/pam_mail.8.xml | 73 +++--- - modules/pam_mkhomedir/README.xml | 29 +-- - modules/pam_mkhomedir/mkhomedir_helper.8.xml | 29 +-- - modules/pam_mkhomedir/pam_mkhomedir.8.xml | 49 ++-- - modules/pam_motd/README.xml | 32 +-- - modules/pam_motd/pam_motd.8.xml | 41 ++-- - modules/pam_namespace/README.xml | 37 +-- - modules/pam_namespace/namespace.conf.5.xml | 19 +- - modules/pam_namespace/pam_namespace.8.xml | 87 ++++--- - .../pam_namespace/pam_namespace_helper.8.xml | 21 +- - modules/pam_nologin/README.xml | 35 +-- - modules/pam_nologin/pam_nologin.8.xml | 39 ++- - modules/pam_permit/README.xml | 32 +-- - modules/pam_permit/pam_permit.8.xml | 29 +-- - modules/pam_pwhistory/README.xml | 32 +-- - modules/pam_pwhistory/pam_pwhistory.8.xml | 65 +++-- - modules/pam_pwhistory/pwhistory.conf.5.xml | 39 ++- - modules/pam_pwhistory/pwhistory_helper.8.xml | 23 +- - modules/pam_rhosts/README.xml | 32 +-- - modules/pam_rhosts/pam_rhosts.8.xml | 35 ++- - modules/pam_rootok/README.xml | 32 +-- - modules/pam_rootok/pam_rootok.8.xml | 35 ++- - modules/pam_securetty/README.xml | 32 +-- - modules/pam_securetty/pam_securetty.8.xml | 41 ++-- - modules/pam_selinux/README.xml | 32 +-- - modules/pam_selinux/pam_selinux.8.xml | 65 +++-- - modules/pam_sepermit/README.xml | 32 +-- - modules/pam_sepermit/pam_sepermit.8.xml | 41 ++-- - modules/pam_sepermit/sepermit.conf.5.xml | 29 +-- - modules/pam_setquota/README.xml | 32 +-- - modules/pam_setquota/pam_setquota.8.xml | 64 +++-- - modules/pam_shells/README.xml | 32 +-- - modules/pam_shells/pam_shells.8.xml | 29 +-- - modules/pam_stress/README.xml | 26 +- - modules/pam_stress/pam_stress.8.xml | 71 +++--- - modules/pam_succeed_if/README.xml | 32 +-- - modules/pam_succeed_if/pam_succeed_if.8.xml | 78 +++--- - modules/pam_time/README.xml | 29 +-- - modules/pam_time/pam_time.8.xml | 45 ++-- - modules/pam_time/time.conf.5.xml | 23 +- - modules/pam_timestamp/README.xml | 35 +-- - modules/pam_timestamp/pam_timestamp.8.xml | 53 ++-- - .../pam_timestamp/pam_timestamp_check.8.xml | 45 ++-- - modules/pam_tty_audit/README.xml | 30 +-- - modules/pam_tty_audit/pam_tty_audit.8.xml | 47 ++-- - modules/pam_umask/README.xml | 32 +-- - modules/pam_umask/pam_umask.8.xml | 51 ++-- - modules/pam_unix/README.xml | 32 +-- - modules/pam_unix/pam_unix.8.xml | 89 ++++--- - modules/pam_unix/unix_chkpwd.8.xml | 23 +- - modules/pam_unix/unix_update.8.xml | 23 +- - modules/pam_userdb/README.xml | 32 +-- - modules/pam_userdb/pam_userdb.8.xml | 67 +++-- - modules/pam_usertype/README.xml | 32 +-- - modules/pam_usertype/pam_usertype.8.xml | 42 ++-- - modules/pam_warn/README.xml | 32 +-- - modules/pam_warn/pam_warn.8.xml | 31 ++- - modules/pam_wheel/README.xml | 32 +-- - modules/pam_wheel/pam_wheel.8.xml | 59 +++-- - modules/pam_xauth/README.xml | 35 +-- - modules/pam_xauth/pam_xauth.8.xml | 65 +++-- - 235 files changed, 3399 insertions(+), 5102 deletions(-) - -diff --git a/Make.xml.rules.in b/Make.xml.rules.in -index 27bb510ec..98beb9ed7 100644 ---- a/Make.xml.rules.in -+++ b/Make.xml.rules.in -@@ -5,22 +5,22 @@ - README: $(XMLS) - - README: README.xml -- $(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-html.xsl $< | $(BROWSER) > $(srcdir)/$@ -+ $(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" @STRINGPARAM_VENDORDIR@ --nonet $(TXT_STYLESHEET) $< | $(BROWSER) > $(srcdir)/$@ - - %.1: %.1.xml -- $(XMLLINT) --nonet --xinclude --postvalid --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< - $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< - - %.3: %.3.xml -- $(XMLLINT) --nonet --xinclude --postvalid --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< - $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< - - %.5: %.5.xml -- $(XMLLINT) --nonet --xinclude --postvalid --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< - $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ --nonet $(top_srcdir)/doc/custom-man.xsl $< - - %.8: %.8.xml -- $(XMLLINT) --nonet --xinclude --postvalid --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noout $< - $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude @STRINGPARAM_VENDORDIR@ @STRINGPARAM_HMAC@ --nonet $(top_srcdir)/doc/custom-man.xsl $< - - #CLEANFILES += $(man_MANS) README -diff --git a/configure.ac b/configure.ac -index 538195e55..afa749cf6 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -243,26 +243,35 @@ if test x"$enable_debug" = x"yes" ; then - [lots of stuff gets written to /var/run/pam-debug.log]) - fi - -+AC_ARG_ENABLE(docbook_rng, -+ AS_HELP_STRING([--enable-docbook-rng=FILE],[RNG file for checking XML files @<:@default=http://docbook.org/xml/5.0/rng/docbookxi.rng@:>@]), -+ DOCBOOK_RNG=$enableval, DOCBOOK_RNG=http://docbook.org/xml/5.0/rng/docbookxi.rng) -+AC_SUBST(DOCBOOK_RNG) -+ - AC_ARG_ENABLE(html_stylesheet, -- AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl@:>@]), -- HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl) -+ AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/html/chunk.xsl@:>@]), -+ HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/html/chunk.xsl) - AC_SUBST(HTML_STYLESHEET) - - AC_ARG_ENABLE(txt_stylesheet, -- AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl@:>@]), -- TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl) -+ AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/html/docbook.xsl@:>@]), -+ TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/html/docbook.xsl) -+ -+ - AC_SUBST(TXT_STYLESHEET) - # It has to be TXT_STYLESHEET otherwise a html tree will be generated while generating all README files. - sed "s+HTML_STYLESHEET+$TXT_STYLESHEET+g" doc/custom-html.xsl - - AC_ARG_ENABLE(pdf_stylesheet, -- AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl@:>@]), -- PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl) -+ AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/fo/docbook.xsl@:>@]), -+ PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/fo/docbook.xsl) - AC_SUBST(PDF_STYLESHEET) - - AC_ARG_ENABLE(man_stylesheet, -- AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl@:>@]), -- MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl) -+ AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl-ns/current/manpages/profile-docbook.xsl@:>@]), -+ MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl-ns/current/manpages/profile-docbook.xsl) -+ -+ - AC_SUBST(MAN_STYLESHEET) - sed "s+MAN_STYLESHEET+$MAN_STYLESHEET+g" doc/custom-man.xsl - -@@ -608,10 +617,10 @@ if test -z "$XSLTPROC"; then - enable_docu=no - fi - AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true]) --dnl check for DocBook DTD and stylesheets in the local catalog. --JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN], -- [DocBook XML DTD V4.4], [], enable_docu=no) --JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], -+dnl check for DocBook RNG and stylesheets in the local catalog. -+JH_CHECK_XML_CATALOG([http://docbook.org/xml/5.0/rng/docbookxi.rng], -+ [DocBook XML RNG V5.0], [], enable_docu=no) -+JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl-ns/current/manpages/docbook.xsl], - [DocBook XSL Stylesheets], [], enable_docu=no) - - AC_PATH_PROG([BROWSER], [w3m]) -diff --git a/doc/adg/Linux-PAM_ADG.xml b/doc/adg/Linux-PAM_ADG.xml -index 79452e17d..169e15cf1 100644 ---- a/doc/adg/Linux-PAM_ADG.xml -+++ b/doc/adg/Linux-PAM_ADG.xml -@@ -1,50 +1,39 @@ -- -- -- -- -+ -+ - The Linux-PAM Application Developers' Guide - -- -- Andrew G. -- Morgan -- morgan@kernel.org -- -- -- Thorsten -- Kukuk -- kukuk@thkukuk.de -- -+ Andrew G.Morganmorgan@kernel.org -+ ThorstenKukukkukuk@thkukuk.de - - Version 1.1.2, 31. August 2010 - - - This manual documents what an application developer needs to know -- about the Linux-PAM library. It -+ about the Linux-PAM library. It - describes how an application might use the -- Linux-PAM library to authenticate -+ Linux-PAM library to authenticate - users. In addition it contains a description of the functions - to be found in libpam_misc library, that can - be used in general applications. Finally, it contains some comments - on PAM related security issues for the application developer. - - -- -+ - -- -+ - Introduction --
-+
- Description - -- Linux-PAM -+ Linux-PAM - (Pluggable Authentication Modules for Linux) is a library that enables - the local system administrator to choose how individual applications - authenticate users. For an overview of the -- Linux-PAM library see the -+ Linux-PAM library see the - Linux-PAM System Administrators' Guide. - - -- It is the purpose of the Linux-PAM -+ It is the purpose of the Linux-PAM - project to liberate the development of privilege granting software - from the development of secure and appropriate authentication schemes. - This is accomplished by providing a documented library of functions -@@ -64,11 +53,11 @@ - -
- --
-+
- Synopsis - - For general applications that wish to use the services provided by -- Linux-PAM the following is a summary -+ Linux-PAM the following is a summary - of the relevant linking information: - - #include <security/pam_appl.h> -@@ -92,7 +81,7 @@ cc -o application .... -lpam -lpam_misc -
- - -- -+ - Overview - - Most service-giving applications are restricted. In other words, -@@ -108,7 +97,7 @@ cc -o application .... -lpam -lpam_misc - authentication-token (password changing) management services. It is - important to realize when writing a PAM based application that these - services are provided in a manner that is -- transparent to the application. That is -+ transparent to the application. That is - to say, when the application is written, no assumptions can be made - about how the client will be authenticated. - -@@ -206,74 +195,58 @@ cc -o application .... -lpam -lpam_misc - - - -- -+ - -- The public interface to <emphasis remap='B'>Linux-PAM</emphasis> -+ The public interface to <emphasis remap="B">Linux-PAM</emphasis> - - - Firstly, the relevant include file for the -- Linux-PAM library is -+ Linux-PAM library is - <security/pam_appl.h>. - It contains the definitions for a number of functions. After - listing these functions, we collect some guiding remarks for - programmers. - --
-+
- What can be expected by the application -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -
--
-+
- What is expected of an application -- -+ -
--
-+
- Programming notes - - Note, all of the authentication service function calls accept the -- token PAM_SILENT, which instructs -+ token PAM_SILENT, which instructs - the modules to not send messages to the application. This token - can be logically OR'd with any one of the permitted tokens specific - to the individual function calls. -- PAM_SILENT does not override the -+ PAM_SILENT does not override the - prompting of the user for passwords etc., it only stops informative - messages from being generated. - -
- - -- -+ - -- Security issues of <emphasis remap='B'>Linux-PAM</emphasis> -+ Security issues of <emphasis remap="B">Linux-PAM</emphasis> - - - PAM, from the perspective of an application, is a convenient API for -@@ -284,19 +257,19 @@ cc -o application .... -lpam -lpam_misc - - - A poorly (or maliciously) written application can defeat any -- Linux-PAM module's authentication -+ Linux-PAM module's authentication - mechanisms by simply ignoring it's return values. It is the - applications task and responsibility to grant privileges and access -- to services. The Linux-PAM library -+ to services. The Linux-PAM library - simply assumes the responsibility of authenticating - the user; ascertaining that the user is who they - say they are. Care should be taken to anticipate all of the documented -- behavior of the Linux-PAM library -+ behavior of the Linux-PAM library - functions. A failure to do this will most certainly lead to a future - security breach. - - --
-+
- Care about standard library calls - - In general, writers of authorization-granting applications should -@@ -308,9 +281,9 @@ cc -o application .... -lpam -lpam_misc - function is likely to corrupt a pointer previously - obtained by the application. The application programmer should - either re-call such a 'libc' function after a call to the -- Linux-PAM library, or copy the -+ Linux-PAM library, or copy the - structure contents to some safe area of memory before passing -- control to the Linux-PAM library. -+ control to the Linux-PAM library. - - - Two important function classes that fall into this category are -@@ -322,12 +295,12 @@ cc -o application .... -lpam -lpam_misc - -
- --
-+
- Choice of a service name - - When picking the service-name that - corresponds to the first entry in the -- Linux-PAM configuration file, -+ Linux-PAM configuration file, - the application programmer should avoid - the temptation of choosing something related to - argv[0]. It is a trivial matter for any user -@@ -352,11 +325,11 @@ cc -o application .... -lpam -lpam_misc - and then run ./preferred_name. - - -- By studying the Linux-PAM -+ By studying the Linux-PAM - configuration file(s), an attacker can choose the - preferred_name to be that of a service enjoying - minimal protection; for example a game which uses -- Linux-PAM to restrict access to -+ Linux-PAM to restrict access to - certain hours of the day. If the service-name were to be linked - to the filename under which the service was invoked, it - is clear that the user is effectively in the position of -@@ -370,7 +343,7 @@ cc -o application .... -lpam -lpam_misc - -
- --
-+
- The conversation function - - Care should be taken to ensure that the conv() -@@ -380,10 +353,10 @@ cc -o application .... -lpam -lpam_misc - -
- --
-+
- The identity of the user - -- The Linux-PAM modules will need -+ The Linux-PAM modules will need - to determine the identity of the user who requests a service, - and the identity of the user who grants the service. These two - users will seldom be the same. Indeed there is generally a third -@@ -444,7 +417,7 @@ cc -o application .... -lpam -lpam_misc - -
- --
-+
- Sufficient resources - - Care should be taken to ensure that the proper execution of an -@@ -465,7 +438,7 @@ cc -o application .... -lpam -lpam_misc -
- - -- -+ - A library of miscellaneous helper functions - - To aid the work of the application developer a library of -@@ -479,24 +452,20 @@ cc -o application .... -lpam -lpam_misc - library can be defined by including - <security/pam_misc.h>. It should be - noted that this library is specific to -- Linux-PAM and is not referred to in -+ Linux-PAM and is not referred to in - the defining DCE-RFC (see See also) - below. - --
-+
- Functions supplied -- -- -- -- -+ -+ -+ -+ -
- - -- -+ - Porting legacy applications - - The point of PAM is that the application is not supposed to -@@ -545,7 +514,7 @@ cc -o application .... -lpam -lpam_misc - - - -- -+ - Glossary of PAM related terms - - The following are a list of terms used within this document. -@@ -585,17 +554,17 @@ cc -o application .... -lpam -lpam_misc - - - -- -+ - An example application - -- To get a flavor of the way a Linux-PAM -+ To get a flavor of the way a Linux-PAM - application is written we include the following example. It prompts - the user for their password and indicates whether their account - is valid on the standard output, its return code also indicates - the success (0 for success; - 1 for failure). - -- - /* - This program was contributed by Shane Watts - [modifications by AGM and kukuk] -@@ -607,9 +576,9 @@ cc -o application .... -lpam -lpam_misc - account required pam_unix.so - */ - --#include --#include --#include -+#include <security/pam_appl.h> -+#include <security/pam_misc.h> -+#include <stdio.h> - - static struct pam_conv conv = { - misc_conv, -@@ -626,12 +595,12 @@ int main(int argc, char *argv[]) - user = argv[1]; - } - -- if(argc > 2) { -+ if(argc > 2) { - fprintf(stderr, "Usage: check_user [username]\n"); - exit(1); - } - -- retval = pam_start("check_user", user, &conv, &pamh); -+ retval = pam_start("check_user", user, &conv, &pamh); - - if (retval == PAM_SUCCESS) - retval = pam_authenticate(pamh, 0); /* is user really user? */ -@@ -655,24 +624,24 @@ int main(int argc, char *argv[]) - - return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ - } --]]> -+ - - - -- -+ - Files - - -- /usr/include/security/pam_appl.h -+ /usr/include/security/pam_appl.h - - - Header file with interfaces for -- Linux-PAM applications. -+ Linux-PAM applications. - - - - -- /usr/include/security/pam_misc.h -+ /usr/include/security/pam_misc.h - - - Header file for useful library functions for making -@@ -683,7 +652,7 @@ int main(int argc, char *argv[]) - - - -- -+ - See also - - -@@ -706,7 +675,7 @@ int main(int argc, char *argv[]) - - - -- -+ - Author/acknowledgments - - This document was written by Andrew G. Morgan (morgan@kernel.org) -@@ -726,14 +695,14 @@ int main(int argc, char *argv[]) - - Thanks are also due to Sun Microsystems, especially to Vipin Samar and - Charlie Lai for their advice. At an early stage in the development of -- Linux-PAM, Sun graciously made the -+ Linux-PAM, Sun graciously made the - documentation for their implementation of PAM available. This act - greatly accelerated the development of -- Linux-PAM. -+ Linux-PAM. - - - -- -+ - Copyright information for this document - - Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> -@@ -777,4 +746,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - - -- -+ -\ No newline at end of file -diff --git a/doc/adg/Makefile.am b/doc/adg/Makefile.am -index b795b1a46..77abdb717 100644 ---- a/doc/adg/Makefile.am -+++ b/doc/adg/Makefile.am -@@ -16,7 +16,7 @@ all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf - - Linux-PAM_ADG.pdf: $(XMLS) $(DEP_XMLS) - if ENABLE_GENERATE_PDF -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam generate.toc "book toc" \ - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ -@@ -28,7 +28,7 @@ else - endif - - Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam generate.toc "book toc" \ - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ -@@ -37,7 +37,7 @@ Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) - - html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) - @test -d html || mkdir -p html -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam base.dir html/ \ - --stringparam root.filename Linux-PAM_ADG \ - --stringparam use.id.as.filename 1 \ -diff --git a/doc/adg/pam_acct_mgmt.xml b/doc/adg/pam_acct_mgmt.xml -index 6a3a37d2c..afcf2f2f1 100644 ---- a/doc/adg/pam_acct_mgmt.xml -+++ b/doc/adg/pam_acct_mgmt.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Account validation management - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_authenticate.xml b/doc/adg/pam_authenticate.xml -index 2ca9b540b..aa36c6870 100644 ---- a/doc/adg/pam_authenticate.xml -+++ b/doc/adg/pam_authenticate.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Authenticating the user - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_chauthtok.xml b/doc/adg/pam_chauthtok.xml -index 1c613da7a..e6815dde6 100644 ---- a/doc/adg/pam_chauthtok.xml -+++ b/doc/adg/pam_chauthtok.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Updating authentication tokens - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_close_session.xml b/doc/adg/pam_close_session.xml -index 4b93fc3a5..ed83d7a1c 100644 ---- a/doc/adg/pam_close_session.xml -+++ b/doc/adg/pam_close_session.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- terminating PAM session management - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_conv.xml b/doc/adg/pam_conv.xml -index 01b751277..b2ba876e8 100644 ---- a/doc/adg/pam_conv.xml -+++ b/doc/adg/pam_conv.xml -@@ -1,11 +1,7 @@ -- -- --
-+
- The conversation function - -- -+ - - - struct pam_message { -@@ -24,12 +20,10 @@ struct pam_conv { - void *appdata_ptr; - }; - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_end.xml b/doc/adg/pam_end.xml -index efa328bec..5e7192550 100644 ---- a/doc/adg/pam_end.xml -+++ b/doc/adg/pam_end.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Termination of PAM transaction - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_fail_delay.xml b/doc/adg/pam_fail_delay.xml -index 589e1148b..d602a1f79 100644 ---- a/doc/adg/pam_fail_delay.xml -+++ b/doc/adg/pam_fail_delay.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Request a delay on failure - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_get_item.xml b/doc/adg/pam_get_item.xml -index f23c734b8..d12cb17d7 100644 ---- a/doc/adg/pam_get_item.xml -+++ b/doc/adg/pam_get_item.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Getting PAM items - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_getenv.xml b/doc/adg/pam_getenv.xml -index 61d69c33c..f7b483ed9 100644 ---- a/doc/adg/pam_getenv.xml -+++ b/doc/adg/pam_getenv.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Get a PAM environment variable - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_getenvlist.xml b/doc/adg/pam_getenvlist.xml -index d3c2fcd35..4433c04d6 100644 ---- a/doc/adg/pam_getenvlist.xml -+++ b/doc/adg/pam_getenvlist.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Getting the PAM environment - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_misc_conv.xml b/doc/adg/pam_misc_conv.xml -index 2dc760cc3..4f54e11a4 100644 ---- a/doc/adg/pam_misc_conv.xml -+++ b/doc/adg/pam_misc_conv.xml -@@ -1,14 +1,9 @@ -- -- --
-+
- Text based conversation function - -- -+ - --
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_misc_drop_env.xml b/doc/adg/pam_misc_drop_env.xml -index 956d48156..cacb770e0 100644 ---- a/doc/adg/pam_misc_drop_env.xml -+++ b/doc/adg/pam_misc_drop_env.xml -@@ -1,14 +1,9 @@ -- -- --
-+
- Liberating a locally saved environment - -- -+ - --
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_misc_paste_env.xml b/doc/adg/pam_misc_paste_env.xml -index c6d3856bc..8ab2440ab 100644 ---- a/doc/adg/pam_misc_paste_env.xml -+++ b/doc/adg/pam_misc_paste_env.xml -@@ -1,14 +1,9 @@ -- -- --
-+
- Transcribing an environment to that of PAM - -- -+ - --
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_misc_setenv.xml b/doc/adg/pam_misc_setenv.xml -index 3b1a32e44..7e8c489b6 100644 ---- a/doc/adg/pam_misc_setenv.xml -+++ b/doc/adg/pam_misc_setenv.xml -@@ -1,14 +1,9 @@ -- -- --
-+
- BSD like PAM environment variable setting - -- -+ - --
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_open_session.xml b/doc/adg/pam_open_session.xml -index ba738a552..10afa755f 100644 ---- a/doc/adg/pam_open_session.xml -+++ b/doc/adg/pam_open_session.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Start PAM session management - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_putenv.xml b/doc/adg/pam_putenv.xml -index e55f1a42f..6378a15b2 100644 ---- a/doc/adg/pam_putenv.xml -+++ b/doc/adg/pam_putenv.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Set or change PAM environment variable - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_set_item.xml b/doc/adg/pam_set_item.xml -index 411693874..efc4292b1 100644 ---- a/doc/adg/pam_set_item.xml -+++ b/doc/adg/pam_set_item.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Setting PAM items - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_setcred.xml b/doc/adg/pam_setcred.xml -index 1d3d23cdd..488028cd9 100644 ---- a/doc/adg/pam_setcred.xml -+++ b/doc/adg/pam_setcred.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Setting user credentials - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_start.xml b/doc/adg/pam_start.xml -index e5ec84818..c7ee4494a 100644 ---- a/doc/adg/pam_start.xml -+++ b/doc/adg/pam_start.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Initialization of PAM transaction - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/adg/pam_strerror.xml b/doc/adg/pam_strerror.xml -index 35b08a274..e4e1c56af 100644 ---- a/doc/adg/pam_strerror.xml -+++ b/doc/adg/pam_strerror.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Strings describing PAM error codes - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/man/misc_conv.3.xml b/doc/man/misc_conv.3.xml -index d902ba838..92d4acd19 100644 ---- a/doc/man/misc_conv.3.xml -+++ b/doc/man/misc_conv.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - misc_conv - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - misc_conv - text based conversation function - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_misc.h> - - int misc_conv -@@ -30,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The misc_conv function is part of -@@ -50,7 +47,7 @@ - - - -- time_t pam_misc_conv_warn_time; -+ time_t pam_misc_conv_warn_time; - - - This variable contains the time (as -@@ -67,7 +64,7 @@ - - - -- const char *pam_misc_conv_warn_line; -+ const char *pam_misc_conv_warn_line; - - - Used in conjunction with -@@ -83,7 +80,7 @@ - - - -- time_t pam_misc_conv_die_time; -+ time_t pam_misc_conv_die_time; - - - This variable contains the time (as -@@ -100,7 +97,7 @@ - - - -- const char *pam_misc_conv_die_line; -+ const char *pam_misc_conv_die_line; - - - Used in conjunction with -@@ -116,7 +113,7 @@ - - - -- int pam_misc_conv_died; -+ int pam_misc_conv_died; - - - Following a return from the Linux-PAM -@@ -136,7 +133,7 @@ - - - -- int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); -+ int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); - - - -@@ -151,7 +148,7 @@ - - - -- int (*pam_binary_handler_free)(void *appdata, pamc_bp_t *delete_me); -+ int (*pam_binary_handler_free)(void *appdata, pamc_bp_t *delete_me); - - - -@@ -164,7 +161,7 @@ - - - -- -+ - SEE ALSO - - -@@ -176,7 +173,7 @@ - - - -- -+ - STANDARDS - - The misc_conv function is part of the -@@ -185,4 +182,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam.3.xml b/doc/man/pam.3.xml -index 0b1efccf4..4b8280160 100644 ---- a/doc/man/pam.3.xml -+++ b/doc/man/pam.3.xml -@@ -1,20 +1,18 @@ -- -- -- -+ - - - pam - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam - Pluggable Authentication Modules Library - - -- -+ - - #include <security/pam_appl.h> - #include <security/pam_modules.h> -@@ -22,10 +20,10 @@ - - - -- -+ - DESCRIPTION - -- PAM is a system of libraries -+ PAM is a system of libraries - that handle the authentication tasks of applications (services) - on the system. The library provides a stable general interface - (Application Programming Interface - API) that privilege granting -@@ -38,7 +36,7 @@ - defer to to perform standard authentication tasks. - - -- -+ - Initialization and Cleanup - - The -@@ -64,7 +62,7 @@ - - - -- -+ - Authentication - - The -@@ -85,7 +83,7 @@ - - - -- -+ - Account Management - - The -@@ -98,7 +96,7 @@ - - - -- -+ - Password Management - - The -@@ -109,7 +107,7 @@ - - - -- -+ - Session Management - - The -@@ -124,7 +122,7 @@ - - - -- -+ - Conversation - - The PAM library uses an application-defined callback to allow -@@ -141,7 +139,7 @@ - - - -- -+ - Data Objects - - The -@@ -176,7 +174,7 @@ - - - -- -+ - Environment and Error Management - - The -@@ -202,7 +200,7 @@ - - - -- -+ - RETURN VALUES - - The following return codes are known by PAM: -@@ -389,7 +387,7 @@ - - - -- SEE ALSO -+ SEE ALSO - - - pam_acct_mgmt3 -@@ -430,10 +428,10 @@ - - - -- NOTES -+ NOTES - - The libpam interfaces are only thread-safe if each - thread within the multithreaded application uses its own PAM handle. - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml -index 8eef665a0..20cd19d9c 100644 ---- a/doc/man/pam.8.xml -+++ b/doc/man/pam.8.xml -@@ -1,32 +1,29 @@ -- -- -- -- -+ - - - pam - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - PAM - pam - Pluggable Authentication Modules for Linux - - -- -+ - DESCRIPTION - - This manual is intended to offer a quick introduction to -- Linux-PAM. For more information -+ Linux-PAM. For more information - the reader is directed to the -- Linux-PAM system administrators' guide. -+ Linux-PAM system administrators' guide. - - - -- Linux-PAM is a system of libraries -+ Linux-PAM is a system of libraries - that handle the authentication tasks of applications (services) on - the system. The library provides a stable general interface - (Application Programming Interface - API) that privilege granting -@@ -43,12 +40,12 @@ - system administrator is free to choose how individual - service-providing applications will authenticate users. This dynamic - configuration is set by the contents of the single -- Linux-PAM configuration file -+ Linux-PAM configuration file - /etc/pam.conf. Alternatively, the configuration - can be set by individual configuration files located in the - /etc/pam.d/ directory. The presence of this -- directory will cause Linux-PAM to -- ignore /etc/pam.conf. -+ directory will cause Linux-PAM to -+ ignore /etc/pam.conf. - - - -@@ -64,26 +61,26 @@ - From the point of view of the system administrator, for whom this - manual is provided, it is not of primary importance to understand the - internal behavior of the --Linux-PAM -+Linux-PAM - library. The important point to recognize is that the configuration - file(s) --define -+define - the connection between applications --(services) -+(services) - and the pluggable authentication modules --(PAMs) -+(PAMs) - that perform the actual authentication tasks. - - --Linux-PAM -+Linux-PAM - separates the tasks of --authentication -+authentication - into four independent management groups: --account management; --authentication management; --password management; -+account management; -+authentication management; -+password management; - and --session management. -+session management. - (We highlight the abbreviations used for these groups in the - configuration file.) - -@@ -92,12 +89,12 @@ configuration file.) - user's request for a restricted service: - - --account - -+account - - provide account verification types of service: has the user's password - expired?; is this user permitted access to the requested service? - - --authentication - -+authentication - - authenticate a user and set up user credentials. Typically this is via - some challenge-response request that the user must satisfy: if you are - who you claim to be please enter your password. Not all authentications -@@ -105,64 +102,64 @@ are of this type, there exist hardware based authentication schemes - (such as the use of smart-cards and biometric devices), with suitable - modules, these may be substituted seamlessly for more standard - approaches to authentication - such is the flexibility of --Linux-PAM. -+Linux-PAM. - - --password - -+password - - this group's responsibility is the task of updating authentication - mechanisms. Typically, such services are strongly coupled to those of - the --auth -+auth - group. Some authentication mechanisms lend themselves well to being - updated with such a function. Standard UN*X password-based access is - the obvious example: please enter a replacement password. - - --session - -+session - - this group of tasks cover things that should be done prior to a - service being given and after it is withdrawn. Such tasks include the - maintenance of audit trails and the mounting of the user's home - directory. The --session -+session - management group is important as it provides both an opening and - closing hook for modules to affect the services available to a user. - - - -- -+ - FILES - - -- /etc/pam.conf -+ /etc/pam.conf - - the configuration file - - - -- /etc/pam.d -+ /etc/pam.d - - -- the Linux-PAM configuration -+ the Linux-PAM configuration - directory. Generally, if this directory is present, the - /etc/pam.conf file is ignored. - - - - -- /usr/lib/pam.d -+ /usr/lib/pam.d - - -- the Linux-PAM vendor configuration -+ the Linux-PAM vendor configuration - directory. Files in /etc/pam.d override - files with the same name in this directory. - - - - -- %vendordir%/pam.d -+ %vendordir%/pam.d - - -- the Linux-PAM vendor configuration -+ the Linux-PAM vendor configuration - directory. Files in /etc/pam.d and - /usr/lib/pam.d override files with the same - name in this directory. -@@ -172,18 +169,18 @@ closing hook for modules to affect the services available to a user. - - - -- -+ - ERRORS - - Typically errors generated by the -- Linux-PAM system of libraries, will -+ Linux-PAM system of libraries, will - be written to - syslog3 - . - - - -- -+ - CONFORMING TO - - DCE-RFC 86.0, October 1995. -@@ -192,7 +189,7 @@ closing hook for modules to affect the services available to a user. - - - -- -+ - SEE ALSO - - -@@ -212,4 +209,4 @@ closing hook for modules to affect the services available to a user. - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam.conf-desc.xml b/doc/man/pam.conf-desc.xml -index 909dcdbef..5dca89fe2 100644 ---- a/doc/man/pam.conf-desc.xml -+++ b/doc/man/pam.conf-desc.xml -@@ -1,7 +1,4 @@ -- -- --
-+
- - When a PAM aware privilege granting application - is started, it activates its attachment to the PAM-API. This -@@ -18,4 +15,4 @@ - behavior of the PAM-API in the event that individual - PAMs fail. - --
-+
-\ No newline at end of file -diff --git a/doc/man/pam.conf-dir.xml b/doc/man/pam.conf-dir.xml -index 8446cf353..8272337b5 100644 ---- a/doc/man/pam.conf-dir.xml -+++ b/doc/man/pam.conf-dir.xml -@@ -1,7 +1,4 @@ -- -- --
-+
- - More flexible than the single configuration file is it to - configure libpam via the contents of the -@@ -25,6 +22,6 @@ type control module-path module-arguments - The only difference being that the service-name is not present. The - service-name is of course the name of the given configuration file. - For example, /etc/pam.d/login contains the -- configuration for the login service. -+ configuration for the login service. - --
-+
-\ No newline at end of file -diff --git a/doc/man/pam.conf-syntax.xml b/doc/man/pam.conf-syntax.xml -index 5112f9301..c7d900811 100644 ---- a/doc/man/pam.conf-syntax.xml -+++ b/doc/man/pam.conf-syntax.xml -@@ -1,8 +1,4 @@ -- -- -- --
-+
- - The syntax of the /etc/pam.conf - configuration file is as follows. The file is made up of a list -@@ -18,7 +14,7 @@ - - - -- service type control module-path module-arguments -+ service type control module-path module-arguments - - - -@@ -411,7 +407,7 @@ - should use `\]'. In other words: - - -- [..[..\]..] --> ..[..].. -+ [..[..\]..] --> ..[..].. - - - -@@ -424,4 +420,4 @@ - . - - --
-+
-\ No newline at end of file -diff --git a/doc/man/pam.conf.5.xml b/doc/man/pam.conf.5.xml -index 68f576afc..62a2b4108 100644 ---- a/doc/man/pam.conf.5.xml -+++ b/doc/man/pam.conf.5.xml -@@ -1,15 +1,13 @@ -- -- -- -+ - - - pam.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam.conf - pam.d - PAM configuration files -@@ -17,22 +15,16 @@ - - - -- -+ - DESCRIPTION -- -+ - -- -+ - -- -+ - - -- -+ - SEE ALSO - - -@@ -47,4 +39,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_acct_mgmt.3.xml b/doc/man/pam_acct_mgmt.3.xml -index 59760d7fc..de6a94aba 100644 ---- a/doc/man/pam_acct_mgmt.3.xml -+++ b/doc/man/pam_acct_mgmt.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_acct_mgmt - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_acct_mgmt - PAM account validation management - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_acct_mgmt -@@ -27,7 +25,7 @@ - - - -- -+ - DESCRIPTION - - The pam_acct_mgmt function is used to determine -@@ -62,7 +60,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -122,7 +120,7 @@ - - - -- -+ - SEE ALSO - - -@@ -142,4 +140,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_authenticate.3.xml b/doc/man/pam_authenticate.3.xml -index c2004eb4a..794a5c711 100644 ---- a/doc/man/pam_authenticate.3.xml -+++ b/doc/man/pam_authenticate.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_authenticate - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_authenticate - account authentication - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_authenticate -@@ -27,7 +25,7 @@ - - - -- -+ - DESCRIPTION - - The pam_authenticate function is used to -@@ -77,7 +75,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -146,7 +144,7 @@ - - - -- -+ - SEE ALSO - - -@@ -166,4 +164,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_chauthtok.3.xml b/doc/man/pam_chauthtok.3.xml -index f42bc68fb..e184f45fc 100644 ---- a/doc/man/pam_chauthtok.3.xml -+++ b/doc/man/pam_chauthtok.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_chauthtok - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_chauthtok - updating authentication tokens - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_chauthtok -@@ -27,7 +25,7 @@ - - - -- -+ - DESCRIPTION - - The pam_chauthtok function is used to change the -@@ -64,7 +62,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -138,7 +136,7 @@ - - - -- -+ - SEE ALSO - - -@@ -161,4 +159,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_close_session.3.xml b/doc/man/pam_close_session.3.xml -index db549bdae..e1c74ebd4 100644 ---- a/doc/man/pam_close_session.3.xml -+++ b/doc/man/pam_close_session.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_close_session - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_close_session - terminate PAM session management - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_close_session -@@ -29,7 +26,7 @@ - - - -- -+ - DESCRIPTION - - The pam_close_session function is used -@@ -63,7 +60,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -101,7 +98,7 @@ - - - -- -+ - SEE ALSO - - -@@ -112,4 +109,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_conv.3.xml b/doc/man/pam_conv.3.xml -index 5106ddf7b..31834f3c9 100644 ---- a/doc/man/pam_conv.3.xml -+++ b/doc/man/pam_conv.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_conv - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_conv - PAM conversation function - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - -@@ -38,7 +36,7 @@ struct pam_conv { - - - -- -+ - DESCRIPTION - - The PAM library uses an application-defined callback to allow -@@ -174,7 +172,7 @@ struct pam_conv { - - - -- -+ - RETURN VALUES - - -@@ -205,7 +203,7 @@ struct pam_conv { - - - -- -+ - SEE ALSO - - -@@ -225,4 +223,4 @@ struct pam_conv { - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_end.3.xml b/doc/man/pam_end.3.xml -index 5febf85ad..b2584e732 100644 ---- a/doc/man/pam_end.3.xml -+++ b/doc/man/pam_end.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_end - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_end - termination of PAM transaction - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_end -@@ -29,7 +26,7 @@ - - - -- -+ - DESCRIPTION - - The pam_end function terminates the PAM -@@ -79,7 +76,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -102,7 +99,7 @@ - - - -- -+ - SEE ALSO - - -@@ -119,4 +116,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_error.3.xml b/doc/man/pam_error.3.xml -index de167f2c3..0f294c228 100644 ---- a/doc/man/pam_error.3.xml -+++ b/doc/man/pam_error.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_error - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_error - pam_verror - display error messages to the user -@@ -18,7 +15,7 @@ - - - -- -+ - - #include <security/pam_ext.h> - -@@ -36,7 +33,7 @@ - - - -- -+ - DESCRIPTION - - The pam_error function prints error messages -@@ -51,7 +48,7 @@ - variable argument list macros. - - -- -+ - RETURN VALUES - - -@@ -89,7 +86,7 @@ - - - -- -+ - SEE ALSO - - -@@ -110,7 +107,7 @@ - - - -- -+ - STANDARDS - - The pam_error and pam_verror -@@ -118,4 +115,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_fail_delay.3.xml b/doc/man/pam_fail_delay.3.xml -index 53c1f89e8..c400736a5 100644 ---- a/doc/man/pam_fail_delay.3.xml -+++ b/doc/man/pam_fail_delay.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_fail_delay - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_fail_delay - request a delay on failure - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_fail_delay -@@ -28,7 +25,7 @@ - - - -- -+ - DESCRIPTION - - The pam_fail_delay function provides a -@@ -105,7 +102,7 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); - - - -- -+ - RATIONALE - - It is often possible to attack an authentication scheme by exploiting -@@ -129,7 +126,7 @@ void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); - - - -- -+ - EXAMPLE - - For example, a login application may require a failure delay of -@@ -161,7 +158,7 @@ module #2: pam_fail_delay (pamh, 4000000); - - - -- -+ - RETURN VALUES - - -@@ -183,7 +180,7 @@ module #2: pam_fail_delay (pamh, 4000000); - - - -- -+ - SEE ALSO - - -@@ -198,7 +195,7 @@ module #2: pam_fail_delay (pamh, 4000000); - - - -- -+ - STANDARDS - - The pam_fail_delay function is an -@@ -206,4 +203,4 @@ module #2: pam_fail_delay (pamh, 4000000); - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_get_authtok.3.xml b/doc/man/pam_get_authtok.3.xml -index 5d50b1684..ba6d955e9 100644 ---- a/doc/man/pam_get_authtok.3.xml -+++ b/doc/man/pam_get_authtok.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_get_authtok - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_get_authtok - pam_get_authtok_verify - pam_get_authtok_noverify -@@ -19,7 +16,7 @@ - - - -- -+ - - #include <security/pam_ext.h> - -@@ -44,7 +41,7 @@ - - - -- -+ - DESCRIPTION - - The pam_get_authtok function returns the -@@ -119,7 +116,7 @@ - - - -- -+ - OPTIONS - - pam_get_authtok honours the following module -@@ -128,7 +125,7 @@ - - - -- -+ try_first_pass - - - -@@ -140,7 +137,7 @@ - - - -- -+ use_first_pass - - - -@@ -153,7 +150,7 @@ - - - -- -+ use_authtok - - - -@@ -166,7 +163,7 @@ - - - -- -+ authtok_type=XXX - - - -@@ -182,7 +179,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -228,7 +225,7 @@ - - - -- -+ - SEE ALSO - - -@@ -237,7 +234,7 @@ - - - -- -+ - STANDARDS - - The pam_get_authtok function is a Linux-PAM -@@ -245,4 +242,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_get_data.3.xml b/doc/man/pam_get_data.3.xml -index e84e5a4c9..1e71cf3b1 100644 ---- a/doc/man/pam_get_data.3.xml -+++ b/doc/man/pam_get_data.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_get_data - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_get_data - - get module internal data -@@ -22,7 +19,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_get_data -@@ -35,7 +32,7 @@ - - - -- -+ - DESCRIPTION - - This function together with the -@@ -58,7 +55,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -90,7 +87,7 @@ - - - -- -+ - SEE ALSO - - -@@ -105,4 +102,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_get_item.3.xml b/doc/man/pam_get_item.3.xml -index 1145273c3..c30a279fa 100644 ---- a/doc/man/pam_get_item.3.xml -+++ b/doc/man/pam_get_item.3.xml -@@ -1,22 +1,13 @@ -- -- -- ----> --]> -- -- -+ - - - pam_get_item - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_get_item - - getting PAM information -@@ -28,7 +19,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_get_item -@@ -41,7 +32,7 @@ - - - -- -+ - DESCRIPTION - - The pam_get_item function allows applications -@@ -55,16 +46,14 @@ - item_type: - - -- -+ - - - The following additional items are specific to Linux-PAM and should not be used in - portable applications: - - -- -+ - - - If a service module wishes to obtain the name of the user, -@@ -80,7 +69,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -128,7 +117,7 @@ - - - -- -+ - SEE ALSO - - -@@ -140,4 +129,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_get_user.3.xml b/doc/man/pam_get_user.3.xml -index 8bb176e49..121b3aa76 100644 ---- a/doc/man/pam_get_user.3.xml -+++ b/doc/man/pam_get_user.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_get_user - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_get_user - - get user name -@@ -22,7 +19,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_get_user -@@ -35,7 +32,7 @@ - - - -- -+ - DESCRIPTION - - The pam_get_user function returns the -@@ -87,7 +84,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -143,7 +140,7 @@ - - - -- -+ - SEE ALSO - - -@@ -161,4 +158,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_getenv.3.xml b/doc/man/pam_getenv.3.xml -index 7e8db015b..df25863b3 100644 ---- a/doc/man/pam_getenv.3.xml -+++ b/doc/man/pam_getenv.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_getenv - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_getenv - get a PAM environment variable - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - const char *pam_getenv -@@ -27,7 +25,7 @@ - - - -- -+ - DESCRIPTION - - The pam_getenv function searches the -@@ -39,7 +37,7 @@ - - - -- -+ - RETURN VALUES - - The pam_getenv function returns NULL -@@ -47,7 +45,7 @@ - - - -- -+ - SEE ALSO - - -@@ -64,4 +62,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_getenvlist.3.xml b/doc/man/pam_getenvlist.3.xml -index 1c29b737d..54b1f411f 100644 ---- a/doc/man/pam_getenvlist.3.xml -+++ b/doc/man/pam_getenvlist.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_getenvlist - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_getenvlist - getting the PAM environment - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - char **pam_getenvlist -@@ -26,7 +24,7 @@ - - - -- -+ - DESCRIPTION - - The pam_getenvlist function returns a complete -@@ -57,7 +55,7 @@ - - - -- -+ - RETURN VALUES - - The pam_getenvlist function returns NULL -@@ -65,7 +63,7 @@ - - - -- -+ - SEE ALSO - - -@@ -82,4 +80,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_info.3.xml b/doc/man/pam_info.3.xml -index 88e671c7b..5155d4190 100644 ---- a/doc/man/pam_info.3.xml -+++ b/doc/man/pam_info.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_info - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_info - pam_vinfo - display messages to the user -@@ -18,7 +15,7 @@ - - - -- -+ - - #include <security/pam_ext.h> - -@@ -36,7 +33,7 @@ - - - -- -+ - DESCRIPTION - - The pam_info function prints messages -@@ -51,7 +48,7 @@ - variable argument list macros. - - -- -+ - RETURN VALUES - - -@@ -89,7 +86,7 @@ - - - -- -+ - SEE ALSO - - -@@ -98,7 +95,7 @@ - - - -- -+ - STANDARDS - - The pam_info and pam_vinfo -@@ -106,4 +103,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_item_types_ext.inc.xml b/doc/man/pam_item_types_ext.inc.xml -index d36a5bd1d..a5fee9c26 100644 ---- a/doc/man/pam_item_types_ext.inc.xml -+++ b/doc/man/pam_item_types_ext.inc.xml -@@ -1,6 +1,5 @@ - -- -- -+ - - PAM_FAIL_DELAY - -@@ -58,4 +57,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_item_types_std.inc.xml b/doc/man/pam_item_types_std.inc.xml -index 81f240b05..9b229486d 100644 ---- a/doc/man/pam_item_types_std.inc.xml -+++ b/doc/man/pam_item_types_std.inc.xml -@@ -1,6 +1,5 @@ - -- -- -+ - - PAM_SERVICE - -@@ -135,4 +134,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_misc_drop_env.3.xml b/doc/man/pam_misc_drop_env.3.xml -index 1941f5899..a7f6cc80e 100644 ---- a/doc/man/pam_misc_drop_env.3.xml -+++ b/doc/man/pam_misc_drop_env.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_misc_drop_env - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_misc_drop_env - liberating a locally saved environment - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_misc.h> - - int pam_misc_drop_env -@@ -27,7 +24,7 @@ - - - -- -+ - DESCRIPTION - - This function is defined to complement the -@@ -39,7 +36,7 @@ - - - -- -+ - SEE ALSO - - -@@ -51,7 +48,7 @@ - - - -- -+ - STANDARDS - - The pam_misc_drop_env function is part of the -@@ -60,4 +57,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_misc_paste_env.3.xml b/doc/man/pam_misc_paste_env.3.xml -index d9a282c0b..06194a9d9 100644 ---- a/doc/man/pam_misc_paste_env.3.xml -+++ b/doc/man/pam_misc_paste_env.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_misc_paste_env - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_misc_paste_env - transcribing an environment to that of PAM - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_misc.h> - - int pam_misc_paste_env -@@ -28,7 +25,7 @@ - - - -- -+ - DESCRIPTION - - This function takes the supplied list of environment pointers and -@@ -37,7 +34,7 @@ - - - -- -+ - SEE ALSO - - -@@ -49,7 +46,7 @@ - - - -- -+ - STANDARDS - - The pam_misc_paste_env function is part of the -@@ -58,4 +55,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_misc_setenv.3.xml b/doc/man/pam_misc_setenv.3.xml -index 7e61a8dd5..4414d54db 100644 ---- a/doc/man/pam_misc_setenv.3.xml -+++ b/doc/man/pam_misc_setenv.3.xml -@@ -1,15 +1,12 @@ -- -- -- -- -+ - - - pam_misc_setenv - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - -- -+ - pam_misc_setenv - BSD like PAM environment variable setting - -@@ -17,7 +14,7 @@ - - - -- -+ - #include <security/pam_misc.h> - - int pam_misc_setenv -@@ -29,7 +26,7 @@ - - - -- -+ - DESCRIPTION - - This function performs a task equivalent to -@@ -44,7 +41,7 @@ - - - -- -+ - SEE ALSO - - -@@ -56,7 +53,7 @@ - - - -- -+ - STANDARDS - - The pam_misc_setenv function is part of the -@@ -65,4 +62,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_open_session.3.xml b/doc/man/pam_open_session.3.xml -index eba0bc016..d37b3e595 100644 ---- a/doc/man/pam_open_session.3.xml -+++ b/doc/man/pam_open_session.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_open_session - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_open_session - start PAM session management - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_open_session -@@ -29,7 +26,7 @@ - - - -- -+ - DESCRIPTION - - The pam_open_session function sets up a -@@ -63,7 +60,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -101,7 +98,7 @@ - - - -- -+ - SEE ALSO - - -@@ -112,4 +109,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_prompt.3.xml b/doc/man/pam_prompt.3.xml -index bf0c9bf6b..c65a0c90a 100644 ---- a/doc/man/pam_prompt.3.xml -+++ b/doc/man/pam_prompt.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_prompt - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_prompt - pam_vprompt - interface to conversation function -@@ -18,7 +15,7 @@ - - - -- -+ - - #include <security/pam_ext.h> - -@@ -40,7 +37,7 @@ - - - -- -+ - DESCRIPTION - - The pam_prompt function constructs a message -@@ -52,7 +49,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -91,7 +88,7 @@ - - - -- -+ - SEE ALSO - - -@@ -103,7 +100,7 @@ - - - -- -+ - STANDARDS - - The pam_prompt and pam_vprompt -@@ -111,4 +108,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_putenv.3.xml b/doc/man/pam_putenv.3.xml -index 2d4afbc51..7267046f8 100644 ---- a/doc/man/pam_putenv.3.xml -+++ b/doc/man/pam_putenv.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_putenv - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_putenv - set or change PAM environment variable - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_putenv -@@ -27,7 +25,7 @@ - - - -- -+ - DESCRIPTION - - The pam_putenv function is used to -@@ -83,7 +81,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -129,7 +127,7 @@ - - - -- -+ - SEE ALSO - - -@@ -149,4 +147,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_set_data.3.xml b/doc/man/pam_set_data.3.xml -index c20068c64..2bcfeb0b7 100644 ---- a/doc/man/pam_set_data.3.xml -+++ b/doc/man/pam_set_data.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_set_data - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_set_data - - set module internal data -@@ -22,7 +19,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_set_data -@@ -36,7 +33,7 @@ - - - -- -+ - DESCRIPTION - - The pam_set_data function associates a pointer -@@ -123,7 +120,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -154,7 +151,7 @@ - - - -- -+ - SEE ALSO - - -@@ -169,4 +166,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_set_item.3.xml b/doc/man/pam_set_item.3.xml -index 30ab92b90..1dbaeebfd 100644 ---- a/doc/man/pam_set_item.3.xml -+++ b/doc/man/pam_set_item.3.xml -@@ -1,22 +1,13 @@ -- -- -- ----> --]> -- -- -+ - - - pam_set_item - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_set_item - - set and update PAM information -@@ -28,7 +19,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_set_item -@@ -41,7 +32,7 @@ - - - -- -+ - DESCRIPTION - - The pam_set_item function allows applications -@@ -52,16 +43,14 @@ - supported: - - -- -+ - - - The following additional items are specific to Linux-PAM and should not be used in - portable applications: - - -- -+ - - - For all item_types, other than PAM_CONV and -@@ -81,7 +70,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -121,7 +110,7 @@ - - - -- -+ - SEE ALSO - - -@@ -133,4 +122,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_setcred.3.xml b/doc/man/pam_setcred.3.xml -index 629224824..09fe30d16 100644 ---- a/doc/man/pam_setcred.3.xml -+++ b/doc/man/pam_setcred.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_setcred - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_setcred - - establish / delete user credentials -@@ -19,7 +16,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_setcred -@@ -30,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The pam_setcred function is used to establish, -@@ -95,7 +92,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -160,7 +157,7 @@ - - - -- -+ - SEE ALSO - - -@@ -177,4 +174,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml -index b37dc3069..822a338ad 100644 ---- a/doc/man/pam_sm_acct_mgmt.3.xml -+++ b/doc/man/pam_sm_acct_mgmt.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_sm_acct_mgmt - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_sm_acct_mgmt - PAM service function for account management - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_sm_acct_mgmt -@@ -29,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The pam_sm_acct_mgmt function is the service -@@ -64,7 +62,7 @@ - PAM_DISALLOW_NULL_AUTHTOK - - -- Return PAM_AUTH_ERR if the -+ Return PAM_AUTH_ERR if the - database of authentication tokens for this authentication - mechanism has a NULL entry for the user. - -@@ -73,7 +71,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -131,7 +129,7 @@ - - - -- -+ - SEE ALSO - - -@@ -151,4 +149,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml -index ef3a8f150..ec3de2fdf 100644 ---- a/doc/man/pam_sm_authenticate.3.xml -+++ b/doc/man/pam_sm_authenticate.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_sm_authenticate - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_sm_authenticate - PAM service function for user authentication - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_sm_authenticate -@@ -29,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The pam_sm_authenticate function is the service -@@ -58,7 +56,7 @@ - PAM_DISALLOW_NULL_AUTHTOK - - -- Return PAM_AUTH_ERR if the -+ Return PAM_AUTH_ERR if the - database of authentication tokens for this authentication - mechanism has a NULL entry for the user. - Without this flag, such a NULL token -@@ -69,7 +67,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -128,7 +126,7 @@ - - - -- -+ - SEE ALSO - - -@@ -148,4 +146,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml -index 25e17d020..692bc620d 100644 ---- a/doc/man/pam_sm_chauthtok.3.xml -+++ b/doc/man/pam_sm_chauthtok.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_sm_chauthtok - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_sm_chauthtok - PAM service function for authentication token management - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_sm_chauthtok -@@ -29,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The pam_sm_chauthtok function is the service -@@ -77,7 +75,7 @@ - some network it should attempt to verify it can connect to - this system on receiving this flag. If a module cannot establish - it is ready to update the user's authentication token it should -- return PAM_TRY_AGAIN, this -+ return PAM_TRY_AGAIN, this - information will be passed back to the application. - - -@@ -93,7 +91,7 @@ - - This informs the module that this is the call it should change - the authorization tokens. If the flag is logically OR'd with -- PAM_CHANGE_EXPIRED_AUTHTOK, the -+ PAM_CHANGE_EXPIRED_AUTHTOK, the - token is only changed if it has actually expired. - - -@@ -101,15 +99,15 @@ - - - The PAM library calls this function twice in succession. The first -- time with PAM_PRELIM_CHECK and then, -+ time with PAM_PRELIM_CHECK and then, - if the module does not return -- PAM_TRY_AGAIN, subsequently with -- PAM_UPDATE_AUTHTOK. It is only on -+ PAM_TRY_AGAIN, subsequently with -+ PAM_UPDATE_AUTHTOK. It is only on - the second call that the authorization token is (possibly) changed. - - - -- -+ - RETURN VALUES - - -@@ -181,7 +179,7 @@ - - - -- -+ - SEE ALSO - - -@@ -201,4 +199,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml -index 6d8278ec7..e76693fd9 100644 ---- a/doc/man/pam_sm_close_session.3.xml -+++ b/doc/man/pam_sm_close_session.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_sm_close_session - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_sm_close_session - PAM service function to terminate session management - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_sm_close_session -@@ -29,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The pam_sm_close_session function is the service -@@ -40,7 +38,7 @@ - - - This function is called to terminate a session. The only valid -- value for flags is zero or: -+ value for flags is zero or: - - - -@@ -54,7 +52,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -76,7 +74,7 @@ - - - -- -+ - SEE ALSO - - -@@ -96,4 +94,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml -index ead7ca770..392225a4a 100644 ---- a/doc/man/pam_sm_open_session.3.xml -+++ b/doc/man/pam_sm_open_session.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_sm_open_session - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_sm_open_session - PAM service function to start session management - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_sm_open_session -@@ -29,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The pam_sm_open_session function is the service -@@ -40,7 +38,7 @@ - - - This function is called to commence a session. The only valid -- value for flags is zero or: -+ value for flags is zero or: - - - -@@ -54,7 +52,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -76,7 +74,7 @@ - - - -- -+ - SEE ALSO - - -@@ -96,4 +94,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml -index bb04a2df3..93a69e3e3 100644 ---- a/doc/man/pam_sm_setcred.3.xml -+++ b/doc/man/pam_sm_setcred.3.xml -@@ -1,14 +1,12 @@ -- -- -- -+ - - pam_sm_setcred - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_sm_setcred - PAM service function to alter credentials - -@@ -16,7 +14,7 @@ - - - -- -+ - #include <security/pam_modules.h> - - int pam_sm_setcred -@@ -29,7 +27,7 @@ - - - -- -+ - DESCRIPTION - - The pam_sm_setcred function is the service -@@ -92,7 +90,7 @@ - - - -- The way the auth stack is -+ The way the auth stack is - navigated in order to evaluate the pam_setcred() - function call, independent of the pam_sm_setcred() - return codes, is exactly the same way that it was navigated when -@@ -102,11 +100,11 @@ - libpam evaluates the pam_setcred() function - call. Otherwise, the return codes from each module specific - pam_sm_setcred() call are treated as -- required. -+ required. - - - -- -+ - RETURN VALUES - - -@@ -158,7 +156,7 @@ - - - -- -+ - SEE ALSO - - -@@ -181,4 +179,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_start.3.xml b/doc/man/pam_start.3.xml -index 1d544e641..470c6cec1 100644 ---- a/doc/man/pam_start.3.xml -+++ b/doc/man/pam_start.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_start - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_start - pam_start_confdir - initialization of PAM transaction -@@ -19,7 +16,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - int pam_start -@@ -40,7 +37,7 @@ - - - -- -+ - DESCRIPTION - - The pam_start function creates the PAM context -@@ -108,7 +105,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -147,7 +144,7 @@ - - - -- -+ - SEE ALSO - - -@@ -164,4 +161,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_strerror.3.xml b/doc/man/pam_strerror.3.xml -index 954e131d5..b76cbc4d1 100644 ---- a/doc/man/pam_strerror.3.xml -+++ b/doc/man/pam_strerror.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_strerror - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_strerror - return string describing PAM error code - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - const char *pam_strerror -@@ -29,7 +26,7 @@ - - - -- -+ - DESCRIPTION - - The pam_strerror function returns a pointer to -@@ -40,14 +37,14 @@ - modify this string. - - -- -+ - RETURN VALUES - - This function returns always a pointer to a string. - - - -- -+ - SEE ALSO - - -@@ -55,4 +52,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_syslog.3.xml b/doc/man/pam_syslog.3.xml -index ca28587ef..f5be287fe 100644 ---- a/doc/man/pam_syslog.3.xml -+++ b/doc/man/pam_syslog.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_syslog - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_syslog - pam_vsyslog - send messages to the system logger -@@ -18,7 +15,7 @@ - - - -- -+ - - #include <syslog.h> - #include <security/pam_ext.h> -@@ -39,7 +36,7 @@ - - - -- -+ - DESCRIPTION - - The pam_syslog function logs messages using -@@ -62,7 +59,7 @@ - - - -- -+ - SEE ALSO - - -@@ -71,7 +68,7 @@ - - - -- -+ - STANDARDS - - The pam_syslog and pam_vsyslog -@@ -79,4 +76,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/doc/man/pam_xauth_data.3.xml b/doc/man/pam_xauth_data.3.xml -index 505985e49..447a9c2d4 100644 ---- a/doc/man/pam_xauth_data.3.xml -+++ b/doc/man/pam_xauth_data.3.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_xauth_data - 3 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_xauth_data - structure containing X authentication data - -@@ -18,7 +15,7 @@ - - - -- -+ - #include <security/pam_appl.h> - - -@@ -31,7 +28,7 @@ struct pam_xauth_data { - - - -- -+ - DESCRIPTION - - The pam_xauth_data structure contains X -@@ -70,7 +67,7 @@ struct pam_xauth_data { - - - -- -+ - SEE ALSO - - -@@ -82,7 +79,7 @@ struct pam_xauth_data { - - - -- -+ - STANDARDS - - The pam_xauth_data structure and -@@ -91,4 +88,4 @@ struct pam_xauth_data { - - - -- -+ -\ No newline at end of file -diff --git a/doc/mwg/Linux-PAM_MWG.xml b/doc/mwg/Linux-PAM_MWG.xml -index 3022538c0..046c3c480 100644 ---- a/doc/mwg/Linux-PAM_MWG.xml -+++ b/doc/mwg/Linux-PAM_MWG.xml -@@ -1,49 +1,38 @@ -- -- -- -- -+ -+ - The Linux-PAM Module Writers' Guide - -- -- Andrew G. -- Morgan -- morgan@kernel.org -- -- -- Thorsten -- Kukuk -- kukuk@thkukuk.de -- -+ Andrew G.Morganmorgan@kernel.org -+ ThorstenKukukkukuk@thkukuk.de - - Version 1.1.2, 31. August 2010 - - - This manual documents what a programmer needs to know in order - to write a module that conforms to the -- Linux-PAM standard.It also -+ Linux-PAM standard.It also - discusses some security issues from the point of view of the - module programmer. - - -- -+ - -- -+ - Introduction --
-+
- Description - -- Linux-PAM (Pluggable Authentication -+ Linux-PAM (Pluggable Authentication - Modules for Linux) is a library that enables the local system - administrator to choose how individual applications authenticate - users. For an overview of the -- Linux-PAM library see the -+ Linux-PAM library see the - Linux-PAM System Administrators' Guide. - - -- A Linux-PAM module is a single -+ A Linux-PAM module is a single - executable binary file that can be loaded by the -- Linux-PAM interface library. -+ Linux-PAM interface library. - This PAM library is configured locally with a system file, - /etc/pam.conf, to authenticate a user - request via the locally available authentication modules. The -@@ -54,14 +43,14 @@ - - dlopen3 - . Alternatively, the modules can be statically -- linked into the Linux-PAM library; -- this is mostly to allow Linux-PAM to -+ linked into the Linux-PAM library; -+ this is mostly to allow Linux-PAM to - be used on platforms without dynamic linking available, but this is - a deprecated functionality. It is the -- Linux-PAM interface that is called -+ Linux-PAM interface that is called - by an application and it is the responsibility of the library to - locate, load and call the appropriate functions in a -- Linux-PAM-module. -+ Linux-PAM-module. - - - Except for the immediate purpose of interacting with the user -@@ -71,7 +60,7 @@ - -
- --
-+
- Synopsis - - #include <security/pam_modules.h> -@@ -82,63 +71,52 @@ gcc -shared -o pam_module.so pam_module.o -lpam -
- - -- -+ - What can be expected by the module - - Here we list the interface that the conventions that all -- Linux-PAM modules must adhere to. -+ Linux-PAM modules must adhere to. - --
-+
- - Getting and setting <emphasis>PAM_ITEM</emphasis>s and - <emphasis>data</emphasis> - - - First, we cover what the module should expect from the -- Linux-PAM library and a -- Linux-PAM aware application. -+ Linux-PAM library and a -+ Linux-PAM aware application. - Essentially this is the libpam.* library. - -- -- -- -- -- -- -- -- -- -+ -+ -+ -+ -+ -+ -+ -+ -+ -
--
-+
- - Other functions provided by <filename>libpam</filename> - -- -- -+ -+ -
- - -- -+ - What is expected of a module - - The module must supply a sub-set of the six functions listed - below. Together they define the function of a -- Linux-PAM module. Module developers -+ Linux-PAM module. Module developers - are strongly urged to read the comments on security that follow - this list. - --
-+
- Overview - - The six module functions are grouped into four independent -@@ -149,7 +127,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - at least one of these groups. A single module may contain the - necessary functions for all four groups. - --
-+
- Functional independence - - The independence of the four groups of service a module can -@@ -163,7 +141,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - As an informative example, consider the possibility that an - application applies to change a user's authentication token, - without having first requested that -- Linux-PAM authenticate the -+ Linux-PAM authenticate the - user. In some cases this may be deemed appropriate: when - root wants to change the authentication - token of some lesser user. In other cases it may not be -@@ -176,7 +154,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - this when implementing a given module. - -
--
-+
- Minimizing administration problems - - To avoid system administration problems and the poor -@@ -189,7 +167,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - simply return PAM_IGNORE. - -
--
-+
- Arguments supplied to the module - - The flags argument of each of -@@ -203,7 +181,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - arguments are taken from the line appropriate to this - module---that is, with the service_name - matching that of the application---in the configuration file -- (see the Linux-PAM -+ (see the Linux-PAM - System Administrators' Guide). Together these two parameters - provide the number of arguments and an array of pointers to - the individual argument tokens. This will be familiar to C -@@ -214,33 +192,27 @@ gcc -shared -o pam_module.so pam_module.o -lpam - -
-
--
-+
- Authentication management -- -- -+ -+ -
--
-+
- Account management -- -+ -
--
-+
- Session management -- -- -+ -+ -
--
-+
- Authentication token management -- -+ -
- - -- -+ - Generic optional arguments - - Here we list the generic arguments that all modules can expect to -@@ -276,17 +248,17 @@ gcc -shared -o pam_module.so pam_module.o -lpam - - - -- -+ - Programming notes - - Here we collect some pointers for the module writer to bear in mind -- when writing/developing a Linux-PAM -+ when writing/developing a Linux-PAM - compatible module. - - --
-+
- Security issues for module creation --
-+
- Sufficient resources - - Care should be taken to ensure that the proper execution -@@ -299,7 +271,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - consideration. - -
--
-+
- Who´s who? - - Generally, the module may wish to establish the identity of -@@ -349,13 +321,13 @@ gcc -shared -o pam_module.so pam_module.o -lpam - Z, the user under whose identity the service will be granted. - This is the username returned by - pam_get_user() and also stored in the -- Linux-PAM item, -+ Linux-PAM item, - PAM_USER. - - - - -- Linux-PAM has a place for -+ Linux-PAM has a place for - an additional user identity that a module may care to make - use of. This is the PAM_RUSER item. - Generally, network sensitive modules/applications may wish -@@ -369,10 +341,10 @@ gcc -shared -o pam_module.so pam_module.o -lpam - uid or euid of the - running process, it should take care to restore the original - values prior to returning control to the -- Linux-PAM library. -+ Linux-PAM library. - -
--
-+
- Using the conversation function - - Prior to calling the conversation function, the module should -@@ -389,7 +361,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - indicating failure. - -
--
-+
- Authentication tokens - - To ensure that the authentication tokens are not left lying -@@ -403,7 +375,7 @@ gcc -shared -o pam_module.so pam_module.o -lpam - general rule the module should overwrite authentication tokens - as soon as they are no longer needed. Especially before - free()'ing them. The -- Linux-PAM library is -+ Linux-PAM library is - required to do this when either of these authentication - token items are (re)set. - -@@ -437,7 +409,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) - -
-
--
-+
- Use of <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> -@@ -451,7 +423,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) - - syslog3 - with facility-type -- LOG_AUTHPRIV. -+ LOG_AUTHPRIV. - - - With a few exceptions, the level of logging is, at the discretion -@@ -501,7 +473,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) - - -
--
-+
- Modules that require system libraries - - Writing a module is much like writing an application. You -@@ -526,16 +498,16 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) -
- - -- -+ - An example module - - At some point, we may include a fully commented example of a module in - this document. For now, please look at the modules directory of the -- Linux-PAM sources. -+ Linux-PAM sources. - - - -- -+ - See also - - -@@ -558,7 +530,7 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) - - - -- -+ - Author/acknowledgments - - This document was written by Andrew G. Morgan (morgan@kernel.org) -@@ -578,14 +550,14 @@ int cleanup(pam_handle_t *pamh, void *data, int error_status) - - Thanks are also due to Sun Microsystems, especially to Vipin Samar and - Charlie Lai for their advice. At an early stage in the development of -- Linux-PAM, Sun graciously made the -+ Linux-PAM, Sun graciously made the - documentation for their implementation of PAM available. This act - greatly accelerated the development of -- Linux-PAM. -+ Linux-PAM. - - - -- -+ - Copyright information for this document - - Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> -@@ -629,4 +601,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - - -- -+ -\ No newline at end of file -diff --git a/doc/mwg/Makefile.am b/doc/mwg/Makefile.am -index 688e6cb3a..340249c6c 100644 ---- a/doc/mwg/Makefile.am -+++ b/doc/mwg/Makefile.am -@@ -16,7 +16,7 @@ all: Linux-PAM_MWG.txt html/Linux-PAM_MWG.html Linux-PAM_MWG.pdf - - Linux-PAM_MWG.pdf: $(XMLS) $(DEP_XMLS) - if ENABLE_GENERATE_PDF -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam generate.toc "book toc" \ - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ -@@ -28,7 +28,7 @@ else - endif - - Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam generate.toc "book toc" \ - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ -@@ -37,7 +37,7 @@ Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) - - html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) - @test -d html || mkdir -p html -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam base.dir html/ \ - --stringparam root.filename Linux-PAM_MWG \ - --stringparam use.id.as.filename 1 \ -diff --git a/doc/mwg/pam_conv.xml b/doc/mwg/pam_conv.xml -index a2b470af5..2b369503d 100644 ---- a/doc/mwg/pam_conv.xml -+++ b/doc/mwg/pam_conv.xml -@@ -1,11 +1,7 @@ -- -- --
-+
- The conversation function - -- -+ - - - struct pam_message { -@@ -24,12 +20,10 @@ struct pam_conv { - void *appdata_ptr; - }; - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_fail_delay.xml b/doc/mwg/pam_fail_delay.xml -index 589e1148b..d602a1f79 100644 ---- a/doc/mwg/pam_fail_delay.xml -+++ b/doc/mwg/pam_fail_delay.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Request a delay on failure - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_get_data.xml b/doc/mwg/pam_get_data.xml -index b1afdb3f7..e1342d16e 100644 ---- a/doc/mwg/pam_get_data.xml -+++ b/doc/mwg/pam_get_data.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Get module internal data - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_get_item.xml b/doc/mwg/pam_get_item.xml -index 370a10a1a..e0635d212 100644 ---- a/doc/mwg/pam_get_item.xml -+++ b/doc/mwg/pam_get_item.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Getting PAM items - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_get_user.xml b/doc/mwg/pam_get_user.xml -index 1cb7fdf30..3b79fe076 100644 ---- a/doc/mwg/pam_get_user.xml -+++ b/doc/mwg/pam_get_user.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Get user name - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_getenv.xml b/doc/mwg/pam_getenv.xml -index 61d69c33c..f7b483ed9 100644 ---- a/doc/mwg/pam_getenv.xml -+++ b/doc/mwg/pam_getenv.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Get a PAM environment variable - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_getenvlist.xml b/doc/mwg/pam_getenvlist.xml -index d3c2fcd35..4433c04d6 100644 ---- a/doc/mwg/pam_getenvlist.xml -+++ b/doc/mwg/pam_getenvlist.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Getting the PAM environment - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_putenv.xml b/doc/mwg/pam_putenv.xml -index e55f1a42f..6378a15b2 100644 ---- a/doc/mwg/pam_putenv.xml -+++ b/doc/mwg/pam_putenv.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Set or change PAM environment variable - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_set_data.xml b/doc/mwg/pam_set_data.xml -index 18b2711b9..3fb3b1fed 100644 ---- a/doc/mwg/pam_set_data.xml -+++ b/doc/mwg/pam_set_data.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Set module internal data - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_set_item.xml b/doc/mwg/pam_set_item.xml -index 7d19925e0..7a8ee8dea 100644 ---- a/doc/mwg/pam_set_item.xml -+++ b/doc/mwg/pam_set_item.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Setting PAM items - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_sm_acct_mgmt.xml b/doc/mwg/pam_sm_acct_mgmt.xml -index 10b3c9e9e..c17a9bf06 100644 ---- a/doc/mwg/pam_sm_acct_mgmt.xml -+++ b/doc/mwg/pam_sm_acct_mgmt.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Service function for account management - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_sm_authenticate.xml b/doc/mwg/pam_sm_authenticate.xml -index 54c79af6f..138fc1ff7 100644 ---- a/doc/mwg/pam_sm_authenticate.xml -+++ b/doc/mwg/pam_sm_authenticate.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Service function for user authentication - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_sm_chauthtok.xml b/doc/mwg/pam_sm_chauthtok.xml -index a13643158..546ae6622 100644 ---- a/doc/mwg/pam_sm_chauthtok.xml -+++ b/doc/mwg/pam_sm_chauthtok.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Service function to alter authentication token - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_sm_close_session.xml b/doc/mwg/pam_sm_close_session.xml -index 9346c506b..69140b810 100644 ---- a/doc/mwg/pam_sm_close_session.xml -+++ b/doc/mwg/pam_sm_close_session.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Service function to terminate session management - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_sm_open_session.xml b/doc/mwg/pam_sm_open_session.xml -index b8e3fa90f..aba28a3e9 100644 ---- a/doc/mwg/pam_sm_open_session.xml -+++ b/doc/mwg/pam_sm_open_session.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Service function to start session management - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_sm_setcred.xml b/doc/mwg/pam_sm_setcred.xml -index eee8e1d61..36e43c04b 100644 ---- a/doc/mwg/pam_sm_setcred.xml -+++ b/doc/mwg/pam_sm_setcred.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Service function to alter credentials - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/mwg/pam_strerror.xml b/doc/mwg/pam_strerror.xml -index 35b08a274..e4e1c56af 100644 ---- a/doc/mwg/pam_strerror.xml -+++ b/doc/mwg/pam_strerror.xml -@@ -1,18 +1,12 @@ -- -- --
-+
- Strings describing PAM error codes - -- -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/Linux-PAM_SAG.xml b/doc/sag/Linux-PAM_SAG.xml -index 2adaef7da..952f224b4 100644 ---- a/doc/sag/Linux-PAM_SAG.xml -+++ b/doc/sag/Linux-PAM_SAG.xml -@@ -1,36 +1,25 @@ -- -- -- -- -+ -+ - The Linux-PAM System Administrators' Guide - -- -- Andrew G. -- Morgan -- morgan@kernel.org -- -- -- Thorsten -- Kukuk -- kukuk@thkukuk.de -- -+ Andrew G.Morganmorgan@kernel.org -+ ThorstenKukukkukuk@thkukuk.de - - Version 1.1.2, 31. August 2010 - - - This manual documents what a system-administrator needs to know about -- the Linux-PAM library. It covers the -+ the Linux-PAM library. It covers the - correct syntax of the PAM configuration file and discusses strategies - for maintaining a secure system. - - -- -+ - -- -+ - Introduction - -- Linux-PAM (Pluggable Authentication -+ Linux-PAM (Pluggable Authentication - Modules for Linux) is a suite of shared libraries that enable the - local system administrator to choose how applications authenticate users. - -@@ -58,7 +47,7 @@ - on entries in the /etc/group file. - - -- It is the purpose of the Linux-PAM -+ It is the purpose of the Linux-PAM - project to separate the development of privilege granting software - from the development of secure and appropriate authentication schemes. - This is accomplished by providing a library of functions that an -@@ -76,7 +65,7 @@ - - - -- -+ - Some comments on the text - - Before proceeding to read the rest of this document, it should be -@@ -91,7 +80,7 @@ - - As an example of the above, where it is explicit, the text assumes - that PAM loadable object files (the -- modules) are to be located in -+ modules) are to be located in - the following directory: /lib/security/ or - /lib64/security depending on the architecture. - This is generally the location that seems to be compatible with the -@@ -103,7 +92,7 @@ - - - -- -+ - Overview - - For the uninitiated, we begin by considering an example. We take an -@@ -121,16 +110,16 @@ - password and then verifying that it agrees with that located on - the system; hence verifying that as far as the system is concerned - the user is who they claim to be. This is the task that is delegated -- to Linux-PAM. -+ to Linux-PAM. - - - From the perspective of the application programmer (in this case - the person that wrote the login application), -- Linux-PAM takes care of this -+ Linux-PAM takes care of this - authentication task -- verifying the identity of the user. - - -- The flexibility of Linux-PAM is -+ The flexibility of Linux-PAM is - that you, the system administrator, have - the freedom to stipulate which authentication scheme is to be - used. You have the freedom to set the scheme for any/all -@@ -152,7 +141,7 @@ - authentication can be upgraded to include (long) division! - - -- Linux-PAM deals with four -+ Linux-PAM deals with four - separate types of (management) task. These are: - authentication management; - account management; -@@ -160,15 +149,15 @@ - password management. - The association of the preferred management scheme with the behavior - of an application is made with entries in the relevant -- Linux-PAM configuration file. -+ Linux-PAM configuration file. - The management functions are performed by modules - specified in the configuration file. The syntax for this - file is discussed in the section -- below. -+ below. - - - Here is a figure that describes the overall organization of -- Linux-PAM: -+ Linux-PAM: - - +----------------+ - | application: X | -@@ -193,14 +182,14 @@ - - By way of explanation, the left of the figure represents the - application; application X. Such an application interfaces with the -- Linux-PAM library and knows none of -+ Linux-PAM library and knows none of - the specifics of its configured authentication method. The -- Linux-PAM library (in the center) -+ Linux-PAM library (in the center) - consults the contents of the PAM configuration file and loads the - modules that are appropriate for application-X. These modules fall - into one of four management groups (lower-center) and are stacked in - the order they appear in the configuration file. These modules, when -- called by Linux-PAM, perform the -+ called by Linux-PAM, perform the - various authentication tasks for the application. Textual information, - required from/or offered to the user, can be exchanged through the - use of the application-supplied conversation -@@ -216,34 +205,28 @@ - - - -- -+ - The Linux-PAM configuration file -- --
-+ -+
- Configuration file syntax -- -+ -
--
-+
- Directory based configuration -- -+ -
--
-+
- Example configuration file entries - - In this section, we give some examples of entries that can -- be present in the Linux-PAM -+ be present in the Linux-PAM - configuration file. As a first attempt at configuring your - system you could do worse than to implement these. - - - If a system is to be considered secure, it had better have a -- reasonably secure 'other entry. -+ reasonably secure 'other entry. - The following is a paranoid setting (which is not a bad place - to start!): - -@@ -311,7 +294,7 @@ session required pam_deny.so - - On a less sensitive computer, one on which the system - administrator wishes to remain ignorant of much of the -- power of Linux-PAM, the -+ power of Linux-PAM, the - following selection of lines (in - /etc/pam.d/other) is likely to - mimic the historically familiar Linux setup. -@@ -331,21 +314,21 @@ session required pam_unix.so -
- - -- -+ - Security issues --
-+
- If something goes wrong - -- Linux-PAM has the potential -+ Linux-PAM has the potential - to seriously change the security of your system. You can - choose to have no security or absolute security (no access -- permitted). In general, Linux-PAM -+ permitted). In general, Linux-PAM - errs towards the latter. Any number of configuration errors - can disable access to your system partially, or completely. - - - The most dramatic problem that is likely to be encountered when -- configuring Linux-PAM is that of -+ configuring Linux-PAM is that of - deleting the configuration file(s): - /etc/pam.d/* and/or - /etc/pam.conf. This will lock you out of -@@ -357,11 +340,11 @@ session required pam_unix.so - things from there. - -
--
-+
- Avoid having a weak `other' configuration - - It is not a good thing to have a weak default -- (other) entry. -+ (other) entry. - This service is the default configuration for all PAM aware - applications and if it is weak, your system is likely to be - vulnerable to attack. -@@ -388,93 +371,57 @@ session required pam_warn.so -
- - -- -+ - A reference guide for available modules - - Here, we collect together the descriptions of the various modules - coming with Linux-PAM. - -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - - -- -+ - See also - - -@@ -497,7 +444,7 @@ session required pam_warn.so - - - -- -+ - Author/acknowledgments - - This document was written by Andrew G. Morgan (morgan@kernel.org) -@@ -518,14 +465,14 @@ session required pam_warn.so - - Thanks are also due to Sun Microsystems, especially to Vipin Samar and - Charlie Lai for their advice. At an early stage in the development of -- Linux-PAM, Sun graciously made the -+ Linux-PAM, Sun graciously made the - documentation for their implementation of PAM available. This act - greatly accelerated the development of -- Linux-PAM. -+ Linux-PAM. - - - -- -+ - Copyright information for this document - - Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> -@@ -569,4 +516,4 @@ TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE - USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - - -- -+ -\ No newline at end of file -diff --git a/doc/sag/Makefile.am b/doc/sag/Makefile.am -index 84fd383fe..04c90919e 100644 ---- a/doc/sag/Makefile.am -+++ b/doc/sag/Makefile.am -@@ -7,7 +7,6 @@ CLEANFILES = Linux-PAM_SAG.fo *~ - EXTRA_DIST = $(XMLS) - - XMLS = Linux-PAM_SAG.xml $(shell ls $(srcdir)/pam_*.xml) -- - DEP_XMLS = $(shell ls $(top_srcdir)/modules/pam_*/pam_*.xml) - - if ENABLE_REGENERATE_MAN -@@ -17,7 +16,7 @@ all: Linux-PAM_SAG.txt html/Linux-PAM_SAG.html Linux-PAM_SAG.pdf - - Linux-PAM_SAG.pdf: $(XMLS) $(DEP_XMLS) - if ENABLE_GENERATE_PDF -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam generate.toc "book toc" \ - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ -@@ -29,7 +28,7 @@ else - endif - - Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam generate.toc "book toc" \ - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ -@@ -38,7 +37,7 @@ Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) - - html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) - @test -d html || mkdir -p html -- $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< -+ $(XMLLINT) --nonet --xinclude --relaxng $(DOCBOOK_RNG) --noent --noout $< - $(XSLTPROC) --stringparam base.dir html/ \ - --stringparam root.filename Linux-PAM_SAG \ - --stringparam use.id.as.filename 1 \ -diff --git a/doc/sag/pam_access.xml b/doc/sag/pam_access.xml -index b9bf39d0a..75f14b37a 100644 ---- a/doc/sag/pam_access.xml -+++ b/doc/sag/pam_access.xml -@@ -1,42 +1,30 @@ -- -- --
-+
- pam_access - logdaemon style login access control -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_debug.xml b/doc/sag/pam_debug.xml -index b131954c1..0c8aa940d 100644 ---- a/doc/sag/pam_debug.xml -+++ b/doc/sag/pam_debug.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_debug - debug the PAM stack -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_deny.xml b/doc/sag/pam_deny.xml -index 2cb71a03f..fdd2aaae7 100644 ---- a/doc/sag/pam_deny.xml -+++ b/doc/sag/pam_deny.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_deny - locking-out PAM module -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_echo.xml b/doc/sag/pam_echo.xml -index b066d4acc..e4de88627 100644 ---- a/doc/sag/pam_echo.xml -+++ b/doc/sag/pam_echo.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_echo - print text messages -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_env.xml b/doc/sag/pam_env.xml -index 9f6e63319..68b7c4f0c 100644 ---- a/doc/sag/pam_env.xml -+++ b/doc/sag/pam_env.xml -@@ -1,42 +1,30 @@ -- -- --
-+
- pam_env - set/unset environment variables -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_exec.xml b/doc/sag/pam_exec.xml -index 265e7f415..859bb3b92 100644 ---- a/doc/sag/pam_exec.xml -+++ b/doc/sag/pam_exec.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_exec - call an external command -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_faildelay.xml b/doc/sag/pam_faildelay.xml -index 1d8295e01..969020878 100644 ---- a/doc/sag/pam_faildelay.xml -+++ b/doc/sag/pam_faildelay.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_faildelay - change the delay on failure per-application -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_faillock.xml b/doc/sag/pam_faillock.xml -index 96940c6bf..32777b1d3 100644 ---- a/doc/sag/pam_faillock.xml -+++ b/doc/sag/pam_faillock.xml -@@ -1,38 +1,27 @@ -- -- --
-+
- pam_faillock - temporarily locking access based on failed authentication attempts during an interval -- -- -+ -+ - -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_filter.xml b/doc/sag/pam_filter.xml -index 6a4a1ba22..56af28cb7 100644 ---- a/doc/sag/pam_filter.xml -+++ b/doc/sag/pam_filter.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_filter - filter module -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_ftp.xml b/doc/sag/pam_ftp.xml -index b24562659..13fe40a0f 100644 ---- a/doc/sag/pam_ftp.xml -+++ b/doc/sag/pam_ftp.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_ftp - module for anonymous access -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_group.xml b/doc/sag/pam_group.xml -index ce82bf0f0..e4efc0356 100644 ---- a/doc/sag/pam_group.xml -+++ b/doc/sag/pam_group.xml -@@ -1,42 +1,30 @@ -- -- --
-+
- pam_group - module to modify group access -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_issue.xml b/doc/sag/pam_issue.xml -index 5033d23f6..f56cc4632 100644 ---- a/doc/sag/pam_issue.xml -+++ b/doc/sag/pam_issue.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_issue - add issue file to user prompt -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_keyinit.xml b/doc/sag/pam_keyinit.xml -index 3caa4c270..d8013512a 100644 ---- a/doc/sag/pam_keyinit.xml -+++ b/doc/sag/pam_keyinit.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_keyinit - display the keyinit file -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_lastlog.xml b/doc/sag/pam_lastlog.xml -index c250c0189..1c9c6b2c1 100644 ---- a/doc/sag/pam_lastlog.xml -+++ b/doc/sag/pam_lastlog.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_lastlog - display date of last login -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_limits.xml b/doc/sag/pam_limits.xml -index 7f898a406..f03a1e41e 100644 ---- a/doc/sag/pam_limits.xml -+++ b/doc/sag/pam_limits.xml -@@ -1,42 +1,30 @@ -- -- --
-+
- pam_limits - limit resources -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_listfile.xml b/doc/sag/pam_listfile.xml -index db7acdc61..66d7a82ef 100644 ---- a/doc/sag/pam_listfile.xml -+++ b/doc/sag/pam_listfile.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_listfile - deny or allow services based on an arbitrary file -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_localuser.xml b/doc/sag/pam_localuser.xml -index 480ff96ec..a3cee75f7 100644 ---- a/doc/sag/pam_localuser.xml -+++ b/doc/sag/pam_localuser.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_localuser - require users to be listed in /etc/passwd -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_loginuid.xml b/doc/sag/pam_loginuid.xml -index 3b4428434..fc4a09674 100644 ---- a/doc/sag/pam_loginuid.xml -+++ b/doc/sag/pam_loginuid.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_loginuid - record user's login uid to the process attribute -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_mail.xml b/doc/sag/pam_mail.xml -index 031f786d4..6b76770e8 100644 ---- a/doc/sag/pam_mail.xml -+++ b/doc/sag/pam_mail.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_mail - inform about available mail -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_mkhomedir.xml b/doc/sag/pam_mkhomedir.xml -index dc6a1eb79..141395cda 100644 ---- a/doc/sag/pam_mkhomedir.xml -+++ b/doc/sag/pam_mkhomedir.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_mkhomedir - create users home directory -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_motd.xml b/doc/sag/pam_motd.xml -index 7a7d2deec..9af77bb53 100644 ---- a/doc/sag/pam_motd.xml -+++ b/doc/sag/pam_motd.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_motd - display the motd file -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_namespace.xml b/doc/sag/pam_namespace.xml -index 6ece9bc14..e18bc0f74 100644 ---- a/doc/sag/pam_namespace.xml -+++ b/doc/sag/pam_namespace.xml -@@ -1,42 +1,30 @@ -- -- --
-+
- pam_namespace - setup a private namespace -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_nologin.xml b/doc/sag/pam_nologin.xml -index 0c626b82c..f2acf4923 100644 ---- a/doc/sag/pam_nologin.xml -+++ b/doc/sag/pam_nologin.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_nologin - prevent non-root users from login -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_permit.xml b/doc/sag/pam_permit.xml -index 7c200478a..52548c0d3 100644 ---- a/doc/sag/pam_permit.xml -+++ b/doc/sag/pam_permit.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_permit - the promiscuous module -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_pwhistory.xml b/doc/sag/pam_pwhistory.xml -index 0677eae39..867a1bca4 100644 ---- a/doc/sag/pam_pwhistory.xml -+++ b/doc/sag/pam_pwhistory.xml -@@ -1,38 +1,27 @@ -- -- --
-+
- pam_pwhistory - grant access using .pwhistory file -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_rhosts.xml b/doc/sag/pam_rhosts.xml -index 680a70c16..f70b1fbfa 100644 ---- a/doc/sag/pam_rhosts.xml -+++ b/doc/sag/pam_rhosts.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_rhosts - grant access using .rhosts file -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_rootok.xml b/doc/sag/pam_rootok.xml -index 59c99ae92..ab4b4438d 100644 ---- a/doc/sag/pam_rootok.xml -+++ b/doc/sag/pam_rootok.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_rootok - gain only root access -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_securetty.xml b/doc/sag/pam_securetty.xml -index 6ed13e593..9bd9fe218 100644 ---- a/doc/sag/pam_securetty.xml -+++ b/doc/sag/pam_securetty.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_securetty - limit root login to special devices -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_selinux.xml b/doc/sag/pam_selinux.xml -index 9a4f9878f..cb64bcfeb 100644 ---- a/doc/sag/pam_selinux.xml -+++ b/doc/sag/pam_selinux.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_selinux - set the default security context -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_sepermit.xml b/doc/sag/pam_sepermit.xml -index 9831a13f1..264266155 100644 ---- a/doc/sag/pam_sepermit.xml -+++ b/doc/sag/pam_sepermit.xml -@@ -1,38 +1,27 @@ -- -- --
-+
- pam_sepermit - allow/reject access based on SELinux mode -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_setquota.xml b/doc/sag/pam_setquota.xml -index 368dfd8e2..01d187327 100644 ---- a/doc/sag/pam_setquota.xml -+++ b/doc/sag/pam_setquota.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_setquota - set or modify disk quotas on session start -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_shells.xml b/doc/sag/pam_shells.xml -index b3b3d3273..6765a1973 100644 ---- a/doc/sag/pam_shells.xml -+++ b/doc/sag/pam_shells.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_shells - check for valid login shell -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_succeed_if.xml b/doc/sag/pam_succeed_if.xml -index ce0792d95..7c9f4934c 100644 ---- a/doc/sag/pam_succeed_if.xml -+++ b/doc/sag/pam_succeed_if.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_succeed_if - test account characteristics -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_time.xml b/doc/sag/pam_time.xml -index 74e9e02ab..e15d20a0a 100644 ---- a/doc/sag/pam_time.xml -+++ b/doc/sag/pam_time.xml -@@ -1,42 +1,30 @@ -- -- --
-+
- pam_time - time controlled access -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_timestamp.xml b/doc/sag/pam_timestamp.xml -index 833a6bac9..dfe87e7df 100644 ---- a/doc/sag/pam_timestamp.xml -+++ b/doc/sag/pam_timestamp.xml -@@ -1,42 +1,30 @@ -- -- --
-+
- pam_timestamp - authenticate using cached successful authentication attempts -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_tty_audit.xml b/doc/sag/pam_tty_audit.xml -index 86d1cd039..44de8105c 100644 ---- a/doc/sag/pam_tty_audit.xml -+++ b/doc/sag/pam_tty_audit.xml -@@ -1,38 +1,27 @@ -- -- --
-+
- pam_tty_audit - enable/disable tty auditing -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_umask.xml b/doc/sag/pam_umask.xml -index b05350869..2fb200bbd 100644 ---- a/doc/sag/pam_umask.xml -+++ b/doc/sag/pam_umask.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_umask - set the file mode creation mask -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_unix.xml b/doc/sag/pam_unix.xml -index 24bbaec32..bb3412240 100644 ---- a/doc/sag/pam_unix.xml -+++ b/doc/sag/pam_unix.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_unix - traditional password authentication -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_userdb.xml b/doc/sag/pam_userdb.xml -index 47c2c7271..3c1bbc171 100644 ---- a/doc/sag/pam_userdb.xml -+++ b/doc/sag/pam_userdb.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_userdb - authenticate against a db database -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_warn.xml b/doc/sag/pam_warn.xml -index e2e7adba5..0f1376be6 100644 ---- a/doc/sag/pam_warn.xml -+++ b/doc/sag/pam_warn.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_warn - logs all PAM items -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_wheel.xml b/doc/sag/pam_wheel.xml -index 5ea011e36..76f020427 100644 ---- a/doc/sag/pam_wheel.xml -+++ b/doc/sag/pam_wheel.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_wheel - only permit root access to members of group wheel -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/doc/sag/pam_xauth.xml b/doc/sag/pam_xauth.xml -index 9aca9ffab..4c9ba35e7 100644 ---- a/doc/sag/pam_xauth.xml -+++ b/doc/sag/pam_xauth.xml -@@ -1,34 +1,24 @@ -- -- --
-+
- pam_xauth - forward xauth keys between users -- -- -+ -+ - --
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-- -+
-+ -
--
-+
-\ No newline at end of file -diff --git a/modules/pam_access/README.xml b/modules/pam_access/README.xml -index 8c7d078b2..408aed009 100644 ---- a/modules/pam_access/README.xml -+++ b/modules/pam_access/README.xml -@@ -1,39 +1,23 @@ -- -- ----> -- --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_access.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_access-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_access.8.xml" xpointer='xpointer(id("pam_access-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml -index 8fdbc31de..ff1cb2237 100644 ---- a/modules/pam_access/access.conf.5.xml -+++ b/modules/pam_access/access.conf.5.xml -@@ -1,8 +1,4 @@ -- -- -- -- -+ - - - access.conf -@@ -16,7 +12,7 @@ - - - -- -+ - DESCRIPTION - - The /etc/security/access.conf file specifies -@@ -126,7 +122,7 @@ - - - -- -+ - EXAMPLES - - These are some example lines which might be specified in -@@ -135,7 +131,7 @@ - - - User root should be allowed to get access via -- cron, X11 terminal :0, -+ cron, X11 terminal :0, - tty1, ..., tty5, - tty6. - -@@ -216,7 +212,7 @@ - - - -- -+ - NOTES - - The default separators of list items in a field are space, ',', and tabulator -@@ -228,7 +224,7 @@ - - - -- -+ - SEE ALSO - - pam_access8, -@@ -237,7 +233,7 @@ - - - -- -+ - AUTHORS - - Original login.access5 -@@ -250,4 +246,4 @@ - introduced by Mike Becher <mike.becher@lrz-muenchen.de>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml -index db853410a..010e749e8 100644 ---- a/modules/pam_access/pam_access.8.xml -+++ b/modules/pam_access/pam_access.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_access - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_access - - PAM module for logdaemon style login access control -@@ -20,31 +17,31 @@ - - - -- -+ - pam_access.so -- -+ - debug - -- -+ - nodefgroup - -- -+ - noaudit - -- -+ - accessfile=file - -- -+ - fieldsep=sep - -- -+ - listsep=sep - - - - - -- -+ - DESCRIPTION - - The pam_access PAM module is mainly for access management. -@@ -92,13 +89,13 @@ - - - -- -+ - OPTIONS - - - - -- -+ accessfile=/path/to/access.conf - - - -@@ -111,7 +108,7 @@ - - - -- -+ debug - - - -@@ -123,7 +120,7 @@ - - - -- -+ noaudit - - - -@@ -134,19 +131,19 @@ - - - -- -+ fieldsep=separators - - - - This option modifies the field separator character that - pam_access will recognize when parsing the access - configuration file. For example: -- fieldsep=| will cause the -+ fieldsep=| will cause the - default `:' character to be treated as part of a field value - and `|' becomes the field separator. Doing this may be - useful in conjunction with a system that wants to use - pam_access with X based applications, since the -- PAM_TTY item is likely to be -+ PAM_TTY item is likely to be - of the form "hostname:0" which includes a `:' character in - its value. But you should not need this. - -@@ -155,14 +152,14 @@ - - - -- -+ listsep=separators - - - - This option modifies the list separator character that - pam_access will recognize when parsing the access - configuration file. For example: -- listsep=, will cause the -+ listsep=, will cause the - default ` ' (space) and `\t' (tab) characters to be treated - as part of a list element value and `,' becomes the only - list element separator. Doing this may be useful on a system -@@ -175,7 +172,7 @@ - - - -- -+ nodefgroup - - - -@@ -190,7 +187,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -198,7 +195,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -244,17 +241,17 @@ - - - -- -+ - FILES - - -- /etc/security/access.conf -+ /etc/security/access.conf - - Default configuration file - - - -- %vendordir%/security/access.conf -+ %vendordir%/security/access.conf - - Default configuration file if - /etc/security/access.conf does not exist. -@@ -263,7 +260,7 @@ - - - -- -+ - SEE ALSO - - -@@ -278,7 +275,7 @@ - - - -- -+ - AUTHORS - - The logdaemon style login access control scheme was designed and implemented by -@@ -289,4 +286,4 @@ - was developed and provided by Mike Becher <mike.becher@lrz-muenchen.de>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_debug/README.xml b/modules/pam_debug/README.xml -index ef41911be..cdcec7f43 100644 ---- a/modules/pam_debug/README.xml -+++ b/modules/pam_debug/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_debug.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_debug-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_debug.8.xml" xpointer='xpointer(id("pam_debug-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_debug/pam_debug.8.xml b/modules/pam_debug/pam_debug.8.xml -index 3d85f4d85..1c98f17e3 100644 ---- a/modules/pam_debug/pam_debug.8.xml -+++ b/modules/pam_debug/pam_debug.8.xml -@@ -1,51 +1,48 @@ -- -- -- -- -+ - - - pam_debug - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_debug - PAM module to debug the PAM stack - - - -- -+ - pam_debug.so -- -+ - auth=value - -- -+ - cred=value - -- -+ - acct=value - -- -+ - prechauthtok=value - -- -+ - chauthtok=value - -- -+ - auth=value - -- -+ - open_session=value - -- -+ - close_session=value - - - - -- -+ - DESCRIPTION - - The pam_debug PAM module is intended as a debugging aide for -@@ -54,12 +51,12 @@ - - - -- -+ - OPTIONS - - - -- -+ auth=value - - - -@@ -73,7 +70,7 @@ - - - -- -+ cred=value - - - -@@ -87,7 +84,7 @@ - - - -- -+ acct=value - - - -@@ -101,7 +98,7 @@ - - - -- -+ prechauthtok=value - - - -@@ -116,7 +113,7 @@ - - - -- -+ chauthtok=value - - - -@@ -126,13 +123,13 @@ - function will return - value if the - PAM_PRELIM_CHECK flag is -- not set. -+ not set. - - - - - -- -+ open_session=value - - - -@@ -146,7 +143,7 @@ - - - -- -+ close_session=value - - - -@@ -171,7 +168,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -179,7 +176,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -194,7 +191,7 @@ - - - -- -+ - EXAMPLES - - auth requisite pam_permit.so -@@ -206,7 +203,7 @@ auth sufficient pam_debug.so auth=success cred=success - - - -- -+ - SEE ALSO - - -@@ -221,11 +218,11 @@ auth sufficient pam_debug.so auth=success cred=success - - - -- -+ - AUTHOR - - pam_debug was written by Andrew G. Morgan <morgan@kernel.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_deny/README.xml b/modules/pam_deny/README.xml -index ff2e82b03..d3ba53ce0 100644 ---- a/modules/pam_deny/README.xml -+++ b/modules/pam_deny/README.xml -@@ -1,36 +1,23 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_deny.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_deny-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_deny.8.xml" xpointer='xpointer(id("pam_deny-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_deny/pam_deny.8.xml b/modules/pam_deny/pam_deny.8.xml -index a92835829..db8fcb635 100644 ---- a/modules/pam_deny/pam_deny.8.xml -+++ b/modules/pam_deny/pam_deny.8.xml -@@ -1,27 +1,24 @@ -- -- -- -- -+ - - - pam_deny - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_deny - The locking-out PAM module - - - -- -+ - pam_deny.so - - - -- -+ - - DESCRIPTION - -@@ -33,12 +30,12 @@ - - - -- -+ - OPTIONS - This module does not recognise any options. - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -46,7 +43,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -91,7 +88,7 @@ - - - -- -+ - EXAMPLES - - #%PAM-1.0 -@@ -110,7 +107,7 @@ other session required pam_deny.so - - - -- -+ - SEE ALSO - - -@@ -125,11 +122,11 @@ other session required pam_deny.so - - - -- -+ - AUTHOR - - pam_deny was written by Andrew G. Morgan <morgan@kernel.org> - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_echo/README.xml b/modules/pam_echo/README.xml -index b1556e38c..ceecf9ef6 100644 ---- a/modules/pam_echo/README.xml -+++ b/modules/pam_echo/README.xml -@@ -1,36 +1,23 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_echo.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_echo-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_echo.8.xml" xpointer='xpointer(id("pam_echo-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_echo/pam_echo.8.xml b/modules/pam_echo/pam_echo.8.xml -index ef76b022d..07b793d92 100644 ---- a/modules/pam_echo/pam_echo.8.xml -+++ b/modules/pam_echo/pam_echo.8.xml -@@ -1,15 +1,12 @@ -- -- -- -- -+ - - pam_echo - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_echo - PAM module for printing text messages - -@@ -17,15 +14,15 @@ - - - -- -+ - pam_echo.so -- -+ - file=/path/message - - - - -- -+ - DESCRIPTION - - The pam_echo PAM module is for printing -@@ -35,37 +32,37 @@ - - - -- %H -+ %H - - The name of the remote host (PAM_RHOST). - - - -- %h -+ %h - - The name of the local host. - - - -- %s -+ %s - - The service name (PAM_SERVICE). - - - -- %t -+ %t - - The name of the controlling terminal (PAM_TTY). - - - -- %U -+ %U - - The remote user name (PAM_RUSER). - - - -- %u -+ %u - - The local user name (PAM_USER). - -@@ -79,12 +76,12 @@ - - - -- -+ - OPTIONS - - - -- -+ file=/path/message - - - -@@ -96,7 +93,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -106,7 +103,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -137,7 +134,7 @@ - - - -- -+ - EXAMPLES - - For an example of the use of this module, we show how it may be -@@ -150,7 +147,7 @@ password required pam_unix.so - - - -- SEE ALSO -+ SEE ALSO - - - pam.conf8 -@@ -163,8 +160,8 @@ password required pam_unix.so - - - -- -+ - AUTHOR - Thorsten Kukuk <kukuk@thkukuk.de> - -- -+ -\ No newline at end of file -diff --git a/modules/pam_env/README.xml b/modules/pam_env/README.xml -index 21a9b8555..8becf8700 100644 ---- a/modules/pam_env/README.xml -+++ b/modules/pam_env/README.xml -@@ -1,39 +1,21 @@ -- -- ----> -- --]> -- --
-- -- -+
- -+ - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_env.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_env-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_env.8.xml" xpointer='xpointer(id("pam_env-name")/*)'/> - -- -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml -index d7687d6c9..fb172e17b 100644 ---- a/modules/pam_env/pam_env.8.xml -+++ b/modules/pam_env/pam_env.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_env - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_env - - PAM module to set/unset environment variables -@@ -20,31 +17,31 @@ - - - -- -+ - pam_env.so -- -+ - debug - -- -+ - conffile=conf-file - -- -+ - envfile=env-file - -- -+ - readenv=0|1 - -- -+ - user_envfile=env-file - -- -+ - user_readenv=0|1 - - - - - -- -+ - DESCRIPTION - - The pam_env PAM module allows the (un)setting of environment -@@ -119,13 +116,13 @@ - - - -- -+ - OPTIONS - - - - -- -+ conffile=/path/to/pam_env.conf - - - -@@ -138,7 +135,7 @@ - - - -- -+ debug - - - -@@ -150,7 +147,7 @@ - - - -- -+ envfile=/path/to/environment - - - -@@ -166,7 +163,7 @@ - - - -- -+ readenv=0|1 - - - -@@ -179,7 +176,7 @@ - - - -- -+ user_envfile=filename - - - -@@ -195,7 +192,7 @@ - - - -- -+ user_readenv=0|1 - - - -@@ -216,7 +213,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The and module -@@ -224,7 +221,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -262,25 +259,25 @@ - - - -- -+ - FILES - - -- /usr/etc/security/pam_env.conf -- /etc/security/pam_env.conf -+ %vendordir%/security/pam_env.conf -+ /etc/security/pam_env.conf - - Default configuration file - - - -- /usr/etc/environment -- /etc/environment -+ %vendordir%/environment -+ /etc/environment - - Default environment file - - - -- $HOME/.pam_environment -+ $HOME/.pam_environment - - User specific environment file - -@@ -288,7 +285,7 @@ - - - -- -+ - SEE ALSO - - -@@ -306,10 +303,10 @@ - - - -- -+ - AUTHOR - - pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml -index 5c0dbcb8c..662ff0a00 100644 ---- a/modules/pam_env/pam_env.conf.5.xml -+++ b/modules/pam_env/pam_env.conf.5.xml -@@ -1,13 +1,10 @@ -- -- -- -- -+ - - - pam_env.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - - -@@ -17,7 +14,7 @@ - - - -- -+ - DESCRIPTION - - -@@ -87,7 +84,7 @@ - - - -- -+ - EXAMPLES - - These are some example lines which might be specified in -@@ -133,7 +130,7 @@ - - - -- -+ - SEE ALSO - - pam_env8, -@@ -143,10 +140,10 @@ - - - -- -+ - AUTHOR - - pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_exec/README.xml b/modules/pam_exec/README.xml -index 5e76cab30..1928d7f94 100644 ---- a/modules/pam_exec/README.xml -+++ b/modules/pam_exec/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_exec.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_exec-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_exec.8.xml" xpointer='xpointer(id("pam_exec-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml -index 7e89943ce..13abe6e64 100644 ---- a/modules/pam_exec/pam_exec.8.xml -+++ b/modules/pam_exec/pam_exec.8.xml -@@ -1,57 +1,54 @@ -- -- -- -- -+ - - - pam_exec - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_exec - PAM module which calls an external command - - - -- -+ - pam_exec.so -- -+ - debug - -- -+ - expose_authtok - -- -+ - seteuid - -- -+ - quiet - -- -+ - quiet_log - -- -+ - stdout - -- -+ - log=file - -- -+ - type=type - -- -+ - command - -- -+ - ... - - - - -- -+ - - DESCRIPTION - -@@ -83,7 +80,7 @@ - - - -- -+ - - OPTIONS - -@@ -91,7 +88,7 @@ - - - -- -+ debug - - - -@@ -102,7 +99,7 @@ - - - -- -+ expose_authtok - - - -@@ -117,7 +114,7 @@ - - - -- -+ log=file - - - -@@ -129,7 +126,7 @@ - - - -- -+ type=type - - - -@@ -140,7 +137,7 @@ - - - -- -+ stdout - - - -@@ -151,7 +148,7 @@ - - - -- -+ quiet - - - -@@ -164,7 +161,7 @@ - - - -- -+ quiet_log - - - -@@ -177,7 +174,7 @@ - - - -- -+ seteuid - - - -@@ -194,7 +191,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -202,7 +199,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -278,7 +275,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/passwd to -@@ -293,7 +290,7 @@ - - - -- -+ - SEE ALSO - - -@@ -308,7 +305,7 @@ - - - -- -+ - AUTHOR - - pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and -@@ -316,4 +313,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_faildelay/README.xml b/modules/pam_faildelay/README.xml -index 64d4acccb..8530a3d09 100644 ---- a/modules/pam_faildelay/README.xml -+++ b/modules/pam_faildelay/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_faildelay.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faildelay-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_faildelay.8.xml" xpointer='xpointer(id("pam_faildelay-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_faildelay/pam_faildelay.8.xml b/modules/pam_faildelay/pam_faildelay.8.xml -index 571072036..c31b5076d 100644 ---- a/modules/pam_faildelay/pam_faildelay.8.xml -+++ b/modules/pam_faildelay/pam_faildelay.8.xml -@@ -1,33 +1,30 @@ -- -- -- -- -+ - - - pam_faildelay - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_faildelay - Change the delay on failure per-application - - - -- -+ - pam_faildelay.so -- -+ - debug - -- -+ - delay=microseconds - - - - -- -+ - - DESCRIPTION - -@@ -41,13 +38,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ debug - - - -@@ -57,7 +54,7 @@ - - - -- -+ delay=N - - - -@@ -68,14 +65,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -97,7 +94,7 @@ - - - -- -+ - EXAMPLES - - The following example will set the delay on failure to -@@ -108,7 +105,7 @@ auth optional pam_faildelay.so delay=10000000 - - - -- -+ - SEE ALSO - - -@@ -126,11 +123,11 @@ auth optional pam_faildelay.so delay=10000000 - - - -- -+ - AUTHOR - - pam_faildelay was written by Darren Tucker <dtucker@zip.com.au>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_faillock/README.xml b/modules/pam_faillock/README.xml -index f0654dbe2..a62c917a9 100644 ---- a/modules/pam_faillock/README.xml -+++ b/modules/pam_faillock/README.xml -@@ -1,46 +1,31 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_faillock.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faillock-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_faillock.8.xml" xpointer='xpointer(id("pam_faillock-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_faillock/faillock.8.xml b/modules/pam_faillock/faillock.8.xml -index 81d2107ca..74440fc81 100644 ---- a/modules/pam_faillock/faillock.8.xml -+++ b/modules/pam_faillock/faillock.8.xml -@@ -1,36 +1,33 @@ -- -- -- -- -+ - - - faillock - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - faillock - Tool for displaying and modifying the authentication failure record files - - - -- -+ - faillock -- -+ - --dir /path/to/tally-directory - -- -+ - --user username - -- -+ - --reset - - - - -- -+ - - DESCRIPTION - -@@ -51,13 +48,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ --conf /path/to/config-file - - - -@@ -68,7 +65,7 @@ - - - -- -+ --dir /path/to/tally-directory - - - -@@ -85,7 +82,7 @@ - - - -- -+ --user username - - - -@@ -95,7 +92,7 @@ - - - -- -+ --reset - - - -@@ -106,11 +103,11 @@ - - - -- -+ - FILES - - -- /var/run/faillock/* -+ /var/run/faillock/* - - the files logging the authentication failures for users - -@@ -118,7 +115,7 @@ - - - -- -+ - SEE ALSO - - -@@ -130,11 +127,11 @@ - - - -- -+ - AUTHOR - - faillock was written by Tomas Mraz. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml -index 8faa5915c..cc750fbff 100644 ---- a/modules/pam_faillock/faillock.conf.5.xml -+++ b/modules/pam_faillock/faillock.conf.5.xml -@@ -1,25 +1,22 @@ -- -- -- -- -+ - - - faillock.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - faillock.conf - pam_faillock configuration file - - -- -+ - - DESCRIPTION - -- faillock.conf provides a way to configure the -+ faillock.conf provides a way to configure the - default settings for locking the user after multiple failed authentication attempts. - This file is read by the pam_faillock module and is the - preferred method over configuring pam_faillock directly. -@@ -31,13 +28,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ dir=/path/to/tally-directory - - - -@@ -52,7 +49,7 @@ - - - -- -+ audit - - - -@@ -62,7 +59,7 @@ - - - -- -+ silent - - - -@@ -74,7 +71,7 @@ - - - -- -+ no_log_info - - - -@@ -84,7 +81,7 @@ - - - -- -+ local_users_only - - - -@@ -100,7 +97,7 @@ - - - -- -+ nodelay - - - -@@ -110,7 +107,7 @@ - - - -- -+ deny=n - - - -@@ -122,7 +119,7 @@ - - - -- -+ fail_interval=n - - - -@@ -135,7 +132,7 @@ - - - -- -+ unlock_time=n - - - -@@ -163,7 +160,7 @@ - - - -- -+ even_deny_root - - - -@@ -173,7 +170,7 @@ - - - -- -+ root_unlock_time=n - - - -@@ -187,7 +184,7 @@ - - - -- -+ admin_group=name - - - -@@ -202,7 +199,7 @@ - - - -- -+ - EXAMPLES - - /etc/security/faillock.conf file example: -@@ -214,11 +211,11 @@ silent - - - -- -+ - FILES - - -- /etc/security/faillock.conf -+ /etc/security/faillock.conf - - the config file for custom options - -@@ -226,7 +223,7 @@ silent - - - -- -+ - SEE ALSO - - -@@ -247,11 +244,11 @@ silent - - - -- -+ - AUTHOR - - pam_faillock was written by Tomas Mraz. The support for faillock.conf was written by Brian Ward. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml -index b7b7b0db9..ce0ae050b 100644 ---- a/modules/pam_faillock/pam_faillock.8.xml -+++ b/modules/pam_faillock/pam_faillock.8.xml -@@ -1,8 +1,4 @@ -- -- -- -- -+ - - - pam_faillock -@@ -10,63 +6,63 @@ - Linux-PAM Manual - - -- -+ - pam_faillock - Module counting authentication failures during a specified interval - - - -- -+ - auth ... pam_faillock.so -- -+ - preauth|authfail|authsucc - -- -+ - conf=/path/to/config-file - -- -+ - dir=/path/to/tally-directory - -- -+ - even_deny_root - -- -+ - deny=n - -- -+ - fail_interval=n - -- -+ - unlock_time=n - -- -+ - root_unlock_time=n - -- -+ - admin_group=name - -- -+ - audit - -- -+ - silent - -- -+ - no_log_info - - -- -+ - account ... pam_faillock.so -- -+ - dir=/path/to/tally-directory - -- -+ - no_log_info - - - - -- -+ - - DESCRIPTION - -@@ -78,20 +74,20 @@ - - - Normally, failed attempts to authenticate root will -- not cause the root account to become -+ not cause the root account to become - blocked, to prevent denial-of-service: if your users aren't given - shell accounts and root may only login via su or - at the machine console (not telnet/rsh, etc), this is safe. - - - -- -+ - - OPTIONS - - - -- -+ {preauth|authfail|authsucc} - - - -@@ -131,7 +127,7 @@ - - - -- -+ conf=/path/to/config-file - - - -@@ -156,7 +152,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The and module types are -@@ -164,7 +160,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -222,7 +218,7 @@ - - - -- -+ - NOTES - - Configuring options on the module command line is not recommend. The -@@ -234,7 +230,7 @@ - - - Individual files with the failure records are created as owned by -- the user. This allows pam_faillock.so module -+ the user. This allows pam_faillock.so module - to work correctly when it is called from a screensaver. - - -@@ -249,7 +245,7 @@ - - - -- -+ - EXAMPLES - - Here are two possible configuration examples for /etc/pam.d/login. -@@ -320,11 +316,11 @@ session required pam_selinux.so open - - - -- -+ - FILES - - -- /var/run/faillock/* -+ /var/run/faillock/* - - the files logging the authentication failures for users - -@@ -336,13 +332,13 @@ session required pam_selinux.so open - - - -- /etc/security/faillock.conf -+ /etc/security/faillock.conf - - the config file for pam_faillock options - - - -- %vendordir%/security/faillock.conf -+ %vendordir%/security/faillock.conf - - - the config file for pam_faillock options. It will be used if -@@ -353,7 +349,7 @@ session required pam_selinux.so open - - - -- -+ - SEE ALSO - - -@@ -374,11 +370,11 @@ session required pam_selinux.so open - - - -- -+ - AUTHOR - - pam_faillock was written by Tomas Mraz. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_filter/README.xml b/modules/pam_filter/README.xml -index b76cb743f..ab0531748 100644 ---- a/modules/pam_filter/README.xml -+++ b/modules/pam_filter/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_filter.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_filter-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_filter.8.xml" xpointer='xpointer(id("pam_filter-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_filter/pam_filter.8.xml b/modules/pam_filter/pam_filter.8.xml -index 7309c352a..8015f41e5 100644 ---- a/modules/pam_filter/pam_filter.8.xml -+++ b/modules/pam_filter/pam_filter.8.xml -@@ -1,45 +1,42 @@ -- -- -- -- -+ - - - pam_filter - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_filter - PAM filter module - - - -- -+ - pam_filter.so -- -+ - debug - -- -+ - new_term - -- -+ - non_term - -- -+ - run1|run2 - -- -+ - filter - -- -+ - ... - - - - -- -+ - - DESCRIPTION - -@@ -66,7 +63,7 @@ - - - -- -+ - - OPTIONS - -@@ -74,7 +71,7 @@ - - - -- -+ debug - - - -@@ -85,7 +82,7 @@ - - - -- -+ new_term - - - -@@ -101,7 +98,7 @@ - - - -- -+ non_term - - - -@@ -112,7 +109,7 @@ - - - -- -+ runX - - - -@@ -174,7 +171,7 @@ - - - -- -+ filter - - - -@@ -188,7 +185,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -196,7 +193,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -223,7 +220,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/login to -@@ -236,7 +233,7 @@ - - - -- -+ - SEE ALSO - - -@@ -251,11 +248,11 @@ - - - -- -+ - AUTHOR - - pam_filter was written by Andrew G. Morgan <morgan@kernel.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_ftp/README.xml b/modules/pam_ftp/README.xml -index 65de28e36..f4606beee 100644 ---- a/modules/pam_ftp/README.xml -+++ b/modules/pam_ftp/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_ftp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_ftp-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_ftp.8.xml" xpointer='xpointer(id("pam_ftp-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_ftp/pam_ftp.8.xml b/modules/pam_ftp/pam_ftp.8.xml -index 6f11f570f..03f367817 100644 ---- a/modules/pam_ftp/pam_ftp.8.xml -+++ b/modules/pam_ftp/pam_ftp.8.xml -@@ -1,36 +1,33 @@ -- -- -- -- -+ - - - pam_ftp - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_ftp - PAM module for anonymous access module - - - -- -+ - pam_ftp.so -- -+ - debug - -- -+ - ignore - -- -+ - users=XXX,YYY, - - - - -- -+ - - DESCRIPTION - -@@ -54,7 +51,7 @@ - - - -- -+ - - OPTIONS - -@@ -62,7 +59,7 @@ - - - -- -+ debug - - - -@@ -73,7 +70,7 @@ - - - -- -+ ignore - - - -@@ -85,7 +82,7 @@ - - - -- -+ ftp=XXX,YYY,... - - - -@@ -105,14 +102,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -139,7 +136,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/ftpd to -@@ -158,7 +155,7 @@ auth required pam_listfile.so \ - - - -- -+ - SEE ALSO - - -@@ -173,11 +170,11 @@ auth required pam_listfile.so \ - - - -- -+ - AUTHOR - - pam_ftp was written by Andrew G. Morgan <morgan@kernel.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_group/README.xml b/modules/pam_group/README.xml -index 387d69871..8ccd55d05 100644 ---- a/modules/pam_group/README.xml -+++ b/modules/pam_group/README.xml -@@ -1,34 +1,19 @@ -- -- ----> -- --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_group.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_group-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_group.8.xml" xpointer='xpointer(id("pam_group-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml -index 2b7fb3454..a8875b30a 100644 ---- a/modules/pam_group/group.conf.5.xml -+++ b/modules/pam_group/group.conf.5.xml -@@ -1,13 +1,10 @@ -- -- -- -- -+ - - - group.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - - -@@ -15,7 +12,7 @@ - configuration file for the pam_group module - - -- -+ - DESCRIPTION - - -@@ -98,7 +95,7 @@ - - - -- -+ - EXAMPLES - - These are some example lines which might be specified in -@@ -129,7 +126,7 @@ xsh; tty* ;%admin;Al0000-2400;plugdev - - - -- -+ - SEE ALSO - - pam_group8, -@@ -138,10 +135,10 @@ xsh; tty* ;%admin;Al0000-2400;plugdev - - - -- -+ - AUTHOR - - pam_group was written by Andrew G. Morgan <morgan@kernel.org>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml -index e4a59dfd9..695a7baf6 100644 ---- a/modules/pam_group/pam_group.8.xml -+++ b/modules/pam_group/pam_group.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_group - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_group - - PAM module for group access -@@ -20,13 +17,13 @@ - - - -- -+ - pam_group.so - - - - -- -+ - DESCRIPTION - - The pam_group PAM module does not authenticate the user, but instead -@@ -64,19 +61,19 @@ - - - -- -+ - OPTIONS - This module does not recognise any options. - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -130,11 +127,11 @@ - - - -- -+ - FILES - - -- /etc/security/group.conf -+ /etc/security/group.conf - - Default configuration file - -@@ -142,7 +139,7 @@ - - - -- -+ - SEE ALSO - - -@@ -157,10 +154,10 @@ - - - -- -+ - AUTHORS - - pam_group was written by Andrew G. Morgan <morgan@kernel.org>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_issue/README.xml b/modules/pam_issue/README.xml -index b5b61c3aa..36742c779 100644 ---- a/modules/pam_issue/README.xml -+++ b/modules/pam_issue/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_issue.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_issue-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_issue.8.xml" xpointer='xpointer(id("pam_issue-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_issue/pam_issue.8.xml b/modules/pam_issue/pam_issue.8.xml -index fb9b73777..20d324516 100644 ---- a/modules/pam_issue/pam_issue.8.xml -+++ b/modules/pam_issue/pam_issue.8.xml -@@ -1,110 +1,107 @@ -- -- -- -- -+ - - - pam_issue - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_issue - PAM module to add issue file to user prompt - - - -- -+ - pam_issue.so -- -+ - noesc - -- -+ - issue=issue-file-name - - - - -- -+ - - DESCRIPTION - - - pam_issue is a PAM module to prepend an issue file to the username - prompt. It also by default parses escape codes in the issue file -- similar to some common getty's (using \x format). -+ similar to some common getty's (using \x format). - - - Recognized escapes: - - - -- \d -+ \d - - current day - - - -- \l -+ \l - - name of this tty - - - -- \m -+ \m - - machine architecture (uname -m) - - - -- \n -+ \n - - machine's network node hostname (uname -n) - - - -- \o -+ \o - - domain name of this system - - - -- \r -+ \r - - release number of operating system (uname -r) - - - -- \t -+ \t - - current time - - - -- \s -+ \s - - operating system name (uname -s) - - - -- \u -+ \u - - number of users currently logged in - - - -- \U -+ \U - - -- same as \u except it is suffixed with "user" or -+ same as \u except it is suffixed with "user" or - "users" (eg. "1 user" or "10 users") - - - - -- \v -+ \v - - operating system version and build date (uname -v) - -@@ -113,7 +110,7 @@ - - - -- -+ - - OPTIONS - -@@ -121,7 +118,7 @@ - - - -- -+ noesc - - - -@@ -132,7 +129,7 @@ - - - -- -+ issue=issue-file-name - - - -@@ -146,14 +143,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -198,7 +195,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/login to -@@ -209,7 +206,7 @@ - - - -- -+ - SEE ALSO - - -@@ -224,11 +221,11 @@ - - - -- -+ - AUTHOR - - pam_issue was written by Ben Collins <bcollins@debian.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_keyinit/README.xml b/modules/pam_keyinit/README.xml -index 47659e89d..33059c7e1 100644 ---- a/modules/pam_keyinit/README.xml -+++ b/modules/pam_keyinit/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_keyinit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_keyinit-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_keyinit.8.xml" xpointer='xpointer(id("pam_keyinit-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml -index ff1e7d001..7b0a73be4 100644 ---- a/modules/pam_keyinit/pam_keyinit.8.xml -+++ b/modules/pam_keyinit/pam_keyinit.8.xml -@@ -1,36 +1,33 @@ -- -- -- -- -+ - - - pam_keyinit - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_keyinit - Kernel session keyring initialiser module - - - -- -+ - pam_keyinit.so -- -+ - debug - -- -+ - force - -- -+ - revoke - - - - -- -+ - DESCRIPTION - - The pam_keyinit PAM module ensures that the invoking process has a -@@ -71,7 +68,7 @@ - - - This module should not, generally, be invoked by programs like -- su, since it is usually desirable for the -+ su, since it is usually desirable for the - key set to percolate through to the alternate context. The keys have - their own permissions system to manage this. - -@@ -80,18 +77,18 @@ - can be obtained from: - - -- -+ - Keyutils -- -+ - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -104,7 +101,7 @@ - - - -- -+ force - - - -@@ -116,7 +113,7 @@ - - - -- -+ revoke - - - -@@ -130,14 +127,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -207,7 +204,7 @@ - - - -- -+ - EXAMPLES - - Add this line to your login entries to start each login session with its -@@ -222,7 +219,7 @@ session required pam_keyinit.so - - - -- -+ - SEE ALSO - - -@@ -240,11 +237,11 @@ session required pam_keyinit.so - - - -- -+ - AUTHOR - - pam_keyinit was written by David Howells, <dhowells@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_lastlog/README.xml b/modules/pam_lastlog/README.xml -index 7fe70339d..6b312435e 100644 ---- a/modules/pam_lastlog/README.xml -+++ b/modules/pam_lastlog/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_lastlog.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_lastlog-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(id("pam_lastlog-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml -index bada2ea02..1fd9d9dd4 100644 ---- a/modules/pam_lastlog/pam_lastlog.8.xml -+++ b/modules/pam_lastlog/pam_lastlog.8.xml -@@ -1,60 +1,57 @@ -- -- -- -- -+ - - - pam_lastlog - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_lastlog - PAM module to display date of last login and perform inactive account lock out - - - -- -+ - pam_lastlog.so -- -+ - debug - -- -+ - silent - -- -+ - never - -- -+ - nodate - -- -+ - nohost - -- -+ - noterm - -- -+ - nowtmp - -- -+ - noupdate - -- -+ - showfailed - -- -+ - inactive=<days> - -- -+ - unlimited - - - - -- -+ - - DESCRIPTION - -@@ -83,13 +80,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ debug - - - -@@ -99,7 +96,7 @@ - - - -- -+ silent - - - -@@ -111,7 +108,7 @@ - - - -- -+ never - - - -@@ -124,7 +121,7 @@ - - - -- -+ nodate - - - -@@ -134,7 +131,7 @@ - - - -- -+ noterm - - - -@@ -145,7 +142,7 @@ - - - -- -+ nohost - - - -@@ -156,7 +153,7 @@ - - - -- -+ nowtmp - - - -@@ -166,7 +163,7 @@ - - - -- -+ noupdate - - - -@@ -176,7 +173,7 @@ - - - -- -+ showfailed - - - -@@ -188,7 +185,7 @@ - - - -- -+ inactive=<days> - - - -@@ -201,7 +198,7 @@ - - - -- -+ unlimited - - - -@@ -214,7 +211,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The and module type -@@ -225,7 +222,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -282,7 +279,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/login to -@@ -300,11 +297,11 @@ - - - -- -+ - FILES - - -- /var/log/lastlog -+ /var/log/lastlog - - Lastlog logging file - -@@ -312,7 +309,7 @@ - - - -- -+ - SEE ALSO - - -@@ -330,7 +327,7 @@ - - - -- -+ - AUTHOR - - pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. -@@ -340,4 +337,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_limits/README.xml b/modules/pam_limits/README.xml -index 964a5a218..25a463cc4 100644 ---- a/modules/pam_limits/README.xml -+++ b/modules/pam_limits/README.xml -@@ -1,39 +1,23 @@ -- -- ----> -- --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_limits.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_limits-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_limits.8.xml" xpointer='xpointer(id("pam_limits-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_limits/limits.conf.5.xml b/modules/pam_limits/limits.conf.5.xml -index c5bd6768c..2177da1f3 100644 ---- a/modules/pam_limits/limits.conf.5.xml -+++ b/modules/pam_limits/limits.conf.5.xml -@@ -1,13 +1,10 @@ -- -- -- -- -+ - - - limits.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - - -@@ -15,7 +12,7 @@ - configuration file for the pam_limits module - - -- -+ - DESCRIPTION - - The pam_limits.so module applies ulimit limits, -@@ -38,7 +35,7 @@ - - - -- -+ <domain> - - - -@@ -49,38 +46,35 @@ - - - -- a groupname, with @group syntax. -+ a groupname, with @group syntax. - This should not be confused with netgroups. - - - - -- the wildcard *, for default entry. -+ the wildcard *, for default entry. - - - - -- the wildcard %, for maxlogins limit only, -- can also be used with %group syntax. If the -- % wildcard is used alone it is identical -- to using * with maxsyslogins limit. With -- a group specified after % it limits the total -+ the wildcard %, for maxlogins limit only, -+ can also be used with %group syntax. If the -+ % wildcard is used alone it is identical -+ to using * with maxsyslogins limit. With -+ a group specified after % it limits the total - number of logins of all users that are member of the group. - - - - -- an uid range specified as <min_uid>:<max_uid>. If min_uid -+ an uid range specified as <min_uid>:<max_uid>. If min_uid - is omitted, the match is exact for the max_uid. If max_uid is omitted, all - uids greater than or equal min_uid match. - - - - -- a gid range specified as @<min_gid>:<max_gid>. If min_gid -+ a gid range specified as @<min_gid>:<max_gid>. If min_gid - is omitted, the match is exact for the max_gid. If max_gid is omitted, all - gids greater than or equal min_gid match. For the exact match all groups including - the user's supplementary groups are examined. For the range matches only -@@ -89,8 +83,7 @@ - - - -- a gid specified as %:<gid> applicable -+ a gid specified as %:<gid> applicable - to maxlogins limit only. It limits the total number of logins of all users - that are member of the group with the specified gid. - -@@ -101,38 +94,38 @@ - - - -- -+ <type> - - - - -- -+ hard - - -- for enforcing hard resource limits. -+ for enforcing hard resource limits. - These limits are set by the superuser and enforced by the Kernel. - The user cannot raise his requirement of system resources above such values. - - - - -- -+ soft - - -- for enforcing soft resource limits. -+ for enforcing soft resource limits. - These limits are ones that the user can move up or down within the -- permitted range by any pre-existing hard -+ permitted range by any pre-existing hard - limits. The values specified with this token can be thought of as - default values, for normal system usage. - - - - -- -+ - - - -- for enforcing both soft and -- hard resource limits together. -+ for enforcing both soft and -+ hard resource limits together. - - - Note, if you specify a type of '-' but neglect to supply the -@@ -147,79 +140,79 @@ - - - -- -+ <item> - - - - -- -+ core - - limits the core file size (KB) - - - -- -+ data - - maximum data size (KB) - - - -- -+ fsize - - maximum filesize (KB) - - - -- -+ memlock - - maximum locked-in-memory address space (KB) - - - -- -+ nofile - - maximum number of open file descriptors - - - -- -+ rss - - maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher) - - - -- -+ stack - - maximum stack size (KB) - - - -- -+ cpu - - maximum CPU time (minutes) - - - -- -+ nproc - - maximum number of processes - - - -- -+ as - - address space limit (KB) - - - -- -+ maxlogins - - maximum number of logins for this user (this limit does - not apply to user with uid=0) - - - -- -+ maxsyslogins - - maximum number of all logins on system; user is not - allowed to log-in if total number of all user logins is -@@ -228,46 +221,46 @@ - - - -- -+ nonewprivs - - value of 0 or 1; if set to 1 disables acquiring new - privileges by invoking prctl(PR_SET_NO_NEW_PRIVS) - - - -- -+ priority - - the priority to run user process with (negative - values boost process priority) - - - -- -+ locks - - maximum locked files (Linux 2.4 and higher) - - - -- -+ sigpending - - maximum number of pending signals (Linux 2.6 and higher) - - - -- -+ msgqueue - - maximum memory used by POSIX message queues (bytes) - (Linux 2.6 and higher) - - - -- -+ nice - - maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19] - - - -- -+ rtprio - - maximum realtime priority allowed for non-privileged processes - (Linux 2.6.12 and higher) -@@ -281,9 +274,9 @@ - - All items support the values -1, - unlimited or infinity indicating no limit, -- except for priority, nice, -- and nonewprivs. -- If nofile is to be set to one of these values, -+ except for priority, nice, -+ and nonewprivs. -+ If nofile is to be set to one of these values, - it will be set to the contents of /proc/sys/fs/nr_open instead (see setrlimit(3)). - - -@@ -309,7 +302,7 @@ - - - In the limits configuration file, the -- '#' character introduces a comment -+ '#' character introduces a comment - - after which the rest of the line is ignored. - - -@@ -319,7 +312,7 @@ - - - -- -+ - EXAMPLES - - These are some example lines which might be specified in -@@ -340,7 +333,7 @@ ftp hard nproc 0 - - - -- -+ - SEE ALSO - - pam_limits8, -@@ -351,10 +344,10 @@ ftp hard nproc 0 - - - -- -+ - AUTHOR - - pam_limits was initially written by Cristian Gafton <gafton@redhat.com> - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml -index 422924fe8..cca046cce 100644 ---- a/modules/pam_limits/pam_limits.8.xml -+++ b/modules/pam_limits/pam_limits.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_limits - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_limits - - PAM module to limit resources -@@ -20,28 +17,28 @@ - - - -- -+ - pam_limits.so -- -+ - conf=/path/to/limits.conf - -- -+ - debug - -- -+ - set_all - -- -+ - utmp_early - -- -+ - noaudit - - - - - -- -+ - DESCRIPTION - - The pam_limits PAM module sets limits on the system resources that can be -@@ -84,12 +81,12 @@ - - - -- -+ - OPTIONS - - - -- -+ conf=/path/to/limits.conf - - - -@@ -100,7 +97,7 @@ - - - -- -+ debug - - - -@@ -110,7 +107,7 @@ - - - -- -+ set_all - - - -@@ -124,7 +121,7 @@ - - - -- -+ utmp_early - - - -@@ -139,7 +136,7 @@ - - - -- -+ noaudit - - - -@@ -150,14 +147,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -219,17 +216,17 @@ - - - -- -+ - FILES - - -- /etc/security/limits.conf -+ /etc/security/limits.conf - - Default configuration file - - - -- %vendordir%/security/limits.conf -+ %vendordir%/security/limits.conf - - Default configuration file if - /etc/security/limits.conf does not exist. -@@ -238,7 +235,7 @@ - - - -- -+ - EXAMPLES - - For the services you need resources limits (login for example) put a -@@ -257,7 +254,7 @@ session required pam_limits.so - - - -- -+ - SEE ALSO - - -@@ -272,10 +269,10 @@ session required pam_limits.so - - - -- -+ - AUTHORS - - pam_limits was initially written by Cristian Gafton <gafton@redhat.com> - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_listfile/README.xml b/modules/pam_listfile/README.xml -index d851aef30..d0b601075 100644 ---- a/modules/pam_listfile/README.xml -+++ b/modules/pam_listfile/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_listfile.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_listfile-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_listfile.8.xml" xpointer='xpointer(id("pam_listfile-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_listfile/pam_listfile.8.xml b/modules/pam_listfile/pam_listfile.8.xml -index 15f047c27..8847415a5 100644 ---- a/modules/pam_listfile/pam_listfile.8.xml -+++ b/modules/pam_listfile/pam_listfile.8.xml -@@ -1,45 +1,42 @@ -- -- -- -- -+ - - - pam_listfile - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_listfile - deny or allow services based on an arbitrary file - - - -- -+ - pam_listfile.so -- -+ - item=[tty|user|rhost|ruser|group|shell] - -- -+ - sense=[allow|deny] - -- -+ - file=/path/filename - -- -+ - onerr=[succeed|fail] - -- -+ - apply=[user|@group] - -- -+ - quiet - - - - -- -+ - - DESCRIPTION - -@@ -93,7 +90,7 @@ - - - -- -+ - - OPTIONS - -@@ -101,7 +98,7 @@ - - - -- -+ item=[tty|user|rhost|ruser|group|shell] - - - -@@ -112,7 +109,7 @@ - - - -- -+ sense=[allow|deny] - - - -@@ -124,7 +121,7 @@ - - - -- -+ file=/path/filename - - - -@@ -136,7 +133,7 @@ - - - -- -+ onerr=[succeed|fail] - - - -@@ -148,7 +145,7 @@ - - - -- -+ apply=[user|@group] - - - -@@ -161,7 +158,7 @@ - - - -- -+ quiet - - - -@@ -175,7 +172,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -183,7 +180,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -235,7 +232,7 @@ - - - -- -+ - EXAMPLES - - Classic 'ftpusers' authentication can be implemented with this entry -@@ -271,7 +268,7 @@ auth required pam_listfile.so \ - - - -- -+ - SEE ALSO - - -@@ -286,7 +283,7 @@ auth required pam_listfile.so \ - - - -- -+ - AUTHOR - - pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> -@@ -294,4 +291,4 @@ auth required pam_listfile.so \ - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_localuser/README.xml b/modules/pam_localuser/README.xml -index 4ab56d9df..f1b05d1a5 100644 ---- a/modules/pam_localuser/README.xml -+++ b/modules/pam_localuser/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_localuser.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_localuser-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_localuser.8.xml" xpointer='xpointer(id("pam_localuser-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml -index b3c1886b3..2002d1d67 100644 ---- a/modules/pam_localuser/pam_localuser.8.xml -+++ b/modules/pam_localuser/pam_localuser.8.xml -@@ -1,33 +1,30 @@ -- -- -- -- -+ - - - pam_localuser - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_localuser - require users to be listed in /etc/passwd - - - -- -+ - pam_localuser.so -- -+ - debug - -- -+ - file=/path/passwd - - - - -- -+ - - DESCRIPTION - -@@ -47,7 +44,7 @@ - - - -- -+ - - OPTIONS - -@@ -55,7 +52,7 @@ - - - -- -+ debug - - - -@@ -66,7 +63,7 @@ - - - -- -+ file=/path/passwd - - - -@@ -80,7 +77,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -88,7 +85,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -153,7 +150,7 @@ - - - -- -+ - EXAMPLES - - Add the following lines to /etc/pam.d/su to -@@ -165,11 +162,11 @@ account required pam_wheel.so - - - -- -+ - FILES - - -- /etc/passwd -+ /etc/passwd - - Local user account information. - -@@ -177,7 +174,7 @@ account required pam_wheel.so - - - -- -+ - SEE ALSO - - -@@ -192,11 +189,11 @@ account required pam_wheel.so - - - -- -+ - AUTHOR - - pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_loginuid/README.xml b/modules/pam_loginuid/README.xml -index 3bcd38abd..f972105f9 100644 ---- a/modules/pam_loginuid/README.xml -+++ b/modules/pam_loginuid/README.xml -@@ -1,36 +1,23 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_loginuid.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_loginuid-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_loginuid.8.xml" xpointer='xpointer(id("pam_loginuid-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_loginuid/pam_loginuid.8.xml b/modules/pam_loginuid/pam_loginuid.8.xml -index 9513b0e49..d5285f029 100644 ---- a/modules/pam_loginuid/pam_loginuid.8.xml -+++ b/modules/pam_loginuid/pam_loginuid.8.xml -@@ -1,30 +1,27 @@ -- -- -- -- -+ - - - pam_loginuid - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_loginuid - Record user's login uid to the process attribute - - - -- -+ - pam_loginuid.so -- -+ - require_auditd - - - - -- -+ - - DESCRIPTION - -@@ -40,12 +37,12 @@ - - - -- -+ - OPTIONS - - - -- -+ require_auditd - - - -@@ -57,14 +54,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -98,7 +95,7 @@ - - - -- -+ - EXAMPLES - - #%PAM-1.0 -@@ -111,7 +108,7 @@ session required pam_loginuid.so - - - -- -+ - SEE ALSO - - -@@ -132,11 +129,11 @@ session required pam_loginuid.so - - - -- -+ - AUTHOR - - pam_loginuid was written by Steve Grubb <sgrubb@redhat.com> - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_mail/README.xml b/modules/pam_mail/README.xml -index 4165d857c..5dc89a855 100644 ---- a/modules/pam_mail/README.xml -+++ b/modules/pam_mail/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_mail.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mail-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mail.8.xml" xpointer='xpointer(id("pam_mail-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_mail/pam_mail.8.xml b/modules/pam_mail/pam_mail.8.xml -index 95216b6cf..2c0c0543a 100644 ---- a/modules/pam_mail/pam_mail.8.xml -+++ b/modules/pam_mail/pam_mail.8.xml -@@ -1,54 +1,51 @@ -- -- -- -- -+ - - - pam_mail - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_mail - Inform about available mail - - - -- -+ - pam_mail.so -- -+ - close - -- -+ - debug - -- -+ - dir=maildir - -- -+ - empty - -- -+ - hash=count - -- -+ - noenv - -- -+ - nopen - -- -+ - quiet - -- -+ - standard - - - - -- -+ - - DESCRIPTION - -@@ -58,18 +55,18 @@ - that has credential or session hooks. It gives a single message - indicating the newness of any mail it finds - in the user's mail folder. This module also sets the PAM -- environment variable, MAIL, to the -+ environment variable, MAIL, to the - user's mail directory. - - - If the mail spool file (be it /var/mail/$USER - or a pathname given with the parameter) is - a directory then pam_mail assumes it is in the -- Maildir format. -+ Maildir format. - - - -- -+ - - OPTIONS - -@@ -77,7 +74,7 @@ - - - -- -+ close - - - -@@ -88,7 +85,7 @@ - - - -- -+ debug - - - -@@ -99,7 +96,7 @@ - - - -- -+ dir=maildir - - - -@@ -116,7 +113,7 @@ - - - -- -+ empty - - - -@@ -127,7 +124,7 @@ - - - -- -+ hash=count - - - -@@ -141,11 +138,11 @@ - - - -- -+ noenv - - - -- Do not set the MAIL -+ Do not set the MAIL - environment variable. - - -@@ -153,12 +150,12 @@ - - - -- -+ nopen - - - - Don't print any mail information on login. This flag is -- useful to get the MAIL -+ useful to get the MAIL - environment variable set, but to not display any information - about it. - -@@ -167,7 +164,7 @@ - - - -- -+ quiet - - - -@@ -178,7 +175,7 @@ - - - -- -+ standard - - - -@@ -193,7 +190,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The and -@@ -202,7 +199,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -244,7 +241,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/login to -@@ -255,7 +252,7 @@ session optional pam_mail.so standard - - - -- -+ - SEE ALSO - - -@@ -270,11 +267,11 @@ session optional pam_mail.so standard - - - -- -+ - AUTHOR - - pam_mail was written by Andrew G. Morgan <morgan@kernel.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_mkhomedir/README.xml b/modules/pam_mkhomedir/README.xml -index 978cbe776..ef9989563 100644 ---- a/modules/pam_mkhomedir/README.xml -+++ b/modules/pam_mkhomedir/README.xml -@@ -1,36 +1,23 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_mkhomedir.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mkhomedir-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mkhomedir.8.xml" xpointer='xpointer(id("pam_mkhomedir-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8.xml b/modules/pam_mkhomedir/mkhomedir_helper.8.xml -index 8a76f2d6c..0f4c4b401 100644 ---- a/modules/pam_mkhomedir/mkhomedir_helper.8.xml -+++ b/modules/pam_mkhomedir/mkhomedir_helper.8.xml -@@ -1,31 +1,28 @@ -- -- -- -- -+ - - - mkhomedir_helper - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - mkhomedir_helper - Helper binary that creates home directories - - - -- -+ - mkhomedir_helper -- -+ - user - -- -+ - umask -- -+ - path-to-skel -- -+ - home_mode - - -@@ -33,7 +30,7 @@ - - - -- -+ - - DESCRIPTION - -@@ -63,7 +60,7 @@ - - - -- -+ - SEE ALSO - - -@@ -72,7 +69,7 @@ - - - -- -+ - AUTHOR - - Written by Tomas Mraz based on the code originally in -@@ -80,4 +77,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml -index 10109067c..ad957248c 100644 ---- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml -+++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_mkhomedir - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_mkhomedir - - PAM module to create users home directory -@@ -20,25 +17,25 @@ - - - -- -+ - pam_mkhomedir.so -- -+ - silent - -- -+ - debug - -- -+ - umask=mode - -- -+ - skel=skeldir - - - - - -- -+ - DESCRIPTION - - The pam_mkhomedir PAM module will create a users home directory -@@ -55,13 +52,13 @@ - - - -- -+ - OPTIONS - - - - -- -+ silent - - - -@@ -72,7 +69,7 @@ - - - -- -+ debug - - - -@@ -86,7 +83,7 @@ - - - -- -+ umask=mask - - - -@@ -106,7 +103,7 @@ - - - -- -+ skel=/path/to/skel/directory - - - -@@ -119,14 +116,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -165,11 +162,11 @@ - - - -- -+ - FILES - - -- /etc/skel -+ /etc/skel - - Default skel directory - -@@ -177,7 +174,7 @@ - - - -- -+ - EXAMPLES - - A sample /etc/pam.d/login file: -@@ -198,7 +195,7 @@ - - - -- -+ - SEE ALSO - - -@@ -210,10 +207,10 @@ - - - -- -+ - AUTHOR - - pam_mkhomedir was written by Jason Gunthorpe <jgg@debian.org>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_motd/README.xml b/modules/pam_motd/README.xml -index 779e4d171..9e8edadff 100644 ---- a/modules/pam_motd/README.xml -+++ b/modules/pam_motd/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_motd.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_motd-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(id("pam_motd-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_motd/pam_motd.8.xml b/modules/pam_motd/pam_motd.8.xml -index 0afd4c99e..74420371f 100644 ---- a/modules/pam_motd/pam_motd.8.xml -+++ b/modules/pam_motd/pam_motd.8.xml -@@ -1,33 +1,30 @@ -- -- -- -- -+ - - - pam_motd - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_motd - Display the motd file - - - -- -+ - pam_motd.so -- -+ - motd=/path/filename - -- -+ - motd_dir=/path/dirname.d - - - - -- -+ - - DESCRIPTION - -@@ -38,7 +35,7 @@ - following locations: - - -- -+ - /etc/motd - /run/motd - /usr/lib/motd -@@ -79,19 +76,19 @@ - ln -s /dev/null /etc/motd.d/my_motd - - -- The MOTD_SHOWN=pam environment variable -+ The MOTD_SHOWN=pam environment variable - is set after showing the motd files, even when all of them were silenced - using symbolic links. - - - -- -+ - - OPTIONS - - - -- -+ motd=/path/filename - - - -@@ -104,7 +101,7 @@ - - - -- -+ motd_dir=/path/dirname.d - - - -@@ -123,14 +120,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -160,7 +157,7 @@ - - - -- -+ - EXAMPLES - - The suggested usage for /etc/pam.d/login is: -@@ -183,7 +180,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d - - - -- -+ - SEE ALSO - - -@@ -201,7 +198,7 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d - - - -- -+ - AUTHOR - - pam_motd was written by Ben Collins <bcollins@debian.org>. -@@ -212,4 +209,4 @@ session optional pam_motd.so motd=/elsewhere/motd motd_dir=/elsewhere/motd.d - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_namespace/README.xml b/modules/pam_namespace/README.xml -index 4ef99c9fd..f94cb0650 100644 ---- a/modules/pam_namespace/README.xml -+++ b/modules/pam_namespace/README.xml -@@ -1,44 +1,27 @@ -- -- ----> -- --]> -- --
-- -- -+
-+ -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_namespace.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_namespace-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_namespace.8.xml" xpointer='xpointer(id("pam_namespace-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml -index 67f8c043e..d398639b2 100644 ---- a/modules/pam_namespace/namespace.conf.5.xml -+++ b/modules/pam_namespace/namespace.conf.5.xml -@@ -1,13 +1,10 @@ -- -- -- -- -+ - - - namespace.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - - -@@ -16,7 +13,7 @@ - - - -- -+ - DESCRIPTION - - -@@ -175,7 +172,7 @@ - - - -- -+ - EXAMPLES - - These are some example lines which might be specified in -@@ -220,7 +217,7 @@ - - - -- -+ - SEE ALSO - - pam_namespace8, -@@ -229,11 +226,11 @@ - - - -- -+ - AUTHORS - - The namespace.conf manual page was written by Janak Desai <janak@us.ibm.com>. - More features added by Tomas Mraz <tmraz@redhat.com>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml -index ddaa00b4f..598037a49 100644 ---- a/modules/pam_namespace/pam_namespace.8.xml -+++ b/modules/pam_namespace/pam_namespace.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_namespace - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_namespace - - PAM module for configuring namespace for a session -@@ -20,46 +17,46 @@ - - - -- -+ - pam_namespace.so -- -+ - debug - -- -+ - unmnt_remnt - -- -+ - unmnt_only - -- -+ - require_selinux - -- -+ - gen_hash - -- -+ - ignore_config_error - -- -+ - ignore_instance_parent_mode - -- -+ - unmount_on_close - -- -+ - use_current_context - -- -+ - use_default_context - -- -+ - mount_private - - - - - -- -+ - DESCRIPTION - - The pam_namespace PAM module sets up a private namespace for a session -@@ -94,13 +91,13 @@ - - - -- -+ - OPTIONS - - - - -- -+ debug - - - -@@ -111,7 +108,7 @@ - - - -- -+ unmnt_remnt - - - -@@ -131,7 +128,7 @@ - - - -- -+ unmnt_only - - - -@@ -146,7 +143,7 @@ - - - -- -+ require_selinux - - - -@@ -157,7 +154,7 @@ - - - -- -+ gen_hash - - - -@@ -170,7 +167,7 @@ - - - -- -+ ignore_config_error - - - -@@ -186,7 +183,7 @@ - - - -- -+ ignore_instance_parent_mode - - - -@@ -201,7 +198,7 @@ - - - -- -+ unmount_on_close - - - -@@ -218,7 +215,7 @@ - - - -- -+ use_current_context - - - -@@ -232,7 +229,7 @@ - - - -- -+ use_default_context - - - -@@ -246,7 +243,7 @@ - - - -- -+ mount_private - - - -@@ -271,7 +268,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. -@@ -279,7 +276,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -309,18 +306,18 @@ - - - -- -+ - FILES - - -- /etc/security/namespace.conf -+ /etc/security/namespace.conf - - Main configuration file - - - - -- %vendordir%/security/namespace.conf -+ %vendordir%/security/namespace.conf - - Default configuration file if - /etc/security/namespace.conf does not exist. -@@ -328,28 +325,28 @@ - - - -- /etc/security/namespace.d -+ /etc/security/namespace.d - - Directory for additional configuration files - - - - -- %vendordir%/security/namespace.d -+ %vendordir%/security/namespace.d - - Directory for additional vendor specific configuration files. - - - - -- /etc/security/namespace.init -+ /etc/security/namespace.init - - Init script for instance directories - - - - -- %vendordir%/security/namespace.init -+ %vendordir%/security/namespace.init - - Vendor init script for instance directories if - /etc/security/namespace.init does not exist. -@@ -359,7 +356,7 @@ - - - -- -+ - EXAMPLES - - -@@ -379,7 +376,7 @@ - - - -- -+ - SEE ALSO - - -@@ -397,7 +394,7 @@ - - - -- -+ - AUTHORS - - The namespace setup scheme was designed by Stephen Smalley, Janak Desai -@@ -408,4 +405,4 @@ - <tmraz@redhat.com>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_namespace/pam_namespace_helper.8.xml b/modules/pam_namespace/pam_namespace_helper.8.xml -index 2f5adbed7..002c254a1 100644 ---- a/modules/pam_namespace/pam_namespace_helper.8.xml -+++ b/modules/pam_namespace/pam_namespace_helper.8.xml -@@ -1,27 +1,24 @@ -- -- -- -- -+ - - - pam_namespace_helper - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_namespace_helper - Helper binary that creates home directories - - - -- -+ - pam_namespace_helper - - - -- -+ - - DESCRIPTION - -@@ -43,7 +40,7 @@ - - - -- -+ - SEE ALSO - - -@@ -52,11 +49,11 @@ - - - -- -+ - AUTHOR - - Written by Topi Miettinen. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_nologin/README.xml b/modules/pam_nologin/README.xml -index bc0808e73..5a9933244 100644 ---- a/modules/pam_nologin/README.xml -+++ b/modules/pam_nologin/README.xml -@@ -1,46 +1,31 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_nologin.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_nologin-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_nologin.8.xml" xpointer='xpointer(id("pam_nologin-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_nologin/pam_nologin.8.xml b/modules/pam_nologin/pam_nologin.8.xml -index c86e3763d..1ea725ce8 100644 ---- a/modules/pam_nologin/pam_nologin.8.xml -+++ b/modules/pam_nologin/pam_nologin.8.xml -@@ -1,33 +1,30 @@ -- -- -- -- -+ - - - pam_nologin - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_nologin - Prevent non-root users from login - - - -- -+ - pam_nologin.so -- -+ - file=/path/nologin - -- -+ - successok - - - - -- -+ - - DESCRIPTION - -@@ -40,13 +37,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ file=/path/nologin - - - -@@ -58,7 +55,7 @@ - - - -- -+ successok - - - -@@ -69,7 +66,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The and module -@@ -77,7 +74,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -123,7 +120,7 @@ - - - -- -+ - EXAMPLES - - The suggested usage for /etc/pam.d/login is: -@@ -132,7 +129,7 @@ auth required pam_nologin.so - - - -- -+ - NOTES - - In order to make this module effective, all login methods should be -@@ -147,7 +144,7 @@ auth required pam_nologin.so - - - -- -+ - SEE ALSO - - -@@ -165,11 +162,11 @@ auth required pam_nologin.so - - - -- -+ - AUTHOR - - pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_permit/README.xml b/modules/pam_permit/README.xml -index acb38b512..c08425f81 100644 ---- a/modules/pam_permit/README.xml -+++ b/modules/pam_permit/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_permit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_permit-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_permit.8.xml" xpointer='xpointer(id("pam_permit-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_permit/pam_permit.8.xml b/modules/pam_permit/pam_permit.8.xml -index 6bb496583..0634e5eb6 100644 ---- a/modules/pam_permit/pam_permit.8.xml -+++ b/modules/pam_permit/pam_permit.8.xml -@@ -1,27 +1,24 @@ -- -- -- -- -+ - - - pam_permit - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_permit - The promiscuous module - - - -- -+ - pam_permit.so - - - -- -+ - - DESCRIPTION - -@@ -41,13 +38,13 @@ - - - -- -+ - - OPTIONS - This module does not recognise any options. - - -- -+ - MODULE TYPES PROVIDED - - The , , -@@ -56,7 +53,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -70,7 +67,7 @@ - - - -- -+ - EXAMPLES - - Add this line to your other login entries to disable account -@@ -81,7 +78,7 @@ account required pam_permit.so - - - -- -+ - SEE ALSO - - -@@ -96,11 +93,11 @@ account required pam_permit.so - - - -- -+ - AUTHOR - - pam_permit was written by Andrew G. Morgan, <morgan@kernel.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_pwhistory/README.xml b/modules/pam_pwhistory/README.xml -index f048e321c..194edbc73 100644 ---- a/modules/pam_pwhistory/README.xml -+++ b/modules/pam_pwhistory/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_pwhistory.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_pwhistory-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_pwhistory.8.xml" xpointer='xpointer(id("pam_pwhistory-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml -index 2a8fa7f6a..62848666b 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.8.xml -+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml -@@ -1,52 +1,49 @@ -- -- -- -- -+ - - - pam_pwhistory - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_pwhistory - PAM module to remember last passwords - - - -- -+ - pam_pwhistory.so -- -+ - debug - -- -+ - use_authtok - -- -+ - enforce_for_root - -- -+ - remember=N - -- -+ - retry=N - -- -+ - authtok_type=STRING - -- -+ - file=/path/filename - -- -+ - conf=/path/to/config-file - - - - - -- -+ - - DESCRIPTION - -@@ -64,12 +61,12 @@ - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -82,7 +79,7 @@ - - - -- -+ use_authtok - - - -@@ -95,7 +92,7 @@ - - - -- -+ enforce_for_root - - - -@@ -105,7 +102,7 @@ - - - -- -+ remember=N - - - -@@ -119,7 +116,7 @@ - - - -- -+ retry=N - - - -@@ -132,7 +129,7 @@ - - - -- -+ authtok_type=STRING - - - -@@ -145,7 +142,7 @@ - - - -- -+ file=/path/filename - - - -@@ -158,7 +155,7 @@ - - - -- -+ conf=/path/to/config-file - - - -@@ -178,14 +175,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -224,7 +221,7 @@ - - - -- -+ - EXAMPLES - - An example password section would be: -@@ -245,11 +242,11 @@ password required pam_unix.so use_authtok - - - -- -+ - FILES - - -- /etc/security/opasswd -+ /etc/security/opasswd - - Default file with password history - -@@ -257,7 +254,7 @@ password required pam_unix.so use_authtok - - - -- -+ - SEE ALSO - - -@@ -278,11 +275,11 @@ password required pam_unix.so use_authtok - - - -- -+ - AUTHOR - - pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml -index bac5ffed5..2a2dfd3a6 100644 ---- a/modules/pam_pwhistory/pwhistory.conf.5.xml -+++ b/modules/pam_pwhistory/pwhistory.conf.5.xml -@@ -1,25 +1,22 @@ -- -- -- -- -+ - - - pwhistory.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pwhistory.conf - pam_pwhistory configuration file - - -- -+ - - DESCRIPTION - -- pwhistory.conf provides a way to configure the -+ pwhistory.conf provides a way to configure the - default settings for saving the last passwords for each user. - This file is read by the pam_pwhistory module and is the - preferred method over configuring pam_pwhistory directly. -@@ -31,13 +28,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ debug - - - -@@ -50,7 +47,7 @@ - - - -- -+ enforce_for_root - - - -@@ -60,7 +57,7 @@ - - - -- -+ remember=N - - - -@@ -74,7 +71,7 @@ - - - -- -+ retry=N - - - -@@ -85,7 +82,7 @@ - - - -- -+ file=/path/filename - - - -@@ -99,7 +96,7 @@ - - - -- -+ - EXAMPLES - - /etc/security/pwhistory.conf file example: -@@ -111,11 +108,11 @@ file=/tmp/opasswd - - - -- -+ - FILES - - -- /etc/security/pwhistory.conf -+ /etc/security/pwhistory.conf - - the config file for custom options - -@@ -123,7 +120,7 @@ file=/tmp/opasswd - - - -- -+ - SEE ALSO - - -@@ -144,7 +141,7 @@ file=/tmp/opasswd - - - -- -+ - AUTHOR - - pam_pwhistory was written by Thorsten Kukuk. The support for -@@ -152,4 +149,4 @@ file=/tmp/opasswd - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_pwhistory/pwhistory_helper.8.xml b/modules/pam_pwhistory/pwhistory_helper.8.xml -index a03017645..8370a485c 100644 ---- a/modules/pam_pwhistory/pwhistory_helper.8.xml -+++ b/modules/pam_pwhistory/pwhistory_helper.8.xml -@@ -1,30 +1,27 @@ -- -- -- -- -+ - - - pwhistory_helper - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pwhistory_helper - Helper binary that transfers password hashes from passwd or shadow to opasswd - - - -- -+ - pwhistory_helper -- -+ - ... - - - - -- -+ - - DESCRIPTION - -@@ -48,7 +45,7 @@ - - - -- -+ - SEE ALSO - - -@@ -57,7 +54,7 @@ - - - -- -+ - AUTHOR - - Written by Tomas Mraz based on the code originally in -@@ -65,4 +62,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_rhosts/README.xml b/modules/pam_rhosts/README.xml -index 5d3307e73..2345dffda 100644 ---- a/modules/pam_rhosts/README.xml -+++ b/modules/pam_rhosts/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_rhosts.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rhosts-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rhosts.8.xml" xpointer='xpointer(id("pam_rhosts-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml -index eb96371d2..b8a5c1cbb 100644 ---- a/modules/pam_rhosts/pam_rhosts.8.xml -+++ b/modules/pam_rhosts/pam_rhosts.8.xml -@@ -1,27 +1,24 @@ -- -- -- -- -+ - - - pam_rhosts - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_rhosts - The rhosts PAM module - - - -- -+ - pam_rhosts.so - - - -- -+ - - DESCRIPTION - -@@ -53,12 +50,12 @@ - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -68,7 +65,7 @@ - - - -- -+ silent - - - -@@ -78,7 +75,7 @@ - - - -- -+ superuser=account - - - -@@ -89,14 +86,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -120,7 +117,7 @@ - - - -- -+ - EXAMPLES - - To grant a remote user access by /etc/hosts.equiv -@@ -137,7 +134,7 @@ auth required pam_unix.so - - - -- -+ - SEE ALSO - - -@@ -161,11 +158,11 @@ auth required pam_unix.so - - - -- -+ - AUTHOR - - pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de> - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_rootok/README.xml b/modules/pam_rootok/README.xml -index 6fb58cd04..58f77967b 100644 ---- a/modules/pam_rootok/README.xml -+++ b/modules/pam_rootok/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_rootok.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rootok-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rootok.8.xml" xpointer='xpointer(id("pam_rootok-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_rootok/pam_rootok.8.xml b/modules/pam_rootok/pam_rootok.8.xml -index 06457bf5e..a79c073af 100644 ---- a/modules/pam_rootok/pam_rootok.8.xml -+++ b/modules/pam_rootok/pam_rootok.8.xml -@@ -1,30 +1,27 @@ -- -- -- -- -+ - - - pam_rootok - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_rootok - Gain only root access - - - -- -+ - pam_rootok.so -- -+ - debug - - - - -- -+ - - DESCRIPTION - -@@ -38,12 +35,12 @@ - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -54,7 +51,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The , and -@@ -62,7 +59,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -77,7 +74,7 @@ - PAM_AUTH_ERR - - -- The UID is not -+ The UID is not - 0. - - -@@ -85,7 +82,7 @@ - - - -- -+ - EXAMPLES - - In the case of the -@@ -103,7 +100,7 @@ auth required pam_unix.so - - - -- -+ - SEE ALSO - - -@@ -121,11 +118,11 @@ auth required pam_unix.so - - - -- -+ - AUTHOR - - pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_securetty/README.xml b/modules/pam_securetty/README.xml -index a8c098a04..70176d758 100644 ---- a/modules/pam_securetty/README.xml -+++ b/modules/pam_securetty/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_securetty.8.xml" xpointer='xpointer(id("pam_securetty-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_securetty/pam_securetty.8.xml b/modules/pam_securetty/pam_securetty.8.xml -index e49d572b2..9038f5b2b 100644 ---- a/modules/pam_securetty/pam_securetty.8.xml -+++ b/modules/pam_securetty/pam_securetty.8.xml -@@ -1,30 +1,27 @@ -- -- -- -- -+ - - - pam_securetty - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_securetty - Limit root login to special devices - - - -- -+ - pam_securetty.so -- -+ - debug - - - - -- -+ - - DESCRIPTION - -@@ -43,23 +40,23 @@ - - - This module has no effect on non-root users and requires that the -- application fills in the PAM_TTY -+ application fills in the PAM_TTY - item correctly. - - - For canonical usage, should be listed as a -- required authentication method -- before any sufficient -+ required authentication method -+ before any sufficient - authentication methods. - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -69,7 +66,7 @@ - - - -- -+ noconsole - - - -@@ -83,14 +80,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -164,7 +161,7 @@ - - - -- -+ - EXAMPLES - - -@@ -174,7 +171,7 @@ auth required pam_unix.so - - - -- -+ - SEE ALSO - - -@@ -192,11 +189,11 @@ auth required pam_unix.so - - - -- -+ - AUTHOR - - pam_securetty was written by Elliot Lee <sopwith@cuc.edu>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_selinux/README.xml b/modules/pam_selinux/README.xml -index 7e1baf555..dc1b5697f 100644 ---- a/modules/pam_selinux/README.xml -+++ b/modules/pam_selinux/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_selinux.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_selinux-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(id("pam_selinux-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_selinux/pam_selinux.8.xml b/modules/pam_selinux/pam_selinux.8.xml -index 28d465f56..3aa632cf6 100644 ---- a/modules/pam_selinux/pam_selinux.8.xml -+++ b/modules/pam_selinux/pam_selinux.8.xml -@@ -1,54 +1,51 @@ -- -- -- -- -+ - - - pam_selinux - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_selinux - PAM module to set the default security context - - - -- -+ - pam_selinux.so -- -+ - open - -- -+ - close - -- -+ - restore - -- -+ - nottys - -- -+ - debug - -- -+ - verbose - -- -+ - select_context - -- -+ - env_params - -- -+ - use_current_range - - - - -- -+ - DESCRIPTION - - pam_selinux is a PAM module that sets up the default SELinux security -@@ -79,12 +76,12 @@ - - - -- -+ - OPTIONS - - - -- -+ open - - - -@@ -94,7 +91,7 @@ - - - -- -+ close - - - -@@ -104,7 +101,7 @@ - - - -- -+ restore - - - -@@ -117,7 +114,7 @@ - - - -- -+ nottys - - - -@@ -127,7 +124,7 @@ - - - -- -+ debug - - - -@@ -140,7 +137,7 @@ - - - -- -+ verbose - - - -@@ -150,7 +147,7 @@ - - - -- -+ select_context - - - -@@ -161,7 +158,7 @@ - - - -- -+ env_params - - - -@@ -178,7 +175,7 @@ - - - -- -+ use_current_range - - - -@@ -191,14 +188,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -236,7 +233,7 @@ - - - -- -+ - EXAMPLES - - auth required pam_unix.so -@@ -245,7 +242,7 @@ session optional pam_selinux.so - - - -- -+ - SEE ALSO - - -@@ -266,11 +263,11 @@ session optional pam_selinux.so - - - -- -+ - AUTHOR - - pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_sepermit/README.xml b/modules/pam_sepermit/README.xml -index bb65951c0..a8d31d8c1 100644 ---- a/modules/pam_sepermit/README.xml -+++ b/modules/pam_sepermit/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_sepermit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_sepermit-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_sepermit.8.xml" xpointer='xpointer(id("pam_sepermit-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml -index 5763c3466..791d2bbec 100644 ---- a/modules/pam_sepermit/pam_sepermit.8.xml -+++ b/modules/pam_sepermit/pam_sepermit.8.xml -@@ -1,33 +1,30 @@ -- -- -- -- -+ - - - pam_sepermit - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_sepermit - PAM module to allow/deny login depending on SELinux enforcement state - - - -- -+ - pam_sepermit.so -- -+ - debug - -- -+ - conf=/path/to/config/file - - - - -- -+ - DESCRIPTION - - The pam_sepermit module allows or denies login depending on SELinux -@@ -61,12 +58,12 @@ - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -79,7 +76,7 @@ - - - -- -+ conf=/path/to/config/file - - - -@@ -90,7 +87,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The and -@@ -98,7 +95,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -145,11 +142,11 @@ - - - -- -+ - FILES - - -- /etc/security/sepermit.conf -+ /etc/security/sepermit.conf - - Default configuration file - -@@ -157,7 +154,7 @@ - - - -- -+ - EXAMPLES - - auth [success=done ignore=ignore default=bad] pam_sepermit.so -@@ -167,7 +164,7 @@ session required pam_permit.so - - - -- -+ - SEE ALSO - - -@@ -188,11 +185,11 @@ session required pam_permit.so - - - -- -+ - AUTHOR - - pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_sepermit/sepermit.conf.5.xml b/modules/pam_sepermit/sepermit.conf.5.xml -index 511480f61..ff924ce1a 100644 ---- a/modules/pam_sepermit/sepermit.conf.5.xml -+++ b/modules/pam_sepermit/sepermit.conf.5.xml -@@ -1,13 +1,10 @@ -- -- -- -- -+ - - - sepermit.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - - -@@ -15,7 +12,7 @@ - configuration file for the pam_sepermit module - - -- -+ - DESCRIPTION - - The lines of the configuration file have the following syntax: -@@ -24,7 +21,7 @@ - <user>[:<option>:<option>...] - - -- The user can be specified in the following manner: -+ The user can be specified in the following manner: - - - -@@ -34,13 +31,13 @@ - - - -- a groupname, with @group syntax. -+ a groupname, with @group syntax. - This should not be confused with netgroups. - - - - -- a SELinux user name with %seuser syntax. -+ a SELinux user name with %seuser syntax. - - - -@@ -51,7 +48,7 @@ - - - -- -+ exclusive - - - Only single login session will be allowed for the user -@@ -60,7 +57,7 @@ - - - -- -+ ignore - - - The module will never return PAM_SUCCESS status for the user. -@@ -78,7 +75,7 @@ - - - -- -+ - EXAMPLES - - These are some example lines which might be specified in -@@ -91,7 +88,7 @@ - - - -- -+ - SEE ALSO - - pam_sepermit8, -@@ -101,10 +98,10 @@ - - - -- -+ - AUTHOR - - pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com> - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_setquota/README.xml b/modules/pam_setquota/README.xml -index 4eeddecc5..7f5e429d6 100644 ---- a/modules/pam_setquota/README.xml -+++ b/modules/pam_setquota/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_setquota.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_setquota-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_setquota.8.xml" xpointer='xpointer(id("pam_setquota-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_setquota/pam_setquota.8.xml b/modules/pam_setquota/pam_setquota.8.xml -index fe83c8053..41644eeb9 100644 ---- a/modules/pam_setquota/pam_setquota.8.xml -+++ b/modules/pam_setquota/pam_setquota.8.xml -@@ -1,53 +1,51 @@ -- -- -- -- -+ - - - pam_setquota - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_setquota - PAM module to set or modify disk quotas on session start - - - -- -+ - pam_setquota.so -- -+ - fs=/home - -- -+ - overwrite=0 - -- -+ - debug=0 - -- -+ - startuid=1000 - -- -+ - enduid=0 - -- -+ - bsoftlimit=19000 - -- -+ - bhardlimit=20000 - -- -+ - isoftlimit=3000 - -- -+ - ihardlimit=4000 - - - - -- -+ - - DESCRIPTION - -@@ -60,14 +58,14 @@ - - - -- -+ - - OPTIONS - - - - -- -+ fs=/home - - - -@@ -78,7 +76,7 @@ - - - -- -+ overwrite=0 - - - -@@ -91,7 +89,7 @@ - - - -- -+ debug=0 - - - -@@ -103,7 +101,7 @@ - - - -- -+ startuid=1000 - - - -@@ -115,7 +113,7 @@ - - - -- -+ enduid=0 - - - -@@ -128,7 +126,7 @@ - - - -- -+ bsoftlimit=19000 - - - -@@ -142,7 +140,7 @@ - - - -- -+ bhardlimit=20000 - - - -@@ -156,7 +154,7 @@ - - - -- -+ isoftlimit=3000 - - - -@@ -169,7 +167,7 @@ - - - -- -+ ihardlimit=4000 - - - -@@ -184,14 +182,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the module type is provided. - - - -- -+ - RETURN VALUES - - -@@ -255,7 +253,7 @@ - - - -- -+ - EXAMPLES - - A single invocation of `pam_setquota` applies a specific policy to a UID -@@ -270,7 +268,7 @@ - - - -- -+ - SEE ALSO - - -@@ -285,7 +283,7 @@ - - - -- -+ - AUTHOR - - pam_setquota was originally written by -@@ -298,4 +296,4 @@ - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_shells/README.xml b/modules/pam_shells/README.xml -index 154b97b51..c4da1a060 100644 ---- a/modules/pam_shells/README.xml -+++ b/modules/pam_shells/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_shells.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_shells-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_shells.8.xml" xpointer='xpointer(id("pam_shells-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml -index 73b4855a3..b9f90e94a 100644 ---- a/modules/pam_shells/pam_shells.8.xml -+++ b/modules/pam_shells/pam_shells.8.xml -@@ -1,27 +1,24 @@ -- -- -- -- -+ - - - pam_shells - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_shells - PAM module to check for valid login shell - - - -- -+ - pam_shells.so - - - -- -+ - - DESCRIPTION - -@@ -43,13 +40,13 @@ - - - -- -+ - - OPTIONS - This module does not recognise any options. - - -- -+ - MODULE TYPES PROVIDED - - The and -@@ -57,7 +54,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -88,7 +85,7 @@ - - - -- -+ - EXAMPLES - - -@@ -97,7 +94,7 @@ auth required pam_shells.so - - - -- -+ - SEE ALSO - - -@@ -115,11 +112,11 @@ auth required pam_shells.so - - - -- -+ - AUTHOR - - pam_shells was written by Erik Troan <ewt@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_stress/README.xml b/modules/pam_stress/README.xml -index 6f94685e1..cc7a1848d 100644 ---- a/modules/pam_stress/README.xml -+++ b/modules/pam_stress/README.xml -@@ -1,31 +1,19 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_stress.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_stress-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_stress.8.xml" xpointer='xpointer(id("pam_stress-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_stress/pam_stress.8.xml b/modules/pam_stress/pam_stress.8.xml -index 98888b1ce..617b7aae1 100644 ---- a/modules/pam_stress/pam_stress.8.xml -+++ b/modules/pam_stress/pam_stress.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_stress - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_stress - The stress-testing PAM module - -@@ -18,42 +15,42 @@ - - - -- -+ - pam_stress.so -- -+ - debug - -- -+ - no_warn - -- -+ - use_first_pass - -- -+ - try_first_pass - -- -+ - rootok - -- -+ - expired - -- -+ - fail_1 - -- -+ - fail_2 - -- -+ - prelim - -- -+ - required - - - - -- -+ - DESCRIPTION - - The pam_stress PAM module is mainly intended to give the impression of failing as a fully -@@ -61,13 +58,13 @@ functioning module might. - - - -- -+ - OPTIONS - - - - -- -+ debug - - - -@@ -79,7 +76,7 @@ functioning module might. - - - -- -+ no_warn - - - -@@ -91,7 +88,7 @@ functioning module might. - - - -- -+ use_first_pass - - - -@@ -103,7 +100,7 @@ functioning module might. - - - -- -+ try_first_pass - - - -@@ -115,7 +112,7 @@ functioning module might. - - - -- -+ rootok - - - -@@ -128,7 +125,7 @@ functioning module might. - - - -- -+ expired - - - -@@ -141,7 +138,7 @@ functioning module might. - - - -- -+ fail_1 - - - -@@ -152,7 +149,7 @@ functioning module might. - - - -- -+ fail_2 - - - -@@ -164,7 +161,7 @@ functioning module might. - - - -- -+ prelim - - - -@@ -175,7 +172,7 @@ functioning module might. - - - -- -+ required - - - -@@ -189,7 +186,7 @@ functioning module might. - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -197,7 +194,7 @@ functioning module might. - - - -- -+ - RETURN VALUES - - -@@ -307,7 +304,7 @@ functioning module might. - - - -- -+ - NOTES - - This module uses the stress_new_pwd data string which tells -@@ -316,7 +313,7 @@ functioning module might. - - - -- -+ - EXAMPLES - - #%PAM-1.0 -@@ -329,7 +326,7 @@ session required pam_stress.so - - - -- -+ - SEE ALSO - - -@@ -344,7 +341,7 @@ session required pam_stress.so - - - -- -+ - AUTHORS - - The pam_stress PAM module was developed by -@@ -353,4 +350,4 @@ session required pam_stress.so - Lucas Ramage <ramage.lucas@protonmail.com>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_succeed_if/README.xml b/modules/pam_succeed_if/README.xml -index c52f00a0f..1c174af05 100644 ---- a/modules/pam_succeed_if/README.xml -+++ b/modules/pam_succeed_if/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_succeed_if.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_succeed_if-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_succeed_if.8.xml" xpointer='xpointer(id("pam_succeed_if-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml -index 14d939a3e..90fd11454 100644 ---- a/modules/pam_succeed_if/pam_succeed_if.8.xml -+++ b/modules/pam_succeed_if/pam_succeed_if.8.xml -@@ -1,34 +1,30 @@ -- -- -- -- -- -+ - - - - - pam_succeed_if - 8 -- Linux-PAM -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_succeed_if - test account characteristics - - - - -- -+ - pam_succeed_if.so -- flag -- condition -+ flag -+ condition - - - - -- -+ - DESCRIPTION - - pam_succeed_if.so is designed to succeed or fail authentication -@@ -43,7 +39,7 @@ - - - -- -+ - OPTIONS - - The following flags are supported: -@@ -51,13 +47,13 @@ - - - -- -+ debug - - Turns on debugging messages sent to syslog. - - - -- -+ use_uid - - - Evaluate conditions using the account of the user whose UID -@@ -67,13 +63,13 @@ - - - -- -+ quiet - - Don't log failure or success to the system log. - - - -- -+ quiet_fail - - - Don't log failure to the system log. -@@ -81,7 +77,7 @@ - - - -- -+ quiet_success - - - Don't log success to the system log. -@@ -89,7 +85,7 @@ - - - -- -+ audit - - - Log unknown users to the system log. -@@ -112,13 +108,13 @@ - - - -- -+ field < number - - Field has a value numerically less than number. - - - -- -+ field <= number - - - Field has a value numerically less than or equal to number. -@@ -126,7 +122,7 @@ - - - -- -+ field eq number - - - Field has a value numerically equal to number. -@@ -134,7 +130,7 @@ - - - -- -+ field >= number - - - Field has a value numerically greater than or equal to number. -@@ -142,7 +138,7 @@ - - - -- -+ field > number - - - Field has a value numerically greater than number. -@@ -150,7 +146,7 @@ - - - -- -+ field ne number - - - Field has a value numerically different from number. -@@ -158,7 +154,7 @@ - - - -- -+ field = string - - - Field exactly matches the given string. -@@ -166,7 +162,7 @@ - - - -- -+ field != string - - - Field does not match the given string. -@@ -174,49 +170,49 @@ - - - -- -+ field =~ glob - - Field matches the given glob. - - - -- -+ field !~ glob - - Field does not match the given glob. - - - -- -+ field in item:item:... - - Field is contained in the list of items separated by colons. - - - -- -+ field notin item:item:... - - Field is not contained in the list of items separated by colons. - - - -- -+ user ingroup group[:group:....] - - User is in given group(s). - - - -- -+ user notingroup group[:group:....] - - User is not in given group(s). - - - -- -+ user innetgr netgroup - - (user,host) is in given netgroup. - - - -- -+ user notinnetgr group - - (user,host) is not in given netgroup. - -@@ -224,7 +220,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -232,7 +228,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -267,7 +263,7 @@ - - - -- -+ - EXAMPLES - - To emulate the behaviour of pam_wheel, except -@@ -288,7 +284,7 @@ type required othermodule.so arguments... - - - -- -+ - SEE ALSO - - -@@ -300,8 +296,8 @@ type required othermodule.so arguments... - - - -- -+ - AUTHOR - Nalin Dahyabhai <nalin@redhat.com> - -- -+ -\ No newline at end of file -diff --git a/modules/pam_time/README.xml b/modules/pam_time/README.xml -index 6c11eec1f..8a2faa0b8 100644 ---- a/modules/pam_time/README.xml -+++ b/modules/pam_time/README.xml -@@ -1,34 +1,19 @@ -- -- ----> -- --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_time.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_time-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_time.8.xml" xpointer='xpointer(id("pam_time-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml -index a33744ead..1fa60a104 100644 ---- a/modules/pam_time/pam_time.8.xml -+++ b/modules/pam_time/pam_time.8.xml -@@ -1,16 +1,13 @@ -- -- -- -- -+ - - - pam_time - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_time - - PAM module for time control access -@@ -20,22 +17,22 @@ - - - -- -+ - pam_time.so -- -+ - conffile=conf-file - -- -+ - debug - -- -+ - noaudit - - - - - -- -+ - DESCRIPTION - - The pam_time PAM module does not authenticate the user, but instead -@@ -62,13 +59,13 @@ - - - -- -+ - OPTIONS - - - - -- -+ conffile=/path/to/time.conf - - - -@@ -79,7 +76,7 @@ - - - -- -+ debug - - - -@@ -91,7 +88,7 @@ - - - -- -+ noaudit - - - -@@ -103,14 +100,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the type is provided. - - - -- -+ - RETURN VALUES - - -@@ -156,11 +153,11 @@ - - - -- -+ - FILES - - -- /etc/security/time.conf -+ /etc/security/time.conf - - Default configuration file - -@@ -168,7 +165,7 @@ - - - -- -+ - EXAMPLES - - #%PAM-1.0 -@@ -179,7 +176,7 @@ login account required pam_time.so - - - -- -+ - SEE ALSO - - -@@ -194,10 +191,10 @@ login account required pam_time.so - - - -- -+ - AUTHOR - - pam_time was written by Andrew G. Morgan <morgan@kernel.org>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_time/time.conf.5.xml b/modules/pam_time/time.conf.5.xml -index acbe23294..3fe263d5e 100644 ---- a/modules/pam_time/time.conf.5.xml -+++ b/modules/pam_time/time.conf.5.xml -@@ -1,13 +1,10 @@ -- -- -- -- -+ - - - time.conf - 5 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - - -@@ -15,7 +12,7 @@ - configuration file for the pam_time module - - -- -+ - DESCRIPTION - - -@@ -43,9 +40,9 @@ - - - In words, each rule occupies a line, terminated with a newline -- or the beginning of a comment; a '#'. -+ or the beginning of a comment; a '#'. - It contains four fields separated with semicolons, -- ';'. -+ ';'. - - - -@@ -107,7 +104,7 @@ - - - -- -+ - EXAMPLES - - These are some example lines which might be specified in -@@ -131,7 +128,7 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 - - - -- -+ - SEE ALSO - - pam_time8, -@@ -140,10 +137,10 @@ games ; * ; !waster ; Wd0000-2400 | Wk1800-0800 - - - -- -+ - AUTHOR - - pam_time was written by Andrew G. Morgan <morgan@kernel.org>. - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_timestamp/README.xml b/modules/pam_timestamp/README.xml -index 5b72deb13..fe01080b9 100644 ---- a/modules/pam_timestamp/README.xml -+++ b/modules/pam_timestamp/README.xml -@@ -1,46 +1,31 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_timestamp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_timestamp-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_timestamp.8.xml" xpointer='xpointer(id("pam_timestamp-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml -index 83e5aea88..a763ad862 100644 ---- a/modules/pam_timestamp/pam_timestamp.8.xml -+++ b/modules/pam_timestamp/pam_timestamp.8.xml -@@ -1,39 +1,36 @@ -- -- -- -- -+ - - - pam_timestamp - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_timestamp - Authenticate using cached successful authentication attempts - - - -- -+ - pam_timestamp.so -- -+ - timestampdir=directory - -- -+ - timestamp_timeout=number - -- -+ - verbose - -- -+ - debug - - - - -- -+ - - DESCRIPTION - -@@ -52,18 +49,18 @@ file as grounds for succeeding. - - - The default encryption hash is taken from the -- HMAC_CRYPTO_ALGO variable from -+ HMAC_CRYPTO_ALGO variable from - /etc/login.defs. - - - -- -+ - - OPTIONS - - - -- -+ timestampdir=directory - - - -@@ -74,7 +71,7 @@ file as grounds for succeeding. - - - -- -+ timestamp_timeout=number - - - -@@ -86,7 +83,7 @@ file as grounds for succeeding. - - - -- -+ verbose - - - -@@ -96,7 +93,7 @@ file as grounds for succeeding. - - - -- -+ debug - - - -@@ -109,7 +106,7 @@ file as grounds for succeeding. - - - -- -+ - MODULE TYPES PROVIDED - - The and -@@ -117,7 +114,7 @@ file as grounds for succeeding. - - - -- -+ - RETURN VALUES - - -@@ -148,7 +145,7 @@ file as grounds for succeeding. - - - -- -+ - NOTES - - Users can get confused when they are not always asked for passwords when -@@ -157,7 +154,7 @@ noticing that it is not being asked for. - - - -- -+ - EXAMPLES - - auth sufficient pam_timestamp.so verbose -@@ -168,11 +165,11 @@ session optional pam_timestamp.so - - - -- -+ - FILES - - -- /var/run/pam_timestamp/... -+ /var/run/pam_timestamp/... - - timestamp files and directories - -@@ -180,7 +177,7 @@ session optional pam_timestamp.so - - - -- -+ - SEE ALSO - - -@@ -198,11 +195,11 @@ session optional pam_timestamp.so - - - -- -+ - AUTHOR - - pam_timestamp was written by Nalin Dahyabhai. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_timestamp/pam_timestamp_check.8.xml b/modules/pam_timestamp/pam_timestamp_check.8.xml -index 3a65d7ef9..f0c095607 100644 ---- a/modules/pam_timestamp/pam_timestamp_check.8.xml -+++ b/modules/pam_timestamp/pam_timestamp_check.8.xml -@@ -1,36 +1,33 @@ -- -- -- -- -+ - - - pam_timestamp_check - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_timestamp_check - Check to see if the default timestamp is valid - - - -- -+ - pam_timestamp_check -- -+ - -k - -- -+ - -d - -- -+ - target_user - - - - -- -+ - - DESCRIPTION - -@@ -40,13 +37,13 @@ see if the default timestamp is valid, or optionally remove it. - - - -- -+ - - OPTIONS - - - -- -+ -k - - - -@@ -57,7 +54,7 @@ see if the default timestamp is valid, or optionally remove it. - - - -- -+ -d - - - -@@ -69,7 +66,7 @@ see if the default timestamp is valid, or optionally remove it. - - - -- -+ target_user - - - -@@ -85,7 +82,7 @@ see if the default timestamp is valid, or optionally remove it. - - - -- -+ - RETURN VALUES - - -@@ -147,7 +144,7 @@ see if the default timestamp is valid, or optionally remove it. - - - -- -+ - NOTES - - Users can get confused when they are not always asked for passwords when -@@ -156,7 +153,7 @@ noticing that it is not being asked for. - - - -- -+ - EXAMPLES - - auth sufficient pam_timestamp.so verbose -@@ -167,11 +164,11 @@ session optional pam_timestamp.so - - - -- -+ - FILES - - -- /var/run/sudo/... -+ /var/run/sudo/... - - timestamp files and directories - -@@ -179,7 +176,7 @@ session optional pam_timestamp.so - - - -- -+ - SEE ALSO - - -@@ -197,11 +194,11 @@ session optional pam_timestamp.so - - - -- -+ - AUTHOR - - pam_timestamp was written by Nalin Dahyabhai. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_tty_audit/README.xml b/modules/pam_tty_audit/README.xml -index 4dad6bbe7..95b851cba 100644 ---- a/modules/pam_tty_audit/README.xml -+++ b/modules/pam_tty_audit/README.xml -@@ -1,41 +1,31 @@ -- -- -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_tty_audit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tty_audit-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_tty_audit.8.xml" xpointer='xpointer(id("pam_tty_audit-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_tty_audit/pam_tty_audit.8.xml b/modules/pam_tty_audit/pam_tty_audit.8.xml -index 1c0ba5c4e..b46bbf7b6 100644 ---- a/modules/pam_tty_audit/pam_tty_audit.8.xml -+++ b/modules/pam_tty_audit/pam_tty_audit.8.xml -@@ -1,33 +1,30 @@ -- -- -- -- -+ - - - pam_tty_audit - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_tty_audit - Enable or disable TTY auditing for specified users - - - -- -+ - pam_tty_audit.so -- -+ - disable=patterns - -- -+ - enable=patterns - - - - -- -+ - DESCRIPTION - - The pam_tty_audit PAM module is used to enable or disable TTY auditing. -@@ -35,12 +32,12 @@ - - - -- -+ - OPTIONS - - - -- -+ disable=patterns - - - -@@ -53,7 +50,7 @@ - - - -- -+ enable=patterns - - - -@@ -66,7 +63,7 @@ - - - -- -+ open_only - - - -@@ -79,7 +76,7 @@ - - - -- -+ log_passwd - - - -@@ -93,14 +90,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - -- Only the session type is supported. -+ Only the session type is supported. - - - -- -+ - RETURN VALUES - - -@@ -125,7 +122,7 @@ - - - -- -+ - NOTES - - When TTY auditing is enabled, it is inherited by all processes started by -@@ -158,7 +155,7 @@ - - - -- -+ - EXAMPLES - - Audit all administrative actions. -@@ -168,7 +165,7 @@ session required pam_tty_audit.so disable=* enable=root - - - -- -+ - SEE ALSO - - -@@ -186,14 +183,14 @@ session required pam_tty_audit.so disable=* enable=root - - - -- -+ - AUTHOR - -- pam_tty_audit was written by Miloslav Trmač -+ pam_tty_audit was written by Miloslav Trmač - <mitr@redhat.com>. - The log_passwd option was added by Richard Guy Briggs - <rgb@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_umask/README.xml b/modules/pam_umask/README.xml -index 9afbe5431..d2b82d10d 100644 ---- a/modules/pam_umask/README.xml -+++ b/modules/pam_umask/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_umask.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_umask-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_umask.8.xml" xpointer='xpointer(id("pam_umask-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_umask/pam_umask.8.xml b/modules/pam_umask/pam_umask.8.xml -index 7c4a310b7..052766728 100644 ---- a/modules/pam_umask/pam_umask.8.xml -+++ b/modules/pam_umask/pam_umask.8.xml -@@ -1,42 +1,39 @@ -- -- -- -- -+ - - - pam_umask - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_umask - PAM module to set the file mode creation mask - - - -- -+ - pam_umask.so -- -+ - debug - -- -+ - silent - -- -+ - usergroups - -- -+ - nousergroups - -- -+ - umask=mask - - - - -- -+ - - DESCRIPTION - -@@ -81,7 +78,7 @@ - - - -- -+ - - OPTIONS - -@@ -89,7 +86,7 @@ - - - -- -+ debug - - - -@@ -100,7 +97,7 @@ - - - -- -+ silent - - - -@@ -111,20 +108,20 @@ - - - -- -+ usergroups - - - - If the user is not root and the username is the same as - primary group name, the umask group bits are set to be the -- same as owner bits (examples: 022 -> 002, 077 -> 007). -+ same as owner bits (examples: 022 -> 002, 077 -> 007). - - - - - - -- -+ nousergroups - - - -@@ -137,7 +134,7 @@ - - - -- -+ umask=mask - - - -@@ -153,14 +150,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - - Only the type is provided. - - - -- -+ - RETURN VALUES - - -@@ -225,7 +222,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/login to -@@ -236,7 +233,7 @@ - - - -- -+ - SEE ALSO - - -@@ -251,11 +248,11 @@ - - - -- -+ - AUTHOR - - pam_umask was written by Thorsten Kukuk <kukuk@thkukuk.de>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_unix/README.xml b/modules/pam_unix/README.xml -index 7fd340b33..49a65946b 100644 ---- a/modules/pam_unix/README.xml -+++ b/modules/pam_unix/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_unix.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_unix-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_unix.8.xml" xpointer='xpointer(id("pam_unix-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_unix/pam_unix.8.xml b/modules/pam_unix/pam_unix.8.xml -index 9f9c8185f..dfc04274c 100644 ---- a/modules/pam_unix/pam_unix.8.xml -+++ b/modules/pam_unix/pam_unix.8.xml -@@ -1,30 +1,27 @@ -- -- -- -- -+ - - - pam_unix - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_unix - Module for traditional password authentication - - - -- -+ - pam_unix.so -- -+ - ... - - - - -- -+ - - DESCRIPTION - -@@ -42,7 +39,7 @@ - shadow elements: expire, last_change, max_change, - min_change, warn_change. In the case of the latter, it may offer advice - to the user on changing their password or, through the -- PAM_AUTHTOKEN_REQD return, delay -+ PAM_AUTHTOKEN_REQD return, delay - giving service to the user until they have established a new password. - The entries listed above are documented in the - shadow5 -@@ -89,7 +86,7 @@ - - The password component of this module performs the task of updating - the user's password. The default encryption hash is taken from the -- ENCRYPT_METHOD variable from -+ ENCRYPT_METHOD variable from - /etc/login.defs - - -@@ -107,13 +104,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ debug - - - -@@ -127,7 +124,7 @@ - - - -- -+ audit - - - -@@ -138,7 +135,7 @@ - - - -- -+ quiet - - - -@@ -153,7 +150,7 @@ - - - -- -+ nullok - - - -@@ -165,7 +162,7 @@ - - - -- -+ nullresetok - - - -@@ -178,7 +175,7 @@ - - - -- -+ try_first_pass - - - -@@ -190,7 +187,7 @@ - - - -- -+ use_first_pass - - - -@@ -203,7 +200,7 @@ - - - -- -+ nodelay - - - -@@ -216,7 +213,7 @@ - - - -- -+ use_authtok - - - -@@ -230,7 +227,7 @@ - - - -- -+ authtok_type=type - - - -@@ -242,7 +239,7 @@ - - - -- -+ nis - - - -@@ -252,7 +249,7 @@ - - - -- -+ remember=n - - - -@@ -269,7 +266,7 @@ - - - -- -+ shadow - - - -@@ -279,7 +276,7 @@ - - - -- -+ md5 - - - -@@ -290,7 +287,7 @@ - - - -- -+ bigcrypt - - - -@@ -301,7 +298,7 @@ - - - -- -+ sha256 - - - -@@ -315,7 +312,7 @@ - - - -- -+ sha512 - - - -@@ -329,7 +326,7 @@ - - - -- -+ blowfish - - - -@@ -343,7 +340,7 @@ - - - -- -+ gost_yescrypt - - - -@@ -357,7 +354,7 @@ - - - -- -+ yescrypt - - - -@@ -371,7 +368,7 @@ - - - -- -+ rounds=n - - - -@@ -384,7 +381,7 @@ - - - -- -+ broken_shadow - - - -@@ -395,7 +392,7 @@ - - - -- -+ minlen=n - - - -@@ -407,7 +404,7 @@ - - - -- -+ no_pass_expiry - - - -@@ -418,9 +415,9 @@ - meaning that other authentication source or method succeeded. - The example can be public key authentication in - sshd. The module will return -- PAM_SUCCESS instead of eventual -- PAM_NEW_AUTHTOK_REQD or -- PAM_AUTHTOK_EXPIRED. -+ PAM_SUCCESS instead of eventual -+ PAM_NEW_AUTHTOK_REQD or -+ PAM_AUTHTOK_EXPIRED. - - - -@@ -432,7 +429,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -440,7 +437,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -454,7 +451,7 @@ - - - -- -+ - EXAMPLES - - An example usage for /etc/pam.d/login -@@ -473,7 +470,7 @@ session required pam_unix.so - - - -- -+ - SEE ALSO - - -@@ -491,11 +488,11 @@ session required pam_unix.so - - - -- -+ - AUTHOR - - pam_unix was written by various people. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_unix/unix_chkpwd.8.xml b/modules/pam_unix/unix_chkpwd.8.xml -index a10dbe330..ca0fa109f 100644 ---- a/modules/pam_unix/unix_chkpwd.8.xml -+++ b/modules/pam_unix/unix_chkpwd.8.xml -@@ -1,30 +1,27 @@ -- -- -- -- -+ - - - unix_chkpwd - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - unix_chkpwd - Helper binary that verifies the password of the current user - - - -- -+ - unix_chkpwd -- -+ - ... - - - - -- -+ - - DESCRIPTION - -@@ -48,7 +45,7 @@ - - - -- -+ - SEE ALSO - - -@@ -57,11 +54,11 @@ - - - -- -+ - AUTHOR - - Written by Andrew Morgan and other various people. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_unix/unix_update.8.xml b/modules/pam_unix/unix_update.8.xml -index 6c7467b90..1a9686529 100644 ---- a/modules/pam_unix/unix_update.8.xml -+++ b/modules/pam_unix/unix_update.8.xml -@@ -1,30 +1,27 @@ -- -- -- -- -+ - - - unix_update - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - unix_update - Helper binary that updates the password of a given user - - - -- -+ - unix_update -- -+ - ... - - - - -- -+ - - DESCRIPTION - -@@ -48,7 +45,7 @@ - - - -- -+ - SEE ALSO - - -@@ -57,11 +54,11 @@ - - - -- -+ - AUTHOR - - Written by Tomas Mraz and other various people. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_userdb/README.xml b/modules/pam_userdb/README.xml -index b22c09e74..4e8f8ee7a 100644 ---- a/modules/pam_userdb/README.xml -+++ b/modules/pam_userdb/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_userdb.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_userdb-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_userdb.8.xml" xpointer='xpointer(id("pam_userdb-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml -index bce92850a..0f9641024 100644 ---- a/modules/pam_userdb/pam_userdb.8.xml -+++ b/modules/pam_userdb/pam_userdb.8.xml -@@ -1,54 +1,51 @@ -- -- -- -- -+ - - - pam_userdb - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_userdb - PAM module to authenticate against a db database - - - -- -+ - pam_userdb.so -- -+ - db=/path/database - -- -+ - debug - -- -+ - crypt=[crypt|none] - -- -+ - icase - -- -+ - dump - -- -+ - try_first_pass - -- -+ - use_first_pass - -- -+ - unknown_ok - -- -+ - key_only - - - - -- -+ - - DESCRIPTION - -@@ -60,13 +57,13 @@ - - - -- -+ - - OPTIONS - - - -- -+ crypt=[crypt|none] - - - -@@ -82,13 +79,13 @@ - - - -- -+ db=/path/database - - - - Use the /path/database database for - performing lookup. There is no default; the module will -- return PAM_IGNORE if no -+ return PAM_IGNORE if no - database is provided. Note that the path to the database file - should be specified without the .db suffix. - -@@ -96,7 +93,7 @@ - - - -- -+ debug - - - -@@ -107,7 +104,7 @@ - - - -- -+ dump - - - -@@ -118,7 +115,7 @@ - - - -- -+ icase - - - -@@ -131,7 +128,7 @@ - - - -- -+ try_first_pass - - - -@@ -146,7 +143,7 @@ - - - -- -+ use_first_pass - - - -@@ -161,7 +158,7 @@ - - - -- -+ unknown_ok - - - -@@ -174,7 +171,7 @@ - - - -- -+ key_only - - - -@@ -191,7 +188,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - The and module -@@ -199,7 +196,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -259,14 +256,14 @@ - - - -- -+ - EXAMPLES - - auth sufficient pam_userdb.so icase db=/etc/dbtest - - - -- -+ - SEE ALSO - - -@@ -284,11 +281,11 @@ auth sufficient pam_userdb.so icase db=/etc/dbtest - - - -- -+ - AUTHOR - - pam_userdb was written by Cristian Gafton >gafton@redhat.com<. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_usertype/README.xml b/modules/pam_usertype/README.xml -index 585504654..7faf549e2 100644 ---- a/modules/pam_usertype/README.xml -+++ b/modules/pam_usertype/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_usertype.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_usertype-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_usertype.8.xml" xpointer='xpointer(id("pam_usertype-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml -index d9307ba3a..87ad0796c 100644 ---- a/modules/pam_usertype/pam_usertype.8.xml -+++ b/modules/pam_usertype/pam_usertype.8.xml -@@ -1,31 +1,27 @@ -- -- -- -- -- -+ - - pam_usertype - 8 -- Linux-PAM -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_usertype - check if the authenticated user is a system or regular account - - - - -- -+ - pam_usertype.so -- flag -- condition -+ flag -+ condition - - - - -- -+ - DESCRIPTION - - pam_usertype.so is designed to succeed or fail authentication -@@ -42,7 +38,7 @@ - - - -- -+ - OPTIONS - - The following flags are supported: -@@ -50,7 +46,7 @@ - - - -- -+ use_uid - - - Evaluate conditions using the account of the user whose UID -@@ -60,7 +56,7 @@ - - - -- -+ audit - - - Log unknown users to the system log. -@@ -75,13 +71,13 @@ - - - -- -+ issystem - - Succeed if the user is a system user. - - - -- -+ isregular - - Succeed if the user is a regular user. - -@@ -89,7 +85,7 @@ - - - -- -+ - MODULE TYPES PROVIDED - - All module types (, , -@@ -97,7 +93,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -170,7 +166,7 @@ - - - -- -+ - EXAMPLES - - Skip remaining modules if the user is a system user: -@@ -180,7 +176,7 @@ account sufficient pam_usertype.so issystem - - - -- -+ - SEE ALSO - - -@@ -192,8 +188,8 @@ account sufficient pam_usertype.so issystem - - - -- -+ - AUTHOR - Pavel Březina <pbrezina@redhat.com> - -- -+ -\ No newline at end of file -diff --git a/modules/pam_warn/README.xml b/modules/pam_warn/README.xml -index 4367c28f4..56093f805 100644 ---- a/modules/pam_warn/README.xml -+++ b/modules/pam_warn/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_warn.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_warn-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_warn.8.xml" xpointer='xpointer(id("pam_warn-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_warn/pam_warn.8.xml b/modules/pam_warn/pam_warn.8.xml -index 1764ec924..a20c5f718 100644 ---- a/modules/pam_warn/pam_warn.8.xml -+++ b/modules/pam_warn/pam_warn.8.xml -@@ -1,25 +1,22 @@ -- -- -- -- -+ - - - pam_warn - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - -- -+ - pam_warn - PAM module which logs all PAM items if called - - -- -+ - pam_warn.so - - - -- -+ - DESCRIPTION - - pam_warn is a PAM module that logs the service, terminal, user, -@@ -28,17 +25,17 @@ - syslog3 - . The items are not probed for, but instead obtained - from the standard PAM items. The module always returns -- PAM_IGNORE, indicating that it -+ PAM_IGNORE, indicating that it - does not want to affect the authentication process. - - - -- -+ - OPTIONS - This module does not recognise any options. - - -- -+ - MODULE TYPES PROVIDED - - The , , -@@ -47,7 +44,7 @@ - - - -- -+ - RETURN VALUES - - -@@ -61,7 +58,7 @@ - - - -- -+ - EXAMPLES - - #%PAM-1.0 -@@ -80,7 +77,7 @@ other session required pam_deny.so - - - -- -+ - SEE ALSO - - -@@ -95,11 +92,11 @@ other session required pam_deny.so - - - -- -+ - AUTHOR - - pam_warn was written by Andrew G. Morgan <morgan@kernel.org>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_wheel/README.xml b/modules/pam_wheel/README.xml -index 9e33d7ff2..e40c46e84 100644 ---- a/modules/pam_wheel/README.xml -+++ b/modules/pam_wheel/README.xml -@@ -1,41 +1,27 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_wheel.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_wheel-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_wheel.8.xml" xpointer='xpointer(id("pam_wheel-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_wheel/pam_wheel.8.xml b/modules/pam_wheel/pam_wheel.8.xml -index ee8c7d269..af0fd6199 100644 ---- a/modules/pam_wheel/pam_wheel.8.xml -+++ b/modules/pam_wheel/pam_wheel.8.xml -@@ -1,45 +1,42 @@ -- -- -- -- -+ - - - pam_wheel - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_wheel - Only permit root access to members of group wheel - - - -- -+ - pam_wheel.so -- -+ - debug - -- -+ - deny - -- -+ - group=name - -- -+ - root_only - -- -+ - trust - -- -+ - use_uid - - - - -- -+ - DESCRIPTION - - The pam_wheel PAM module is used to enforce the so-called -@@ -47,16 +44,16 @@ - access to the target user if the applicant user is a member of the - wheel group. If no group with this name exist, - the module is using the group with the group-ID -- 0. -+ 0. - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -66,7 +63,7 @@ - - - -- -+ deny - - - -@@ -81,7 +78,7 @@ - - - -- -+ group=name - - - -@@ -93,7 +90,7 @@ - - - -- -+ root_only - - - -@@ -104,7 +101,7 @@ - - - -- -+ trust - - - -@@ -118,7 +115,7 @@ - - - -- -+ use_uid - - - -@@ -131,15 +128,15 @@ - - - -- -+ - MODULE TYPES PROVIDED - -- The auth and -- account module types are provided. -+ The auth and -+ account module types are provided. - - - -- -+ - RETURN VALUES - - -@@ -204,7 +201,7 @@ - - - -- -+ - EXAMPLES - - The root account gains access by default (rootok), only wheel -@@ -218,7 +215,7 @@ su auth required pam_unix.so - - - -- -+ - SEE ALSO - - -@@ -233,11 +230,11 @@ su auth required pam_unix.so - - - -- -+ - AUTHOR - - pam_wheel was written by Cristian Gafton <gafton@redhat.com>. - - - -- -+ -\ No newline at end of file -diff --git a/modules/pam_xauth/README.xml b/modules/pam_xauth/README.xml -index adefbd98e..04fc24683 100644 ---- a/modules/pam_xauth/README.xml -+++ b/modules/pam_xauth/README.xml -@@ -1,46 +1,31 @@ -- -- ----> --]> -+
- --
-- -- -+ - - -- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" -- href="pam_xauth.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_xauth-name"]/*)'/> -+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_xauth.8.xml" xpointer='xpointer(id("pam_xauth-name")/*)'/> - - -- -+ - -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- -
-- -+ -
- --
-+
-\ No newline at end of file -diff --git a/modules/pam_xauth/pam_xauth.8.xml b/modules/pam_xauth/pam_xauth.8.xml -index 08c06cf84..f5fc5a3c3 100644 ---- a/modules/pam_xauth/pam_xauth.8.xml -+++ b/modules/pam_xauth/pam_xauth.8.xml -@@ -1,39 +1,36 @@ -- -- -- -- -+ - - - pam_xauth - 8 -- Linux-PAM Manual -+ Linux-PAM -+ Linux-PAM Manual - - -- -+ - pam_xauth - PAM module to forward xauth keys between users - - - -- -+ - pam_xauth.so -- -+ - debug - -- -+ - xauthpath=/path/to/xauth - -- -+ - systemuser=UID - -- -+ - targetuser=UID - - - - -- -+ - DESCRIPTION - - The pam_xauth PAM module is designed to forward xauth keys -@@ -81,25 +78,25 @@ - If a user has a .xauth/export file, the user will - only forward cookies to users listed in the file. If there is no - ~/.xauth/export file, and the invoking user is -- not root, the user will forward cookies -+ not root, the user will forward cookies - to any other user. If there is no ~/.xauth/export -- file, and the invoking user is root, -- the user will not forward cookies to -+ file, and the invoking user is root, -+ the user will not forward cookies to - other users. - - - Both the import and export files support wildcards (such as -- *). Both the import and export files -+ *). Both the import and export files - can be empty, signifying that no users are allowed. - - - -- -+ - OPTIONS - - - -- -+ debug - - - -@@ -109,7 +106,7 @@ - - - -- -+ xauthpath=/path/to/xauth - - - -@@ -122,7 +119,7 @@ - - - -- -+ systemuser=UID - - - -@@ -135,7 +132,7 @@ - - - -- -+ targetuser=UID - - - -@@ -147,14 +144,14 @@ - - - -- -+ - MODULE TYPES PROVIDED - -- Only the session type is provided. -+ Only the session type is provided. - - - -- -+ - RETURN VALUES - - -@@ -205,7 +202,7 @@ - - - -- -+ - EXAMPLES - - Add the following line to /etc/pam.d/su to -@@ -216,10 +213,10 @@ session optional pam_xauth.so - - - -- -+ - IMPLEMENTATION DETAILS - -- pam_xauth will work only if it is -+ pam_xauth will work only if it is - used from a setuid application in which the - getuid() call returns the id of the user - running the application, and for which PAM can supply the name -@@ -247,17 +244,17 @@ session optional pam_xauth.so - - - -- -+ - FILES - - -- ~/.xauth/import -+ ~/.xauth/import - - XXX - - - -- ~/.xauth/export -+ ~/.xauth/export - - XXX - -@@ -266,7 +263,7 @@ session optional pam_xauth.so - - - -- -+ - SEE ALSO - - -@@ -281,7 +278,7 @@ session optional pam_xauth.so - - - -- -+ - AUTHOR - - pam_xauth was written by Nalin Dahyabhai <nalin@redhat.com>, -@@ -290,4 +287,4 @@ session optional pam_xauth.so - - - -- -+ -\ No newline at end of file diff --git a/pam-bsc1177858-dont-free-environment-string.patch b/pam-bsc1177858-dont-free-environment-string.patch deleted file mode 100644 index 9a9670b..0000000 --- a/pam-bsc1177858-dont-free-environment-string.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -=================================================================== ---- Linux-PAM-1.4.0.orig/modules/pam_xauth/pam_xauth.c -+++ Linux-PAM-1.4.0/modules/pam_xauth/pam_xauth.c -@@ -701,8 +701,9 @@ pam_sm_open_session (pam_handle_t *pamh, - pam_syslog(pamh, LOG_ERR, - "can't set environment variable '%s'", - xauthority); -- putenv (xauthority); /* The environment owns this string now. */ -- /* Don't free environment variables nor set them to NULL. */ -+ if (putenv (xauthority) == 0) /* The environment owns this string now. */ -+ xauthority = NULL; -+ /* Don't free environment variables. */ - - /* set $DISPLAY in pam handle to make su - work */ - { -@@ -765,7 +766,8 @@ cleanup: - unsetenv (XAUTHENV); - free(cookiefile); - free(cookie); -- free(xauthority); -+ if (xauthority != NULL) /* If it hasn't been successfully passed to putenv() ... */ -+ free(xauthority); - return retval; - } - diff --git a/pam-git.diff b/pam-git.diff deleted file mode 100644 index 2dbdb08..0000000 --- a/pam-git.diff +++ /dev/null @@ -1,6965 +0,0 @@ -diff --git a/README b/README -index 21af8c4c..aa99927e 100644 ---- a/README -+++ b/README -@@ -6,7 +6,7 @@ NOTES: - - How to use it is as follows: - --Please look at the ci/install_dependencies.sh for the necessary -+Please look at the ci/install-dependencies.sh for the necessary - prerequisite packages to be able to build the Linux-PAM. The script - is targeted at Debian based Linux distributions so the package - names and availability might differ on other distributions. -diff --git a/configure.ac b/configure.ac -index c06bc7dd..538195e5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -243,6 +243,29 @@ if test x"$enable_debug" = x"yes" ; then - [lots of stuff gets written to /var/run/pam-debug.log]) - fi - -+AC_ARG_ENABLE(html_stylesheet, -+ AS_HELP_STRING([--enable-html-stylesheet=FILE],[html stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl@:>@]), -+ HTML_STYLESHEET=$enableval, HTML_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl) -+AC_SUBST(HTML_STYLESHEET) -+ -+AC_ARG_ENABLE(txt_stylesheet, -+ AS_HELP_STRING([--enable-txt-stylesheet=FILE],[text stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl@:>@]), -+ TXT_STYLESHEET=$enableval, TXT_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl) -+AC_SUBST(TXT_STYLESHEET) -+# It has to be TXT_STYLESHEET otherwise a html tree will be generated while generating all README files. -+sed "s+HTML_STYLESHEET+$TXT_STYLESHEET+g" doc/custom-html.xsl -+ -+AC_ARG_ENABLE(pdf_stylesheet, -+ AS_HELP_STRING([--enable-pdf-stylesheet=FILE],[pdf stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl@:>@]), -+ PDF_STYLESHEET=$enableval, PDF_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl) -+AC_SUBST(PDF_STYLESHEET) -+ -+AC_ARG_ENABLE(man_stylesheet, -+ AS_HELP_STRING([--enable-man-stylesheet=FILE],[man stylesheet path @<:@default=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl@:>@]), -+ MAN_STYLESHEET=$enableval, MAN_STYLESHEET=http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl) -+AC_SUBST(MAN_STYLESHEET) -+sed "s+MAN_STYLESHEET+$MAN_STYLESHEET+g" doc/custom-man.xsl -+ - AC_ARG_ENABLE(securedir, - AS_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]), - SECUREDIR=$enableval, SECUREDIR=$libdir/security) -@@ -259,6 +282,8 @@ AC_MSG_RESULT([Defining \$ISA to "$ISA"]) - AC_ARG_ENABLE(sconfigdir, - AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]), - SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security) -+AC_DEFINE_UNQUOTED([SCONFIGDIR], ["$SCONFIGDIR"], -+ [Directory for PAM modules system configuration files]) - AC_SUBST(SCONFIGDIR) - - AC_ARG_ENABLE(pamlocking, -@@ -295,6 +320,7 @@ if test x$with_mailspool != x ; then - else - AC_RUN_IFELSE([AC_LANG_SOURCE([[ - #include -+#include - int main() { - #ifdef _PATH_MAILDIR - exit(0); -@@ -490,26 +516,31 @@ if test -n "$LIBSELINUX" ; then - LIBS=$BACKUP_LIBS - fi - -+ECONF_CFLAGS= -+ECONF_LIBS= - AC_ARG_ENABLE([econf], - AS_HELP_STRING([--disable-econf], [do not use libeconf]), -- [WITH_ECONF=$enableval], WITH_ECONF=yes) --if test "$WITH_ECONF" = "yes" ; then -- PKG_CHECK_MODULES([ECONF], [libeconf], [], -- [AC_CHECK_LIB([econf],[econf_readDirs],[ECONF_LIBS="-leconf"],[ECONF_LIBS=""])]) -- if test -n "$ECONF_LIBS" ; then -- ECONF_CFLAGS="-DUSE_ECONF=1 $ECONF_CFLAGS" -- fi -+ [WITH_ECONF=$enableval], [WITH_ECONF=yes]) -+if test "$WITH_ECONF" = "yes"; then -+ PKG_CHECK_MODULES([ECONF], [libeconf >= 0.5.0], [ECONF_CFLAGS="-DUSE_ECONF=1 $ECONF_CFLAGS"], [:]) - fi - AC_SUBST([ECONF_CFLAGS]) - AC_SUBST([ECONF_LIBS]) -+ - AC_ARG_ENABLE([vendordir], - AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[]) - if test -n "$enable_vendordir"; then - AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"], - [Directory for distribution provided configuration files]) -- STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'" -+ AC_DEFINE_UNQUOTED([VENDOR_SCONFIGDIR], ["$enable_vendordir/security"], -+ [Directory for PAM modules distribution provided configuration files]) -+ if test "$WITH_ECONF" = "yes" ; then -+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_with_econf'" -+ else -+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir' --stringparam profile.condition 'with_vendordir;with_vendordir_and_without_econf" -+ fi - else -- STRINGPARAM_VENDORDIR="--stringparam vendordir ''" -+ STRINGPARAM_VENDORDIR="--stringparam profile.condition 'without_vendordir'" - fi - AC_SUBST([STRINGPARAM_VENDORDIR]) - -@@ -628,11 +659,6 @@ test -n "$opt_uidmin" || - opt_uidmin=1000 - AC_DEFINE_UNQUOTED(PAM_USERTYPE_UIDMIN, $opt_uidmin, [Minimum regular user uid.]) - --AC_ARG_WITH([sysuidmin], AS_HELP_STRING([--with-sysuidmin=],[default value for system user min uid (101)]), opt_sysuidmin=$withval) --test -n "$opt_sysuidmin" || -- opt_sysuidmin=101 --AC_DEFINE_UNQUOTED(PAM_USERTYPE_SYSUIDMIN, $opt_sysuidmin, [Minimum system user uid.]) -- - AC_ARG_WITH([kernel-overflow-uid], AS_HELP_STRING([--with-kernel-overflow-uid=],[kernel overflow uid, default (uint16_t)-2=65534]), opt_kerneloverflowuid=$withval) - test -n "$opt_kerneloverflowuid" || - opt_kerneloverflowuid=65534 -diff --git a/doc/adg/Makefile.am b/doc/adg/Makefile.am -index 77bd7a99..b795b1a4 100644 ---- a/doc/adg/Makefile.am -+++ b/doc/adg/Makefile.am -@@ -21,7 +21,7 @@ if ENABLE_GENERATE_PDF - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 3 --xinclude --nonet \ -- http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_ADG.fo -+ $(PDF_STYLESHEET) $< > Linux-PAM_ADG.fo - $(FO2PDF) Linux-PAM_ADG.fo $@ - else - echo "No fo2pdf processor installed, skip PDF generation" -@@ -33,7 +33,7 @@ Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 3 --xinclude --nonet \ -- http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ -+ $(TXT_STYLESHEET) $< | $(BROWSER) > $@ - - html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) - @test -d html || mkdir -p html -@@ -46,7 +46,7 @@ html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 3 --xinclude --nonet \ - --stringparam chunker.output.encoding UTF-8 \ -- http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< -+ $(HTML_STYLESHEET) $< - - distclean-local: - -rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf -diff --git a/doc/custom-html.xsl b/doc/custom-html.xsl.in -similarity index 87% -rename from doc/custom-html.xsl -rename to doc/custom-html.xsl.in -index fdd5df7d..b2eaf150 100644 ---- a/doc/custom-html.xsl -+++ b/doc/custom-html.xsl.in -@@ -3,7 +3,7 @@ - xmlns:ss="http://docbook.sf.net/xmlns/string.subst/1.0" - xmlns:exsl="http://exslt.org/common" version="1.0"> - -- -+ - - - -diff --git a/doc/custom-man.xsl b/doc/custom-man.xsl.in -similarity index 77% -rename from doc/custom-man.xsl -rename to doc/custom-man.xsl.in -index a3408e6c..258627bf 100644 ---- a/doc/custom-man.xsl -+++ b/doc/custom-man.xsl.in -@@ -1,6 +1,6 @@ - - -- -+ - - - -diff --git a/doc/man/Makefile.am b/doc/man/Makefile.am -index 78c891df..aec365cf 100644 ---- a/doc/man/Makefile.am -+++ b/doc/man/Makefile.am -@@ -25,25 +25,25 @@ man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ - pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 \ - misc_conv.3 pam_misc_paste_env.3 pam_misc_drop_env.3 \ - pam_misc_setenv.3 --XMLS = pam.3.xml pam.8.xml \ -+XMLS = pam.3.xml pam.8.xml pam.conf.5.xml \ - pam_acct_mgmt.3.xml pam_authenticate.3.xml \ - pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \ -- pam_end.3.xml pam_error.3.xml \ -- pam_fail_delay.3.xml pam_xauth_data.3 \ -+ pam_end.3.xml pam_error.3.xml pam_fail_delay.3.xml \ - pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \ - pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \ -- pam_info.3.xml \ -- pam_open_session.3.xml \ -+ pam_info.3.xml pam_misc_drop_env.3.xml pam_misc_paste_env.3.xml \ -+ pam_misc_setenv.3.xml pam_open_session.3.xml \ - pam_prompt.3.xml pam_putenv.3.xml \ -- pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \ -- pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ -- pam_sm_close_session.3.xml pam_sm_open_session.3.xml \ -- pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ -- pam_sm_chauthtok.3.xml \ -+ pam_set_data.3.xml pam_set_item.3.xml pam_setcred.3.xml \ -+ pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ -+ pam_sm_chauthtok.3.xml pam_sm_close_session.3.xml \ -+ pam_sm_open_session.3.xml pam_sm_setcred.3.xml \ -+ pam_start.3.xml pam_strerror.3.xml \ -+ pam_syslog.3.xml pam_xauth_data.3.xml \ - pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ - pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ -- misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ -- pam_misc_setenv.3.xml -+ misc_conv.3.xml -+ - - if ENABLE_REGENERATE_MAN - PAM.8: pam.8 -diff --git a/doc/man/pam.8.xml b/doc/man/pam.8.xml -index 464af0e5..8eef665a 100644 ---- a/doc/man/pam.8.xml -+++ b/doc/man/pam.8.xml -@@ -158,15 +158,14 @@ closing hook for modules to affect the services available to a user. - - - -- -+ - %vendordir%/pam.d - - - the Linux-PAM vendor configuration - directory. Files in /etc/pam.d and - /usr/lib/pam.d override files with the same -- name in this directory. Only available if Linux-PAM was compiled -- with vendordir enabled. -+ name in this directory. - - - -diff --git a/doc/mwg/Makefile.am b/doc/mwg/Makefile.am -index 2bbb2d0b..688e6cb3 100644 ---- a/doc/mwg/Makefile.am -+++ b/doc/mwg/Makefile.am -@@ -21,7 +21,7 @@ if ENABLE_GENERATE_PDF - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 3 --xinclude --nonet \ -- http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_MWG.fo -+ $(PDF_STYLESHEET) $< > Linux-PAM_MWG.fo - $(FO2PDF) Linux-PAM_MWG.fo $@ - else - echo "No fo2pdf processor installed, skip PDF generation" -@@ -33,7 +33,7 @@ Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 3 --xinclude --nonet \ -- http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ -+ $(TXT_STYLESHEET) $< | $(BROWSER) > $@ - - html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) - @test -d html || mkdir -p html -@@ -46,7 +46,7 @@ html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 3 --xinclude --nonet \ - --stringparam chunker.output.encoding UTF-8 \ -- http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< -+ $(HTML_STYLESHEET) $< - - distclean-local: - -rm -rf html Linux-PAM_MWG.txt Linux-PAM_MWG.pdf -diff --git a/doc/sag/Linux-PAM_SAG.xml b/doc/sag/Linux-PAM_SAG.xml -index 0f33e0f6..2adaef7d 100644 ---- a/doc/sag/Linux-PAM_SAG.xml -+++ b/doc/sag/Linux-PAM_SAG.xml -@@ -408,6 +408,8 @@ session required pam_warn.so - href="pam_exec.xml"/> - -+ - - Linux-PAM_SAG.fo -+ $(PDF_STYLESHEET) $< > Linux-PAM_SAG.fo - $(FO2PDF) Linux-PAM_SAG.fo $@ - else - echo "No fo2pdf processor installed, skip PDF generation" -@@ -34,7 +34,7 @@ Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) - --stringparam section.autolabel 1 \ - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 2 --xinclude --nonet \ -- http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ -+ $(TXT_STYLESHEET) $< | $(BROWSER) > $@ - - html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) - @test -d html || mkdir -p html -@@ -47,7 +47,7 @@ html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) - --stringparam section.label.includes.component.label 1 \ - --stringparam toc.max.depth 2 --xinclude --nonet \ - --stringparam chunker.output.encoding UTF-8 \ -- http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< -+ $(HTML_STYLESHEET) $< - - distclean-local: - -rm -rf html Linux-PAM_SAG.txt Linux-PAM_SAG.pdf -diff --git a/examples/Makefile.am b/examples/Makefile.am -index 722ec686..c4c3c261 100644 ---- a/examples/Makefile.am -+++ b/examples/Makefile.am -@@ -11,4 +11,4 @@ AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - LDADD = $(top_builddir)/libpam/libpam.la \ - $(top_builddir)/libpam_misc/libpam_misc.la - --noinst_PROGRAMS = xsh vpass blank check_user -+noinst_PROGRAMS = xsh vpass blank check_user tty_conv -diff --git a/examples/tty_conv.c b/examples/tty_conv.c -new file mode 100644 -index 00000000..23f0684c ---- /dev/null -+++ b/examples/tty_conv.c -@@ -0,0 +1,177 @@ -+/* PlanC (hubenchang0515@outlook.com) -- an example application -+ * that implements a custom conversation */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/*************************************** -+ * @brief echo off/on -+ * @param[in] fd file descriptor -+ * @param[in] off 1 - echo off,0 - echo on -+ ***************************************/ -+static void echoOff(int fd, int off) -+{ -+ struct termio tty; -+ if (ioctl(fd, TCGETA, &tty) < 0) -+ { -+ fprintf(stderr, "TCGETA failed: %s\n", strerror(errno)); -+ return; -+ } -+ -+ if (off) -+ { -+ tty.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); -+ if (ioctl(fd, TCSETAF, &tty) < 0) -+ { -+ fprintf(stderr, "TCSETAF failed: %s\n", strerror(errno)); -+ } -+ } -+ else -+ { -+ tty.c_lflag |= (ECHO | ECHOE | ECHOK | ECHONL); -+ if (ioctl(fd, TCSETAW, &tty) < 0) -+ { -+ fprintf(stderr, "TCSETAW failed: %s\n", strerror(errno)); -+ } -+ } -+} -+ -+/*************************************** -+ * @brief echo off stdin -+ ***************************************/ -+static void echoOffStdin(void) -+{ -+ echoOff(fileno(stdin), 1); -+} -+ -+/*************************************** -+ * @brief echo on stdin -+ ***************************************/ -+static void echoOnStdin(void) -+{ -+ echoOff(fileno(stdin), 0); -+} -+ -+/*************************************** -+ * @brief read a line input -+ * @return the input string -+ ***************************************/ -+static char *readline(void) -+{ -+ char input[PAM_MAX_RESP_SIZE]; -+ int i; -+ -+ flockfile(stdin); -+ for (i = 0; i < PAM_MAX_RESP_SIZE; i++) -+ { -+ int ch = getchar_unlocked(); -+ if (ch == '\n' || ch == '\r' ||ch == EOF) -+ break; -+ input[i] = ch; -+ } -+ funlockfile(stdin); -+ input[i] = '\0'; -+ -+ return (strdup(input)); -+} -+ -+/************************************************** -+ * @brief callback of PAM conversation -+ * @param[in] num_msg the count of message -+ * @param[in] msg PAM message -+ * @param[out] resp our response -+ * @param[in] appdata_ptr custom data passed by struct pam_conv.appdata_ptr -+ * @return state -+ **************************************************/ -+static int conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) -+{ -+ (void)(appdata_ptr); -+ int i; -+ -+ /* check the count of message */ -+ if (num_msg <= 0 || num_msg >= PAM_MAX_MSG_SIZE) -+ { -+ fprintf(stderr, "invalid num_msg(%d)\n", num_msg); -+ return PAM_CONV_ERR; -+ } -+ -+ /* alloc memory for response */ -+ if ((resp[0] = malloc(num_msg * sizeof(struct pam_response))) == NULL) -+ { -+ fprintf(stderr, "bad alloc\n"); -+ return PAM_BUF_ERR; -+ } -+ -+ /* response for message */ -+ for (i = 0; i < num_msg; i++) -+ { -+ const struct pam_message *m = *msg + i; -+ struct pam_response *r = *resp + i; -+ r->resp_retcode = 0; /* currently un-used, zero expected */ -+ switch (m->msg_style) -+ { -+ case PAM_PROMPT_ECHO_OFF: /* get the input with echo off, like the password */ -+ printf("%s", m->msg); -+ echoOffStdin(); -+ r->resp = readline(); -+ echoOnStdin(); -+ printf("\n"); -+ break; -+ -+ case PAM_PROMPT_ECHO_ON: /* get the input with echo on, like the username */ -+ printf("%s", m->msg); -+ r->resp = readline(); -+ break; -+ -+ case PAM_TEXT_INFO: /* normal info */ -+ printf("%s\n", m->msg); -+ break; -+ -+ case PAM_ERROR_MSG: /* error info */ -+ fprintf(stderr, "%s\n", m->msg); -+ break; -+ -+ default: -+ fprintf(stderr, "unexpected msg_style: %d\n", m->msg_style); -+ break; -+ } -+ } -+ return PAM_SUCCESS; -+} -+ -+int main(void) -+{ -+ struct pam_conv pam_conv = {conversation, NULL}; -+ pam_handle_t *pamh; -+ -+ /* echo on while exist, like Ctrl+C on input password */ -+ atexit(echoOnStdin); -+ -+ if (PAM_SUCCESS != pam_start("login", NULL, &pam_conv, &pamh)) -+ { -+ fprintf(stderr, "pam_start failed\n"); -+ return EXIT_FAILURE; -+ } -+ -+ if (PAM_SUCCESS != pam_authenticate(pamh, 0)) -+ { -+ fprintf(stderr, "pam_authenticate failed\n"); -+ pam_end(pamh, 0); -+ return EXIT_FAILURE; -+ } -+ -+ if (PAM_SUCCESS != pam_acct_mgmt(pamh, 0)) -+ { -+ fprintf(stderr, "pam_acct_mgmt failed\n"); -+ pam_end(pamh, 0); -+ return EXIT_FAILURE; -+ } -+ -+ pam_end(pamh, 0); -+ return EXIT_SUCCESS; -+} -diff --git a/examples/xsh.c b/examples/xsh.c -index ef4dca0c..5b34fc17 100644 ---- a/examples/xsh.c -+++ b/examples/xsh.c -@@ -80,7 +80,7 @@ int main(int argc, char **argv) - tty = ttyname(fileno(stdin)); - if (tty) { - retcode = pam_set_item(pamh, PAM_TTY, tty); -- bail_out(pamh,1,retcode,"pam_set_item(PAM_RHOST)"); -+ bail_out(pamh,1,retcode,"pam_set_item(PAM_TTY)"); - } - } - -diff --git a/libpam/Makefile.am b/libpam/Makefile.am -index 55222afc..389d5d02 100644 ---- a/libpam/Makefile.am -+++ b/libpam/Makefile.am -@@ -21,7 +21,7 @@ noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - include/pam_inline.h include/test_assert.h - - libpam_la_LDFLAGS = -no-undefined -version-info 85:1:85 --libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ -+libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ @LTLIBINTL@ - - if HAVE_VERSIONING - libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map -diff --git a/libpam/include/security/pam_modutil.h b/libpam/include/security/pam_modutil.h -index 33f87b90..c2578323 100644 ---- a/libpam/include/security/pam_modutil.h -+++ b/libpam/include/security/pam_modutil.h -@@ -147,7 +147,16 @@ pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, - enum pam_modutil_redirect_fd redirect_stdout, - enum pam_modutil_redirect_fd redirect_stderr); - --/* lookup a value for key in login.defs file or similar key value format */ -+/************************************************** -+ * @brief Lookup a value for the key in the file (i.e. login.defs or a similar -+ * key-value format file). -+ * -+ * @param[in] pamh The pam handle structure -+ * @param[in] file_name Configuration file name -+ * @param[in] key Lookup key -+ * -+ * @return value, or NULL if key was not found. -+ **************************************************/ - extern char * PAM_NONNULL((1,2,3)) - pam_modutil_search_key(pam_handle_t *pamh, - const char *file_name, -diff --git a/libpam/pam.pc.in b/libpam/pam.pc.in -index a7cf852d..c3fafe4b 100644 ---- a/libpam/pam.pc.in -+++ b/libpam/pam.pc.in -@@ -1,3 +1,5 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ - libdir=@libdir@ - includedir=@includedir@ - -diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c -index ffa5e4ae..12ebb8fc 100644 ---- a/libpam/pam_handlers.c -+++ b/libpam/pam_handlers.c -@@ -889,8 +889,8 @@ int _pam_add_handler(pam_handle_t *pamh - handler_p = &((*handler_p)->next); - } - -- if ((*handler_p = malloc(sizeof(struct handler))) == NULL) { -- pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #1"); -+ if ((*handler_p = calloc(1, sizeof(struct handler))) == NULL) { -+ pam_syslog(pamh, LOG_CRIT, "cannot allocate struct handler #1"); - return (PAM_ABORT); - } - -@@ -904,8 +904,6 @@ int _pam_add_handler(pam_handle_t *pamh - (*handler_p)->argv = argv; /* not a copy */ - if (((*handler_p)->mod_name = extract_modulename(mod_path)) == NULL) - return PAM_ABORT; -- (*handler_p)->grantor = 0; -- (*handler_p)->next = NULL; - - /* some of the modules have a second calling function */ - if (handler_p2) { -@@ -914,8 +912,8 @@ int _pam_add_handler(pam_handle_t *pamh - handler_p2 = &((*handler_p2)->next); - } - -- if ((*handler_p2 = malloc(sizeof(struct handler))) == NULL) { -- pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #2"); -+ if ((*handler_p2 = calloc(1, sizeof(struct handler))) == NULL) { -+ pam_syslog(pamh, LOG_CRIT, "cannot allocate struct handler #2"); - return (PAM_ABORT); - } - -@@ -933,13 +931,9 @@ int _pam_add_handler(pam_handle_t *pamh - return (PAM_ABORT); - } - memcpy((*handler_p2)->argv, argv, argvlen); -- } else { -- (*handler_p2)->argv = NULL; /* no arguments */ - } - if (((*handler_p2)->mod_name = extract_modulename(mod_path)) == NULL) - return PAM_ABORT; -- (*handler_p2)->grantor = 0; -- (*handler_p2)->next = NULL; - } - - D(("_pam_add_handler: returning successfully")); -diff --git a/libpam_misc/pam_misc.pc.in b/libpam_misc/pam_misc.pc.in -index 0c8898cd..c3e03c4f 100644 ---- a/libpam_misc/pam_misc.pc.in -+++ b/libpam_misc/pam_misc.pc.in -@@ -1,3 +1,5 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ - libdir=@libdir@ - includedir=@includedir@ - -diff --git a/libpamc/pamc.pc.in b/libpamc/pamc.pc.in -index 25a63854..2d841ebb 100644 ---- a/libpamc/pamc.pc.in -+++ b/libpamc/pamc.pc.in -@@ -1,3 +1,5 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ - libdir=@libdir@ - includedir=@includedir@ - -diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am -index 5723dd59..b9fbefdb 100644 ---- a/modules/pam_access/Makefile.am -+++ b/modules/pam_access/Makefile.am -@@ -18,8 +18,7 @@ securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \ -- -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS) -+ $(WARN_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml -index 9a6556cc..db853410 100644 ---- a/modules/pam_access/pam_access.8.xml -+++ b/modules/pam_access/pam_access.8.xml -@@ -53,7 +53,7 @@ - or on terminal line names, X $DISPLAY values, - or PAM service names in case of non-networked logins. - -- -+ - By default rules for access management are taken from config file - /etc/security/access.conf if you don't specify - another file. -@@ -66,6 +66,26 @@ - If a config file is explicitly specified with the - option the files in the above directory are not parsed. - -+ -+ By default rules for access management are taken from config file -+ /etc/security/access.conf or, if that one is not -+ present, the file %vendordir%/security/access.conf. -+ These settings can be overruled by setting in a config file explicitly -+ specified with the option. -+ Then individual *.conf files from the -+ /etc/security/access.d/ and -+ %vendordir%/security/access.d directories are read. -+ If /etc/security/access.d/@filename@.conf exists, then -+ %vendordir%/security/access.d/@filename@.conf will not be used. -+ All access.d/*.conf files are sorted by their -+ @filename@.conf in lexicographic order regardless of which -+ of the directories they reside in. -+ The effect of the individual files is the same as if all the files were -+ concatenated together in the order of parsing. This means that once -+ a pattern is matched in some file no further files are parsed. -+ If a config file is explicitly specified with the -+ option the files in the above directories are not parsed. -+ - - If Linux PAM is compiled with audit support the module will report - when it denies access based on origin (host, tty, etc.). -@@ -233,6 +253,13 @@ - Default configuration file - - -+ -+ %vendordir%/security/access.conf -+ -+ Default configuration file if -+ /etc/security/access.conf does not exist. -+ -+ - - - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index 277192b9..f7b47227 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -56,6 +56,13 @@ - #include "pam_cc_compat.h" - #include "pam_inline.h" - -+#define PAM_ACCESS_CONFIG (SCONFIGDIR "/access.conf") -+#define ACCESS_CONF_GLOB (SCONFIGDIR "/access.d/*.conf") -+#ifdef VENDOR_SCONFIGDIR -+#define VENDOR_PAM_ACCESS_CONFIG (VENDOR_SCONFIGDIR "/access.conf") -+#define VENDOR_ACCESS_CONF_GLOB (VENDOR_SCONFIGDIR "/access.d/*.conf") -+#endif -+ - /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */ - - /* -@@ -151,6 +158,95 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, - return 1; /* OK */ - } - -+/* --- evaluting all files in VENDORDIR/security/access.d and /etc/security/access.d --- */ -+static const char *base_name(const char *path) -+{ -+ const char *base = strrchr(path, '/'); -+ return base ? base+1 : path; -+} -+ -+static int -+compare_filename(const void *a, const void *b) -+{ -+ return strcmp(base_name(* (const char * const *) a), -+ base_name(* (const char * const *) b)); -+} -+ -+/* Evaluating a list of files which have to be parsed in the right order: -+ * -+ * - If etc/security/access.d/@filename@.conf exists, then -+ * %vendordir%/security/access.d/@filename@.conf should not be used. -+ * - All files in both access.d directories are sorted by their @filename@.conf in -+ * lexicographic order regardless of which of the directories they reside in. */ -+static char **read_access_dir(pam_handle_t *pamh) -+{ -+ glob_t globbuf; -+ size_t i=0; -+ int glob_rv = glob(ACCESS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf); -+ char **file_list; -+ size_t file_list_size = glob_rv == 0 ? globbuf.gl_pathc : 0; -+ -+#ifdef VENDOR_ACCESS_CONF_GLOB -+ glob_t globbuf_vendor; -+ int glob_rv_vendor = glob(VENDOR_ACCESS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf_vendor); -+ if (glob_rv_vendor == 0) -+ file_list_size += globbuf_vendor.gl_pathc; -+#endif -+ file_list = malloc((file_list_size + 1) * sizeof(char*)); -+ if (file_list == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for file list: %m"); -+#ifdef VENDOR_ACCESS_CONF_GLOB -+ if (glob_rv_vendor == 0) -+ globfree(&globbuf_vendor); -+#endif -+ if (glob_rv == 0) -+ globfree(&globbuf); -+ return NULL; -+ } -+ -+ if (glob_rv == 0) { -+ for (i = 0; i < globbuf.gl_pathc; i++) { -+ file_list[i] = strdup(globbuf.gl_pathv[i]); -+ if (file_list[i] == NULL) { -+ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); -+ break; -+ } -+ } -+ } -+#ifdef VENDOR_ACCESS_CONF_GLOB -+ if (glob_rv_vendor == 0) { -+ for (size_t j = 0; j < globbuf_vendor.gl_pathc; j++) { -+ if (glob_rv == 0 && globbuf.gl_pathc > 0) { -+ int double_found = 0; -+ for (size_t k = 0; k < globbuf.gl_pathc; k++) { -+ if (strcmp(base_name(globbuf.gl_pathv[k]), -+ base_name(globbuf_vendor.gl_pathv[j])) == 0) { -+ double_found = 1; -+ break; -+ } -+ } -+ if (double_found) -+ continue; -+ } -+ file_list[i] = strdup(globbuf_vendor.gl_pathv[j]); -+ if (file_list[i] == NULL) { -+ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); -+ break; -+ } -+ i++; -+ } -+ globfree(&globbuf_vendor); -+ } -+#endif -+ file_list[i] = NULL; -+ qsort(file_list, i, sizeof(char *), compare_filename); -+ -+ if (glob_rv == 0) -+ globfree(&globbuf); -+ -+ return file_list; -+} -+ - /* --- static functions for checking whether the user should be let in --- */ - - typedef int match_func (pam_handle_t *, char *, struct login_info *); -@@ -637,7 +733,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - if ((str_len = strlen(string)) > tok_len - && strcasecmp(tok, string + str_len - tok_len) == 0) - return YES; -- } else if (tok[tok_len - 1] == '.') { -+ } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ - struct addrinfo hint; - - memset (&hint, '\0', sizeof (hint)); -@@ -678,7 +774,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) - return NO; - } - -- /* Assume network/netmask with an IP of a host. */ -+ /* Assume network/netmask, IP address or hostname. */ - return network_netmask_match(pamh, tok, string, item); - } - -@@ -696,7 +792,7 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - /* - * If the token has the magic value "ALL" the match always succeeds. - * Otherwise, return YES if the token fully matches the string. -- * "NONE" token matches NULL string. -+ * "NONE" token matches NULL string. - */ - - if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ -@@ -714,7 +810,8 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, - - /* network_netmask_match - match a string against one token - * where string is a hostname or ip (v4,v6) address and tok -- * represents either a single ip (v4,v6) address or a network/netmask -+ * represents either a hostname, a single ip (v4,v6) address -+ * or a network/netmask - */ - static int - network_netmask_match (pam_handle_t *pamh, -@@ -723,10 +820,12 @@ network_netmask_match (pam_handle_t *pamh, - char *netmask_ptr; - char netmask_string[MAXHOSTNAMELEN + 1]; - int addr_type; -+ struct addrinfo *ai = NULL; - - if (item->debug) -- pam_syslog (pamh, LOG_DEBUG, -+ pam_syslog (pamh, LOG_DEBUG, - "network_netmask_match: tok=%s, item=%s", tok, string); -+ - /* OK, check if tok is of type addr/mask */ - if ((netmask_ptr = strchr(tok, '/')) != NULL) - { -@@ -760,54 +859,108 @@ network_netmask_match (pam_handle_t *pamh, - netmask_ptr = number_to_netmask(netmask, addr_type, - netmask_string, MAXHOSTNAMELEN); - } -- } -+ -+ /* -+ * Construct an addrinfo list from the IP address. -+ * This should not fail as the input is a correct IP address... -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) -+ { -+ return NO; -+ } -+ } - else -- /* NO, then check if it is only an addr */ -- if (isipaddr(tok, NULL, NULL) != YES) -+ { -+ /* -+ * It is either an IP address or a hostname. -+ * Let getaddrinfo sort everything out -+ */ -+ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) - { -+ pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); -+ - return NO; - } -+ netmask_ptr = NULL; -+ } - - if (isipaddr(string, NULL, NULL) != YES) - { -- /* Assume network/netmask with a name of a host. */ - struct addrinfo hint; - -+ /* Assume network/netmask with a name of a host. */ - memset (&hint, '\0', sizeof (hint)); - hint.ai_flags = AI_CANONNAME; - hint.ai_family = AF_UNSPEC; - - if (item->gai_rv != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else if (!item->res && - (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) -+ { -+ freeaddrinfo(ai); - return NO; -+ } - else - { - struct addrinfo *runp = item->res; -+ struct addrinfo *runp1; - - while (runp != NULL) - { - char buf[INET6_ADDRSTRLEN]; - -- DIAG_PUSH_IGNORE_CAST_ALIGN; -- inet_ntop (runp->ai_family, -- runp->ai_family == AF_INET -- ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr -- : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, -- buf, sizeof (buf)); -- DIAG_POP_IGNORE_CAST_ALIGN; -+ if (getnameinfo (runp->ai_addr, runp->ai_addrlen, buf, sizeof (buf), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } - -- if (are_addresses_equal(buf, tok, netmask_ptr)) -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) - { -- return YES; -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ if (runp->ai_family != runp1->ai_family) -+ continue; -+ -+ if (getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST) != 0) -+ { -+ freeaddrinfo(ai); -+ return NO; -+ } -+ -+ if (are_addresses_equal (buf, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } - } - runp = runp->ai_next; - } - } - } - else -- return (are_addresses_equal(string, tok, netmask_ptr)); -+ { -+ struct addrinfo *runp1; -+ -+ for (runp1 = ai; runp1 != NULL; runp1 = runp1->ai_next) -+ { -+ char buf1[INET6_ADDRSTRLEN]; -+ -+ (void) getnameinfo (runp1->ai_addr, runp1->ai_addrlen, buf1, sizeof (buf1), NULL, 0, NI_NUMERICHOST); -+ -+ if (are_addresses_equal(string, buf1, netmask_ptr)) -+ { -+ freeaddrinfo(ai); -+ return YES; -+ } -+ } -+ } -+ -+ freeaddrinfo(ai); - - return NO; - } -@@ -828,7 +981,6 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - char hostname[MAXHOSTNAMELEN + 1]; - int rv; - -- - /* set username */ - - if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { -@@ -853,6 +1005,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return PAM_ABORT; - } - -+#ifdef VENDOR_PAM_ACCESS_CONFIG -+ if (loginfo.config_file == default_config) { -+ /* Check whether PAM_ACCESS_CONFIG file is available. -+ * If it does not exist, fall back to VENDOR_PAM_ACCESS_CONFIG file. */ -+ struct stat buffer; -+ if (stat(loginfo.config_file, &buffer) != 0 && errno == ENOENT) { -+ default_config = VENDOR_PAM_ACCESS_CONFIG; -+ loginfo.config_file = default_config; -+ } -+ } -+#endif -+ - /* remote host name */ - - if (pam_get_item(pamh, PAM_RHOST, &void_from) -@@ -916,23 +1080,18 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - rv = login_access(pamh, &loginfo); - - if (rv == NOMATCH && loginfo.config_file == default_config) { -- glob_t globbuf; -- int i, glob_rv; -- -- /* We do not manipulate locale as setlocale() is not -- * thread safe. We could use uselocale() in future. -- */ -- glob_rv = glob(ACCESS_CONF_GLOB, GLOB_ERR, NULL, &globbuf); -- if (!glob_rv) { -- /* Parse the *.conf files. */ -- for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { -- loginfo.config_file = globbuf.gl_pathv[i]; -- rv = login_access(pamh, &loginfo); -- if (rv != NOMATCH) -- break; -- } -- globfree(&globbuf); -- } -+ char **filename_list = read_access_dir(pamh); -+ if (filename_list != NULL) { -+ for (int i = 0; filename_list[i] != NULL; i++) { -+ loginfo.config_file = filename_list[i]; -+ rv = login_access(pamh, &loginfo); -+ if (rv != NOMATCH) -+ break; -+ } -+ for (int i = 0; filename_list[i] != NULL; i++) -+ free(filename_list[i]); -+ free(filename_list); -+ } - } - - if (loginfo.gai_rv == 0 && loginfo.res) -diff --git a/modules/pam_env/.gitignore b/modules/pam_env/.gitignore -new file mode 100644 -index 00000000..4c5b234b ---- /dev/null -+++ b/modules/pam_env/.gitignore -@@ -0,0 +1 @@ -+tst-pam_env-retval -diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am -index c66112d6..b99a83ec 100644 ---- a/modules/pam_env/Makefile.am -+++ b/modules/pam_env/Makefile.am -@@ -12,20 +12,23 @@ dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5 - endif - XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml - dist_check_SCRIPTS = tst-pam_env --TESTS = $(dist_check_SCRIPTS) -+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) - - securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS) -+ $(WARN_CFLAGS) -DSYSCONFDIR=\"$(sysconfdir)\" $(ECONF_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - - securelib_LTLIBRARIES = pam_env.la --pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la -+pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS) -+ -+check_PROGRAMS = tst-pam_env-retval -+tst_pam_env_retval_LDADD = $(top_builddir)/libpam/libpam.la - - dist_secureconf_DATA = pam_env.conf - dist_sysconf_DATA = environment -diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml -index 75ff862b..d7687d6c 100644 ---- a/modules/pam_env/pam_env.8.xml -+++ b/modules/pam_env/pam_env.8.xml -@@ -52,13 +52,55 @@ - variables as well as PAM_ITEMs such as - PAM_RHOST. - -- -+ -+ Rules for (un)setting of variables can be defined in an own config -+ file. The path to this file can be specified with the -+ conffile option. -+ If this file does not exist, the default rules are taken from the -+ config files /etc/security/pam_env.conf and -+ /etc/security/pam_env.conf.d/*.conf. -+ If the file /etc/security/pam_env.conf does not -+ exist, the rules are taken from the files -+ %vendordir%/security/pam_env.conf, -+ %vendordir%/security/pam_env.conf.d/*.conf and -+ /etc/security/pam_env.conf.d/*.conf in that order. -+ -+ -+ By default rules for (un)setting of variables are taken from the -+ config file /etc/security/pam_env.conf. -+ If this file does not exist %vendordir%/security/pam_env.conf is used. -+ An alternate file can be specified with the conffile -+ option, which overrules all other files. -+ -+ - By default rules for (un)setting of variables are taken from the - config file /etc/security/pam_env.conf. An - alternate file can be specified with the conffile - option. - -- -+ -+ Environment variables can be defined in a file with simple KEY=VAL -+ pairs on separate lines. The path to this file can be specified with the -+ envfile option. -+ If this file has not been defined, the settings are read from the -+ files /etc/security/environment and -+ /etc/security/environment.d/*. -+ If the file /etc/environment does not exist, the -+ settings are read from the files %vendordir%/environment, -+ %vendordir%/environment.d/* and -+ /etc/environment.d/* in that order. -+ And last but not least, with the readenv option this mechanism can -+ be completely disabled. -+ -+ -+ Second a file (/etc/environment by default) with simple -+ KEY=VAL pairs on separate lines will be read. -+ If this file does not exist, %vendordir%/etc/environment is used. -+ With the envfile option an alternate file can be specified, -+ which overrules all other files. -+ And with the readenv option this can be completely disabled. -+ -+ - Second a file (/etc/environment by default) with simple - KEY=VAL pairs on separate lines will be read. - With the envfile option an alternate file can be specified. -@@ -224,12 +266,14 @@ - FILES - - -+ /usr/etc/security/pam_env.conf - /etc/security/pam_env.conf - - Default configuration file - - - -+ /usr/etc/environment - /etc/environment - - Default environment file -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index f5f8cead..aabab799 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -7,6 +7,9 @@ - */ - - #define DEFAULT_ETC_ENVFILE "/etc/environment" -+#ifdef VENDORDIR -+#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/etc/environment") -+#endif - #define DEFAULT_READ_ENVFILE 1 - - #define DEFAULT_USER_ENVFILE ".pam_environment" -@@ -25,6 +28,9 @@ - #include - #include - #include -+#ifdef USE_ECONF -+#include -+#endif - - #include - #include -@@ -41,6 +47,11 @@ typedef struct var { - char *override; - } VAR; - -+#define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") -+#ifdef VENDOR_SCONFIGDIR -+#define VENDOR_DEFAULT_CONF_FILE (VENDOR_SCONFIGDIR "/pam_env.conf") -+#endif -+ - #define BUF_SIZE 8192 - #define MAX_ENV 8192 - -@@ -51,18 +62,19 @@ typedef struct var { - #define UNDEFINE_VAR 102 - #define ILLEGAL_VAR 103 - --static int _assemble_line(FILE *, char *, int); --static int _parse_line(const pam_handle_t *, const char *, VAR *); --static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */ --static void _clean_var(VAR *); --static int _expand_arg(pam_handle_t *, char **); --static const char * _pam_get_item_byname(pam_handle_t *, const char *); --static int _define_var(pam_handle_t *, int, VAR *); --static int _undefine_var(pam_handle_t *, int, VAR *); -- - /* This is a special value used to designate an empty string */ - static char quote='\0'; - -+static void free_string_array(char **array) -+{ -+ if (array == NULL) -+ return; -+ for (char **entry = array; *entry != NULL; ++entry) { -+ free(*entry); -+ } -+ free(array); -+} -+ - /* argument parsing */ - - #define PAM_DEBUG_ARG 0x01 -@@ -75,10 +87,10 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, - int ctrl=0; - - *user_envfile = DEFAULT_USER_ENVFILE; -- *envfile = DEFAULT_ETC_ENVFILE; -+ *envfile = NULL; - *readenv = DEFAULT_READ_ENVFILE; - *user_readenv = DEFAULT_USER_READ_ENVFILE; -- *conffile = DEFAULT_CONF_FILE; -+ *conffile = NULL; - - /* step through arguments */ - for (; argc-- > 0; ++argv) { -@@ -126,166 +138,154 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, - return ctrl; - } - --static int --_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) --{ -- int retval; -- char buffer[BUF_SIZE]; -- FILE *conf; -- VAR Var, *var=&Var; -- -- D(("Called.")); -+#ifdef USE_ECONF - -- var->name=NULL; var->defval=NULL; var->override=NULL; -+#define ENVIRONMENT "environment" -+#define PAM_ENV "pam_env" - -- D(("Config file name is: %s", file)); -- -- /* -- * Lets try to open the config file, parse it and process -- * any variables found. -- */ -- -- if ((conf = fopen(file,"r")) == NULL) { -- pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); -- return PAM_IGNORE; -- } -- -- /* _pam_assemble_line will provide a complete line from the config file, -- * with all comments removed and any escaped newlines fixed up -- */ -- -- while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { -- D(("Read line: %s", buffer)); -- -- if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { -- retval = _check_var(pamh, var); -- -- if (DEFINE_VAR == retval) { -- retval = _define_var(pamh, ctrl, var); -- -- } else if (UNDEFINE_VAR == retval) { -- retval = _undefine_var(pamh, ctrl, var); -- } -- } -- if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval -- && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; -- -- _clean_var(var); -- -- } /* while */ -- -- (void) fclose(conf); -- -- /* tidy up */ -- _clean_var(var); /* We could have got here prematurely, -- * this is safe though */ -- D(("Exit.")); -- return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); -+static int -+isDirectory(const char *path) { -+ struct stat statbuf; -+ if (stat(path, &statbuf) != 0) -+ return 0; -+ return S_ISDIR(statbuf.st_mode); - } - - static int --_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) -+econf_read_file(const pam_handle_t *pamh, const char *filename, const char *delim, -+ const char *name, const char *suffix, const char *subpath, -+ char ***lines) - { -- int retval=PAM_SUCCESS, i, t; -- char buffer[BUF_SIZE], *key, *mark; -- FILE *conf; -- -- D(("Env file name is: %s", file)); -- -- if ((conf = fopen(file,"r")) == NULL) { -- pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); -- return PAM_IGNORE; -+ econf_file *key_file = NULL; -+ econf_err error; -+ size_t key_number = 0; -+ char **keys = NULL; -+ const char *base_dir = ""; -+ -+ if (filename != NULL) { -+ if (isDirectory(filename)) { -+ /* Set base directory which can be different from root */ -+ D(("filename argument is a directory: %s", filename)); -+ base_dir = filename; -+ } else { -+ /* Read only one file */ -+ error = econf_readFile (&key_file, filename, delim, "#"); -+ D(("File name is: %s", filename)); -+ if (error != ECONF_SUCCESS) { -+ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %s", filename, -+ econf_errString(error)); -+ if (error == ECONF_NOFILE) -+ return PAM_IGNORE; -+ else -+ return PAM_ABORT; -+ } -+ } - } -+ if (filename == NULL || base_dir[0] != '\0') { -+ /* Read and merge all setting in e.g. /usr/etc and /etc */ -+ char *vendor_dir = NULL, *sysconf_dir; -+ if (subpath != NULL && subpath[0] != '\0') { -+#ifdef VENDORDIR -+ if (asprintf(&vendor_dir, "%s%s/%s/", base_dir, VENDORDIR, subpath) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ return PAM_BUF_ERR; -+ } -+#endif -+ if (asprintf(&sysconf_dir, "%s%s/%s/", base_dir, SYSCONFDIR, subpath) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ free(vendor_dir); -+ return PAM_BUF_ERR; -+ } -+ } else { -+#ifdef VENDORDIR -+ if (asprintf(&vendor_dir, "%s%s/", base_dir, VENDORDIR) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ return PAM_BUF_ERR; -+ } -+#endif -+ if (asprintf(&sysconf_dir, "%s%s/", base_dir, SYSCONFDIR) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ free(vendor_dir); -+ return PAM_BUF_ERR; -+ } -+ } - -- while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { -- D(("Read line: %s", buffer)); -- key = buffer; -- -- /* skip leading white space */ -- key += strspn(key, " \n\t"); -- -- /* skip blanks lines and comments */ -- if (key[0] == '#') -- continue; -- -- /* skip over "export " if present so we can be compat with -- bash type declarations */ -- if (strncmp(key, "export ", (size_t) 7) == 0) -- key += 7; -- -- /* now find the end of value */ -- mark = key; -- while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') -- mark++; -- if (mark[0] != '\0') -- mark[0] = '\0'; -- -- /* -- * sanity check, the key must be alphanumeric -- */ -- -- if (key[0] == '=') { -- pam_syslog(pamh, LOG_ERR, -- "missing key name '%s' in %s', ignoring", -- key, file); -- continue; -+ D(("Read configuration from directory %s and %s", vendor_dir, sysconf_dir)); -+ error = econf_readDirs (&key_file, vendor_dir, sysconf_dir, name, suffix, -+ delim, "#"); -+ free(vendor_dir); -+ free(sysconf_dir); -+ if (error != ECONF_SUCCESS) { -+ if (error == ECONF_NOFILE) { -+ pam_syslog(pamh, LOG_ERR, "Configuration file not found: %s%s", name, suffix); -+ return PAM_IGNORE; -+ } else { -+ char *error_filename = NULL; -+ uint64_t error_line = 0; -+ -+ econf_errLocation(&error_filename, &error_line); -+ pam_syslog(pamh, LOG_ERR, "Unable to read configuration file %s line %ld: %s", -+ error_filename, -+ error_line, -+ econf_errString(error)); -+ free(error_filename); -+ return PAM_ABORT; - } -+ } -+ } - -- for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) -- if (!isalnum(key[i]) && key[i] != '_') { -- pam_syslog(pamh, LOG_ERR, -- "non-alphanumeric key '%s' in %s', ignoring", -- key, file); -- break; -- } -- /* non-alphanumeric key, ignore this line */ -- if (key[i] != '=' && key[i] != '\0') -- continue; -+ error = econf_getKeys(key_file, NULL, &key_number, &keys); -+ if (error != ECONF_SUCCESS && error != ECONF_NOKEY) { -+ pam_syslog(pamh, LOG_ERR, "Unable to read keys: %s", -+ econf_errString(error)); -+ econf_freeFile(key_file); -+ return PAM_ABORT; -+ } - -- /* now we try to be smart about quotes around the value, -- but not too smart, we can't get all fancy with escaped -- values like bash */ -- if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { -- for ( t = i+1 ; key[t] != '\0' ; t++) -- if (key[t] != '\"' && key[t] != '\'') -- key[i++] = key[t]; -- else if (key[t+1] != '\0') -- key[i++] = key[t]; -- key[i] = '\0'; -- } -+ *lines = malloc((key_number +1)* sizeof(char**)); -+ if (*lines == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ econf_free(keys); -+ econf_freeFile(key_file); -+ return PAM_BUF_ERR; -+ } - -- /* if this is a request to delete a variable, check that it's -- actually set first, so we don't get a vague error back from -- pam_putenv() */ -- for (i = 0; key[i] != '=' && key[i] != '\0'; i++); -+ (*lines)[key_number] = 0; - -- if (key[i] == '\0' && !pam_getenv(pamh,key)) -- continue; -+ for (size_t i = 0; i < key_number; i++) { -+ char *val; - -- /* set the env var, if it fails, we break out of the loop */ -- retval = pam_putenv(pamh, key); -- if (retval != PAM_SUCCESS) { -- D(("error setting env \"%s\"", key)); -- break; -- } else if (ctrl & PAM_DEBUG_ARG) { -- pam_syslog(pamh, LOG_DEBUG, -- "pam_putenv(\"%s\")", key); -+ error = econf_getStringValue (key_file, NULL, keys[i], &val); -+ if (error != ECONF_SUCCESS) { -+ pam_syslog(pamh, LOG_ERR, "Unable to get string from key %s: %s", -+ keys[i], -+ econf_errString(error)); -+ } else { -+ if (asprintf(&(*lines)[i],"%s%c%s", keys[i], delim[0], val) < 0) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ econf_free(keys); -+ econf_freeFile(key_file); -+ free_string_array(*lines); -+ free (val); -+ return PAM_BUF_ERR; - } -+ free (val); -+ } - } - -- (void) fclose(conf); -- -- /* tidy up */ -- D(("Exit.")); -- return retval; -+ econf_free(keys); -+ econf_free(key_file); -+ return PAM_SUCCESS; - } - -+#else -+ - /* - * This is where we read a line of the PAM config file. The line may be - * preceded by lines of comments and also extended with "\\\n" - */ -- --static int _assemble_line(FILE *f, char *buffer, int buf_len) -+static int -+_assemble_line(FILE *f, char *buffer, int buf_len) - { - char *p = buffer; - char *s, *os; -@@ -373,8 +373,54 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) - return used; - } - -+static int read_file(const pam_handle_t *pamh, const char*filename, char ***lines) -+{ -+ FILE *conf; -+ char buffer[BUF_SIZE]; -+ -+ D(("Parsed file name is: %s", filename)); -+ -+ if ((conf = fopen(filename,"r")) == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s", filename); -+ return PAM_IGNORE; -+ } -+ -+ size_t i = 0; -+ *lines = malloc((i + 1)* sizeof(char**)); -+ if (*lines == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ (void) fclose(conf); -+ return PAM_BUF_ERR; -+ } -+ (*lines)[i] = 0; -+ while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { -+ char **tmp = NULL; -+ D(("Read line: %s", buffer)); -+ tmp = realloc(*lines, (++i + 1) * sizeof(char**)); -+ if (tmp == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ (void) fclose(conf); -+ free_string_array(*lines); -+ return PAM_BUF_ERR; -+ } -+ *lines = tmp; -+ (*lines)[i-1] = strdup(buffer); -+ if ((*lines)[i-1] == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); -+ (void) fclose(conf); -+ free_string_array(*lines); -+ return PAM_BUF_ERR; -+ } -+ (*lines)[i] = 0; -+ } -+ -+ (void) fclose(conf); -+ return PAM_SUCCESS; -+} -+#endif -+ - static int --_parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) -+_parse_line(const pam_handle_t *pamh, const char *buffer, VAR *var) - { - /* - * parse buffer into var, legal syntax is -@@ -454,7 +500,8 @@ _parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) - } - (void)strncpy(*valptr,ptr,length); - (*valptr)[length]='\0'; -- } else if (quoteflg--) { -+ } else if (quoteflg) { -+ quoteflg--; - *valptr = "e; /* a quick hack to handle the empty string */ - } - ptr = tmpptr; /* Start the search where we stopped */ -@@ -469,75 +516,57 @@ _parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var) - return GOOD_LINE; - } - --static int _check_var(pam_handle_t *pamh, VAR *var) -+static const char * -+_pam_get_item_byname(pam_handle_t *pamh, const char *name) - { - /* -- * Examine the variable and determine what action to take. -- * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take -- * or a PAM_* error code if passed back from other routines -- * -- * if no DEFAULT provided, the empty string is assumed -- * if no OVERRIDE provided, the empty string is assumed -- * if DEFAULT= and OVERRIDE evaluates to the empty string, -- * this variable should be undefined -- * if DEFAULT="" and OVERRIDE evaluates to the empty string, -- * this variable should be defined with no value -- * if OVERRIDE=value and value turns into the empty string, DEFAULT is used -- * -- * If DEFINE_VAR is to be returned, the correct value to define will -- * be pointed to by var->value -+ * This function just allows me to use names as given in the config -+ * file and translate them into the appropriate PAM_ITEM macro - */ - -- int retval; -+ int item; -+ const void *itemval; - - D(("Called.")); -- -- /* -- * First thing to do is to expand any arguments, but only -- * if they are not the special quote values (cause expand_arg -- * changes memory). -- */ -- -- if (var->defval && ("e != var->defval) && -- ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { -- return retval; -- } -- if (var->override && ("e != var->override) && -- ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { -- return retval; -+ if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { -+ item = PAM_USER; -+ } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { -+ item = PAM_USER_PROMPT; -+ } else if (strcmp(name, "PAM_TTY") == 0) { -+ item = PAM_TTY; -+ } else if (strcmp(name, "PAM_RUSER") == 0) { -+ item = PAM_RUSER; -+ } else if (strcmp(name, "PAM_RHOST") == 0) { -+ item = PAM_RHOST; -+ } else { -+ D(("Unknown PAM_ITEM: <%s>", name)); -+ pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); -+ return NULL; - } - -- /* Now its easy */ -- -- if (var->override && *(var->override)) { -- /* if there is a non-empty string in var->override, we use it */ -- D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); -- var->value = var->override; -- retval = DEFINE_VAR; -- } else { -+ if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { -+ D(("pam_get_item failed")); -+ return NULL; /* let pam_get_item() log the error */ -+ } - -- var->value = var->defval; -- if ("e == var->defval) { -- /* -- * This means that the empty string was given for defval value -- * which indicates that a variable should be defined with no value -- */ -- D(("An empty variable: <%s>", var->name)); -- retval = DEFINE_VAR; -- } else if (var->defval) { -- D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); -- retval = DEFINE_VAR; -- } else { -- D(("UNDEFINE variable <%s>", var->name)); -- retval = UNDEFINE_VAR; -+ if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { -+ struct passwd *user_entry; -+ user_entry = pam_modutil_getpwnam (pamh, itemval); -+ if (!user_entry) { -+ pam_syslog(pamh, LOG_ERR, "No such user!?"); -+ return NULL; - } -+ return (strcmp(name, "SHELL") == 0) ? -+ user_entry->pw_shell : -+ user_entry->pw_dir; - } - - D(("Exit.")); -- return retval; -+ return itemval; - } - --static int _expand_arg(pam_handle_t *pamh, char **value) -+static int -+_expand_arg(pam_handle_t *pamh, char **value) - { - const char *orig=*value, *tmpptr=NULL; - char *ptr; /* -@@ -677,55 +706,96 @@ static int _expand_arg(pam_handle_t *pamh, char **value) - return PAM_SUCCESS; - } - --static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) -+static int -+_check_var(pam_handle_t *pamh, VAR *var) - { - /* -- * This function just allows me to use names as given in the config -- * file and translate them into the appropriate PAM_ITEM macro -+ * Examine the variable and determine what action to take. -+ * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take -+ * or a PAM_* error code if passed back from other routines -+ * -+ * if no DEFAULT provided, the empty string is assumed -+ * if no OVERRIDE provided, the empty string is assumed -+ * if DEFAULT= and OVERRIDE evaluates to the empty string, -+ * this variable should be undefined -+ * if DEFAULT="" and OVERRIDE evaluates to the empty string, -+ * this variable should be defined with no value -+ * if OVERRIDE=value and value turns into the empty string, DEFAULT is used -+ * -+ * If DEFINE_VAR is to be returned, the correct value to define will -+ * be pointed to by var->value - */ - -- int item; -- const void *itemval; -+ int retval; - - D(("Called.")); -- if (strcmp(name, "PAM_USER") == 0 || strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0) { -- item = PAM_USER; -- } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { -- item = PAM_USER_PROMPT; -- } else if (strcmp(name, "PAM_TTY") == 0) { -- item = PAM_TTY; -- } else if (strcmp(name, "PAM_RUSER") == 0) { -- item = PAM_RUSER; -- } else if (strcmp(name, "PAM_RHOST") == 0) { -- item = PAM_RHOST; -- } else { -- D(("Unknown PAM_ITEM: <%s>", name)); -- pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); -- return NULL; -- } - -- if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { -- D(("pam_get_item failed")); -- return NULL; /* let pam_get_item() log the error */ -+ /* -+ * First thing to do is to expand any arguments, but only -+ * if they are not the special quote values (cause expand_arg -+ * changes memory). -+ */ -+ -+ if (var->defval && ("e != var->defval) && -+ ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { -+ return retval; -+ } -+ if (var->override && ("e != var->override) && -+ ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { -+ return retval; - } - -- if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) { -- struct passwd *user_entry; -- user_entry = pam_modutil_getpwnam (pamh, itemval); -- if (!user_entry) { -- pam_syslog(pamh, LOG_ERR, "No such user!?"); -- return NULL; -+ /* Now its easy */ -+ -+ if (var->override && *(var->override)) { -+ /* if there is a non-empty string in var->override, we use it */ -+ D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); -+ var->value = var->override; -+ retval = DEFINE_VAR; -+ } else { -+ -+ var->value = var->defval; -+ if ("e == var->defval) { -+ /* -+ * This means that the empty string was given for defval value -+ * which indicates that a variable should be defined with no value -+ */ -+ D(("An empty variable: <%s>", var->name)); -+ retval = DEFINE_VAR; -+ } else if (var->defval) { -+ D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); -+ retval = DEFINE_VAR; -+ } else { -+ D(("UNDEFINE variable <%s>", var->name)); -+ retval = UNDEFINE_VAR; - } -- return (strcmp(name, "SHELL") == 0) ? -- user_entry->pw_shell : -- user_entry->pw_dir; - } - - D(("Exit.")); -- return itemval; -+ return retval; -+} -+ -+static void -+_clean_var(VAR *var) -+{ -+ if (var->name) { -+ free(var->name); -+ } -+ if (var->defval && ("e != var->defval)) { -+ free(var->defval); -+ } -+ if (var->override && ("e != var->override)) { -+ free(var->override); -+ } -+ var->name = NULL; -+ var->value = NULL; /* never has memory specific to it */ -+ var->defval = NULL; -+ var->override = NULL; -+ return; - } - --static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) -+static int -+_define_var(pam_handle_t *pamh, int ctrl, VAR *var) - { - /* We have a variable to define, this is a simple function */ - -@@ -747,7 +817,8 @@ static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) - return retval; - } - --static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) -+static int -+_undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) - { - /* We have a variable to undefine, this is a simple function */ - -@@ -758,25 +829,176 @@ static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) - return pam_putenv(pamh, var->name); - } - --static void _clean_var(VAR *var) -+static int -+_parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) - { -- if (var->name) { -- free(var->name); -- } -- if (var->defval && ("e != var->defval)) { -- free(var->defval); -- } -- if (var->override && ("e != var->override)) { -- free(var->override); -+ int retval; -+ VAR Var, *var=&Var; -+ char **conf_list = NULL; -+ -+ var->name=NULL; var->defval=NULL; var->override=NULL; -+ -+ D(("Called.")); -+ -+#ifdef USE_ECONF -+ /* If "file" is not NULL, only this file will be parsed. */ -+ retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); -+#else -+ /* Only one file will be parsed. So, file has to be set. */ -+ if (file == NULL) /* No filename has been set via argv. */ -+ file = DEFAULT_CONF_FILE; -+#ifdef VENDOR_DEFAULT_CONF_FILE -+ /* -+ * Check whether file is available. -+ * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. -+ */ -+ struct stat stat_buffer; -+ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { -+ file = VENDOR_DEFAULT_CONF_FILE; - } -- var->name = NULL; -- var->value = NULL; /* never has memory specific to it */ -- var->defval = NULL; -- var->override = NULL; -- return; -+#endif -+ retval = read_file(pamh, file, &conf_list); -+#endif -+ -+ if (retval != PAM_SUCCESS) -+ return retval; -+ -+ for (char **conf = conf_list; *conf != NULL; ++conf) { -+ if ((retval = _parse_line(pamh, *conf, var)) == GOOD_LINE) { -+ retval = _check_var(pamh, var); -+ -+ if (DEFINE_VAR == retval) { -+ retval = _define_var(pamh, ctrl, var); -+ -+ } else if (UNDEFINE_VAR == retval) { -+ retval = _undefine_var(pamh, ctrl, var); -+ } -+ } -+ if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval -+ && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; -+ -+ _clean_var(var); -+ -+ } /* for */ -+ -+ /* tidy up */ -+ free_string_array(conf_list); -+ _clean_var(var); /* We could have got here prematurely, -+ * this is safe though */ -+ D(("Exit.")); -+ return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); - } - -+static int -+_parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) -+{ -+ int retval=PAM_SUCCESS, i, t; -+ char *key, *mark; -+ char **env_list = NULL; -+ -+#ifdef USE_ECONF -+ retval = econf_read_file(pamh, file, "=", ENVIRONMENT, "", "", &env_list); -+#else -+ /* Only one file will be parsed. So, file has to be set. */ -+ if (file == NULL) /* No filename has been set via argv. */ -+ file = DEFAULT_ETC_ENVFILE; -+#ifdef VENDOR_DEFAULT_ETC_ENVFILE -+ /* -+ * Check whether file is available. -+ * If it does not exist, fall back to VENDOR_DEFAULT_ETC_ENVFILE; file. -+ */ -+ struct stat stat_buffer; -+ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { -+ file = VENDOR_DEFAULT_ETC_ENVFILE; -+ } -+#endif -+ retval = read_file(pamh, file, &env_list); -+#endif -+ -+ if (retval != PAM_SUCCESS) -+ return retval == PAM_IGNORE ? PAM_SUCCESS : retval; -+ -+ for (char **env = env_list; *env != NULL; ++env) { -+ key = *env; -+ -+ /* skip leading white space */ -+ key += strspn(key, " \n\t"); -+ -+ /* skip blanks lines and comments */ -+ if (key[0] == '#') -+ continue; - -+ /* skip over "export " if present so we can be compat with -+ bash type declarations */ -+ if (strncmp(key, "export ", (size_t) 7) == 0) -+ key += 7; -+ -+ /* now find the end of value */ -+ mark = key; -+ while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') -+ mark++; -+ if (mark[0] != '\0') -+ mark[0] = '\0'; -+ -+ /* -+ * sanity check, the key must be alphanumeric -+ */ -+ -+ if (key[0] == '=') { -+ pam_syslog(pamh, LOG_ERR, -+ "missing key name '%s' in %s', ignoring", -+ key, file); -+ continue; -+ } -+ -+ for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) -+ if (!isalnum(key[i]) && key[i] != '_') { -+ pam_syslog(pamh, LOG_ERR, -+ "non-alphanumeric key '%s' in %s', ignoring", -+ key, file); -+ break; -+ } -+ /* non-alphanumeric key, ignore this line */ -+ if (key[i] != '=' && key[i] != '\0') -+ continue; -+ -+ /* now we try to be smart about quotes around the value, -+ but not too smart, we can't get all fancy with escaped -+ values like bash */ -+ if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { -+ for ( t = i+1 ; key[t] != '\0' ; t++) -+ if (key[t] != '\"' && key[t] != '\'') -+ key[i++] = key[t]; -+ else if (key[t+1] != '\0') -+ key[i++] = key[t]; -+ key[i] = '\0'; -+ } -+ -+ /* if this is a request to delete a variable, check that it's -+ actually set first, so we don't get a vague error back from -+ pam_putenv() */ -+ for (i = 0; key[i] != '=' && key[i] != '\0'; i++); -+ -+ if (key[i] == '\0' && !pam_getenv(pamh,key)) -+ continue; -+ -+ /* set the env var, if it fails, we break out of the loop */ -+ retval = pam_putenv(pamh, key); -+ if (retval != PAM_SUCCESS) { -+ D(("error setting env \"%s\"", key)); -+ break; -+ } else if (ctrl & PAM_DEBUG_ARG) { -+ pam_syslog(pamh, LOG_DEBUG, -+ "pam_putenv(\"%s\")", key); -+ } -+ free(*env); -+ } -+ -+ /* tidy up */ -+ free(env_list); -+ D(("Exit.")); -+ return retval; -+} - - /* --- authentication management functions (only) --- */ - -diff --git a/modules/pam_env/pam_env.conf.5.xml b/modules/pam_env/pam_env.conf.5.xml -index fca046fe..5c0dbcb8 100644 ---- a/modules/pam_env/pam_env.conf.5.xml -+++ b/modules/pam_env/pam_env.conf.5.xml -@@ -20,7 +20,15 @@ - - DESCRIPTION - -- -+ -+ The /usr/etc/security/pam_env.conf and -+ /etc/security/pam_env.conf files specify -+ the environment variables to be set, unset or modified by -+ pam_env8. -+ When someone logs in, these files are read and the environment -+ variables are set according. -+ -+ - The /etc/security/pam_env.conf file specifies - the environment variables to be set, unset or modified by - pam_env8. -@@ -61,7 +69,15 @@ - at front) can be used to mark this line as a comment line. - - -- -+ -+ The /usr/etc/environment and /etc/environment files specify -+ the environment variables to be set. These files must consist of simple -+ NAME=VALUE pairs on separate lines. -+ The pam_env8 -+ module will read these files after the pam_env.conf -+ file. -+ -+ - The /etc/environment file specifies - the environment variables to be set. The file must consist of simple - NAME=VALUE pairs on separate lines. -diff --git a/modules/pam_env/tst-pam_env-retval.c b/modules/pam_env/tst-pam_env-retval.c -new file mode 100644 -index 00000000..99e2e2a5 ---- /dev/null -+++ b/modules/pam_env/tst-pam_env-retval.c -@@ -0,0 +1,259 @@ -+/* -+ * Check pam_env return values. -+ * -+ * Copyright (c) 2020-2022 Dmitry V. Levin -+ * Copyright (c) 2022 Stefan Schubert -+ */ -+ -+#include "test_assert.h" -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define MODULE_NAME "pam_env" -+#define TEST_NAME "tst-" MODULE_NAME "-retval" -+#define TEST_NAME_DIR TEST_NAME ".dir" -+ -+static const char service_file[] = TEST_NAME ".service"; -+static const char missing_file[] = TEST_NAME ".missing"; -+static const char dir[] = TEST_NAME_DIR; -+static const char dir_usr[] = TEST_NAME_DIR "/usr"; -+static const char dir_usr_etc[] = TEST_NAME_DIR "/usr/etc"; -+static const char dir_usr_etc_security[] = TEST_NAME_DIR "/usr/etc/security"; -+static const char my_conf[] = TEST_NAME ".conf"; -+static const char my_env[] = TEST_NAME ".env"; -+static const char usr_env[] = TEST_NAME_DIR "/usr/etc/environment"; -+static const char usr_conf[] = TEST_NAME_DIR "/usr/etc/security/pam_env.conf"; -+ -+static struct pam_conv conv; -+ -+static void -+setup(void) -+{ -+ FILE *fp; -+ -+ ASSERT_EQ(0, mkdir(dir, 0755)); -+ ASSERT_EQ(0, mkdir(dir_usr, 0755)); -+ ASSERT_EQ(0, mkdir(dir_usr_etc, 0755)); -+ ASSERT_EQ(0, mkdir(dir_usr_etc_security, 0755)); -+ -+ ASSERT_NE(NULL, fp = fopen(my_conf, "w")); -+ ASSERT_LT(0, fprintf(fp, -+ "EDITOR\tDEFAULT=vim\n" -+ "PAGER\tDEFAULT=more\n")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_NE(NULL, fp = fopen(my_env, "w")); -+ ASSERT_LT(0, fprintf(fp, -+ "test_value=foo\n" -+ "test2_value=bar\n")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_NE(NULL, fp = fopen(usr_env, "w")); -+ ASSERT_LT(0, fprintf(fp, -+ "usr_etc_test=foo\n" -+ "usr_etc_test2=bar\n")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_NE(NULL, fp = fopen(usr_conf, "w")); -+ ASSERT_LT(0, fprintf(fp, -+ "PAGER DEFAULT=emacs\n" -+ "MANPAGER DEFAULT=less\n")); -+ ASSERT_EQ(0, fclose(fp)); -+} -+ -+static void -+cleanup(void) -+{ -+ ASSERT_EQ(0, unlink(my_conf)); -+ ASSERT_EQ(0, unlink(my_env)); -+ ASSERT_EQ(0, unlink(usr_env)); -+ ASSERT_EQ(0, unlink(usr_conf)); -+ ASSERT_EQ(0, rmdir(dir_usr_etc_security)); -+ ASSERT_EQ(0, rmdir(dir_usr_etc)); -+ ASSERT_EQ(0, rmdir(dir_usr)); -+ ASSERT_EQ(0, rmdir(dir)); -+} -+ -+static void -+check_array(const char **array1, char **array2) -+{ -+ for (const char **a1 = array1; *a1 != NULL; ++a1) { -+ char **a2; -+ for (a2 = array2; *a2 != NULL; ++a2) { -+ if (strcmp(*a1, *a2) == 0) -+ break; -+ } -+ ASSERT_NE(NULL, *a2); -+ } -+} -+ -+static void -+check_env(const char **list) -+{ -+ pam_handle_t *pamh = NULL; -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ -+ ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); -+ -+ char **env_list = pam_getenvlist(pamh); -+ ASSERT_NE(NULL, env_list); -+ -+ check_array(list, env_list); -+ -+ for (char **e = env_list; *e != NULL; ++e) -+ free(*e); -+ free(env_list); -+ -+ ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+} -+ -+int -+main(void) -+{ -+ pam_handle_t *pamh = NULL; -+ FILE *fp; -+ char cwd[PATH_MAX]; -+ -+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); -+ -+ setup(); -+ -+ /* -+ * When conffile= specifies a missing file, all methods except -+ * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. -+ * The return code of the stack where every module returns PAM_IGNORE -+ * is PAM_PERM_DENIED. -+ */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so conffile=%s/%s\n" -+ "account required %s/.libs/%s.so conffile=%s/%s\n" -+ "password required %s/.libs/%s.so conffile=%s/%s\n" -+ "session required %s/.libs/%s.so conffile=%s/%s\n", -+ cwd, MODULE_NAME, cwd, missing_file, -+ cwd, MODULE_NAME, cwd, missing_file, -+ cwd, MODULE_NAME, cwd, missing_file, -+ cwd, MODULE_NAME, cwd, missing_file)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ /* -+ * When conffile= specifies a missing file, all methods except -+ * pam_sm_acct_mgmt and pam_sm_chauthtok return PAM_IGNORE. -+ * pam_permit is added after pam_env to convert PAM_IGNORE to PAM_SUCCESS. -+ */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so conffile=%s/%s\n" -+ "auth required %s/../pam_permit/.libs/pam_permit.so\n" -+ "account required %s/.libs/%s.so conffile=%s/%s\n" -+ "account required %s/../pam_permit/.libs/pam_permit.so\n" -+ "password required %s/.libs/%s.so conffile=%s/%s\n" -+ "password required %s/../pam_permit/.libs/pam_permit.so\n" -+ "session required %s/.libs/%s.so conffile=%s/%s\n" -+ "session required %s/../pam_permit/.libs/pam_permit.so\n", -+ cwd, MODULE_NAME, cwd, missing_file, cwd, -+ cwd, MODULE_NAME, cwd, missing_file, cwd, -+ cwd, MODULE_NAME, cwd, missing_file, cwd, -+ cwd, MODULE_NAME, cwd, missing_file, cwd)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ /* -+ * conffile= specifies an existing file, -+ * envfile= specifies an empty file. -+ */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "session required %s/.libs/%s.so" -+ " conffile=%s/%s envfile=%s\n", -+ cwd, MODULE_NAME, -+ cwd, my_conf, "/dev/null")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ const char *env1[] = { "EDITOR=vim", "PAGER=more", NULL }; -+ check_env(env1); -+ -+ /* -+ * conffile= specifies an empty file, -+ * envfile= specifies an existing file. -+ */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "session required %s/.libs/%s.so" -+ " conffile=%s envfile=%s/%s\n", -+ cwd, MODULE_NAME, -+ "/dev/null", cwd, my_env)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ const char *env2[] = { "test_value=foo", "test2_value=bar", NULL }; -+ check_env(env2); -+ -+#if defined (USE_ECONF) && defined (VENDORDIR) -+ -+ /* envfile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "session required %s/.libs/%s.so" -+ " conffile=%s envfile=%s/%s/\n", -+ cwd, MODULE_NAME, -+ "/dev/null", -+ cwd, dir)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ const char *env3[] = {"usr_etc_test=foo", "usr_etc_test2=bar", NULL}; -+ check_env(env3); -+ -+ /* conffile is a directory. So values will be read from {TEST_NAME_DIR}/usr/etc and {TEST_NAME_DIR}/etc */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "session required %s/.libs/%s.so" -+ " conffile=%s/%s/ envfile=%s\n", -+ cwd, MODULE_NAME, -+ cwd, dir, -+ "/dev/null")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ const char *env4[] = {"PAGER=emacs", "MANPAGER=less", NULL}; -+ check_env(env4); -+ -+#endif -+ -+ /* cleanup */ -+ cleanup(); -+ ASSERT_EQ(0, unlink(service_file)); -+ -+ return 0; -+} -diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c -index 05dec167..aeb98cdc 100644 ---- a/modules/pam_exec/pam_exec.c -+++ b/modules/pam_exec/pam_exec.c -@@ -48,6 +48,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -105,6 +106,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - FILE *stdout_file = NULL; - int retval; - const char *name; -+ struct sigaction newsa, oldsa; - - if (argc < 1) { - pam_syslog (pamh, LOG_ERR, -@@ -226,6 +228,13 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - return PAM_SERVICE_ERR; - } - -+ memset(&newsa, '\0', sizeof(newsa)); -+ newsa.sa_handler = SIG_DFL; -+ if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { -+ pam_syslog(pamh, LOG_ERR, "failed to reset SIGCHLD handler: %m"); -+ return PAM_SYSTEM_ERR; -+ } -+ - pid = fork(); - if (pid == -1) - return PAM_SYSTEM_ERR; -@@ -263,6 +272,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - - while ((rc = waitpid (pid, &status, 0)) == -1 && - errno == EINTR); -+ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ - if (rc == (pid_t)-1) - { - pam_syslog (pamh, LOG_ERR, "waitpid returns with -1: %m"); -@@ -305,9 +315,9 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - } - else /* child */ - { -- char **arggv; -+ const char **arggv; - int i; -- char **envlist, **tmp; -+ char **envlist; - int envlen, nitems; - char *envstr; - enum pam_modutil_redirect_fd redirect_stdin = -@@ -418,7 +428,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - _exit (ENOMEM); - - for (i = 0; i < (argc - optargc); i++) -- arggv[i] = strdup(argv[i+optargc]); -+ arggv[i] = argv[i+optargc]; - arggv[i] = NULL; - - /* -@@ -430,14 +440,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - /* nothing */ ; - nitems = PAM_ARRAY_SIZE(env_items); - /* + 2 because of PAM_TYPE and NULL entry */ -- tmp = realloc(envlist, (envlen + nitems + 2) * sizeof(*envlist)); -- if (tmp == NULL) -+ envlist = realloc(envlist, (envlen + nitems + 2) * sizeof(*envlist)); -+ if (envlist == NULL) - { -- free(envlist); - pam_syslog (pamh, LOG_CRIT, "realloc environment failed: %m"); - _exit (ENOMEM); - } -- envlist = tmp; - for (i = 0; i < nitems; ++i) - { - const void *item; -@@ -446,7 +454,6 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - continue; - if (asprintf(&envstr, "%s=%s", env_items[i].name, (const char *)item) < 0) - { -- free(envlist); - pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m"); - _exit (ENOMEM); - } -@@ -456,7 +463,6 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - - if (asprintf(&envstr, "PAM_TYPE=%s", pam_type) < 0) - { -- free(envlist); - pam_syslog (pamh, LOG_CRIT, "prepare environment failed: %m"); - _exit (ENOMEM); - } -@@ -466,10 +472,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - if (debug) - pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]); - -- execve (arggv[0], arggv, envlist); -+ DIAG_PUSH_IGNORE_CAST_QUAL; -+ execve (arggv[0], (char **) arggv, envlist); -+ DIAG_POP_IGNORE_CAST_QUAL; - i = errno; - pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", arggv[0]); -- free(envlist); - _exit (i); - } - return PAM_SYSTEM_ERR; /* will never be reached. */ -diff --git a/modules/pam_faillock/Makefile.am b/modules/pam_faillock/Makefile.am -index 44a49660..ca73bd05 100644 ---- a/modules/pam_faillock/Makefile.am -+++ b/modules/pam_faillock/Makefile.am -@@ -15,12 +15,12 @@ endif - XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml - - dist_check_SCRIPTS = tst-pam_faillock --TESTS = $(dist_check_SCRIPTS) -+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) - - securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - --noinst_HEADERS = faillock.h -+noinst_HEADERS = faillock.h faillock_config.h - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - $(WARN_CFLAGS) -@@ -33,6 +33,9 @@ if HAVE_VERSIONING - pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - -+check_PROGRAMS = tst-pam_faillock-retval -+tst_pam_faillock_retval_LDADD = $(top_builddir)/libpam/libpam.la -+ - faillock_LDFLAGS = @EXE_LDFLAGS@ - faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) - -@@ -41,8 +44,8 @@ dist_secureconf_DATA = faillock.conf - securelib_LTLIBRARIES = pam_faillock.la - sbin_PROGRAMS = faillock - --pam_faillock_la_SOURCES = pam_faillock.c faillock.c --faillock_SOURCES = main.c faillock.c -+pam_faillock_la_SOURCES = pam_faillock.c faillock.c faillock_config.c -+faillock_SOURCES = main.c faillock.c faillock_config.c - - if ENABLE_REGENERATE_MAN - dist_noinst_DATA = README -diff --git a/modules/pam_faillock/faillock.8.xml b/modules/pam_faillock/faillock.8.xml -index 6c20593c..81d2107c 100644 ---- a/modules/pam_faillock/faillock.8.xml -+++ b/modules/pam_faillock/faillock.8.xml -@@ -55,14 +55,31 @@ - - OPTIONS - -+ -+ -+ -+ -+ -+ -+ The file where the configuration is located. The default is -+ /etc/security/faillock.conf. -+ -+ -+ - - - - - - -- The directory where the user files with the failure records are kept. The -- default is /var/run/faillock. -+ The directory where the user files with the failure records are kept. -+ -+ -+ The priority to set this option is to use the value provided -+ from the command line. If this isn't provided, then the value -+ from the configuration file is used. Finally, if neither of -+ them has been provided, then -+ /var/run/faillock is used. - - - -diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml -index 04a84107..8faa5915 100644 ---- a/modules/pam_faillock/faillock.conf.5.xml -+++ b/modules/pam_faillock/faillock.conf.5.xml -@@ -44,6 +44,10 @@ - The directory where the user files with the failure records are kept. The - default is /var/run/faillock. - -+ -+ Note: These files will disappear after reboot on systems configured with -+ directory /var/run/faillock mounted on virtual memory. -+ - - - -diff --git a/modules/pam_faillock/faillock.h b/modules/pam_faillock/faillock.h -index b22a9dfb..0ea0ffba 100644 ---- a/modules/pam_faillock/faillock.h -+++ b/modules/pam_faillock/faillock.h -@@ -67,7 +67,6 @@ struct tally_data { - }; - - #define FAILLOCK_DEFAULT_TALLYDIR "/var/run/faillock" --#define FAILLOCK_DEFAULT_CONF "/etc/security/faillock.conf" - - int open_tally(const char *dir, const char *user, uid_t uid, int create); - int read_tally(int fd, struct tally_data *tallies); -diff --git a/modules/pam_faillock/faillock_config.c b/modules/pam_faillock/faillock_config.c -new file mode 100644 -index 00000000..0d14aad1 ---- /dev/null -+++ b/modules/pam_faillock/faillock_config.c -@@ -0,0 +1,266 @@ -+/* -+ * Copyright (c) 2022 Tomas Mraz -+ * Copyright (c) 2022 Iker Pedrosa -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "config.h" -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+#include "faillock_config.h" -+#include "faillock.h" -+ -+#define FAILLOCK_DEFAULT_CONF SCONFIGDIR "/faillock.conf" -+#ifdef VENDOR_SCONFIGDIR -+#define VENDOR_FAILLOCK_DEFAULT_CONF VENDOR_SCONFIGDIR "/faillock.conf" -+#endif -+ -+static void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3)) -+config_log(const pam_handle_t *pamh, int priority, const char *fmt, ...) -+{ -+ va_list args; -+ -+ va_start(args, fmt); -+ if (pamh) { -+ pam_vsyslog(pamh, priority, fmt, args); -+ } else { -+ char *buf = NULL; -+ -+ if (vasprintf(&buf, fmt, args) < 0) { -+ fprintf(stderr, "vasprintf: %m"); -+ va_end(args); -+ return; -+ } -+ fprintf(stderr, "%s\n", buf); -+ free(buf); -+ } -+ va_end(args); -+} -+ -+/* parse a single configuration file */ -+int -+read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile) -+{ -+ char linebuf[FAILLOCK_CONF_MAX_LINELEN+1]; -+ const char *fname = (cfgfile != NULL) ? cfgfile : FAILLOCK_DEFAULT_CONF; -+ FILE *f = fopen(fname, "r"); -+ -+#ifdef VENDOR_FAILLOCK_DEFAULT_CONF -+ if (f == NULL && errno == ENOENT && cfgfile == NULL) { -+ /* -+ * If the default configuration file in /etc does not exist, -+ * try the vendor configuration file as fallback. -+ */ -+ f = fopen(VENDOR_FAILLOCK_DEFAULT_CONF, "r"); -+ } -+#endif /* VENDOR_FAILLOCK_DEFAULT_CONF */ -+ -+ if (f == NULL) { -+ /* ignore non-existent default config file */ -+ if (errno == ENOENT && cfgfile == NULL) -+ return PAM_SUCCESS; -+ return PAM_SERVICE_ERR; -+ } -+ -+ while (fgets(linebuf, sizeof(linebuf), f) != NULL) { -+ size_t len; -+ char *ptr; -+ char *name; -+ int eq; -+ -+ len = strlen(linebuf); -+ /* len cannot be 0 unless there is a bug in fgets */ -+ if (len && linebuf[len - 1] != '\n' && !feof(f)) { -+ (void) fclose(f); -+ return PAM_SERVICE_ERR; -+ } -+ -+ if ((ptr=strchr(linebuf, '#')) != NULL) { -+ *ptr = '\0'; -+ } else { -+ ptr = linebuf + len; -+ } -+ -+ /* drop terminating whitespace including the \n */ -+ while (ptr > linebuf) { -+ if (!isspace(*(ptr-1))) { -+ *ptr = '\0'; -+ break; -+ } -+ --ptr; -+ } -+ -+ /* skip initial whitespace */ -+ for (ptr = linebuf; isspace(*ptr); ptr++); -+ if (*ptr == '\0') -+ continue; -+ -+ /* grab the key name */ -+ eq = 0; -+ name = ptr; -+ while (*ptr != '\0') { -+ if (isspace(*ptr) || *ptr == '=') { -+ eq = *ptr == '='; -+ *ptr = '\0'; -+ ++ptr; -+ break; -+ } -+ ++ptr; -+ } -+ -+ /* grab the key value */ -+ while (*ptr != '\0') { -+ if (*ptr != '=' || eq) { -+ if (!isspace(*ptr)) { -+ break; -+ } -+ } else { -+ eq = 1; -+ } -+ ++ptr; -+ } -+ -+ /* set the key:value pair on opts */ -+ set_conf_opt(pamh, opts, name, ptr); -+ } -+ -+ (void)fclose(f); -+ return PAM_SUCCESS; -+} -+ -+void -+set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, -+ const char *value) -+{ -+ if (strcmp(name, "dir") == 0) { -+ if (value[0] != '/') { -+ config_log(pamh, LOG_ERR, -+ "Tally directory is not absolute path (%s); keeping value", -+ value); -+ } else { -+ free(opts->dir); -+ opts->dir = strdup(value); -+ if (opts->dir == NULL) { -+ opts->fatal_error = 1; -+ config_log(pamh, LOG_CRIT, "Error allocating memory: %m"); -+ } -+ } -+ } -+ else if (strcmp(name, "deny") == 0) { -+ if (sscanf(value, "%hu", &opts->deny) != 1) { -+ config_log(pamh, LOG_ERR, -+ "Bad number supplied for deny argument"); -+ } -+ } -+ else if (strcmp(name, "fail_interval") == 0) { -+ unsigned int temp; -+ if (sscanf(value, "%u", &temp) != 1 || -+ temp > MAX_TIME_INTERVAL) { -+ config_log(pamh, LOG_ERR, -+ "Bad number supplied for fail_interval argument"); -+ } else { -+ opts->fail_interval = temp; -+ } -+ } -+ else if (strcmp(name, "unlock_time") == 0) { -+ unsigned int temp; -+ -+ if (strcmp(value, "never") == 0) { -+ opts->unlock_time = 0; -+ } -+ else if (sscanf(value, "%u", &temp) != 1 || -+ temp > MAX_TIME_INTERVAL) { -+ config_log(pamh, LOG_ERR, -+ "Bad number supplied for unlock_time argument"); -+ } -+ else { -+ opts->unlock_time = temp; -+ } -+ } -+ else if (strcmp(name, "root_unlock_time") == 0) { -+ unsigned int temp; -+ -+ if (strcmp(value, "never") == 0) { -+ opts->root_unlock_time = 0; -+ } -+ else if (sscanf(value, "%u", &temp) != 1 || -+ temp > MAX_TIME_INTERVAL) { -+ config_log(pamh, LOG_ERR, -+ "Bad number supplied for root_unlock_time argument"); -+ } else { -+ opts->root_unlock_time = temp; -+ } -+ } -+ else if (strcmp(name, "admin_group") == 0) { -+ free(opts->admin_group); -+ opts->admin_group = strdup(value); -+ if (opts->admin_group == NULL) { -+ opts->fatal_error = 1; -+ config_log(pamh, LOG_CRIT, "Error allocating memory: %m"); -+ } -+ } -+ else if (strcmp(name, "even_deny_root") == 0) { -+ opts->flags |= FAILLOCK_FLAG_DENY_ROOT; -+ } -+ else if (strcmp(name, "audit") == 0) { -+ opts->flags |= FAILLOCK_FLAG_AUDIT; -+ } -+ else if (strcmp(name, "silent") == 0) { -+ opts->flags |= FAILLOCK_FLAG_SILENT; -+ } -+ else if (strcmp(name, "no_log_info") == 0) { -+ opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO; -+ } -+ else if (strcmp(name, "local_users_only") == 0) { -+ opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY; -+ } -+ else if (strcmp(name, "nodelay") == 0) { -+ opts->flags |= FAILLOCK_FLAG_NO_DELAY; -+ } -+ else { -+ config_log(pamh, LOG_ERR, "Unknown option: %s", name); -+ } -+} -+ -+const char *get_tally_dir(const struct options *opts) -+{ -+ return (opts->dir != NULL) ? opts->dir : FAILLOCK_DEFAULT_TALLYDIR; -+} -diff --git a/modules/pam_faillock/faillock_config.h b/modules/pam_faillock/faillock_config.h -new file mode 100644 -index 00000000..04bc699b ---- /dev/null -+++ b/modules/pam_faillock/faillock_config.h -@@ -0,0 +1,90 @@ -+/* -+ * Copyright (c) 2022 Tomas Mraz -+ * Copyright (c) 2022 Iker Pedrosa -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ * faillock_config.h - load configuration options from file -+ * -+ */ -+ -+#ifndef _FAILLOCK_CONFIG_H -+#define _FAILLOCK_CONFIG_H -+ -+#include -+#include -+#include -+ -+#include -+ -+#define FAILLOCK_FLAG_DENY_ROOT 0x1 -+#define FAILLOCK_FLAG_AUDIT 0x2 -+#define FAILLOCK_FLAG_SILENT 0x4 -+#define FAILLOCK_FLAG_NO_LOG_INFO 0x8 -+#define FAILLOCK_FLAG_UNLOCKED 0x10 -+#define FAILLOCK_FLAG_LOCAL_ONLY 0x20 -+#define FAILLOCK_FLAG_NO_DELAY 0x40 -+ -+#define FAILLOCK_CONF_MAX_LINELEN 1023 -+#define MAX_TIME_INTERVAL 604800 /* 7 days */ -+ -+struct options { -+ unsigned int action; -+ unsigned int flags; -+ unsigned short deny; -+ unsigned int fail_interval; -+ unsigned int unlock_time; -+ unsigned int root_unlock_time; -+ char *dir; -+ const char *user; -+ char *admin_group; -+ int failures; -+ uint64_t latest_time; -+ uid_t uid; -+ int is_admin; -+ uint64_t now; -+ int fatal_error; -+ -+ unsigned int reset; -+ const char *progname; -+ int legacy_output; /* show failure info in pam_tally2 style */ -+}; -+ -+int read_config_file(pam_handle_t *pamh, struct options *opts, -+ const char *cfgfile); -+void set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, -+ const char *value); -+const char *get_tally_dir(const struct options *opts); -+ -+#endif /* _FAILLOCK_CONFIG_H */ -diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c -index f62e1bb2..136be834 100644 ---- a/modules/pam_faillock/main.c -+++ b/modules/pam_faillock/main.c -@@ -51,32 +51,40 @@ - #define AUDIT_NO_ID ((unsigned int) -1) - #endif - -+#include "pam_inline.h" - #include "faillock.h" -- --struct options { -- unsigned int reset; -- const char *dir; -- const char *user; -- const char *progname; --}; -+#include "faillock_config.h" - - static int - args_parse(int argc, char **argv, struct options *opts) - { - int i; -+ int rv; -+ const char *dir = NULL; -+ const char *conf = NULL; -+ - memset(opts, 0, sizeof(*opts)); - -- opts->dir = FAILLOCK_DEFAULT_TALLYDIR; - opts->progname = argv[0]; - - for (i = 1; i < argc; ++i) { -- if (strcmp(argv[i], "--dir") == 0) { -+ if (strcmp(argv[i], "--conf") == 0) { -+ ++i; -+ if (i >= argc || strlen(argv[i]) == 0) { -+ fprintf(stderr, "%s: No configuration file supplied.\n", -+ argv[0]); -+ return -1; -+ } -+ conf = argv[i]; -+ } -+ else if (strcmp(argv[i], "--dir") == 0) { - ++i; - if (i >= argc || strlen(argv[i]) == 0) { -- fprintf(stderr, "%s: No directory supplied.\n", argv[0]); -+ fprintf(stderr, "%s: No records directory supplied.\n", -+ argv[0]); - return -1; - } -- opts->dir = argv[i]; -+ dir = argv[i]; - } - else if (strcmp(argv[i], "--user") == 0) { - ++i; -@@ -89,19 +97,113 @@ args_parse(int argc, char **argv, struct options *opts) - else if (strcmp(argv[i], "--reset") == 0) { - opts->reset = 1; - } -+ else if (!strcmp(argv[i], "--legacy-output")) { -+ opts->legacy_output = 1; -+ } - else { - fprintf(stderr, "%s: Unknown option: %s\n", argv[0], argv[i]); - return -1; - } - } -+ -+ if ((rv = read_config_file(NULL, opts, conf)) != PAM_SUCCESS) { -+ fprintf(stderr, "Configuration file missing or broken"); -+ return rv; -+ } -+ -+ if (dir != NULL) { -+ free(opts->dir); -+ opts->dir = strdup(dir); -+ if (opts->dir == NULL) { -+ fprintf(stderr, "Error allocating memory: %m"); -+ return -1; -+ } -+ } -+ - return 0; - } - - static void - usage(const char *progname) - { -- fprintf(stderr, _("Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"), -- progname); -+ fprintf(stderr, -+ _("Usage: %s [--dir /path/to/tally-directory]" -+ " [--user username] [--reset] [--legacy-output]\n"), progname); -+ -+} -+ -+static int -+get_local_time(time_t when, char *timebuf, size_t timebuf_size) -+{ -+ struct tm *tm; -+ -+ tm = localtime(&when); -+ if (tm == NULL) { -+ return -1; -+ } -+ strftime(timebuf, timebuf_size, "%Y-%m-%d %H:%M:%S", tm); -+ return 0; -+} -+ -+static void -+print_in_new_format(struct options *opts, const struct tally_data *tallies, const char *user) -+{ -+ uint32_t i; -+ -+ printf("%s:\n", user); -+ printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid"); -+ -+ for (i = 0; i < tallies->count; i++) { -+ uint16_t status; -+ char timebuf[80]; -+ -+ if (get_local_time(tallies->records[i].time, timebuf, sizeof(timebuf)) != 0) { -+ fprintf(stderr, "%s: Invalid timestamp in the tally record\n", -+ opts->progname); -+ continue; -+ } -+ -+ status = tallies->records[i].status; -+ -+ printf("%-19s %-5s %-52.52s %s\n", timebuf, -+ status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"), -+ tallies->records[i].source, status & TALLY_STATUS_VALID ? "V":"I"); -+ } -+} -+ -+static void -+print_in_legacy_format(struct options *opts, const struct tally_data *tallies, const char *user) -+{ -+ uint32_t tally_count; -+ static uint32_t pr_once; -+ -+ if (pr_once == 0) { -+ printf(_("Login Failures Latest failure From\n")); -+ pr_once = 1; -+ } -+ -+ printf("%-15.15s ", user); -+ -+ tally_count = tallies->count; -+ -+ if (tally_count > 0) { -+ uint32_t i; -+ char timebuf[80]; -+ -+ i = tally_count - 1; -+ -+ if (get_local_time(tallies->records[i].time, timebuf, sizeof(timebuf)) != 0) { -+ fprintf(stderr, "%s: Invalid timestamp in the tally record\n", -+ opts->progname); -+ return; -+ } -+ -+ printf("%5u %25s %s\n", -+ tally_count, timebuf, tallies->records[i].source); -+ } -+ else { -+ printf("%5u\n", tally_count); -+ } - } - - static int -@@ -111,10 +213,15 @@ do_user(struct options *opts, const char *user) - int rv; - struct tally_data tallies; - struct passwd *pwd; -+ const char *dir = get_tally_dir(opts); - - pwd = getpwnam(user); -+ if (pwd == NULL) { -+ fprintf(stderr, "%s: Error no such user: %s\n", opts->progname, user); -+ return 1; -+ } - -- fd = open_tally(opts->dir, user, pwd != NULL ? pwd->pw_uid : 0, 0); -+ fd = open_tally(dir, user, pwd->pw_uid, 1); - - if (fd == -1) { - if (errno == ENOENT) { -@@ -153,8 +260,6 @@ do_user(struct options *opts, const char *user) - } - } - else { -- unsigned int i; -- - memset(&tallies, 0, sizeof(tallies)); - if (read_tally(fd, &tallies) == -1) { - fprintf(stderr, "%s: Error reading the tally file for %s:", -@@ -164,21 +269,13 @@ do_user(struct options *opts, const char *user) - return 5; - } - -- printf("%s:\n", user); -- printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid"); -- -- for (i = 0; i < tallies.count; i++) { -- struct tm *tm; -- char timebuf[80]; -- uint16_t status = tallies.records[i].status; -- time_t when = tallies.records[i].time; -- -- tm = localtime(&when); -- strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm); -- printf("%-19s %-5s %-52.52s %s\n", timebuf, -- status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"), -- tallies.records[i].source, status & TALLY_STATUS_VALID ? "V":"I"); -+ if (opts->legacy_output == 0) { -+ print_in_new_format(opts, &tallies, user); - } -+ else { -+ print_in_legacy_format(opts, &tallies, user); -+ } -+ - free(tallies.records); - } - close(fd); -@@ -190,8 +287,9 @@ do_allusers(struct options *opts) - { - struct dirent **userlist; - int rv, i; -+ const char *dir = get_tally_dir(opts); - -- rv = scandir(opts->dir, &userlist, NULL, alphasort); -+ rv = scandir(dir, &userlist, NULL, alphasort); - if (rv < 0) { - fprintf(stderr, "%s: Error reading tally directory: %m\n", opts->progname); - return 2; -diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml -index 58c16442..b7b7b0db 100644 ---- a/modules/pam_faillock/pam_faillock.8.xml -+++ b/modules/pam_faillock/pam_faillock.8.xml -@@ -134,10 +134,17 @@ - - - -- -+ - Use another configuration file instead of the default - /etc/security/faillock.conf. - -+ -+ Use another configuration file instead of the default -+ which is to use the file -+ /etc/security/faillock.conf or, -+ if that one is not present, the file -+ %vendordir%/security/faillock.conf. -+ - - - -@@ -320,6 +327,12 @@ session required pam_selinux.so open - /var/run/faillock/* - - the files logging the authentication failures for users -+ -+ Note: These files will disappear after reboot on systems configured with -+ directory /var/run/faillock mounted on virtual memory. -+ For persistent storage use the option dir= in -+ file /etc/security/faillock.conf. -+ - - - -@@ -328,6 +341,15 @@ session required pam_selinux.so open - the config file for pam_faillock options - - -+ -+ %vendordir%/security/faillock.conf -+ -+ -+ the config file for pam_faillock options. It will be used if -+ /etc/security/faillock.conf does not exist. -+ -+ -+ - - - -diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c -index 8328fbae..ca1c7035 100644 ---- a/modules/pam_faillock/pam_faillock.c -+++ b/modules/pam_faillock/pam_faillock.c -@@ -38,7 +38,6 @@ - #include - #include - #include --#include - #include - #include - #include -@@ -56,55 +55,12 @@ - - #include "pam_inline.h" - #include "faillock.h" -+#include "faillock_config.h" - - #define FAILLOCK_ACTION_PREAUTH 0 - #define FAILLOCK_ACTION_AUTHSUCC 1 - #define FAILLOCK_ACTION_AUTHFAIL 2 - --#define FAILLOCK_FLAG_DENY_ROOT 0x1 --#define FAILLOCK_FLAG_AUDIT 0x2 --#define FAILLOCK_FLAG_SILENT 0x4 --#define FAILLOCK_FLAG_NO_LOG_INFO 0x8 --#define FAILLOCK_FLAG_UNLOCKED 0x10 --#define FAILLOCK_FLAG_LOCAL_ONLY 0x20 --#define FAILLOCK_FLAG_NO_DELAY 0x40 -- --#define MAX_TIME_INTERVAL 604800 /* 7 days */ --#define FAILLOCK_CONF_MAX_LINELEN 1023 -- --static const char default_faillock_conf[] = FAILLOCK_DEFAULT_CONF; -- --struct options { -- unsigned int action; -- unsigned int flags; -- unsigned short deny; -- unsigned int fail_interval; -- unsigned int unlock_time; -- unsigned int root_unlock_time; -- char *dir; -- const char *user; -- char *admin_group; -- int failures; -- uint64_t latest_time; -- uid_t uid; -- int is_admin; -- uint64_t now; -- int fatal_error; --}; -- --static int read_config_file( -- pam_handle_t *pamh, -- struct options *opts, -- const char *cfgfile --); -- --static void set_conf_opt( -- pam_handle_t *pamh, -- struct options *opts, -- const char *name, -- const char *value --); -- - static int - args_parse(pam_handle_t *pamh, int argc, const char **argv, - int flags, struct options *opts) -@@ -112,11 +68,10 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv, - int i; - int config_arg_index = -1; - int rv; -- const char *conf = default_faillock_conf; -+ const char *conf = NULL; - - memset(opts, 0, sizeof(*opts)); - -- opts->dir = strdup(FAILLOCK_DEFAULT_TALLYDIR); - opts->deny = 3; - opts->fail_interval = 900; - opts->unlock_time = 600; -@@ -174,185 +129,11 @@ args_parse(pam_handle_t *pamh, int argc, const char **argv, - if (flags & PAM_SILENT) - opts->flags |= FAILLOCK_FLAG_SILENT; - -- if (opts->dir == NULL) { -- pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m"); -- opts->fatal_error = 1; -- } -- - if (opts->fatal_error) - return PAM_BUF_ERR; - return PAM_SUCCESS; - } - --/* parse a single configuration file */ --static int --read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile) --{ -- FILE *f; -- char linebuf[FAILLOCK_CONF_MAX_LINELEN+1]; -- -- f = fopen(cfgfile, "r"); -- if (f == NULL) { -- /* ignore non-existent default config file */ -- if (errno == ENOENT && cfgfile == default_faillock_conf) -- return PAM_SUCCESS; -- return PAM_SERVICE_ERR; -- } -- -- while (fgets(linebuf, sizeof(linebuf), f) != NULL) { -- size_t len; -- char *ptr; -- char *name; -- int eq; -- -- len = strlen(linebuf); -- /* len cannot be 0 unless there is a bug in fgets */ -- if (len && linebuf[len - 1] != '\n' && !feof(f)) { -- (void) fclose(f); -- return PAM_SERVICE_ERR; -- } -- -- if ((ptr=strchr(linebuf, '#')) != NULL) { -- *ptr = '\0'; -- } else { -- ptr = linebuf + len; -- } -- -- /* drop terminating whitespace including the \n */ -- while (ptr > linebuf) { -- if (!isspace(*(ptr-1))) { -- *ptr = '\0'; -- break; -- } -- --ptr; -- } -- -- /* skip initial whitespace */ -- for (ptr = linebuf; isspace(*ptr); ptr++); -- if (*ptr == '\0') -- continue; -- -- /* grab the key name */ -- eq = 0; -- name = ptr; -- while (*ptr != '\0') { -- if (isspace(*ptr) || *ptr == '=') { -- eq = *ptr == '='; -- *ptr = '\0'; -- ++ptr; -- break; -- } -- ++ptr; -- } -- -- /* grab the key value */ -- while (*ptr != '\0') { -- if (*ptr != '=' || eq) { -- if (!isspace(*ptr)) { -- break; -- } -- } else { -- eq = 1; -- } -- ++ptr; -- } -- -- /* set the key:value pair on opts */ -- set_conf_opt(pamh, opts, name, ptr); -- } -- -- (void)fclose(f); -- return PAM_SUCCESS; --} -- --static void --set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const char *value) --{ -- if (strcmp(name, "dir") == 0) { -- if (value[0] != '/') { -- pam_syslog(pamh, LOG_ERR, -- "Tally directory is not absolute path (%s); keeping default", value); -- } else { -- free(opts->dir); -- opts->dir = strdup(value); -- } -- } -- else if (strcmp(name, "deny") == 0) { -- if (sscanf(value, "%hu", &opts->deny) != 1) { -- pam_syslog(pamh, LOG_ERR, -- "Bad number supplied for deny argument"); -- } -- } -- else if (strcmp(name, "fail_interval") == 0) { -- unsigned int temp; -- if (sscanf(value, "%u", &temp) != 1 || -- temp > MAX_TIME_INTERVAL) { -- pam_syslog(pamh, LOG_ERR, -- "Bad number supplied for fail_interval argument"); -- } else { -- opts->fail_interval = temp; -- } -- } -- else if (strcmp(name, "unlock_time") == 0) { -- unsigned int temp; -- -- if (strcmp(value, "never") == 0) { -- opts->unlock_time = 0; -- } -- else if (sscanf(value, "%u", &temp) != 1 || -- temp > MAX_TIME_INTERVAL) { -- pam_syslog(pamh, LOG_ERR, -- "Bad number supplied for unlock_time argument"); -- } -- else { -- opts->unlock_time = temp; -- } -- } -- else if (strcmp(name, "root_unlock_time") == 0) { -- unsigned int temp; -- -- if (strcmp(value, "never") == 0) { -- opts->root_unlock_time = 0; -- } -- else if (sscanf(value, "%u", &temp) != 1 || -- temp > MAX_TIME_INTERVAL) { -- pam_syslog(pamh, LOG_ERR, -- "Bad number supplied for root_unlock_time argument"); -- } else { -- opts->root_unlock_time = temp; -- } -- } -- else if (strcmp(name, "admin_group") == 0) { -- free(opts->admin_group); -- opts->admin_group = strdup(value); -- if (opts->admin_group == NULL) { -- opts->fatal_error = 1; -- pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m"); -- } -- } -- else if (strcmp(name, "even_deny_root") == 0) { -- opts->flags |= FAILLOCK_FLAG_DENY_ROOT; -- } -- else if (strcmp(name, "audit") == 0) { -- opts->flags |= FAILLOCK_FLAG_AUDIT; -- } -- else if (strcmp(name, "silent") == 0) { -- opts->flags |= FAILLOCK_FLAG_SILENT; -- } -- else if (strcmp(name, "no_log_info") == 0) { -- opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO; -- } -- else if (strcmp(name, "local_users_only") == 0) { -- opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY; -- } -- else if (strcmp(name, "nodelay") == 0) { -- opts->flags |= FAILLOCK_FLAG_NO_DELAY; -- } -- else { -- pam_syslog(pamh, LOG_ERR, "Unknown option: %s", name); -- } --} -- - static int - check_local_user (pam_handle_t *pamh, const char *user) - { -@@ -406,10 +187,11 @@ check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies - unsigned int i; - uint64_t latest_time; - int failures; -+ const char *dir = get_tally_dir(opts); - - opts->now = time(NULL); - -- tfd = open_tally(opts->dir, opts->user, opts->uid, 0); -+ tfd = open_tally(dir, opts->user, opts->uid, 0); - - *fd = tfd; - -@@ -483,9 +265,10 @@ static void - reset_tally(pam_handle_t *pamh, struct options *opts, int *fd) - { - int rv; -+ const char *dir = get_tally_dir(opts); - - if (*fd == -1) { -- *fd = open_tally(opts->dir, opts->user, opts->uid, 1); -+ *fd = open_tally(dir, opts->user, opts->uid, 1); - } - else { - while ((rv=ftruncate(*fd, 0)) == -1 && errno == EINTR); -@@ -504,9 +287,10 @@ write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies - unsigned int oldest; - uint64_t oldtime; - const void *source = NULL; -+ const char *dir = get_tally_dir(opts); - - if (*fd == -1) { -- *fd = open_tally(opts->dir, opts->user, opts->uid, 1); -+ *fd = open_tally(dir, opts->user, opts->uid, 1); - } - if (*fd == -1) { - if (errno == EACCES) { -@@ -590,9 +374,11 @@ write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies - } - close(audit_fd); - #endif -- if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) { -- pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked", -- opts->user); -+ if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO) && -+ ((opts->flags & FAILLOCK_FLAG_DENY_ROOT) || (opts->uid != 0))) { -+ pam_syslog(pamh, LOG_INFO, -+ "Consecutive login failures for user %s account temporarily locked", -+ opts->user); - } - } - -diff --git a/modules/pam_faillock/tst-pam_faillock-retval.c b/modules/pam_faillock/tst-pam_faillock-retval.c -new file mode 100644 -index 00000000..133026cb ---- /dev/null -+++ b/modules/pam_faillock/tst-pam_faillock-retval.c -@@ -0,0 +1,119 @@ -+/* -+ * Check pam_faillock return values. -+ */ -+ -+#include "test_assert.h" -+ -+#include -+#include -+#include -+#include -+#include -+ -+#define MODULE_NAME "pam_faillock" -+#define TEST_NAME "tst-" MODULE_NAME "-retval" -+ -+static const char service_file[] = TEST_NAME ".service"; -+static const char config_filename[] = TEST_NAME ".conf"; -+static const char user_name[] = "root"; -+static struct pam_conv conv; -+ -+int -+main(void) -+{ -+ pam_handle_t *pamh = NULL; -+ FILE *fp; -+ char cwd[PATH_MAX]; -+ -+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); -+ -+ ASSERT_NE(NULL, fp = fopen(config_filename, "w")); -+ ASSERT_LT(0, fprintf(fp, -+ "deny = 2\n" -+ "unlock_time = 5\n" -+ "root_unlock_time = 5\n")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ /* root has access */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/../pam_permit/.libs/pam_permit.so\n" -+ "auth required %s/.libs/%s.so authsucc even_deny_root dir=%s conf=%s\n" -+ "account required %s/.libs/%s.so dir=%s\n" -+ "password required %s/.libs/%s.so dir=%s\n" -+ "session required %s/.libs/%s.so dir=%s\n", -+ cwd, -+ cwd, MODULE_NAME, cwd, config_filename, -+ cwd, MODULE_NAME, cwd, -+ cwd, MODULE_NAME, cwd, -+ cwd, MODULE_NAME, cwd)); -+ -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ ASSERT_EQ(0, unlink(service_file)); -+ pamh = NULL; -+ -+ /* root tries to login 2 times without success*/ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "auth requisite %s/.libs/%s.so dir=%s preauth even_deny_root conf=%s\n" -+ "auth [success=1 default=bad] %s/../pam_debug/.libs/pam_debug.so auth=perm_denied cred=success\n" -+ "auth [default=die] %s/.libs/%s.so dir=%s authfail even_deny_root conf=%s\n" -+ "auth sufficient %s/.libs/%s.so dir=%s authsucc even_deny_root conf=%s\n", -+ cwd, MODULE_NAME, cwd, config_filename, -+ cwd, -+ cwd, MODULE_NAME, cwd, config_filename, -+ cwd, MODULE_NAME, cwd, config_filename)); -+ -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); -+ pamh = NULL; -+ ASSERT_EQ(0, unlink(service_file)); -+ -+ /* root is locked for 5 sec*/ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n" -+ "auth requisite %s/.libs/%s.so dir=%s preauth even_deny_root conf=%s\n" -+ "auth [success=1 default=bad] %s/../pam_debug/.libs/pam_debug.so auth=success cred=success\n" -+ "auth [default=die] %s/.libs/%s.so dir=%s authfail even_deny_root conf=%s\n" -+ "auth sufficient %s/.libs/%s.so dir=%s authsucc even_deny_root conf=%s\n", -+ cwd, MODULE_NAME, cwd, config_filename, -+ cwd, -+ cwd, MODULE_NAME, cwd, config_filename, -+ cwd, MODULE_NAME, cwd, config_filename)); -+ -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_AUTH_ERR, pam_authenticate(pamh, 0)); -+ -+ /* waiting at least 5 sec --> login is working again*/ -+ sleep(6); -+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); -+ -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ ASSERT_EQ(0, unlink(service_file)); -+ pamh = NULL; -+ -+ ASSERT_EQ(0,unlink(user_name)); -+ ASSERT_EQ(0,unlink(config_filename)); -+ -+ return 0; -+} -diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am -index a9a0a1ef..fd88b952 100644 ---- a/modules/pam_group/Makefile.am -+++ b/modules/pam_group/Makefile.am -@@ -18,7 +18,7 @@ securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" $(WARN_CFLAGS) -+ $(WARN_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -diff --git a/modules/pam_group/pam_group.8.xml b/modules/pam_group/pam_group.8.xml -index 2c1c9058..e4a59dfd 100644 ---- a/modules/pam_group/pam_group.8.xml -+++ b/modules/pam_group/pam_group.8.xml -@@ -38,6 +38,10 @@ - By default rules for group memberships are taken from config file - /etc/security/group.conf. - -+ -+ If /etc/security/group.conf does not exist, -+ %vendordir%/security/group.conf is used. -+ - - This module's usefulness relies on the file-systems - accessible to the user. The point being that once granted the -diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c -index d9a35ea6..c49358a1 100644 ---- a/modules/pam_group/pam_group.c -+++ b/modules/pam_group/pam_group.c -@@ -16,6 +16,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -23,6 +24,10 @@ - #include - #include - -+#define PAM_GROUP_CONF SCONFIGDIR "/group.conf" -+#ifdef VENDOR_SCONFIGDIR -+# define VENDOR_PAM_GROUP_CONF VENDOR_SCONFIGDIR "/group.conf" -+#endif - #define PAM_GROUP_BUFLEN 1000 - #define FIELD_SEPARATOR ';' /* this is new as of .02 */ - -@@ -70,7 +75,8 @@ trim_spaces(char *buf, char *from) - #define STATE_EOF 3 /* end of file or error */ - - static int --read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) -+read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state, -+ const char *conf_filename) - { - char *to; - char *src; -@@ -89,9 +95,9 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) - } - *from = 0; - *state = STATE_NL; -- fd = open(PAM_GROUP_CONF, O_RDONLY); -+ fd = open(conf_filename, O_RDONLY); - if (fd < 0) { -- pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_GROUP_CONF); -+ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", conf_filename); - _pam_drop(*buf); - *state = STATE_EOF; - return -1; -@@ -106,7 +112,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) - while (fd != -1 && to - *buf < PAM_GROUP_BUFLEN) { - i = pam_modutil_read(fd, to, PAM_GROUP_BUFLEN - (to - *buf)); - if (i < 0) { -- pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_GROUP_CONF); -+ pam_syslog(pamh, LOG_ERR, "error reading %s: %m", conf_filename); - close(fd); - memset(*buf, 0, PAM_GROUP_BUFLEN); - _pam_drop(*buf); -@@ -573,6 +579,18 @@ static int check_account(pam_handle_t *pamh, const char *service, - int retval=PAM_SUCCESS; - gid_t *grps; - int no_grps; -+ const char *conf_filename = PAM_GROUP_CONF; -+ -+#ifdef VENDOR_PAM_GROUP_CONF -+ /* -+ * Check whether PAM_GROUP_CONF file is available. -+ * If it does not exist, fall back to VENDOR_PAM_GROUP_CONF file. -+ */ -+ struct stat stat_buffer; -+ if (stat(conf_filename, &stat_buffer) != 0 && errno == ENOENT) { -+ conf_filename = VENDOR_PAM_GROUP_CONF; -+ } -+#endif - - /* - * first we get the current list of groups - the application -@@ -611,7 +629,7 @@ static int check_account(pam_handle_t *pamh, const char *service, - - /* here we get the service name field */ - -- fd = read_field(pamh, fd, &buffer, &from, &state); -+ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); - if (!buffer || !buffer[0]) { - /* empty line .. ? */ - continue; -@@ -621,7 +639,7 @@ static int check_account(pam_handle_t *pamh, const char *service, - - if (state != STATE_FIELD) { - pam_syslog(pamh, LOG_ERR, -- "%s: malformed rule #%d", PAM_GROUP_CONF, count); -+ "%s: malformed rule #%d", conf_filename, count); - continue; - } - -@@ -630,10 +648,10 @@ static int check_account(pam_handle_t *pamh, const char *service, - - /* here we get the terminal name field */ - -- fd = read_field(pamh, fd, &buffer, &from, &state); -+ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); - if (state != STATE_FIELD) { - pam_syslog(pamh, LOG_ERR, -- "%s: malformed rule #%d", PAM_GROUP_CONF, count); -+ "%s: malformed rule #%d", conf_filename, count); - continue; - } - good &= logic_field(pamh,tty, buffer, count, is_same); -@@ -641,10 +659,10 @@ static int check_account(pam_handle_t *pamh, const char *service, - - /* here we get the username field */ - -- fd = read_field(pamh, fd, &buffer, &from, &state); -+ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); - if (state != STATE_FIELD) { - pam_syslog(pamh, LOG_ERR, -- "%s: malformed rule #%d", PAM_GROUP_CONF, count); -+ "%s: malformed rule #%d", conf_filename, count); - continue; - } - /* If buffer starts with @, we are using netgroups */ -@@ -663,20 +681,20 @@ static int check_account(pam_handle_t *pamh, const char *service, - - /* here we get the time field */ - -- fd = read_field(pamh, fd, &buffer, &from, &state); -+ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); - if (state != STATE_FIELD) { - pam_syslog(pamh, LOG_ERR, -- "%s: malformed rule #%d", PAM_GROUP_CONF, count); -+ "%s: malformed rule #%d", conf_filename, count); - continue; - } - - good &= logic_field(pamh,&here_and_now, buffer, count, check_time); - D(("with time: %s", good ? "passes":"fails" )); - -- fd = read_field(pamh, fd, &buffer, &from, &state); -+ fd = read_field(pamh, fd, &buffer, &from, &state, conf_filename); - if (state == STATE_FIELD) { - pam_syslog(pamh, LOG_ERR, -- "%s: poorly terminated rule #%d", PAM_GROUP_CONF, count); -+ "%s: poorly terminated rule #%d", conf_filename, count); - continue; - } - -diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c -index 5b6a4669..2f53440f 100644 ---- a/modules/pam_issue/pam_issue.c -+++ b/modules/pam_issue/pam_issue.c -@@ -36,98 +36,6 @@ - - static int _user_prompt_set = 0; - --static int read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt); --static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt); -- --/* --- authentication management functions (only) --- */ -- --int --pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, -- int argc, const char **argv) --{ -- int retval = PAM_SERVICE_ERR; -- FILE *fp; -- const char *issue_file = NULL; -- int parse_esc = 1; -- const void *item = NULL; -- const char *cur_prompt; -- char *issue_prompt = NULL; -- -- /* If we've already set the prompt, don't set it again */ -- if(_user_prompt_set) -- return PAM_IGNORE; -- -- /* We set this here so if we fail below, we won't get further -- than this next time around (only one real failure) */ -- _user_prompt_set = 1; -- -- for ( ; argc-- > 0 ; ++argv ) { -- const char *str; -- -- if ((str = pam_str_skip_prefix(*argv, "issue=")) != NULL) { -- issue_file = str; -- D(("set issue_file to: %s", issue_file)); -- } else if (!strcmp(*argv,"noesc")) { -- parse_esc = 0; -- D(("turning off escape parsing by request")); -- } else -- D(("unknown option passed: %s", *argv)); -- } -- -- if (issue_file == NULL) -- issue_file = "/etc/issue"; -- -- if ((fp = fopen(issue_file, "r")) == NULL) { -- pam_syslog(pamh, LOG_ERR, "error opening %s: %m", issue_file); -- return PAM_SERVICE_ERR; -- } -- -- if ((retval = pam_get_item(pamh, PAM_USER_PROMPT, &item)) != PAM_SUCCESS) { -- fclose(fp); -- return retval; -- } -- -- cur_prompt = item; -- if (cur_prompt == NULL) -- cur_prompt = ""; -- -- if (parse_esc) -- retval = read_issue_quoted(pamh, fp, &issue_prompt); -- else -- retval = read_issue_raw(pamh, fp, &issue_prompt); -- -- fclose(fp); -- -- if (retval != PAM_SUCCESS) -- goto out; -- -- { -- size_t size = strlen(issue_prompt) + strlen(cur_prompt) + 1; -- char *new_prompt = realloc(issue_prompt, size); -- -- if (new_prompt == NULL) { -- pam_syslog(pamh, LOG_CRIT, "out of memory"); -- retval = PAM_BUF_ERR; -- goto out; -- } -- issue_prompt = new_prompt; -- } -- -- strcat(issue_prompt, cur_prompt); -- retval = pam_set_item(pamh, PAM_USER_PROMPT, -- (const void *) issue_prompt); -- out: -- _pam_drop(issue_prompt); -- return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; --} -- --int --pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, -- int argc UNUSED, const char **argv UNUSED) --{ -- return PAM_IGNORE; --} -- - static int - read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt) - { -@@ -303,4 +211,91 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) - return PAM_SUCCESS; - } - --/* end of module definition */ -+/* --- authentication management functions (only) --- */ -+ -+int -+pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, -+ int argc, const char **argv) -+{ -+ int retval = PAM_SERVICE_ERR; -+ FILE *fp; -+ const char *issue_file = NULL; -+ int parse_esc = 1; -+ const void *item = NULL; -+ const char *cur_prompt; -+ char *issue_prompt = NULL; -+ -+ /* If we've already set the prompt, don't set it again */ -+ if(_user_prompt_set) -+ return PAM_IGNORE; -+ -+ /* We set this here so if we fail below, we won't get further -+ than this next time around (only one real failure) */ -+ _user_prompt_set = 1; -+ -+ for ( ; argc-- > 0 ; ++argv ) { -+ const char *str; -+ -+ if ((str = pam_str_skip_prefix(*argv, "issue=")) != NULL) { -+ issue_file = str; -+ D(("set issue_file to: %s", issue_file)); -+ } else if (!strcmp(*argv,"noesc")) { -+ parse_esc = 0; -+ D(("turning off escape parsing by request")); -+ } else -+ D(("unknown option passed: %s", *argv)); -+ } -+ -+ if (issue_file == NULL) -+ issue_file = "/etc/issue"; -+ -+ if ((fp = fopen(issue_file, "r")) == NULL) { -+ pam_syslog(pamh, LOG_ERR, "error opening %s: %m", issue_file); -+ return PAM_SERVICE_ERR; -+ } -+ -+ if ((retval = pam_get_item(pamh, PAM_USER_PROMPT, &item)) != PAM_SUCCESS) { -+ fclose(fp); -+ return retval; -+ } -+ -+ cur_prompt = item; -+ if (cur_prompt == NULL) -+ cur_prompt = ""; -+ -+ if (parse_esc) -+ retval = read_issue_quoted(pamh, fp, &issue_prompt); -+ else -+ retval = read_issue_raw(pamh, fp, &issue_prompt); -+ -+ fclose(fp); -+ -+ if (retval != PAM_SUCCESS) -+ goto out; -+ -+ { -+ size_t size = strlen(issue_prompt) + strlen(cur_prompt) + 1; -+ char *new_prompt = realloc(issue_prompt, size); -+ -+ if (new_prompt == NULL) { -+ pam_syslog(pamh, LOG_CRIT, "out of memory"); -+ retval = PAM_BUF_ERR; -+ goto out; -+ } -+ issue_prompt = new_prompt; -+ } -+ -+ strcat(issue_prompt, cur_prompt); -+ retval = pam_set_item(pamh, PAM_USER_PROMPT, -+ (const void *) issue_prompt); -+ out: -+ _pam_drop(issue_prompt); -+ return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; -+} -+ -+int -+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, -+ int argc UNUSED, const char **argv UNUSED) -+{ -+ return PAM_IGNORE; -+} -diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c -index 92e4953b..df9804b9 100644 ---- a/modules/pam_keyinit/pam_keyinit.c -+++ b/modules/pam_keyinit/pam_keyinit.c -@@ -21,6 +21,7 @@ - #include - #include - #include -+#include - - #define KEY_SPEC_SESSION_KEYRING -3 /* ID for session keyring */ - #define KEY_SPEC_USER_KEYRING -4 /* ID for UID-specific keyring */ -@@ -31,12 +32,12 @@ - #define KEYCTL_REVOKE 3 /* revoke a key */ - #define KEYCTL_LINK 8 /* link a key into a keyring */ - --static int my_session_keyring = 0; --static int session_counter = 0; --static int do_revoke = 0; --static uid_t revoke_as_uid; --static gid_t revoke_as_gid; --static int xdebug = 0; -+static _Thread_local int my_session_keyring = 0; -+static _Atomic int session_counter = 0; -+static _Thread_local int do_revoke = 0; -+static _Thread_local uid_t revoke_as_uid; -+static _Thread_local gid_t revoke_as_gid; -+static _Thread_local int xdebug = 0; - - static void debug(pam_handle_t *pamh, const char *fmt, ...) - __attribute__((format(printf, 2, 3))); -@@ -64,6 +65,33 @@ static void error(pam_handle_t *pamh, const char *fmt, ...) - va_end(va); - } - -+static int pam_setreuid(uid_t ruid, uid_t euid) -+{ -+#if defined(SYS_setreuid32) -+ return syscall(SYS_setreuid32, ruid, euid); -+#else -+ return syscall(SYS_setreuid, ruid, euid); -+#endif -+} -+ -+static int pam_setregid(gid_t rgid, gid_t egid) -+{ -+#if defined(SYS_setregid32) -+ return syscall(SYS_setregid32, rgid, egid); -+#else -+ return syscall(SYS_setregid, rgid, egid); -+#endif -+} -+ -+static int pam_setresuid(uid_t ruid, uid_t euid, uid_t suid) -+{ -+#if defined(SYS_setresuid32) -+ return syscall(SYS_setresuid32, ruid, euid, suid); -+#else -+ return syscall(SYS_setresuid, ruid, euid, suid); -+#endif -+} -+ - /* - * initialise the session keyring for this process - */ -@@ -140,14 +168,14 @@ static int kill_keyrings(pam_handle_t *pamh, int error_ret) - - /* switch to the real UID and GID so that we have permission to - * revoke the key */ -- if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0) { -+ if (revoke_as_gid != old_gid && pam_setregid(-1, revoke_as_gid) < 0) { - error(pamh, "Unable to change GID to %d temporarily\n", revoke_as_gid); - return error_ret; - } - -- if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0) { -+ if (revoke_as_uid != old_uid && pam_setresuid(-1, revoke_as_uid, old_uid) < 0) { - error(pamh, "Unable to change UID to %d temporarily\n", revoke_as_uid); -- if (getegid() != old_gid && setregid(-1, old_gid) < 0) -+ if (getegid() != old_gid && pam_setregid(-1, old_gid) < 0) - error(pamh, "Unable to change GID back to %d\n", old_gid); - return error_ret; - } -@@ -157,12 +185,12 @@ static int kill_keyrings(pam_handle_t *pamh, int error_ret) - } - - /* return to the original UID and GID (probably root) */ -- if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0) { -+ if (revoke_as_uid != old_uid && pam_setreuid(-1, old_uid) < 0) { - error(pamh, "Unable to change UID back to %d\n", old_uid); - ret = error_ret; - } - -- if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0) { -+ if (revoke_as_gid != old_gid && pam_setregid(-1, old_gid) < 0) { - error(pamh, "Unable to change GID back to %d\n", old_gid); - ret = error_ret; - } -@@ -215,14 +243,14 @@ static int do_keyinit(pam_handle_t *pamh, int argc, const char **argv, int error - - /* switch to the real UID and GID so that the keyring ends up owned by - * the right user */ -- if (gid != old_gid && setregid(gid, -1) < 0) { -+ if (gid != old_gid && pam_setregid(gid, -1) < 0) { - error(pamh, "Unable to change GID to %d temporarily\n", gid); - return error_ret; - } - -- if (uid != old_uid && setreuid(uid, -1) < 0) { -+ if (uid != old_uid && pam_setreuid(uid, -1) < 0) { - error(pamh, "Unable to change UID to %d temporarily\n", uid); -- if (setregid(old_gid, -1) < 0) -+ if (pam_setregid(old_gid, -1) < 0) - error(pamh, "Unable to change GID back to %d\n", old_gid); - return error_ret; - } -@@ -230,12 +258,12 @@ static int do_keyinit(pam_handle_t *pamh, int argc, const char **argv, int error - ret = init_keyrings(pamh, force, error_ret); - - /* return to the original UID and GID (probably root) */ -- if (uid != old_uid && setreuid(old_uid, -1) < 0) { -+ if (uid != old_uid && pam_setreuid(old_uid, -1) < 0) { - error(pamh, "Unable to change UID back to %d\n", old_uid); - ret = error_ret; - } - -- if (gid != old_gid && setregid(old_gid, -1) < 0) { -+ if (gid != old_gid && pam_setregid(old_gid, -1) < 0) { - error(pamh, "Unable to change GID back to %d\n", old_gid); - ret = error_ret; - } -diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c -index abd048df..797a61ce 100644 ---- a/modules/pam_lastlog/pam_lastlog.c -+++ b/modules/pam_lastlog/pam_lastlog.c -@@ -57,14 +57,13 @@ struct lastlog { - # define PATH_LOGIN_DEFS "/etc/login.defs" - #endif - --/* XXX - time before ignoring lock. Is 1 sec enough? */ --#define LASTLOG_IGNORE_LOCK_TIME 1 -- - #define DEFAULT_HOST "" /* "[no.where]" */ - #define DEFAULT_TERM "" /* "tt???" */ - - #define DEFAULT_INACTIVE_DAYS 90 - #define MAX_INACTIVE_DAYS 100000 -+#define LOCK_RETRIES 3 /* number of file lock retries */ -+#define LOCK_RETRY_DELAY 1 /* seconds to wait between lock attempts */ - - #include - #include -@@ -266,6 +265,7 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t - { - struct flock last_lock; - struct lastlog last_login; -+ int lock_retries = LOCK_RETRIES; - int retval = PAM_SUCCESS; - char the_time[256]; - char *date = NULL; -@@ -278,11 +278,19 @@ last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t - last_lock.l_start = sizeof(last_login) * (off_t) uid; - last_lock.l_len = sizeof(last_login); - -- if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { -+ while (fcntl(last_fd, F_SETLK, &last_lock) < 0) { -+ if (0 == --lock_retries) { -+ /* read lock failed, proceed anyway to avoid possible DoS */ -+ D(("locking %s failed", _PATH_LASTLOG)); -+ pam_syslog(pamh, LOG_INFO, -+ "file %s is locked/read, proceeding anyway", -+ _PATH_LASTLOG); -+ break; -+ } - D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); -- pam_syslog(pamh, LOG_WARNING, -- "file %s is locked/read", _PATH_LASTLOG); -- sleep(LASTLOG_IGNORE_LOCK_TIME); -+ pam_syslog(pamh, LOG_INFO, -+ "file %s is locked/read, retrying", _PATH_LASTLOG); -+ sleep(LOCK_RETRY_DELAY); - } - - if (pam_modutil_read(last_fd, (char *) &last_login, -@@ -380,6 +388,7 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, - int setrlimit_res; - struct flock last_lock; - struct lastlog last_login; -+ int lock_retries = LOCK_RETRIES; - time_t ll_time; - const void *void_remote_host = NULL; - const char *remote_host; -@@ -426,10 +435,17 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd, - last_lock.l_start = sizeof(last_login) * (off_t) uid; - last_lock.l_len = sizeof(last_login); - -- if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { -+ while (fcntl(last_fd, F_SETLK, &last_lock) < 0) { -+ if (0 == --lock_retries) { -+ D(("locking %s failed", _PATH_LASTLOG)); -+ pam_syslog(pamh, LOG_ERR, -+ "file %s is locked/write", _PATH_LASTLOG); -+ return PAM_SERVICE_ERR; -+ } - D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); -- pam_syslog(pamh, LOG_WARNING, "file %s is locked/write", _PATH_LASTLOG); -- sleep(LASTLOG_IGNORE_LOCK_TIME); -+ pam_syslog(pamh, LOG_INFO, -+ "file %s is locked/write, retrying", _PATH_LASTLOG); -+ sleep(LOCK_RETRY_DELAY); - } - - /* -@@ -573,12 +589,12 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt - time_t lf_time; - - lf_time = utuser.ut_tv.tv_sec; -- tm = localtime_r (&lf_time, &tm_buf); -- strftime (the_time, sizeof (the_time), -- /* TRANSLATORS: "strftime options for date of last login" */ -- _(" %a %b %e %H:%M:%S %Z %Y"), tm); -- -- date = the_time; -+ if ((tm = localtime_r (&lf_time, &tm_buf)) != NULL) { -+ strftime (the_time, sizeof (the_time), -+ /* TRANSLATORS: "strftime options for date of last login" */ -+ _(" %a %b %e %H:%M:%S %Z %Y"), tm); -+ date = the_time; -+ } - } - - /* we want & have the host? */ -diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am -index 911b07b3..9ae1794d 100644 ---- a/modules/pam_limits/Makefile.am -+++ b/modules/pam_limits/Makefile.am -@@ -19,8 +19,8 @@ secureconfdir = $(SCONFIGDIR) - limits_conf_dir = $(SCONFIGDIR)/limits.d - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \ -- -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" $(WARN_CFLAGS) -+ -DLIMITS_FILE_DIR=\"$(limits_conf_dir)\" \ -+ $(WARN_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml -index bc46cbf4..422924fe 100644 ---- a/modules/pam_limits/pam_limits.8.xml -+++ b/modules/pam_limits/pam_limits.8.xml -@@ -48,7 +48,7 @@ - obtained in a user-session. Users of uid=0 are affected - by this limits, too. - -- -+ - By default limits are taken from the /etc/security/limits.conf - config file. Then individual *.conf files from the /etc/security/limits.d/ - directory are read. The files are parsed one after another in the order of "C" locale. -@@ -57,6 +57,23 @@ - If a config file is explicitly specified with a module option then the - files in the above directory are not parsed. - -+ -+ By default limits are taken from the /etc/security/limits.conf -+ config file or, if that one is not present, the file -+ %vendordir%/security/limits.conf. -+ Then individual *.conf files from the -+ /etc/security/limits.d/ and -+ %vendordir%/security/limits.d directories are read. -+ If /etc/security/limits.d/@filename@.conf exists, then -+ %vendordir%/security/limits.d/@filename@.conf will not be used. -+ All limits.d/*.conf files are sorted by their -+ @filename@.conf in lexicographic order regardless of which -+ of the directories they reside in. -+ The effect of the individual files is the same as if all the files were -+ concatenated together in the order of parsing. -+ If a config file is explicitly specified with the -+ option the files in the above directories are not parsed. -+ - - The module must not be called by a multithreaded application. - -@@ -211,6 +228,13 @@ - Default configuration file - - -+ -+ %vendordir%/security/limits.conf -+ -+ Default configuration file if -+ /etc/security/limits.conf does not exist. -+ -+ - - - -diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 7cc45d77..f9489dbe 100644 ---- a/modules/pam_limits/pam_limits.c -+++ b/modules/pam_limits/pam_limits.c -@@ -47,6 +47,10 @@ - #include - #endif - -+#ifndef PR_SET_NO_NEW_PRIVS -+# define PR_SET_NO_NEW_PRIVS 38 /* from */ -+#endif -+ - /* Module defines */ - #define LINE_LENGTH 1024 - -@@ -119,9 +123,14 @@ struct pam_limit_s { - #define PAM_SET_ALL 0x0010 - - /* Limits from globbed files. */ --#define LIMITS_CONF_GLOB LIMITS_FILE_DIR -+#define LIMITS_CONF_GLOB (LIMITS_FILE_DIR "/*.conf") -+ -+#define LIMITS_FILE (SCONFIGDIR "/limits.conf") - --#define CONF_FILE (pl->conf_file != NULL)?pl->conf_file:LIMITS_FILE -+#ifdef VENDOR_SCONFIGDIR -+#define VENDOR_LIMITS_FILE (VENDOR_SCONFIGDIR "/limits.conf") -+#define VENDOR_LIMITS_CONF_GLOB (VENDOR_SCONFIGDIR "/limits.d/*.conf") -+#endif - - static int - _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, -@@ -806,18 +815,22 @@ parse_uid_range(pam_handle_t *pamh, const char *domain, - - static int - parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, -- int ctrl, struct pam_limit_s *pl) -+ int ctrl, struct pam_limit_s *pl, const int conf_file_set_by_user) - { - FILE *fil; - char buf[LINE_LENGTH]; - -- /* check for the LIMITS_FILE */ -+ /* check for the conf_file */ - if (ctrl & PAM_DEBUG_ARG) -- pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); -- fil = fopen(CONF_FILE, "r"); -+ pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", pl->conf_file); -+ fil = fopen(pl->conf_file, "r"); - if (fil == NULL) { -- pam_syslog (pamh, LOG_WARNING, -- "cannot read settings from %s: %m", CONF_FILE); -+ if (errno == ENOENT && !conf_file_set_by_user) -+ return PAM_SUCCESS; /* file is not there and it has not been set by the conf= argument */ -+ -+ pam_syslog(pamh, LOG_WARNING, -+ "cannot read settings from %s: %s", pl->conf_file, -+ strerror(errno)); - return PAM_SERVICE_ERR; - } - -@@ -1074,33 +1087,132 @@ static int setup_limits(pam_handle_t *pamh, - return retval; - } - -+/* --- evaluting all files in VENDORDIR/security/limits.d and /etc/security/limits.d --- */ -+static const char * -+base_name(const char *path) -+{ -+ const char *base = strrchr(path, '/'); -+ return base ? base+1 : path; -+} -+ -+static int -+compare_filename(const void *a, const void *b) -+{ -+ return strcmp(base_name(* (const char * const *) a), -+ base_name(* (const char * const *) b)); -+} -+ -+/* Evaluating a list of files which have to be parsed in the right order: -+ * -+ * - If etc/security/limits.d/@filename@.conf exists, then -+ * %vendordir%/security/limits.d/@filename@.conf should not be used. -+ * - All files in both limits.d directories are sorted by their @filename@.conf in -+ * lexicographic order regardless of which of the directories they reside in. */ -+static char ** -+read_limits_dir(pam_handle_t *pamh) -+{ -+ glob_t globbuf; -+ size_t i=0; -+ int glob_rv = glob(LIMITS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf); -+ char **file_list; -+ size_t file_list_size = glob_rv == 0 ? globbuf.gl_pathc : 0; -+ -+#ifdef VENDOR_LIMITS_CONF_GLOB -+ glob_t globbuf_vendor; -+ int glob_rv_vendor = glob(VENDOR_LIMITS_CONF_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf_vendor); -+ if (glob_rv_vendor == 0) -+ file_list_size += globbuf_vendor.gl_pathc; -+#endif -+ file_list = malloc((file_list_size + 1) * sizeof(char*)); -+ if (file_list == NULL) { -+ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for file list: %m"); -+#ifdef VENDOR_ACCESS_CONF_GLOB -+ if (glob_rv_vendor == 0) -+ globfree(&globbuf_vendor); -+#endif -+ if (glob_rv == 0) -+ globfree(&globbuf); -+ return NULL; -+ } -+ -+ if (glob_rv == 0) { -+ for (i = 0; i < globbuf.gl_pathc; i++) { -+ file_list[i] = strdup(globbuf.gl_pathv[i]); -+ if (file_list[i] == NULL) { -+ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); -+ break; -+ } -+ } -+ } -+#ifdef VENDOR_LIMITS_CONF_GLOB -+ if (glob_rv_vendor == 0) { -+ for (size_t j = 0; j < globbuf_vendor.gl_pathc; j++) { -+ if (glob_rv == 0 && globbuf.gl_pathc > 0) { -+ int double_found = 0; -+ for (size_t k = 0; k < globbuf.gl_pathc; k++) { -+ if (strcmp(base_name(globbuf.gl_pathv[k]), -+ base_name(globbuf_vendor.gl_pathv[j])) == 0) { -+ double_found = 1; -+ break; -+ } -+ } -+ if (double_found) -+ continue; -+ } -+ file_list[i] = strdup(globbuf_vendor.gl_pathv[j]); -+ if (file_list[i] == NULL) { -+ pam_syslog(pamh, LOG_ERR, "strdup failed: %m"); -+ break; -+ } -+ i++; -+ } -+ globfree(&globbuf_vendor); -+ } -+#endif -+ file_list[i] = NULL; -+ qsort(file_list, i, sizeof(char *), compare_filename); -+ if (glob_rv == 0) -+ globfree(&globbuf); -+ -+ return file_list; -+} -+ - /* now the session stuff */ - int - pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -- int retval; -- int i; -- int glob_rc; -+ int retval, i; - char *user_name; - struct passwd *pwd; - int ctrl; - struct pam_limit_s plstruct; - struct pam_limit_s *pl = &plstruct; -- glob_t globbuf; -- const char *oldlocale; - - D(("called.")); - - memset(pl, 0, sizeof(*pl)); -- memset(&globbuf, 0, sizeof(globbuf)); - - ctrl = _pam_parse(pamh, argc, argv, pl); - retval = pam_get_item( pamh, PAM_USER, (void*) &user_name ); - if ( user_name == NULL || retval != PAM_SUCCESS ) { - pam_syslog(pamh, LOG_ERR, "open_session - error recovering username"); - return PAM_SESSION_ERR; -- } -+ } -+ -+ int conf_file_set_by_user = (pl->conf_file != NULL); -+ if (pl->conf_file == NULL) { -+ pl->conf_file = LIMITS_FILE; -+#ifdef VENDOR_LIMITS_FILE -+ /* -+ * Check whether LIMITS_FILE file is available. -+ * If it does not exist, fall back to VENDOR_LIMITS_FILE file. -+ */ -+ struct stat buffer; -+ if (stat(pl->conf_file, &buffer) != 0 && errno == ENOENT) -+ pl->conf_file = VENDOR_LIMITS_FILE; -+#endif -+ } - - pwd = pam_modutil_getpwnam(pamh, user_name); - if (!pwd) { -@@ -1116,46 +1228,39 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - return PAM_ABORT; - } - -- retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); -+ retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, -+ ctrl, pl, conf_file_set_by_user); - if (retval == PAM_IGNORE) { -- D(("the configuration file ('%s') has an applicable ' -' entry", CONF_FILE)); -+ D(("the configuration file ('%s') has an applicable ' -' entry", pl->conf_file)); - return PAM_SUCCESS; - } -- if (retval != PAM_SUCCESS || pl->conf_file != NULL) -+ if (retval != PAM_SUCCESS || conf_file_set_by_user) - /* skip reading limits.d if config file explicitly specified */ - goto out; - - /* Read subsequent *.conf files, if they exist. */ -- -- /* set the LC_COLLATE so the sorting order doesn't depend -- on system locale */ -- -- oldlocale = setlocale(LC_COLLATE, "C"); -- glob_rc = glob(LIMITS_CONF_GLOB, GLOB_ERR, NULL, &globbuf); -- -- if (oldlocale != NULL) -- setlocale (LC_COLLATE, oldlocale); -- -- if (!glob_rc) { -- /* Parse the *.conf files. */ -- for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { -- pl->conf_file = globbuf.gl_pathv[i]; -- retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); -- if (retval == PAM_IGNORE) { -- D(("the configuration file ('%s') has an applicable ' -' entry", pl->conf_file)); -- globfree(&globbuf); -- return PAM_SUCCESS; -- } -- if (retval != PAM_SUCCESS) -- goto out; -+ char **filename_list = read_limits_dir(pamh); -+ if (filename_list != NULL) { -+ for (i = 0; filename_list[i] != NULL; i++) { -+ pl->conf_file = filename_list[i]; -+ retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl, 0); -+ if (retval != PAM_SUCCESS) -+ break; - } -+ for (i = 0; filename_list[i] != NULL; i++) -+ free(filename_list[i]); -+ free(filename_list); -+ } -+ -+ if (retval == PAM_IGNORE) { -+ D(("the configuration file ('%s') has an applicable ' -' entry", pl->conf_file)); -+ return PAM_SUCCESS; - } - - out: -- globfree(&globbuf); - if (retval != PAM_SUCCESS) - { -- pam_syslog(pamh, LOG_ERR, "error parsing the configuration file: '%s' ",CONF_FILE); -+ pam_syslog(pamh, LOG_ERR, "error parsing the configuration file: '%s' ", pl->conf_file); - return retval; - } - -diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c -index 17383c7b..7eb94fc7 100644 ---- a/modules/pam_mail/pam_mail.c -+++ b/modules/pam_mail/pam_mail.c -@@ -286,7 +286,7 @@ report_mail(pam_handle_t *pamh, int ctrl, int type, const char *folder) - switch (type) - { - case HAVE_NO_MAIL: -- retval = pam_info (pamh, "%s", _("You have no mail.")); -+ retval = pam_info (pamh, "%s", _("You do not have any new mail.")); - break; - case HAVE_NEW_MAIL: - retval = pam_info (pamh, "%s", _("You have new mail.")); -diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c -index 48e578fa..6ddcd5a8 100644 ---- a/modules/pam_mkhomedir/pam_mkhomedir.c -+++ b/modules/pam_mkhomedir/pam_mkhomedir.c -@@ -125,15 +125,6 @@ create_homedir (pam_handle_t *pamh, options_t *opt, - - D(("called.")); - -- /* -- * This code arranges that the demise of the child does not cause -- * the application to receive a signal it is not expecting - which -- * may kill the application or worse. -- */ -- memset(&newsa, '\0', sizeof(newsa)); -- newsa.sa_handler = SIG_DFL; -- sigaction(SIGCHLD, &newsa, &oldsa); -- - if (opt->ctrl & MKHOMEDIR_DEBUG) { - pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); - } -@@ -153,6 +144,15 @@ create_homedir (pam_handle_t *pamh, options_t *opt, - login_homemode = _pam_conv_str_umask_to_homemode(opt->umask); - } - -+ /* -+ * This code arranges that the demise of the child does not cause -+ * the application to receive a signal it is not expecting - which -+ * may kill the application or worse. -+ */ -+ memset(&newsa, '\0', sizeof(newsa)); -+ newsa.sa_handler = SIG_DFL; -+ sigaction(SIGCHLD, &newsa, &oldsa); -+ - /* fork */ - child = fork(); - if (child == 0) { -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index 6ac8cba2..5ca486e4 100644 ---- a/modules/pam_motd/pam_motd.c -+++ b/modules/pam_motd/pam_motd.c -@@ -166,11 +166,6 @@ static int compare_strings(const void *a, const void *b) - } - } - --static int filter_dirents(const struct dirent *d) --{ -- return (d->d_type == DT_REG || d->d_type == DT_LNK); --} -- - static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - char **motd_dir_path_split, unsigned int num_motd_dirs, int report_missing) - { -@@ -199,8 +194,7 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - - for (i = 0; i < num_motd_dirs; i++) { - int rv; -- rv = scandir(motd_dir_path_split[i], &(dirscans[i]), -- filter_dirents, alphasort); -+ rv = scandir(motd_dir_path_split[i], &(dirscans[i]), NULL, NULL); - if (rv < 0) { - if (errno != ENOENT || report_missing) { - pam_syslog(pamh, LOG_ERR, "error scanning directory %s: %m", -@@ -215,6 +209,41 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - if (dirscans_size_total == 0) - goto out; - -+ /* filter out unwanted names, directories, and complement data with lstat() */ -+ for (i = 0; i < num_motd_dirs; i++) { -+ struct dirent **d = dirscans[i]; -+ for (unsigned int j = 0; j < dirscans_sizes[i]; j++) { -+ int rc; -+ char *fullpath; -+ struct stat s; -+ -+ switch(d[j]->d_type) { /* the filetype determines how to proceed */ -+ case DT_REG: /* regular files and */ -+ case DT_LNK: /* symlinks */ -+ continue; /* are good. */ -+ case DT_UNKNOWN: /* for file systems that do not provide */ -+ /* a filetype, we use lstat() */ -+ if (join_dir_strings(&fullpath, motd_dir_path_split[i], -+ d[j]->d_name) <= 0) -+ break; -+ rc = lstat(fullpath, &s); -+ _pam_drop(fullpath); /* free the memory alloc'ed by join_dir_strings */ -+ if (rc != 0) /* if the lstat() somehow failed */ -+ break; -+ -+ if (S_ISREG(s.st_mode) || /* regular files and */ -+ S_ISLNK(s.st_mode)) continue; /* symlinks are good */ -+ break; -+ case DT_DIR: /* We don't want directories */ -+ default: /* nor anything else */ -+ break; -+ } -+ _pam_drop(d[j]); /* free memory */ -+ d[j] = NULL; /* indicate this one was dropped */ -+ dirscans_size_total--; -+ } -+ } -+ - /* Allocate space for all file names found in the directories, including duplicates. */ - if ((dirnames_all = calloc(dirscans_size_total, sizeof(*dirnames_all))) == NULL) { - pam_syslog(pamh, LOG_CRIT, "failed to allocate dirname array"); -@@ -225,8 +254,10 @@ static void try_to_display_directories_with_overrides(pam_handle_t *pamh, - unsigned int j; - - for (j = 0; j < dirscans_sizes[i]; j++) { -- dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -- i_dirnames++; -+ if (NULL != dirscans[i][j]) { -+ dirnames_all[i_dirnames] = dirscans[i][j]->d_name; -+ i_dirnames++; -+ } - } - } - -diff --git a/modules/pam_namespace/Makefile.am b/modules/pam_namespace/Makefile.am -index 47cc38e1..33375857 100644 ---- a/modules/pam_namespace/Makefile.am -+++ b/modules/pam_namespace/Makefile.am -@@ -21,7 +21,7 @@ namespaceddir = $(SCONFIGDIR)/namespace.d - servicedir = $(systemdunitdir) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" $(WARN_CFLAGS) -+ $(WARN_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -diff --git a/modules/pam_namespace/namespace.conf.5.xml b/modules/pam_namespace/namespace.conf.5.xml -index a94b49e2..67f8c043 100644 ---- a/modules/pam_namespace/namespace.conf.5.xml -+++ b/modules/pam_namespace/namespace.conf.5.xml -@@ -30,13 +30,29 @@ - directory path and the instance directory path as its arguments. - - -- -+ - The /etc/security/namespace.conf file specifies - which directories are polyinstantiated, how they are polyinstantiated, - how instance directories would be named, and any users for whom - polyinstantiation would not be performed. - - -+ -+ The /etc/security/namespace.conf file -+ ( or %vendordir%/security/namespace.conf if it does -+ not exist) specifies which directories are polyinstantiated, how they are -+ polyinstantiated, how instance directories would be named, and any users -+ for whom polyinstantiation would not be performed. -+ Then individual *.conf files from the -+ /etc/security/namespace.d/ and -+ %vendordir%/security/namespace.d directories are taken too. -+ If /etc/security/namespace.d/@filename@.conf exists, then -+ %vendordir%/security/namespace.d/@filename@.conf will not be used. -+ All namespace.d/*.conf files are sorted by their -+ @filename@.conf in lexicographic order regardless of which -+ of the directories they reside in. -+ -+ - - When someone logs in, the file namespace.conf is - scanned. Comments are marked by # characters. -diff --git a/modules/pam_namespace/pam_namespace.8.xml b/modules/pam_namespace/pam_namespace.8.xml -index 57c44c4b..ddaa00b4 100644 ---- a/modules/pam_namespace/pam_namespace.8.xml -+++ b/modules/pam_namespace/pam_namespace.8.xml -@@ -74,6 +74,12 @@ - and the user name as its arguments. - - -+ -+ If /etc/security/namespace.init does not exist, -+ %vendordir%/security/namespace.init is the -+ alternative to be used for it. -+ -+ - - The pam_namespace module disassociates the session namespace from - the parent namespace. Any mounts/unmounts performed in the parent -@@ -313,6 +319,14 @@ - - - -+ -+ %vendordir%/security/namespace.conf -+ -+ Default configuration file if -+ /etc/security/namespace.conf does not exist. -+ -+ -+ - - /etc/security/namespace.d - -@@ -320,12 +334,28 @@ - - - -+ -+ %vendordir%/security/namespace.d -+ -+ Directory for additional vendor specific configuration files. -+ -+ -+ - - /etc/security/namespace.init - - Init script for instance directories - - -+ -+ -+ %vendordir%/security/namespace.init -+ -+ Vendor init script for instance directories if -+ /etc/security/namespace.init does not exist. -+ -+ -+ - - - -diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c -index 4d4188d0..f34ce934 100644 ---- a/modules/pam_namespace/pam_namespace.c -+++ b/modules/pam_namespace/pam_namespace.c -@@ -39,6 +39,94 @@ - #include "pam_namespace.h" - #include "argv_parse.h" - -+/* --- evaluting all files in VENDORDIR/security/namespace.d and /etc/security/namespace.d --- */ -+static const char *base_name(const char *path) -+{ -+ const char *base = strrchr(path, '/'); -+ return base ? base+1 : path; -+} -+ -+static int -+compare_filename(const void *a, const void *b) -+{ -+ return strcmp(base_name(* (char * const *) a), -+ base_name(* (char * const *) b)); -+} -+ -+/* Evaluating a list of files which have to be parsed in the right order: -+ * -+ * - If etc/security/namespace.d/@filename@.conf exists, then -+ * %vendordir%/security/namespace.d/@filename@.conf should not be used. -+ * - All files in both namespace.d directories are sorted by their @filename@.conf in -+ * lexicographic order regardless of which of the directories they reside in. */ -+static char **read_namespace_dir(struct instance_data *idata) -+{ -+ glob_t globbuf; -+ size_t i=0; -+ int glob_rv = glob(NAMESPACE_D_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf); -+ char **file_list; -+ size_t file_list_size = glob_rv == 0 ? globbuf.gl_pathc : 0; -+ -+#ifdef VENDOR_NAMESPACE_D_GLOB -+ glob_t globbuf_vendor; -+ int glob_rv_vendor = glob(VENDOR_NAMESPACE_D_GLOB, GLOB_ERR | GLOB_NOSORT, NULL, &globbuf_vendor); -+ if (glob_rv_vendor == 0) -+ file_list_size += globbuf_vendor.gl_pathc; -+#endif -+ file_list = malloc((file_list_size + 1) * sizeof(char*)); -+ if (file_list == NULL) { -+ pam_syslog(idata->pamh, LOG_ERR, "Cannot allocate memory for file list: %m"); -+#ifdef VENDOR_NAMESPACE_D_GLOB -+ if (glob_rv_vendor == 0) -+ globfree(&globbuf_vendor); -+#endif -+ if (glob_rv == 0) -+ globfree(&globbuf); -+ return NULL; -+ } -+ -+ if (glob_rv == 0) { -+ for (i = 0; i < globbuf.gl_pathc; i++) { -+ file_list[i] = strdup(globbuf.gl_pathv[i]); -+ if (file_list[i] == NULL) { -+ pam_syslog(idata->pamh, LOG_ERR, "strdup failed: %m"); -+ break; -+ } -+ } -+ } -+#ifdef VENDOR_NAMESPACE_D_GLOB -+ if (glob_rv_vendor == 0) { -+ for (size_t j = 0; j < globbuf_vendor.gl_pathc; j++) { -+ if (glob_rv == 0 && globbuf.gl_pathc > 0) { -+ int double_found = 0; -+ for (size_t k = 0; k < globbuf.gl_pathc; k++) { -+ if (strcmp(base_name(globbuf.gl_pathv[k]), -+ base_name(globbuf_vendor.gl_pathv[j])) == 0) { -+ double_found = 1; -+ break; -+ } -+ } -+ if (double_found) -+ continue; -+ } -+ file_list[i] = strdup(globbuf_vendor.gl_pathv[j]); -+ if (file_list[i] == NULL) { -+ pam_syslog(idata->pamh, LOG_ERR, "strdup failed: %m"); -+ break; -+ } -+ i++; -+ } -+ globfree(&globbuf_vendor); -+ } -+#endif -+ file_list[i] = NULL; -+ qsort(file_list, i, sizeof(char *), compare_filename); -+ if (glob_rv == 0) -+ globfree(&globbuf); -+ -+ return file_list; -+} -+ - /* - * Adds an entry for a polyinstantiated directory to the linked list of - * polyinstantiated directories. It is called from process_line() while -@@ -624,8 +712,6 @@ static int parse_config_file(struct instance_data *idata) - char *line; - int retval; - size_t len = 0; -- glob_t globbuf; -- const char *oldlocale; - size_t n; - - /* -@@ -664,13 +750,16 @@ static int parse_config_file(struct instance_data *idata) - * process_line to process each line. - */ - -- memset(&globbuf, '\0', sizeof(globbuf)); -- oldlocale = setlocale(LC_COLLATE, "C"); -- glob(NAMESPACE_D_GLOB, 0, NULL, &globbuf); -- if (oldlocale != NULL) -- setlocale(LC_COLLATE, oldlocale); -- - confname = PAM_NAMESPACE_CONFIG; -+#ifdef VENDOR_PAM_NAMESPACE_CONFIG -+ /* Check whether PAM_NAMESPACE_CONFIG file is available. -+ * If it does not exist, fall back to VENDOR_PAM_NAMESPACE_CONFIG file. */ -+ struct stat buffer; -+ if (stat(confname, &buffer) != 0 && errno == ENOENT) { -+ confname = VENDOR_PAM_NAMESPACE_CONFIG; -+ } -+#endif -+ char **filename_list = read_namespace_dir(idata); - n = 0; - for (;;) { - if (idata->flags & PAMNS_DEBUG) -@@ -680,7 +769,6 @@ static int parse_config_file(struct instance_data *idata) - if (fil == NULL) { - pam_syslog(idata->pamh, LOG_ERR, "Error opening config file %s", - confname); -- globfree(&globbuf); - free(rhome); - free(home); - return PAM_SERVICE_ERR; -@@ -698,7 +786,6 @@ static int parse_config_file(struct instance_data *idata) - "Error processing conf file %s line %s", confname, line); - fclose(fil); - free(line); -- globfree(&globbuf); - free(rhome); - free(home); - return PAM_SERVICE_ERR; -@@ -707,14 +794,18 @@ static int parse_config_file(struct instance_data *idata) - fclose(fil); - free(line); - -- if (n >= globbuf.gl_pathc) -+ if (filename_list == NULL || filename_list[n] == NULL) - break; - -- confname = globbuf.gl_pathv[n]; -- n++; -+ confname = filename_list[n++]; -+ } -+ -+ if (filename_list != NULL) { -+ for (size_t i = 0; filename_list[i] != NULL; i++) -+ free(filename_list[i]); -+ free(filename_list); - } - -- globfree(&globbuf); - free(rhome); - free(home); - -@@ -1250,16 +1341,17 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, - struct instance_data *idata, int newdir) - { - pid_t rc, pid; -- struct sigaction newsa, oldsa; - int status; - const char *init_script = NAMESPACE_INIT_SCRIPT; - -- memset(&newsa, '\0', sizeof(newsa)); -- newsa.sa_handler = SIG_DFL; -- if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { -- pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); -- return PAM_SESSION_ERR; -+#ifdef VENDOR_NAMESPACE_INIT_SCRIPT -+ /* Check whether NAMESPACE_INIT_SCRIPT file is available. -+ * If it does not exist, fall back to VENDOR_NAMESPACE_INIT_SCRIPT file. */ -+ struct stat buffer; -+ if (stat(init_script, &buffer) != 0 && errno == ENOENT) { -+ init_script = VENDOR_NAMESPACE_INIT_SCRIPT; - } -+#endif - - if ((polyptr->flags & POLYDIR_ISCRIPT) && polyptr->init_script) - init_script = polyptr->init_script; -@@ -1269,9 +1361,17 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, - if (idata->flags & PAMNS_DEBUG) - pam_syslog(idata->pamh, LOG_ERR, - "Namespace init script not executable"); -- rc = PAM_SESSION_ERR; -- goto out; -+ return PAM_SESSION_ERR; - } else { -+ struct sigaction newsa, oldsa; -+ -+ memset(&newsa, '\0', sizeof(newsa)); -+ newsa.sa_handler = SIG_DFL; -+ if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { -+ pam_syslog(idata->pamh, LOG_ERR, "failed to reset SIGCHLD handler"); -+ return PAM_SESSION_ERR; -+ } -+ - pid = fork(); - if (pid == 0) { - static char *envp[] = { NULL }; -@@ -1309,13 +1409,13 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, - rc = PAM_SESSION_ERR; - goto out; - } -+ rc = PAM_SUCCESS; -+out: -+ (void) sigaction(SIGCHLD, &oldsa, NULL); -+ return rc; - } - } -- rc = PAM_SUCCESS; --out: -- (void) sigaction(SIGCHLD, &oldsa, NULL); -- -- return rc; -+ return PAM_SUCCESS; - } - - static int create_polydir(struct polydir_s *polyptr, -diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_namespace.h -index b51f2841..0b974ea7 100644 ---- a/modules/pam_namespace/pam_namespace.h -+++ b/modules/pam_namespace/pam_namespace.h -@@ -90,15 +90,17 @@ - /* - * Module defines - */ --#ifndef SECURECONF_DIR --#define SECURECONF_DIR "/etc/security/" -+#define PAM_NAMESPACE_CONFIG (SCONFIGDIR "/namespace.conf") -+#define NAMESPACE_INIT_SCRIPT (SCONFIGDIR "/namespace.init") -+#define NAMESPACE_D_DIR (SCONFIGDIR "/namespace.d/") -+#define NAMESPACE_D_GLOB (SCONFIGDIR "/namespace.d/*.conf") -+#ifdef VENDOR_SCONFIGDIR -+#define VENDOR_NAMESPACE_INIT_SCRIPT (VENDOR_SCONFIGDIR "/namespace.init") -+#define VENDOR_PAM_NAMESPACE_CONFIG (VENDOR_SCONFIGDIR "/namespace.conf") -+#define VENDOR_NAMESPACE_D_DIR (VENDOR_SCONFIGDIR "/namespace.d/") -+#define VENDOR_NAMESPACE_D_GLOB (VENDOR_SCONFIGDIR "/namespace.d/*.conf") - #endif - --#define PAM_NAMESPACE_CONFIG (SECURECONF_DIR "namespace.conf") --#define NAMESPACE_INIT_SCRIPT (SECURECONF_DIR "namespace.init") --#define NAMESPACE_D_DIR (SECURECONF_DIR "namespace.d/") --#define NAMESPACE_D_GLOB (SECURECONF_DIR "namespace.d/*.conf") -- - /* module flags */ - #define PAMNS_DEBUG 0x00000100 /* Running in debug mode */ - #define PAMNS_SELINUX_ENABLED 0x00000400 /* SELinux is enabled */ -diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c -index b7f9bab0..d7f83e0c 100644 ---- a/modules/pam_nologin/pam_nologin.c -+++ b/modules/pam_nologin/pam_nologin.c -@@ -79,7 +79,6 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) - - if (fd >= 0) { - -- char *mtmp=NULL; - int msg_style = PAM_TEXT_INFO; - struct passwd *user_pwd; - struct stat st; -@@ -99,21 +98,25 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) - goto clean_up_fd; - } - -- mtmp = malloc(st.st_size+1); -- if (!mtmp) { -- pam_syslog(pamh, LOG_CRIT, "out of memory"); -- retval = PAM_BUF_ERR; -- goto clean_up_fd; -- } -- -- if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { -- mtmp[st.st_size] = '\0'; -- (void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp); -+ /* Don't print anything if the message is empty, will only -+ disturb the output with empty lines */ -+ if (st.st_size > 0) { -+ char *mtmp = malloc(st.st_size+1); -+ if (!mtmp) { -+ pam_syslog(pamh, LOG_CRIT, "out of memory"); -+ retval = PAM_BUF_ERR; -+ goto clean_up_fd; -+ } -+ -+ if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { -+ mtmp[st.st_size] = '\0'; -+ (void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp); -+ } -+ else -+ retval = PAM_SYSTEM_ERR; -+ -+ free(mtmp); - } -- else -- retval = PAM_SYSTEM_ERR; -- -- free(mtmp); - - clean_up_fd: - -diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am -index 8a4dbcb2..c29a8e11 100644 ---- a/modules/pam_pwhistory/Makefile.am -+++ b/modules/pam_pwhistory/Makefile.am -@@ -26,12 +27,14 @@ if HAVE_VERSIONING - pam_pwhistory_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - --noinst_HEADERS = opasswd.h -+noinst_HEADERS = opasswd.h pwhistory_config.h -+ -+dist_secureconf_DATA = pwhistory.conf - - securelib_LTLIBRARIES = pam_pwhistory.la - pam_pwhistory_la_CFLAGS = $(AM_CFLAGS) - pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ @LIBSELINUX@ --pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c -+pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c pwhistory_config.c - - sbin_PROGRAMS = pwhistory_helper - pwhistory_helper_CFLAGS = $(AM_CFLAGS) -DHELPER_COMPILE=\"pwhistory_helper\" @EXE_CFLAGS@ -diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c -index a6cd3d2a..1d3242ca 100644 ---- a/modules/pam_pwhistory/opasswd.c -+++ b/modules/pam_pwhistory/opasswd.c -@@ -44,6 +44,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -74,8 +75,7 @@ - #define RANDOM_DEVICE "/dev/urandom" - #endif - --#define OLD_PASSWORDS_FILE "/etc/security/opasswd" --#define TMP_PASSWORDS_FILE OLD_PASSWORDS_FILE".tmpXXXXXX" -+#define DEFAULT_OLD_PASSWORDS_FILE SCONFIGDIR "/opasswd" - - #define DEFAULT_BUFLEN 4096 - -@@ -142,7 +142,7 @@ compare_password(const char *newpass, const char *oldpass) - - /* Check, if the new password is already in the opasswd file. */ - PAMH_ARG_DECL(int --check_old_pass, const char *user, const char *newpass, int debug) -+check_old_pass, const char *user, const char *newpass, const char *filename, int debug) - { - int retval = PAM_SUCCESS; - FILE *oldpf; -@@ -156,10 +156,13 @@ check_old_pass, const char *user, const char *newpass, int debug) - return PAM_PWHISTORY_RUN_HELPER; - #endif - -- if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) -+ const char *opasswd_file = -+ (filename != NULL ? filename : DEFAULT_OLD_PASSWORDS_FILE); -+ -+ if ((oldpf = fopen (opasswd_file, "r")) == NULL) - { - if (errno != ENOENT) -- pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", OLD_PASSWORDS_FILE); -+ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", opasswd_file); - return PAM_SUCCESS; - } - -@@ -242,9 +245,8 @@ check_old_pass, const char *user, const char *newpass, int debug) - } - - PAMH_ARG_DECL(int --save_old_pass, const char *user, int howmany, int debug UNUSED) -+save_old_pass, const char *user, int howmany, const char *filename, int debug UNUSED) - { -- char opasswd_tmp[] = TMP_PASSWORDS_FILE; - struct stat opasswd_stat; - FILE *oldpf, *newpf; - int newpf_fd; -@@ -256,6 +258,15 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) - struct passwd *pwd; - const char *oldpass; - -+ /* Define opasswd file and temp file for opasswd */ -+ const char *opasswd_file = -+ (filename != NULL ? filename : DEFAULT_OLD_PASSWORDS_FILE); -+ char opasswd_tmp[PATH_MAX]; -+ -+ if ((size_t) snprintf (opasswd_tmp, sizeof (opasswd_tmp), "%s.tmpXXXXXX", -+ opasswd_file) >= sizeof (opasswd_tmp)) -+ return PAM_BUF_ERR; -+ - pwd = pam_modutil_getpwnam (pamh, user); - if (pwd == NULL) - return PAM_USER_UNKNOWN; -@@ -285,24 +296,22 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) - if (oldpass == NULL || *oldpass == '\0') - return PAM_SUCCESS; - -- if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) -+ if ((oldpf = fopen (opasswd_file, "r")) == NULL) - { - if (errno == ENOENT) - { -- pam_syslog (pamh, LOG_NOTICE, "Creating %s", -- OLD_PASSWORDS_FILE); -+ pam_syslog (pamh, LOG_NOTICE, "Creating %s", opasswd_file); - do_create = 1; - } - else - { -- pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", -- OLD_PASSWORDS_FILE); -+ pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", opasswd_file); - return PAM_AUTHTOK_ERR; - } - } - else if (fstat (fileno (oldpf), &opasswd_stat) < 0) - { -- pam_syslog (pamh, LOG_ERR, "Cannot stat %s: %m", OLD_PASSWORDS_FILE); -+ pam_syslog (pamh, LOG_ERR, "Cannot stat %s: %m", opasswd_file); - fclose (oldpf); - return PAM_AUTHTOK_ERR; - } -@@ -312,7 +321,7 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) - if (newpf_fd == -1) - { - pam_syslog (pamh, LOG_ERR, "Cannot create %s temp file: %m", -- OLD_PASSWORDS_FILE); -+ opasswd_file); - if (oldpf) - fclose (oldpf); - return PAM_AUTHTOK_ERR; -@@ -321,23 +330,19 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) - { - if (fchmod (newpf_fd, S_IRUSR|S_IWUSR) != 0) - pam_syslog (pamh, LOG_ERR, -- "Cannot set permissions of %s temp file: %m", -- OLD_PASSWORDS_FILE); -+ "Cannot set permissions of %s temp file: %m", opasswd_file); - if (fchown (newpf_fd, 0, 0) != 0) - pam_syslog (pamh, LOG_ERR, -- "Cannot set owner/group of %s temp file: %m", -- OLD_PASSWORDS_FILE); -+ "Cannot set owner/group of %s temp file: %m", opasswd_file); - } - else - { - if (fchmod (newpf_fd, opasswd_stat.st_mode) != 0) - pam_syslog (pamh, LOG_ERR, -- "Cannot set permissions of %s temp file: %m", -- OLD_PASSWORDS_FILE); -+ "Cannot set permissions of %s temp file: %m", opasswd_file); - if (fchown (newpf_fd, opasswd_stat.st_uid, opasswd_stat.st_gid) != 0) - pam_syslog (pamh, LOG_ERR, -- "Cannot set owner/group of %s temp file: %m", -- OLD_PASSWORDS_FILE); -+ "Cannot set owner/group of %s temp file: %m", opasswd_file); - } - newpf = fdopen (newpf_fd, "w+"); - if (newpf == NULL) -@@ -550,12 +555,20 @@ save_old_pass, const char *user, int howmany, int debug UNUSED) - goto error_opasswd; - } - -- unlink (OLD_PASSWORDS_FILE".old"); -- if (link (OLD_PASSWORDS_FILE, OLD_PASSWORDS_FILE".old") != 0 && -+ char opasswd_backup[PATH_MAX]; -+ if ((size_t) snprintf (opasswd_backup, sizeof (opasswd_backup), "%s.old", -+ opasswd_file) >= sizeof (opasswd_backup)) -+ { -+ retval = PAM_BUF_ERR; -+ goto error_opasswd; -+ } -+ -+ unlink (opasswd_backup); -+ if (link (opasswd_file, opasswd_backup) != 0 && - errno != ENOENT) - pam_syslog (pamh, LOG_ERR, "Cannot create backup file of %s: %m", -- OLD_PASSWORDS_FILE); -- rename (opasswd_tmp, OLD_PASSWORDS_FILE); -+ opasswd_file); -+ rename (opasswd_tmp, opasswd_file); - error_opasswd: - unlink (opasswd_tmp); - free (buf); -diff --git a/modules/pam_pwhistory/opasswd.h b/modules/pam_pwhistory/opasswd.h -index 3f257288..19a4062c 100644 ---- a/modules/pam_pwhistory/opasswd.h -+++ b/modules/pam_pwhistory/opasswd.h -@@ -57,10 +57,10 @@ void - helper_log_err(int err, const char *format, ...); - #endif - --PAMH_ARG_DECL(int --check_old_pass, const char *user, const char *newpass, int debug); -+PAMH_ARG_DECL(int check_old_pass, const char *user, const char *newpass, -+ const char *filename, int debug); - --PAMH_ARG_DECL(int --save_old_pass, const char *user, int howmany, int debug); -+PAMH_ARG_DECL(int save_old_pass, const char *user, int howmany, -+ const char *filename, int debug); - - #endif /* __OPASSWD_H__ */ -diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c -index ce2c21f5..5a7fb811 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.c -+++ b/modules/pam_pwhistory/pam_pwhistory.c -@@ -63,14 +63,8 @@ - - #include "opasswd.h" - #include "pam_inline.h" -+#include "pwhistory_config.h" - --struct options_t { -- int debug; -- int enforce_for_root; -- int remember; -- int tries; --}; --typedef struct options_t options_t; - - - static void -@@ -104,13 +98,23 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) - options->enforce_for_root = 1; - else if (pam_str_skip_icase_prefix(argv, "authtok_type=") != NULL) - { /* ignore, for pam_get_authtok */; } -+ else if ((str = pam_str_skip_icase_prefix(argv, "file=")) != NULL) -+ { -+ if (*str != '/') -+ { -+ pam_syslog (pamh, LOG_ERR, -+ "pam_pwhistory: file path should be absolute: %s", argv); -+ } -+ else -+ options->filename = str; -+ } - else - pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); - } - - static int - run_save_helper(pam_handle_t *pamh, const char *user, -- int howmany, int debug) -+ int howmany, const char *filename, int debug) - { - int retval, child; - struct sigaction newsa, oldsa; -@@ -123,7 +127,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, - if (child == 0) - { - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; -+ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; - - if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, - PAM_MODUTIL_PIPE_FD, -@@ -137,9 +141,10 @@ run_save_helper(pam_handle_t *pamh, const char *user, - args[0] = (char *)PWHISTORY_HELPER; - args[1] = (char *)"save"; - args[2] = (char *)user; -+ args[3] = (char *)filename; - DIAG_POP_IGNORE_CAST_QUAL; -- if (asprintf(&args[3], "%d", howmany) < 0 || -- asprintf(&args[4], "%d", debug) < 0) -+ if (asprintf(&args[4], "%d", howmany) < 0 || -+ asprintf(&args[5], "%d", debug) < 0) - { - pam_syslog(pamh, LOG_ERR, "asprintf: %m"); - _exit(PAM_SYSTEM_ERR); -@@ -185,7 +190,7 @@ run_save_helper(pam_handle_t *pamh, const char *user, - - static int - run_check_helper(pam_handle_t *pamh, const char *user, -- const char *newpass, int debug) -+ const char *newpass, const char *filename, int debug) - { - int retval, child, fds[2]; - struct sigaction newsa, oldsa; -@@ -202,7 +207,7 @@ run_check_helper(pam_handle_t *pamh, const char *user, - if (child == 0) - { - static char *envp[] = { NULL }; -- char *args[] = { NULL, NULL, NULL, NULL, NULL }; -+ char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; - - /* reopen stdin as pipe */ - if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) -@@ -223,8 +228,9 @@ run_check_helper(pam_handle_t *pamh, const char *user, - args[0] = (char *)PWHISTORY_HELPER; - args[1] = (char *)"check"; - args[2] = (char *)user; -+ args[3] = (char *)filename; - DIAG_POP_IGNORE_CAST_QUAL; -- if (asprintf(&args[3], "%d", debug) < 0) -+ if (asprintf(&args[4], "%d", debug) < 0) - { - pam_syslog(pamh, LOG_ERR, "asprintf: %m"); - _exit(PAM_SYSTEM_ERR); -@@ -299,6 +305,8 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - options.remember = 10; - options.tries = 1; - -+ parse_config_file(pamh, argc, argv, &options); -+ - /* Parse parameters for module */ - for ( ; argc-- > 0; argv++) - parse_option (pamh, *argv, &options); -@@ -306,7 +314,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - if (options.debug) - pam_syslog (pamh, LOG_DEBUG, "pam_sm_chauthtok entered"); - -- - if (options.remember == 0) - return PAM_IGNORE; - -@@ -323,10 +330,10 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - return PAM_SUCCESS; - } - -- retval = save_old_pass (pamh, user, options.remember, options.debug); -+ retval = save_old_pass (pamh, user, options.remember, options.filename, options.debug); - - if (retval == PAM_PWHISTORY_RUN_HELPER) -- retval = run_save_helper(pamh, user, options.remember, options.debug); -+ retval = run_save_helper(pamh, user, options.remember, options.filename, options.debug); - - if (retval != PAM_SUCCESS) - return retval; -@@ -358,9 +365,9 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - if (options.debug) - pam_syslog (pamh, LOG_DEBUG, "check against old password file"); - -- retval = check_old_pass (pamh, user, newpass, options.debug); -+ retval = check_old_pass (pamh, user, newpass, options.filename, options.debug); - if (retval == PAM_PWHISTORY_RUN_HELPER) -- retval = run_check_helper(pamh, user, newpass, options.debug); -+ retval = run_check_helper(pamh, user, newpass, options.filename, options.debug); - - if (retval != PAM_SUCCESS) - { -diff --git a/modules/pam_pwhistory/pwhistory.conf b/modules/pam_pwhistory/pwhistory.conf -new file mode 100644 -index 00000000..070b7197 ---- /dev/null -+++ b/modules/pam_pwhistory/pwhistory.conf -@@ -0,0 +1,21 @@ -+# Configuration for remembering the last passwords used by a user. -+# -+# Enable the debugging logs. -+# Enabled if option is present. -+# debug -+# -+# root account's passwords are also remembered. -+# Enabled if option is present. -+# enforce_for_root -+# -+# Number of passwords to remember. -+# The default is 10. -+# remember = 10 -+# -+# Number of times to prompt for the password. -+# The default is 1. -+# retry = 1 -+# -+# The directory where the last passwords are kept. -+# The default is /etc/security/opasswd. -+# file = /etc/security/opasswd -diff --git a/modules/pam_pwhistory/pwhistory_config.c b/modules/pam_pwhistory/pwhistory_config.c -new file mode 100644 -index 00000000..b21879c6 ---- /dev/null -+++ b/modules/pam_pwhistory/pwhistory_config.c -@@ -0,0 +1,115 @@ -+/* -+ * Copyright (c) 2022 Iker Pedrosa -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include "config.h" -+ -+#include -+#include -+#include -+#include -+ -+#include -+ -+#include "pam_inline.h" -+#include "pwhistory_config.h" -+ -+#define PWHISTORY_DEFAULT_CONF SCONFIGDIR "/pwhistory.conf" -+ -+void -+parse_config_file(pam_handle_t *pamh, int argc, const char **argv, -+ struct options_t *options) -+{ -+ const char *fname = NULL; -+ int i; -+ char *val; -+ -+ for (i = 0; i < argc; ++i) { -+ const char *str = pam_str_skip_prefix(argv[i], "conf="); -+ -+ if (str != NULL) { -+ fname = str; -+ } -+ } -+ -+ if (fname == NULL) { -+ fname = PWHISTORY_DEFAULT_CONF; -+ } -+ -+ val = pam_modutil_search_key (pamh, fname, "debug"); -+ if (val != NULL) { -+ options->debug = 1; -+ free(val); -+ } -+ -+ val = pam_modutil_search_key (pamh, fname, "enforce_for_root"); -+ if (val != NULL) { -+ options->enforce_for_root = 1; -+ free(val); -+ } -+ -+ val = pam_modutil_search_key (pamh, fname, "remember"); -+ if (val != NULL) { -+ unsigned int temp; -+ if (sscanf(val, "%u", &temp) != 1) { -+ pam_syslog(pamh, LOG_ERR, -+ "Bad number supplied for remember argument"); -+ } else { -+ options->remember = temp; -+ } -+ free(val); -+ } -+ -+ val = pam_modutil_search_key (pamh, fname, "retry"); -+ if (val != NULL) { -+ unsigned int temp; -+ if (sscanf(val, "%u", &temp) != 1) { -+ pam_syslog(pamh, LOG_ERR, -+ "Bad number supplied for retry argument"); -+ } else { -+ options->tries = temp; -+ } -+ free(val); -+ } -+ -+ val = pam_modutil_search_key (pamh, fname, "file"); -+ if (val != NULL) { -+ if (*val != '/') { -+ pam_syslog (pamh, LOG_ERR, -+ "File path should be absolute: %s", val); -+ } else { -+ options->filename = val; -+ } -+ } -+} -diff --git a/modules/pam_pwhistory/pwhistory_config.h b/modules/pam_pwhistory/pwhistory_config.h -new file mode 100644 -index 00000000..e2b3bc83 ---- /dev/null -+++ b/modules/pam_pwhistory/pwhistory_config.h -@@ -0,0 +1,54 @@ -+/* -+ * Copyright (c) 2022 Iker Pedrosa -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#ifndef _PWHISTORY_CONFIG_H -+#define _PWHISTORY_CONFIG_H -+ -+#include -+ -+struct options_t { -+ int debug; -+ int enforce_for_root; -+ int remember; -+ int tries; -+ const char *filename; -+}; -+typedef struct options_t options_t; -+ -+void -+parse_config_file(pam_handle_t *pamh, int argc, const char **argv, -+ struct options_t *options); -+ -+#endif /* _PWHISTORY_CONFIG_H */ -diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c -index b08a14a7..7a61ae53 100644 ---- a/modules/pam_pwhistory/pwhistory_helper.c -+++ b/modules/pam_pwhistory/pwhistory_helper.c -@@ -51,7 +51,7 @@ - - - static int --check_history(const char *user, const char *debug) -+check_history(const char *user, const char *filename, const char *debug) - { - char pass[PAM_MAX_RESP_SIZE + 1]; - char *passwords[] = { pass }; -@@ -68,7 +68,7 @@ check_history(const char *user, const char *debug) - return PAM_AUTHTOK_ERR; - } - -- retval = check_old_pass(user, pass, dbg); -+ retval = check_old_pass(user, pass, filename, dbg); - - memset(pass, '\0', PAM_MAX_RESP_SIZE); /* clear memory of the password */ - -@@ -76,13 +76,13 @@ check_history(const char *user, const char *debug) - } - - static int --save_history(const char *user, const char *howmany, const char *debug) -+save_history(const char *user, const char *filename, const char *howmany, const char *debug) - { - int num = atoi(howmany); - int dbg = atoi(debug); /* no need to be too fancy here */ - int retval; - -- retval = save_old_pass(user, num, dbg); -+ retval = save_old_pass(user, num, filename, dbg); - - return retval; - } -@@ -92,13 +92,14 @@ main(int argc, char *argv[]) - { - const char *option; - const char *user; -+ const char *filename; - - /* - * we establish that this program is running with non-tty stdin. - * this is to discourage casual use. - */ - -- if (isatty(STDIN_FILENO) || argc < 4) -+ if (isatty(STDIN_FILENO) || argc < 5) - { - fprintf(stderr, - "This binary is not designed for running in this way.\n"); -@@ -107,11 +108,12 @@ main(int argc, char *argv[]) - - option = argv[1]; - user = argv[2]; -+ filename = argv[3]; - -- if (strcmp(option, "check") == 0 && argc == 4) -- return check_history(user, argv[3]); -- else if (strcmp(option, "save") == 0 && argc == 5) -- return save_history(user, argv[3], argv[4]); -+ if (strcmp(option, "check") == 0 && argc == 5) -+ return check_history(user, filename, argv[4]); -+ else if (strcmp(option, "save") == 0 && argc == 6) -+ return save_history(user, filename, argv[4], argv[5]); - - fprintf(stderr, "This binary is not designed for running in this way.\n"); - -diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c -index dd374c53..9bc15abf 100644 ---- a/modules/pam_rootok/pam_rootok.c -+++ b/modules/pam_rootok/pam_rootok.c -@@ -53,11 +53,10 @@ static int - PAM_FORMAT((printf, 2, 3)) - log_callback (int type UNUSED, const char *fmt, ...) - { -- int audit_fd; - va_list ap; - - #ifdef HAVE_LIBAUDIT -- audit_fd = audit_open(); -+ int audit_fd = audit_open(); - - if (audit_fd >= 0) { - char *buf; -diff --git a/modules/pam_sepermit/Makefile.am b/modules/pam_sepermit/Makefile.am -index 18a89b60..bed3b149 100644 ---- a/modules/pam_sepermit/Makefile.am -+++ b/modules/pam_sepermit/Makefile.am -@@ -13,7 +13,7 @@ dist_man_MANS = pam_sepermit.8 sepermit.conf.5 - endif - XMLS = README.xml pam_sepermit.8.xml sepermit.conf.5.xml - dist_check_SCRIPTS = tst-pam_sepermit --TESTS = $(dist_check_SCRIPTS) -+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) - - securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) -@@ -21,7 +21,6 @@ sepermitlockdir = ${localstatedir}/run/sepermit - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -I$(top_srcdir)/libpam_misc/include \ -- -D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \ - -D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\" $(WARN_CFLAGS) - - pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ -@@ -33,6 +32,9 @@ endif - dist_secureconf_DATA = sepermit.conf - securelib_LTLIBRARIES = pam_sepermit.la - -+check_PROGRAMS = tst-pam_sepermit-retval -+tst_pam_sepermit_retval_LDADD = $(top_builddir)/libpam/libpam.la -+ - install-data-local: - mkdir -p $(DESTDIR)$(sepermitlockdir) - -diff --git a/modules/pam_sepermit/pam_sepermit.8.xml b/modules/pam_sepermit/pam_sepermit.8.xml -index 30d9cc54..5763c346 100644 ---- a/modules/pam_sepermit/pam_sepermit.8.xml -+++ b/modules/pam_sepermit/pam_sepermit.8.xml -@@ -54,7 +54,11 @@ - sepermit.conf5 - for details. - -- -+ -+ If there is no explicitly specified configuration file and -+ /etc/security/sepermit.conf does not exist, -+ %vendordir%/security/sepermit.conf is used. -+ - - - -diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c -index f7d98d5b..5fbc8fdd 100644 ---- a/modules/pam_sepermit/pam_sepermit.c -+++ b/modules/pam_sepermit/pam_sepermit.c -@@ -61,6 +61,12 @@ - - #include - -+#include "pam_inline.h" -+ -+#define SEPERMIT_CONF_FILE (SCONFIGDIR "/sepermit.conf") -+#ifdef VENDOR_SCONFIGDIR -+# define SEPERMIT_VENDOR_CONF_FILE (VENDOR_SCONFIGDIR "/sepermit.conf"); -+#endif - #define MODULE "pam_sepermit" - #define OPT_DELIM ":" - -@@ -370,16 +376,31 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - const char *user = NULL; - char *seuser = NULL; - char *level = NULL; -- const char *cfgfile = SEPERMIT_CONF_FILE; -+ const char *cfgfile = NULL; - - /* Parse arguments. */ - for (i = 0; i < argc; i++) { -+ const char *str; -+ - if (strcmp(argv[i], "debug") == 0) { - debug = 1; -+ } else if ((str = pam_str_skip_prefix(argv[i], "conf=")) != NULL) { -+ cfgfile = str; -+ } else { -+ pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]); - } -- if (strcmp(argv[i], "conf=") == 0) { -- cfgfile = argv[i] + 5; -- } -+ } -+ -+ if (cfgfile == NULL) { -+#ifdef SEPERMIT_VENDOR_CONF_FILE -+ struct stat buffer; -+ -+ cfgfile = SEPERMIT_CONF_FILE; -+ if (stat(cfgfile, &buffer) != 0 && errno == ENOENT) -+ cfgfile = SEPERMIT_VENDOR_CONF_FILE; -+#else -+ cfgfile = SEPERMIT_CONF_FILE; -+#endif - } - - if (debug) -diff --git a/modules/pam_sepermit/tst-pam_sepermit-retval.c b/modules/pam_sepermit/tst-pam_sepermit-retval.c -new file mode 100644 -index 00000000..321bd6d1 ---- /dev/null -+++ b/modules/pam_sepermit/tst-pam_sepermit-retval.c -@@ -0,0 +1,158 @@ -+/* -+ * Check pam_sepermit return values and conf= option. -+ * -+ * Copyright (c) 2020-2022 Dmitry V. Levin -+ */ -+ -+#include "test_assert.h" -+ -+#include -+#include -+#include -+#include -+#include -+ -+#define MODULE_NAME "pam_sepermit" -+#define TEST_NAME "tst-" MODULE_NAME "-retval" -+ -+static const char service_file[] = TEST_NAME ".service"; -+static const char missing_file[] = TEST_NAME ".missing"; -+static const char config_file[] = TEST_NAME ".conf"; -+static struct pam_conv conv; -+ -+int -+main(void) -+{ -+ pam_handle_t *pamh = NULL; -+ FILE *fp; -+ char cwd[PATH_MAX]; -+ -+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); -+ -+ /* PAM_USER_UNKNOWN */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, -+ fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so\n" -+ "account required %s/.libs/%s.so\n" -+ "password required %s/.libs/%s.so\n" -+ "session required %s/.libs/%s.so\n", -+ cwd, MODULE_NAME, -+ cwd, MODULE_NAME, -+ cwd, MODULE_NAME, -+ cwd, MODULE_NAME)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_USER_UNKNOWN, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_USER_UNKNOWN, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ ASSERT_NE(NULL, fp = fopen(config_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "nosuchuser:ignore\n")); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ /* -+ * conf= specifies an existing file, -+ * PAM_IGNORE -> PAM_PERM_DENIED -+ */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, -+ fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so conf=%s\n" -+ "account required %s/.libs/%s.so conf=%s\n" -+ "password required %s/.libs/%s.so conf=%s\n" -+ "session required %s/.libs/%s.so conf=%s\n", -+ cwd, MODULE_NAME, config_file, -+ cwd, MODULE_NAME, config_file, -+ cwd, MODULE_NAME, config_file, -+ cwd, MODULE_NAME, config_file)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ /* -+ * conf= specifies an existing file, -+ * PAM_IGNORE -> PAM_SUCCESS -+ */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, -+ fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so conf=%s\n" -+ "auth required %s/../pam_permit/.libs/pam_permit.so\n" -+ "account required %s/.libs/%s.so conf=%s\n" -+ "account required %s/../pam_permit/.libs/pam_permit.so\n" -+ "password required %s/.libs/%s.so conf=%s\n" -+ "password required %s/../pam_permit/.libs/pam_permit.so\n" -+ "session required %s/.libs/%s.so conf=%s\n" -+ "session required %s/../pam_permit/.libs/pam_permit.so\n", -+ cwd, MODULE_NAME, config_file, cwd, -+ cwd, MODULE_NAME, config_file, cwd, -+ cwd, MODULE_NAME, config_file, cwd, -+ cwd, MODULE_NAME, config_file, cwd)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ /* -+ * conf= specifies a missing file, -+ * PAM_IGNORE -> PAM_PERM_DENIED -+ */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, -+ fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so conf=%s\n" -+ "account required %s/.libs/%s.so conf=%s\n" -+ "password required %s/.libs/%s.so conf=%s\n" -+ "session required %s/.libs/%s.so conf=%s\n", -+ cwd, MODULE_NAME, missing_file, -+ cwd, MODULE_NAME, missing_file, -+ cwd, MODULE_NAME, missing_file, -+ cwd, MODULE_NAME, missing_file)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_SERVICE_ERR, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ /* cleanup */ -+ ASSERT_EQ(0, unlink(config_file)); -+ ASSERT_EQ(0, unlink(service_file)); -+ -+ return 0; -+} -diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am -index b91bada5..3ce3e1d0 100644 ---- a/modules/pam_shells/Makefile.am -+++ b/modules/pam_shells/Makefile.am -@@ -18,14 +18,14 @@ securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- $(WARN_CFLAGS) -+ $(WARN_CFLAGS) $(ECONF_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - - securelib_LTLIBRARIES = pam_shells.la --pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la -+pam_shells_la_LIBADD = $(top_builddir)/libpam/libpam.la $(ECONF_LIBS) - - if ENABLE_REGENERATE_MAN - dist_noinst_DATA = README -diff --git a/modules/pam_shells/pam_shells.8.xml b/modules/pam_shells/pam_shells.8.xml -index 15f47671..73b4855a 100644 ---- a/modules/pam_shells/pam_shells.8.xml -+++ b/modules/pam_shells/pam_shells.8.xml -@@ -29,9 +29,17 @@ - pam_shells is a PAM module that only allows access to the - system if the user's shell is listed in /etc/shells. - -+ -+ -+ If this file does not exist, entries are taken from files -+ %vendordir%/shells, -+ %vendordir%/shells.d/* and -+ /etc/shells.d/* in that order. -+ -+ - -- It also checks if /etc/shells is a plain -- file and not world writable. -+ It also checks if needed files (e.g. /etc/shells) are plain -+ files and not world writable. - - - -diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c -index dc8f4878..abebdd0c 100644 ---- a/modules/pam_shells/pam_shells.c -+++ b/modules/pam_shells/pam_shells.c -@@ -13,27 +13,47 @@ - #include - #include - #include -+#include - #include - #include - #include -+#if defined (USE_ECONF) && defined (VENDORDIR) -+#include -+#endif - - #include - #include - #include - - #define SHELL_FILE "/etc/shells" -- -+#define SHELLS "shells" -+#define ETCDIR "/etc" - #define DEFAULT_SHELL "/bin/sh" - -+static bool check_file(const char *filename, const void *pamh) -+{ -+ struct stat sb; -+ -+ if (stat(filename, &sb)) { -+ pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", filename); -+ return false; /* must have /etc/shells */ -+ } -+ -+ if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) { -+ pam_syslog(pamh, LOG_ERR, -+ "%s is either world writable or not a normal file", -+ filename); -+ return false; -+ } -+ return true; -+} -+ - static int perform_check(pam_handle_t *pamh) - { - int retval = PAM_AUTH_ERR; - const char *userName; - const char *userShell; -- char shellFileLine[256]; -- struct stat sb; - struct passwd * pw; -- FILE * shellFile; - - retval = pam_get_user(pamh, &userName, NULL); - if (retval != PAM_SUCCESS) { -@@ -48,18 +68,50 @@ static int perform_check(pam_handle_t *pamh) - if (userShell[0] == '\0') - userShell = DEFAULT_SHELL; - -- if (stat(SHELL_FILE,&sb)) { -- pam_syslog(pamh, LOG_ERR, "Cannot stat %s: %m", SHELL_FILE); -- return PAM_AUTH_ERR; /* must have /etc/shells */ -+#if defined (USE_ECONF) && defined (VENDORDIR) -+ size_t size = 0; -+ econf_err error; -+ char **keys; -+ econf_file *key_file; -+ -+ error = econf_readDirsWithCallback(&key_file, -+ VENDORDIR, -+ ETCDIR, -+ SHELLS, -+ NULL, -+ "", /* key only */ -+ "#", /* comment */ -+ check_file, pamh); -+ if (error) { -+ pam_syslog(pamh, LOG_ERR, -+ "Cannot parse shell files: %s", -+ econf_errString(error)); -+ return PAM_AUTH_ERR; - } - -- if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) { -+ error = econf_getKeys(key_file, NULL, &size, &keys); -+ if (error) { - pam_syslog(pamh, LOG_ERR, -- "%s is either world writable or not a normal file", -- SHELL_FILE); -+ "Cannot evaluate entries in shell files: %s", -+ econf_errString(error)); -+ econf_free (key_file); - return PAM_AUTH_ERR; - } - -+ retval = 1; -+ for (size_t i = 0; i < size; i++) { -+ retval = strcmp(keys[i], userShell); -+ if (!retval) -+ break; -+ } -+ econf_free (key_file); -+#else -+ char shellFileLine[256]; -+ FILE * shellFile; -+ -+ if (!check_file(SHELL_FILE, pamh)) -+ return PAM_AUTH_ERR; -+ - shellFile = fopen(SHELL_FILE,"r"); - if (shellFile == NULL) { /* Check that we opened it successfully */ - pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SHELL_FILE); -@@ -75,6 +127,7 @@ static int perform_check(pam_handle_t *pamh) - } - - fclose(shellFile); -+ #endif - - if (retval) { - return PAM_AUTH_ERR; -diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am -index 833d51a6..ad53f1cc 100644 ---- a/modules/pam_time/Makefile.am -+++ b/modules/pam_time/Makefile.am -@@ -12,13 +12,13 @@ dist_man_MANS = time.conf.5 pam_time.8 - endif - XMLS = README.xml time.conf.5.xml pam_time.8.xml - dist_check_SCRIPTS = tst-pam_time --TESTS = $(dist_check_SCRIPTS) -+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) - - securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" $(WARN_CFLAGS) -+ $(WARN_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -@@ -28,6 +28,9 @@ pam_time_la_LIBADD = $(top_builddir)/libpam/libpam.la - securelib_LTLIBRARIES = pam_time.la - dist_secureconf_DATA = time.conf - -+check_PROGRAMS = tst-pam_time-retval -+tst_pam_time_retval_LDADD = $(top_builddir)/libpam/libpam.la -+ - if ENABLE_REGENERATE_MAN - dist_noinst_DATA = README - -include $(top_srcdir)/Make.xml.rules -diff --git a/modules/pam_time/pam_time.8.xml b/modules/pam_time/pam_time.8.xml -index 4708220c..a33744ea 100644 ---- a/modules/pam_time/pam_time.8.xml -+++ b/modules/pam_time/pam_time.8.xml -@@ -51,6 +51,11 @@ - /etc/security/time.conf. - An alternative file can be specified with the conffile option. - -+ -+ If there is no explicitly specified configuration file and -+ /etc/security/time.conf does not exist, -+ %vendordir%/security/time.conf is used. -+ - - If Linux PAM is compiled with audit support the module will report - when it denies access. -diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c -index 089ae22d..9092597a 100644 ---- a/modules/pam_time/pam_time.c -+++ b/modules/pam_time/pam_time.c -@@ -33,6 +33,11 @@ - #include - #endif - -+#define PAM_TIME_CONF (SCONFIGDIR "/time.conf") -+#ifdef VENDOR_SCONFIGDIR -+#define VENDOR_PAM_TIME_CONF (VENDOR_SCONFIGDIR "/time.conf") -+#endif -+ - #define PAM_TIME_BUFLEN 1000 - #define FIELD_SEPARATOR ';' /* this is new as of .02 */ - -@@ -53,7 +58,7 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char ** - { - int ctrl = 0; - -- *conffile = PAM_TIME_CONF; -+ *conffile = NULL; - /* step through arguments */ - for (; argc-- > 0; ++argv) { - const char *str; -@@ -77,6 +82,20 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char ** - } - } - -+ if (*conffile == NULL) { -+ *conffile = PAM_TIME_CONF; -+#ifdef VENDOR_PAM_TIME_CONF -+ /* -+ * Check whether PAM_TIME_CONF file is available. -+ * If it does not exist, fall back to VENDOR_PAM_TIME_CONF file. -+ */ -+ struct stat buffer; -+ if (stat(*conffile, &buffer) != 0 && errno == ENOENT) { -+ *conffile = VENDOR_PAM_TIME_CONF; -+ } -+#endif -+ } -+ - return ctrl; - } - -diff --git a/modules/pam_time/tst-pam_time-retval.c b/modules/pam_time/tst-pam_time-retval.c -new file mode 100644 -index 00000000..281ac80d ---- /dev/null -+++ b/modules/pam_time/tst-pam_time-retval.c -@@ -0,0 +1,107 @@ -+/* -+ * Check pam_time return values. -+ * -+ * Copyright (c) 2020-2022 Dmitry V. Levin -+ * Copyright (c) 2022 Stefan Schubert -+ */ -+ -+#include "test_assert.h" -+ -+#include -+#include -+#include -+#include -+#include -+ -+#define MODULE_NAME "pam_time" -+#define TEST_NAME "tst-" MODULE_NAME "-retval" -+ -+static const char service_file[] = TEST_NAME ".service"; -+static const char config_file[] = TEST_NAME ".conf"; -+static struct pam_conv conv; -+ -+int -+main(void) -+{ -+ pam_handle_t *pamh = NULL; -+ FILE *fp; -+ char cwd[PATH_MAX]; -+ -+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd))); -+ -+ /* PAM_USER_UNKNOWN */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, -+ fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so\n" -+ "account required %s/.libs/%s.so\n" -+ "password required %s/.libs/%s.so\n" -+ "session required %s/.libs/%s.so\n", -+ cwd, MODULE_NAME, -+ cwd, MODULE_NAME, -+ cwd, MODULE_NAME, -+ cwd, MODULE_NAME)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_USER_UNKNOWN, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ ASSERT_NE(NULL, fp = fopen(config_file, "w")); -+ ASSERT_LT(0, fprintf(fp, "# only root can access %s\n" -+ "%s ; * ; !root ; !Al0000-2400\n", -+ service_file, service_file)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ /* conffile= specifies an existing file */ -+ ASSERT_NE(NULL, fp = fopen(service_file, "w")); -+ ASSERT_LT(0, -+ fprintf(fp, "#%%PAM-1.0\n" -+ "auth required %s/.libs/%s.so conffile=%s\n" -+ "account required %s/.libs/%s.so conffile=%s\n" -+ "password required %s/.libs/%s.so conffile=%s\n" -+ "session required %s/.libs/%s.so conffile=%s\n", -+ cwd, MODULE_NAME, config_file, -+ cwd, MODULE_NAME, config_file, -+ cwd, MODULE_NAME, config_file, -+ cwd, MODULE_NAME, config_file)); -+ ASSERT_EQ(0, fclose(fp)); -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "root", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ ASSERT_EQ(PAM_SUCCESS, -+ pam_start_confdir(service_file, "noone", &conv, ".", &pamh)); -+ ASSERT_NE(NULL, pamh); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0)); -+ ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0)); -+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0)); -+ pamh = NULL; -+ -+ /* cleanup */ -+ ASSERT_EQ(0, unlink(config_file)); -+ ASSERT_EQ(0, unlink(service_file)); -+ -+ return 0; -+} -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index f2474a5b..c8ab49f3 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -334,7 +334,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, - - #define PW_TMPFILE "/etc/npasswd" - #define SH_TMPFILE "/etc/nshadow" --#define OPW_TMPFILE "/etc/security/nopasswd" -+#define OPW_TMPFILE SCONFIGDIR "/nopasswd" - - /* - * i64c - convert an integer to a radix 64 character -diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h -index c07037d2..463ef185 100644 ---- a/modules/pam_unix/passverify.h -+++ b/modules/pam_unix/passverify.h -@@ -8,7 +8,7 @@ - - #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT - --#define OLD_PASSWORDS_FILE "/etc/security/opasswd" -+#define OLD_PASSWORDS_FILE SCONFIGDIR "/opasswd" - - int - is_pwd_shadowed(const struct passwd *pwd); -diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml -index 7651da6e..d9307ba3 100644 ---- a/modules/pam_usertype/pam_usertype.8.xml -+++ b/modules/pam_usertype/pam_usertype.8.xml -@@ -31,7 +31,7 @@ - pam_usertype.so is designed to succeed or fail authentication - based on type of the account of the authenticated user. - The type of the account is decided with help of -- SYS_UID_MIN and SYS_UID_MAX -+ SYS_UID_MAX - settings in /etc/login.defs. One use is to select - whether to load other modules based on this test. - -diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c -index d03b73b5..cfd9c8bb 100644 ---- a/modules/pam_usertype/pam_usertype.c -+++ b/modules/pam_usertype/pam_usertype.c -@@ -194,7 +194,6 @@ static int - pam_usertype_is_system(pam_handle_t *pamh, uid_t uid) - { - uid_t uid_min; -- uid_t sys_min; - uid_t sys_max; - - if (uid == (uid_t)-1) { -@@ -202,21 +201,19 @@ pam_usertype_is_system(pam_handle_t *pamh, uid_t uid) - return PAM_USER_UNKNOWN; - } - -- if (uid <= 99) { -- /* Reserved. */ -- return PAM_SUCCESS; -- } -- - if (uid == PAM_USERTYPE_OVERFLOW_UID) { - /* nobody */ - return PAM_SUCCESS; - } - - uid_min = pam_usertype_get_id(pamh, "UID_MIN", PAM_USERTYPE_UIDMIN); -- sys_min = pam_usertype_get_id(pamh, "SYS_UID_MIN", PAM_USERTYPE_SYSUIDMIN); - sys_max = pam_usertype_get_id(pamh, "SYS_UID_MAX", uid_min - 1); - -- return uid >= sys_min && uid <= sys_max ? PAM_SUCCESS : PAM_AUTH_ERR; -+ if (uid <= sys_max && uid < uid_min) { -+ return PAM_SUCCESS; -+ } -+ -+ return PAM_AUTH_ERR; - } - - static int -@@ -253,7 +250,7 @@ pam_usertype_evaluate(struct pam_usertype_opts *opts, - - /** - * Arguments: -- * - issystem: uid in -+ * - issystem: uid less than SYS_UID_MAX - * - isregular: not issystem - * - use_uid: use user that runs application not that is being authenticate (same as in pam_succeed_if) - * - audit: log unknown users to syslog -diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c -index 03f8dc78..bbb7743b 100644 ---- a/modules/pam_xauth/pam_xauth.c -+++ b/modules/pam_xauth/pam_xauth.c -@@ -52,6 +52,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -99,6 +100,7 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, - char *buffer = NULL; - size_t buffer_size = 0; - va_list ap; -+ struct sigaction newsa, oldsa; - - *output = NULL; - -@@ -114,6 +116,17 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, - return -1; - } - -+ memset(&newsa, '\0', sizeof(newsa)); -+ newsa.sa_handler = SIG_DFL; -+ if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { -+ pam_syslog(pamh, LOG_ERR, "failed to reset SIGCHLD handler: %m"); -+ close(ipipe[0]); -+ close(ipipe[1]); -+ close(opipe[0]); -+ close(opipe[1]); -+ return -1; -+ } -+ - /* Fork off a child. */ - child = fork(); - if (child == -1) { -@@ -209,6 +222,7 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, - } - close(opipe[0]); - waitpid(child, NULL, 0); -+ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ - return -1; - } - /* Save the new buffer location, copy the newly-read data into -@@ -225,6 +239,7 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, - close(opipe[0]); - *output = buffer; - waitpid(child, NULL, 0); -+ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ - return 0; - } - -diff --git a/po/Linux-PAM.pot b/po/Linux-PAM.pot -index 5e92d7e9..d7cd325d 100644 ---- a/po/Linux-PAM.pot -+++ b/po/Linux-PAM.pot -@@ -8,7 +8,7 @@ msgid "" - msgstr "" - "Project-Id-Version: Linux-PAM 1.5.2\n" - "Report-Msgid-Bugs-To: https://github.com/linux-pam/linux-pam/issues\n" --"POT-Creation-Date: 2021-07-20 20:00+0000\n" -+"POT-Creation-Date: 2022-11-11 11:11+0000\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -18,7 +18,7 @@ msgstr "" - "Content-Transfer-Encoding: 8bit\n" - "Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n" - --#: libpam/pam_get_authtok.c:39 modules/pam_exec/pam_exec.c:181 -+#: libpam/pam_get_authtok.c:39 modules/pam_exec/pam_exec.c:183 - #: modules/pam_userdb/pam_userdb.c:53 - msgid "Password: " - msgstr "" -@@ -212,34 +212,40 @@ msgstr "" - msgid "erroneous conversation (%d)\n" - msgstr "" - --#: modules/pam_exec/pam_exec.c:279 -+#: modules/pam_exec/pam_exec.c:289 - #, c-format - msgid "%s failed: exit code %d" - msgstr "" - --#: modules/pam_exec/pam_exec.c:289 -+#: modules/pam_exec/pam_exec.c:299 - #, c-format - msgid "%s failed: caught signal %d%s" - msgstr "" - --#: modules/pam_exec/pam_exec.c:299 -+#: modules/pam_exec/pam_exec.c:309 - #, c-format - msgid "%s failed: unknown status 0x%x" - msgstr "" - --#: modules/pam_faillock/main.c:103 -+#: modules/pam_faillock/main.c:130 - #, c-format - msgid "" --"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n" -+"Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset] [--" -+"legacy-output]\n" - msgstr "" - --#: modules/pam_faillock/pam_faillock.c:618 -+#: modules/pam_faillock/main.c:181 -+#, c-format -+msgid "Login Failures Latest failure From\n" -+msgstr "" -+ -+#: modules/pam_faillock/pam_faillock.c:404 - #, c-format - msgid "The account is locked due to %u failed logins." - msgstr "" - --#: modules/pam_faillock/pam_faillock.c:627 --#: modules/pam_faillock/pam_faillock.c:633 -+#: modules/pam_faillock/pam_faillock.c:413 -+#: modules/pam_faillock/pam_faillock.c:419 - #, c-format - msgid "(%d minute left to unlock)" - msgid_plural "(%d minutes left to unlock)" -@@ -247,45 +253,45 @@ msgstr[0] "" - msgstr[1] "" - - #. TRANSLATORS: only used if dngettext is not supported. --#: modules/pam_faillock/pam_faillock.c:636 -+#: modules/pam_faillock/pam_faillock.c:422 - #, c-format - msgid "(%d minutes left to unlock)" - msgstr "" - - #. TRANSLATORS: "strftime options for date of last login" --#: modules/pam_lastlog/pam_lastlog.c:318 modules/pam_lastlog/pam_lastlog.c:579 -+#: modules/pam_lastlog/pam_lastlog.c:326 modules/pam_lastlog/pam_lastlog.c:595 - msgid " %a %b %e %H:%M:%S %Z %Y" - msgstr "" - - #. TRANSLATORS: " from " --#: modules/pam_lastlog/pam_lastlog.c:327 modules/pam_lastlog/pam_lastlog.c:588 -+#: modules/pam_lastlog/pam_lastlog.c:335 modules/pam_lastlog/pam_lastlog.c:604 - #, c-format - msgid " from %.*s" - msgstr "" - - #. TRANSLATORS: " on " --#: modules/pam_lastlog/pam_lastlog.c:339 modules/pam_lastlog/pam_lastlog.c:600 -+#: modules/pam_lastlog/pam_lastlog.c:347 modules/pam_lastlog/pam_lastlog.c:616 - #, c-format - msgid " on %.*s" - msgstr "" - - #. TRANSLATORS: "Last login: from on " --#: modules/pam_lastlog/pam_lastlog.c:349 -+#: modules/pam_lastlog/pam_lastlog.c:357 - #, c-format - msgid "Last login:%s%s%s" - msgstr "" - --#: modules/pam_lastlog/pam_lastlog.c:355 -+#: modules/pam_lastlog/pam_lastlog.c:363 - msgid "Welcome to your new account!" - msgstr "" - - #. TRANSLATORS: "Last failed login: from on " --#: modules/pam_lastlog/pam_lastlog.c:610 -+#: modules/pam_lastlog/pam_lastlog.c:626 - #, c-format - msgid "Last failed login:%s%s%s" - msgstr "" - --#: modules/pam_lastlog/pam_lastlog.c:619 modules/pam_lastlog/pam_lastlog.c:626 -+#: modules/pam_lastlog/pam_lastlog.c:635 modules/pam_lastlog/pam_lastlog.c:642 - #, c-format - msgid "There was %d failed login attempt since the last successful login." - msgid_plural "" -@@ -294,18 +300,18 @@ msgstr[0] "" - msgstr[1] "" - - #. TRANSLATORS: only used if dngettext is not supported --#: modules/pam_lastlog/pam_lastlog.c:631 -+#: modules/pam_lastlog/pam_lastlog.c:647 - #, c-format - msgid "There were %d failed login attempts since the last successful login." - msgstr "" - --#: modules/pam_limits/pam_limits.c:1164 -+#: modules/pam_limits/pam_limits.c:1269 - #, c-format - msgid "There were too many logins for '%s'." - msgstr "" - - #: modules/pam_mail/pam_mail.c:289 --msgid "You have no mail." -+msgid "You do not have any new mail." - msgstr "" - - #: modules/pam_mail/pam_mail.c:292 -@@ -350,12 +356,12 @@ msgstr "" - msgid "Unable to create and initialize directory '%s'." - msgstr "" - --#: modules/pam_pwhistory/pam_pwhistory.c:371 -+#: modules/pam_pwhistory/pam_pwhistory.c:378 - #: modules/pam_unix/pam_unix_passwd.c:589 - msgid "Password has been already used. Choose another." - msgstr "" - --#: modules/pam_pwhistory/pam_pwhistory.c:378 -+#: modules/pam_pwhistory/pam_pwhistory.c:385 - msgid "Password has been already used." - msgstr "" - -diff --git a/xtests/Makefile.am b/xtests/Makefile.am -index 70f8441e..acf97469 100644 ---- a/xtests/Makefile.am -+++ b/xtests/Makefile.am -@@ -25,6 +25,7 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ - tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \ - group.conf tst-pam_group1.pamd tst-pam_group1.sh \ - tst-pam_authfail.pamd tst-pam_authsucceed.pamd \ -+ tst-pam_shells.pamd shells.conf tst-pam_shells.sh \ - tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \ - tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \ - tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \ -@@ -43,7 +44,8 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ - tst-pam_access1 tst-pam_access2 tst-pam_access3 \ - tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ - tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ -- tst-pam_pwhistory1 tst-pam_time1 tst-pam_motd -+ tst-pam_pwhistory1 tst-pam_time1 tst-pam_motd \ -+ tst-pam_shells - - NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ - tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 -diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh -index 14f585d9..e580e0ab 100755 ---- a/xtests/run-xtests.sh -+++ b/xtests/run-xtests.sh -@@ -18,10 +18,16 @@ all=0 - - mkdir -p /etc/security - for config in access.conf group.conf time.conf limits.conf ; do -- cp /etc/security/$config /etc/security/$config-pam-xtests -+ [ -f "/etc/security/$config" ] && -+ mv /etc/security/$config /etc/security/$config-pam-xtests - install -m 644 "${SRCDIR}"/$config /etc/security/$config - done --mv /etc/security/opasswd /etc/security/opasswd-pam-xtests -+[ -f /etc/shells ] && -+ mv /etc/shells /etc/shells-pam-xtests -+install -m 644 "${SRCDIR}"/shells.conf /etc/shells -+ -+[ -f /etc/security/opasswd ] && -+ mv /etc/security/opasswd /etc/security/opasswd-pam-xtests - - for testname in $XTESTS ; do - for cfg in "${SRCDIR}"/$testname*.pamd ; do -@@ -47,11 +53,18 @@ for testname in $XTESTS ; do - all=`expr $all + 1` - rm -f /etc/pam.d/$testname* - done --mv /etc/security/access.conf-pam-xtests /etc/security/access.conf --mv /etc/security/group.conf-pam-xtests /etc/security/group.conf --mv /etc/security/time.conf-pam-xtests /etc/security/time.conf --mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf --mv /etc/security/opasswd-pam-xtests /etc/security/opasswd -+ -+for config in access.conf group.conf time.conf limits.conf opasswd ; do -+ if [ -f "/etc/security/$config-pam-xtests" ]; then -+ mv /etc/security/$config-pam-xtests /etc/security/$config -+ else -+ rm -f /etc/security/$config -+ fi -+done -+ -+[ -f "/etc/shells-pam-xtests" ] && -+ mv /etc/shells-pam-xtests /etc/shells -+ - if test "$failed" -ne 0; then - echo "===================" - echo "$failed of $all tests failed" -diff --git a/xtests/shells.conf b/xtests/shells.conf -new file mode 100644 -index 00000000..74776e68 ---- /dev/null -+++ b/xtests/shells.conf -@@ -0,0 +1,3 @@ -+/bin/ash -+/bin/testbash -+/bin/csh -diff --git a/xtests/tst-pam_shells.c b/xtests/tst-pam_shells.c -new file mode 100644 -index 00000000..b6ba938e ---- /dev/null -+++ b/xtests/tst-pam_shells.c -@@ -0,0 +1,68 @@ -+/* -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, and the entire permission notice in its entirety, -+ * including the disclaimer of warranties. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the author may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * ALTERNATIVELY, this product may be distributed under the terms of -+ * the GNU Public License, in which case the provisions of the GPL are -+ * required INSTEAD OF the above restrictions. (This clause is -+ * necessary due to a potential bad interaction between the GPL and -+ * the restrictions contained in a BSD-style copyright.) -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -+ * OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* -+ test case: -+ -+ shells.conf: -+ /bin/testbash -+ -+*/ -+ -+#include "test_assert.h" -+ -+#include -+#include -+#include -+#include -+ -+static struct pam_conv conv; -+ -+int -+main(void) -+{ -+ pam_handle_t *pamh = NULL; -+ int retval; -+ -+ // /bin/testbash is defined in shell definition file(s) -+ ASSERT_EQ(PAM_SUCCESS, pam_start("tst-pam_shells", "tstpamshells", &conv, &pamh)); -+ ASSERT_EQ(PAM_SUCCESS, retval=pam_authenticate (pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end (pamh,retval)); -+ -+ // /bin/testnoshell is not defined in shell definition file(s) -+ ASSERT_EQ(PAM_SUCCESS, pam_start("tst-pam_shells", "tstnoshell", &conv, &pamh)); -+ ASSERT_EQ(PAM_AUTH_ERR, retval=pam_authenticate (pamh, 0)); -+ ASSERT_EQ(PAM_SUCCESS, pam_end (pamh,retval)); -+ -+ return 0; -+} -diff --git a/xtests/tst-pam_shells.pamd b/xtests/tst-pam_shells.pamd -new file mode 100644 -index 00000000..6ad4f319 ---- /dev/null -+++ b/xtests/tst-pam_shells.pamd -@@ -0,0 +1,2 @@ -+#%PAM-1.0 -+auth required pam_shells.so -diff --git a/xtests/tst-pam_shells.sh b/xtests/tst-pam_shells.sh -new file mode 100755 -index 00000000..5093f689 ---- /dev/null -+++ b/xtests/tst-pam_shells.sh -@@ -0,0 +1,11 @@ -+#!/bin/sh -+ -+/usr/sbin/groupadd tstpamshells1 -+/usr/sbin/useradd -s /bin/testbash -G tstpamshells1 -p '!!' tstpamshells -+/usr/sbin/useradd -s /bin/testnoshell -G tstpamshells1 -p '!!' tstnoshell -+./tst-pam_shells -+RET=$? -+/usr/sbin/userdel -r tstpamshells 2> /dev/null -+/usr/sbin/userdel -r tstnoshell 2> /dev/null -+/usr/sbin/groupdel tstpamshells1 2> /dev/null -+exit $RET ---- /dev/null 2022-12-11 17:12:47.416337843 +0100 -+++ b/doc/man/pam.conf.5.xml 2019-09-24 13:06:13.527781974 +0200 -@@ -0,0 +1,50 @@ -+ -+ -+ -+ -+ -+ pam.conf -+ 5 -+ Linux-PAM Manual -+ -+ -+ -+ pam.conf -+ pam.d -+ PAM configuration files -+ -+ -+ -+ -+ -+ DESCRIPTION -+ -+ -+ -+ -+ -+ -+ -+ -+ SEE ALSO -+ -+ -+ pam3 -+ , -+ -+ PAM8 -+ , -+ -+ pam_start3 -+ -+ -+ -+ -+ diff --git a/pam-xauth_ownership.patch b/pam-xauth_ownership.patch deleted file mode 100644 index 9fed067..0000000 --- a/pam-xauth_ownership.patch +++ /dev/null @@ -1,105 +0,0 @@ -diff -urN Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c ---- Linux-PAM-1.5.0/modules/pam_xauth/pam_xauth.c 2020-11-10 16:46:13.000000000 +0100 -+++ Linux-PAM-1.5.0.xauth/modules/pam_xauth/pam_xauth.c 2020-11-19 11:50:54.176925556 +0100 -@@ -355,11 +355,13 @@ - char *cookiefile = NULL, *xauthority = NULL, - *cookie = NULL, *display = NULL, *tmp = NULL, - *xauthlocalhostname = NULL; -- const char *user, *xauth = NULL; -+ const char *user, *xauth = NULL, *login_name; - struct passwd *tpwd, *rpwd; - int fd, i, debug = 0; - int retval = PAM_SUCCESS; -- uid_t systemuser = 499, targetuser = 0; -+ uid_t systemuser = 499, targetuser = 0, uid; -+ gid_t gid; -+ struct stat st; - - /* Parse arguments. We don't understand many, so no sense in breaking - * this into a separate function. */ -@@ -429,7 +431,16 @@ - retval = PAM_SESSION_ERR; - goto cleanup; - } -- rpwd = pam_modutil_getpwuid(pamh, getuid()); -+ -+ login_name = pam_modutil_getlogin(pamh); -+ if (login_name == NULL) { -+ login_name = ""; -+ } -+ if (*login_name) -+ rpwd = pam_modutil_getpwnam(pamh, login_name); -+ else -+ rpwd = pam_modutil_getpwuid(pamh, getuid()); -+ - if (rpwd == NULL) { - pam_syslog(pamh, LOG_ERR, - "error determining invoking user's name"); -@@ -518,18 +529,26 @@ - cookiefile); - } - -+ /* Get owner and group of the cookiefile */ -+ uid = getuid(); -+ gid = getgid(); -+ if (stat(cookiefile, &st) == 0) { -+ uid = st.st_uid; -+ gid = st.st_gid; -+ } -+ - /* Read the user's .Xauthority file. Because the current UID is - * the original user's UID, this will only fail if something has - * gone wrong, or we have no cookies. */ - if (debug) { - pam_syslog(pamh, LOG_DEBUG, -- "running \"%s %s %s %s %s\" as %lu/%lu", -- xauth, "-f", cookiefile, "nlist", display, -- (unsigned long) getuid(), (unsigned long) getgid()); -+ "running \"%s %s %s %s %s %s\" as %lu/%lu", -+ xauth, "-i", "-f", cookiefile, "nlist", display, -+ (unsigned long) uid, (unsigned long) gid); - } - if (run_coprocess(pamh, NULL, &cookie, -- getuid(), getgid(), -- xauth, "-f", cookiefile, "nlist", display, -+ uid, gid, -+ xauth, "-i", "-f", cookiefile, "nlist", display, - NULL) == 0) { - #ifdef WITH_SELINUX - char *context_raw = NULL; -@@ -583,12 +602,12 @@ - cookiefile, - "nlist", - t, -- (unsigned long) getuid(), -- (unsigned long) getgid()); -+ (unsigned long) uid, -+ (unsigned long) gid); - } - run_coprocess(pamh, NULL, &cookie, -- getuid(), getgid(), -- xauth, "-f", cookiefile, -+ uid, gid, -+ xauth, "-i", "-f", cookiefile, - "nlist", t, NULL); - } - free(t); -@@ -673,13 +692,17 @@ - goto cleanup; - } - -+ if (debug) { -+ pam_syslog(pamh, LOG_DEBUG, "set environment variable '%s'", -+ xauthority); -+ } - /* Set the new variable in the environment. */ - if (pam_putenv (pamh, xauthority) != PAM_SUCCESS) - pam_syslog(pamh, LOG_ERR, - "can't set environment variable '%s'", - xauthority); - putenv (xauthority); /* The environment owns this string now. */ -- xauthority = NULL; /* Don't free environment variables. */ -+ /* Don't free environment variables nor set them to NULL. */ - - /* set $DISPLAY in pam handle to make su - work */ - { diff --git a/pam.changes b/pam.changes index 59323da..7bead11 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + ------------------------------------------------------------------- Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk @@ -45,7 +71,7 @@ Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk - pam_pwhistory-docu.patch, docbook5.patch: convert docu to - docbook5 + docbook5 ------------------------------------------------------------------- Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk @@ -129,7 +155,7 @@ Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch -- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other spec file. ------------------------------------------------------------------- @@ -296,7 +322,7 @@ Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk ------------------------------------------------------------------- Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel -- add macros.pam to abstract directory for pam modules +- add macros.pam to abstract directory for pam modules ------------------------------------------------------------------- Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk @@ -678,8 +704,8 @@ Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com ------------------------------------------------------------------- Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info -- pam-limit-nproc.patch: increased process limit to help - Chrome/Chromuim users with really lots of tabs. New limit gets +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets closer to UserTasksMax parameter in logind.conf ------------------------------------------------------------------- @@ -803,7 +829,7 @@ Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de ------------------------------------------------------------------- Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de -- Update to current git (Linux-PAM-git-20140127.diff), which +- Update to current git (Linux-PAM-git-20140127.diff), which obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and Linux-PAM-git-20140109.diff. - Fix gratuitous use of strdup and x_strdup @@ -865,7 +891,7 @@ Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com ------------------------------------------------------------------- Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com -- Explicitly add pam_systemd.so to list of modules in +- Explicitly add pam_systemd.so to list of modules in common-session.pamd (bnc#812462) ------------------------------------------------------------------- @@ -886,7 +912,7 @@ Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de ------------------------------------------------------------------- Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de -- Remove pam_unix-login.defs.diff, not needed anymore +- Remove pam_unix-login.defs.diff, not needed anymore ------------------------------------------------------------------- Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de @@ -908,7 +934,7 @@ Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de ------------------------------------------------------------------- Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com -- Added libtool as BuildRequire, and autoreconf -i option to fix +- Added libtool as BuildRequire, and autoreconf -i option to fix build with new automake ------------------------------------------------------------------- @@ -1004,7 +1030,7 @@ Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com - bnc#673826 rework - * manpage is left intact, as it was + * manpage is left intact, as it was * correct parsing of "quiet" option ------------------------------------------------------------------- @@ -1037,7 +1063,7 @@ Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de ------------------------------------------------------------------- Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de -- Update to current CVS version (pam_rootok: Add support for +- Update to current CVS version (pam_rootok: Add support for chauthtok and acct_mgmt, [bnc#533249]) ------------------------------------------------------------------- @@ -1087,13 +1113,13 @@ Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de - Update to version 1.0.91 aka 1.1 Beta2: - * Changes in the behavior of the password stack. Results of + * Changes in the behavior of the password stack. Results of PRELIM_CHECK are not used for the final run. * Redefine LOCAL keyword of pam_access configuration file - * Add support for try_first_pass and use_first_pass to + * Add support for try_first_pass and use_first_pass to pam_cracklib * New password quality tests in pam_cracklib - * Add support for passing PAM_AUTHTOK to stdin of helpers from + * Add support for passing PAM_AUTHTOK to stdin of helpers from pam_exec * New options for pam_lastlog to show last failed login attempt and to disable lastlog update @@ -1137,7 +1163,7 @@ Thu Dec 4 12:34:56 CET 2008 - olh@suse.de ------------------------------------------------------------------- Thu Nov 27 15:56:51 CET 2008 - mc@suse.de -- enhance the man page for limits.conf (bnc#448314) +- enhance the man page for limits.conf (bnc#448314) ------------------------------------------------------------------- Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de @@ -1154,7 +1180,7 @@ Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de Tue Nov 4 13:42:03 CET 2008 - mc@suse.de - pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment - (bnc#441314) + (bnc#441314) ------------------------------------------------------------------- Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de @@ -1263,7 +1289,7 @@ Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de Wed Jan 24 11:27:16 CET 2007 - mc@suse.de - add %verify_permissions for /sbin/unix_chkpwd - [#237625] + [#237625] ------------------------------------------------------------------- Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de @@ -1422,7 +1448,7 @@ Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de ------------------------------------------------------------------- Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de -- pam_lastlog: +- pam_lastlog: - Initialize correct struct member [SF#1427401] - Mark strftime fmt string for translation [SF#1428269] @@ -1434,13 +1460,13 @@ Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de ------------------------------------------------------------------- Sat Feb 18 12:45:19 CET 2006 - ro@suse.de -- really disable audit if header file not present +- really disable audit if header file not present ------------------------------------------------------------------- Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de - Update fi.po -- Add km.po +- Add km.po - Update pl.po ------------------------------------------------------------------- @@ -1603,7 +1629,7 @@ Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de ------------------------------------------------------------------- Thu May 12 16:37:07 CEST 2005 - schubi@suse.de -- Bug 82687 - pam_client.h redefines __u8 and __u32 +- Bug 82687 - pam_client.h redefines __u8 and __u32 ------------------------------------------------------------------- Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de @@ -1629,7 +1655,7 @@ Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de - Made patch of latest CVS tree -- Removed patch pam_handler.diff ( included in CVS now ) +- Removed patch pam_handler.diff ( included in CVS now ) - moved Linux-PAM-0.78.dif to pam_group_time.diff ------------------------------------------------------------------- @@ -1692,7 +1718,7 @@ Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de ------------------------------------------------------------------- Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de -- We no longer have pam in the buildsystem, so we +- We no longer have pam in the buildsystem, so we need some buildroot magic flags for the dlopen tests. ------------------------------------------------------------------- @@ -1756,7 +1782,7 @@ Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de ------------------------------------------------------------------- Tue May 27 16:26:00 CEST 2003 - ro@suse.de -- added cracklib-devel to neededforbuild +- added cracklib-devel to neededforbuild ------------------------------------------------------------------- Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de @@ -1776,7 +1802,7 @@ Mon Nov 11 11:26:13 CET 2002 - ro@suse.de ------------------------------------------------------------------- Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de -- changed securetty / use extra file +- changed securetty / use extra file ------------------------------------------------------------------- Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de @@ -1830,7 +1856,7 @@ Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de ------------------------------------------------------------------- Mon Feb 11 22:46:43 CET 2002 - ro@suse.de -- tar option for bz2 is "j" +- tar option for bz2 is "j" ------------------------------------------------------------------- Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de @@ -1933,7 +1959,7 @@ Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de ------------------------------------------------------------------- Tue Feb 6 01:34:06 CET 2001 - ro@suse.de -- pam_issue.c: include time.h to make it compile +- pam_issue.c: include time.h to make it compile ------------------------------------------------------------------- Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de @@ -1964,12 +1990,12 @@ Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de ------------------------------------------------------------------- Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de -- Don't link PAM modules against old libpam library +- Don't link PAM modules against old libpam library ------------------------------------------------------------------- Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de -- Create new "devel" subpackage +- Create new "devel" subpackage ------------------------------------------------------------------- Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de @@ -1979,7 +2005,7 @@ Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de ------------------------------------------------------------------- Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de -- Fix problems with new gcc and glibc 2.2 header files +- Fix problems with new gcc and glibc 2.2 header files ------------------------------------------------------------------- Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de @@ -2034,7 +2060,7 @@ Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de ------------------------------------------------------------------- Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de -- pwdb: Update to 0.61 +- pwdb: Update to 0.61 ------------------------------------------------------------------- Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de @@ -2053,7 +2079,7 @@ Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de ------------------------------------------------------------------- Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de -- pam_pwdb: Add security fixes from RedHat +- pam_pwdb: Add security fixes from RedHat ------------------------------------------------------------------- Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de @@ -2077,14 +2103,14 @@ Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de - Add pam_wheel to file list -- pam_wheel: Minor fixes +- pam_wheel: Minor fixes - pam_unix2: root is allowed to change passwords with wrong password aging information ------------------------------------------------------------------- Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de -- pam_unix2: Fix typo +- pam_unix2: Fix typo ------------------------------------------------------------------- Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de @@ -2104,7 +2130,7 @@ Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de ------------------------------------------------------------------- Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de -- Add HP-UX password aging to pam_unix2. +- Add HP-UX password aging to pam_unix2. ------------------------------------------------------------------- Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de @@ -2130,7 +2156,7 @@ Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de ------------------------------------------------------------------- Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de -- pam_warn: Add missing functions +- pam_warn: Add missing functions - other.pamd: Update - Add more doku @@ -2144,19 +2170,19 @@ Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de - Update to Linux-PAM 0.67 -- Add Debian pam_env patch +- Add Debian pam_env patch ------------------------------------------------------------------- Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de -- pam_ftp malloc (core dump) fix +- pam_ftp malloc (core dump) fix ------------------------------------------------------------------- Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de -- pam_unix2 fixes +- pam_unix2 fixes ------------------------------------------------------------------- Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de -- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec index 41178ef..b4a4f08 100644 --- a/pam.spec +++ b/pam.spec @@ -35,6 +35,7 @@ %define livepatchable 0 %endif +%bcond_without selinux %bcond_with debug %define flavor @BUILD_FLAVOR@%{nil} @@ -46,15 +47,18 @@ %if "%{flavor}" == "full" %define build_main 0 %define build_doc 1 +%define build_extra 1 +%define build_userdb 1 %define name_suffix -%{flavor}-src %else %define build_main 1 %define build_doc 0 +%define build_extra 0 +%define build_userdb 0 %define name_suffix %{nil} %endif # -%define enable_selinux 1 %define libpam_so_version 0.85.1 %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 @@ -67,14 +71,14 @@ # Name: pam%{name_suffix} # -Version: 1.5.2 +Version: 1.5.2.90 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause Group: System/Libraries -URL: http://www.linux-pam.org/ +URL: https://github.com/linux-pam/linux-pam Source: Linux-PAM-%{version}.tar.xz -Source1: Linux-PAM-%{version}-docs.tar.xz +# XXX Source1: Linux-PAM-%{version}.tar.xz.asc Source2: macros.pam Source3: other.pamd Source4: common-auth.pamd @@ -86,20 +90,12 @@ Source10: unix2_chkpwd.c Source11: unix2_chkpwd.8 Source12: pam-login_defs-check.sh Source13: pam.tmpfiles -Source14: Linux-PAM-%{version}-docs.tar.xz.asc -Source15: Linux-PAM-%{version}.tar.xz.asc Source20: common-session-nonlogin.pamd Source21: postlogin-auth.pamd Source22: postlogin-account.pamd Source23: postlogin-password.pamd Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch -Patch3: pam-xauth_ownership.patch -Patch4: pam-bsc1177858-dont-free-environment-string.patch -Patch5: pam_xauth_data.3.xml.patch -Patch11: pam-git.diff -Patch13: pam_pwhistory-docu.patch -Patch14: docbook5.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -110,39 +106,53 @@ Requires(post): permissions # Upgrade this symbol version only if new variables appear! # Verify by shadow-login_defs-check.sh from shadow source package. Recommends: login_defs-support-for-pam >= 1.5.2 -%if 0%{?suse_version} > 1320 BuildRequires: pkgconfig(libeconf) -%endif -%if %{enable_selinux} +%if %{with selinux} BuildRequires: libselinux-devel %endif Obsoletes: pam_unix Obsoletes: pam_unix-nis Recommends: pam-manpages -%if 0%{?suse_version} >= 1330 Requires(pre): group(shadow) Requires(pre): user(root) -%endif %description PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. -%package extra +%if %{build_userdb} +%package -n pam-userdb Summary: PAM module to authenticate against a separate database Group: System/Libraries BuildRequires: libdb-4_8-devel BuildRequires: pam-devel -%description extra +%description -n pam-userdb PAM (Pluggable Authentication Modules) is a system security tool that allows system administrators to set authentication policies without having to recompile programs that do authentication. -This package contains useful extra modules eg pam_userdb which is -used to verify a username/password pair against values stored in -a Berkeley DB database. +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(systemd) +BuildRequires: pam-devel + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif %if %{build_doc} @@ -191,17 +201,9 @@ This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. %prep -%setup -q -n Linux-PAM-%{version} -b 1 +%setup -q -n Linux-PAM-%{version} cp -a %{SOURCE12} . -%patch11 -p1 %patch1 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%if %{build_doc} -%patch13 -p1 -%patch14 -p1 -%endif %build bash ./pam-login_defs-check.sh @@ -220,6 +222,7 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" --enable-isadir=../..%{_pam_moduledir} \ --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_prefix}/etc \ + --disable-nis \ %if %{with debug} --enable-debug %endif @@ -291,9 +294,6 @@ mkdir -p %{buildroot}%{_prefix}/lib/motd.d # Remove crap # find %{buildroot} -type f -name "*.la" -delete -print -for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do - ln -f %{buildroot}%{_pam_moduledir}/pam_unix.so %{buildroot}%{_pam_moduledir}/$x.so -done # # Install READMEs of PAM modules # @@ -312,27 +312,25 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf -mkdir -p %{buildroot}%{_pam_secdistconfdir} -mv %{buildroot}%{_sysconfdir}/security/{limits.conf,faillock.conf,group.conf,pam_env.conf,access.conf,limits.d,sepermit.conf,time.conf} %{buildroot}%{_pam_secdistconfdir}/ -mv %{buildroot}%{_sysconfdir}/security/{namespace.conf,namespace.d,namespace.init} %{buildroot}%{_pam_secdistconfdir}/ +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment # Remove manual pages for main package %if !%{build_doc} -rm -rf %{buildroot}%{_mandir}/man[58]/* -install -m 644 modules/pam_userdb/pam_userdb.8 %{buildroot}/%{_mandir}/man8/ +rm -rf %{buildroot}%{_mandir}/man?/* %else install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ # bsc#1188724 echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 %endif -%if !%{build_main} -rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} -rm -rf %{buildroot}{%{_includedir},%{_libdir},%{_prefix}/lib} -rm -rf %{buildroot}%{_mandir}/man3/* -rm -rf %{buildroot}%{_mandir}/man8/pam_userdb.8* +%if !%{build_main} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* %else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} # Create filelist with translations %find_lang Linux-PAM @@ -392,13 +390,13 @@ done %{_pam_secdistconfdir}/faillock.conf %{_pam_secdistconfdir}/limits.conf %{_pam_secdistconfdir}/pam_env.conf -%if %{enable_selinux} +%if %{with selinux} %{_pam_secdistconfdir}/sepermit.conf %endif %{_pam_secdistconfdir}/time.conf %{_pam_secdistconfdir}/namespace.conf %{_pam_secdistconfdir}/namespace.init -%config(noreplace) %{_pam_secconfdir}/pwhistory.conf +%{_pam_secdistconfdir}/pwhistory.conf %dir %{_pam_secdistconfdir}/namespace.d %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} @@ -420,9 +418,7 @@ done %{_pam_moduledir}//pam_filter/upperLOWER %{_pam_moduledir}/pam_ftp.so %{_pam_moduledir}/pam_group.so -%{_pam_moduledir}/pam_issue.so %{_pam_moduledir}/pam_keyinit.so -%{_pam_moduledir}/pam_lastlog.so %{_pam_moduledir}/pam_limits.so %{_pam_moduledir}/pam_listfile.so %{_pam_moduledir}/pam_localuser.so @@ -437,7 +433,7 @@ done %{_pam_moduledir}/pam_rhosts.so %{_pam_moduledir}/pam_rootok.so %{_pam_moduledir}/pam_securetty.so -%if %{enable_selinux} +%if %{with selinux} %{_pam_moduledir}/pam_selinux.so %{_pam_moduledir}/pam_sepermit.so %endif @@ -446,14 +442,9 @@ done %{_pam_moduledir}/pam_stress.so %{_pam_moduledir}/pam_succeed_if.so %{_pam_moduledir}/pam_time.so -%{_pam_moduledir}/pam_timestamp.so %{_pam_moduledir}/pam_tty_audit.so %{_pam_moduledir}/pam_umask.so %{_pam_moduledir}/pam_unix.so -%{_pam_moduledir}/pam_unix_acct.so -%{_pam_moduledir}/pam_unix_auth.so -%{_pam_moduledir}/pam_unix_passwd.so -%{_pam_moduledir}/pam_unix_session.so %{_pam_moduledir}/pam_usertype.so %{_pam_moduledir}/pam_warn.so %{_pam_moduledir}/pam_wheel.so @@ -461,7 +452,6 @@ done %{_sbindir}/faillock %{_sbindir}/mkhomedir_helper %{_sbindir}/pam_namespace_helper -%{_sbindir}/pam_timestamp_check %{_sbindir}/pwhistory_helper %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd @@ -469,23 +459,30 @@ done %{_unitdir}/pam_namespace.service %{_tmpfilesdir}/pam.conf -%files extra -%defattr(-,root,root,755) -%{_pam_moduledir}/pam_userdb.so -%{_mandir}/man8/pam_userdb.8%{?ext_man} - %files devel %defattr(644,root,root,755) %dir %{_includedir}/security -%{_mandir}/man3/pam* -%{_mandir}/man3/misc_conv.3%{?ext_man} %{_includedir}/security/*.h %{_libdir}/libpam.so %{_libdir}/libpamc.so %{_libdir}/libpam_misc.so %{_rpmmacrodir}/macros.pam %{_libdir}/pkgconfig/pam*.pc +%endif +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check %endif %if %{build_doc} @@ -499,6 +496,8 @@ done %doc %{_defaultdocdir}/pam/*.txt %files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} %{_mandir}/man5/environment.5%{?ext_man} %{_mandir}/man5/*.conf.5%{?ext_man} %{_mandir}/man5/pam.d.5%{?ext_man} @@ -520,7 +519,6 @@ done %{_mandir}/man8/pam_group.8%{?ext_man} %{_mandir}/man8/pam_issue.8%{?ext_man} %{_mandir}/man8/pam_keyinit.8%{?ext_man} -%{_mandir}/man8/pam_lastlog.8%{?ext_man} %{_mandir}/man8/pam_limits.8%{?ext_man} %{_mandir}/man8/pam_listfile.8%{?ext_man} %{_mandir}/man8/pam_localuser.8%{?ext_man} diff --git a/pam_pwhistory-docu.patch b/pam_pwhistory-docu.patch deleted file mode 100644 index 499fbc6..0000000 --- a/pam_pwhistory-docu.patch +++ /dev/null @@ -1,264 +0,0 @@ -diff --git a/modules/pam_pwhistory/Makefile.am b/modules/pam_pwhistory/Makefile.am -index 8a4dbcb2..c29a8e11 100644 ---- a/modules/pam_pwhistory/Makefile.am -+++ b/modules/pam_pwhistory/Makefile.am -@@ -9,9 +9,10 @@ MAINTAINERCLEANFILES = $(MANS) README - EXTRA_DIST = $(XMLS) - - if HAVE_DOC --dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 -+dist_man_MANS = pam_pwhistory.8 pwhistory_helper.8 pwhistory.conf.5 - endif --XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml -+XMLS = README.xml pam_pwhistory.8.xml pwhistory_helper.8.xml \ -+ pwhistory.conf.5.xml - dist_check_SCRIPTS = tst-pam_pwhistory - TESTS = $(dist_check_SCRIPTS) - -diff --git a/modules/pam_pwhistory/pam_pwhistory.8.xml b/modules/pam_pwhistory/pam_pwhistory.8.xml -index d88115c2..2a8fa7f6 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.8.xml -+++ b/modules/pam_pwhistory/pam_pwhistory.8.xml -@@ -36,6 +36,12 @@ - - authtok_type=STRING - -+ -+ file=/path/filename -+ -+ -+ conf=/path/to/config-file -+ - - - -@@ -104,7 +110,7 @@ - - - The last N passwords for each -- user are saved in /etc/security/opasswd. -+ user are saved. - The default is 10. Value of - 0 makes the module to keep the existing - contents of the opasswd file unchanged. -@@ -137,7 +143,39 @@ - - - -+ -+ -+ -+ -+ -+ -+ Store password history in file /path/filename -+ rather than the default location. The default location is -+ /etc/security/opasswd. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Use another configuration file instead of the default -+ /etc/security/pwhistory.conf. -+ -+ -+ -+ - -+ -+ The options for configuring the module behavior are described in the -+ pwhistory.conf -+ 5 manual page. The options -+ specified on the module command line override the values from the -+ configuration file. -+ - - - -@@ -213,7 +251,7 @@ password required pam_unix.so use_authtok - - /etc/security/opasswd - -- File with password history -+ Default file with password history - - - -@@ -222,6 +260,9 @@ password required pam_unix.so use_authtok - - SEE ALSO - -+ -+ pwhistory.conf5 -+ , - - pam.conf5 - , -diff --git a/modules/pam_pwhistory/pwhistory.conf.5.xml b/modules/pam_pwhistory/pwhistory.conf.5.xml -new file mode 100644 -index 00000000..bac5ffed ---- /dev/null -+++ b/modules/pam_pwhistory/pwhistory.conf.5.xml -@@ -0,0 +1,155 @@ -+ -+ -+ -+ -+ -+ -+ pwhistory.conf -+ 5 -+ Linux-PAM Manual -+ -+ -+ -+ pwhistory.conf -+ pam_pwhistory configuration file -+ -+ -+ -+ -+ DESCRIPTION -+ -+ pwhistory.conf provides a way to configure the -+ default settings for saving the last passwords for each user. -+ This file is read by the pam_pwhistory module and is the -+ preferred method over configuring pam_pwhistory directly. -+ -+ -+ The file has a very simple name = value format with possible comments -+ starting with # character. The whitespace at the beginning of line, end -+ of line, and around the = sign is ignored. -+ -+ -+ -+ -+ -+ OPTIONS -+ -+ -+ -+ -+ -+ -+ -+ Turns on debugging via -+ -+ syslog3 -+ . -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ If this option is set, the check is enforced for root, too. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ The last N passwords for each -+ user are saved. -+ The default is 10. Value of -+ 0 makes the module to keep the existing -+ contents of the opasswd file unchanged. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Prompt user at most N times -+ before returning with error. The default is 1. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ Store password history in file -+ /path/filename rather than the default -+ location. The default location is -+ /etc/security/opasswd. -+ -+ -+ -+ -+ -+ -+ -+ EXAMPLES -+ -+ /etc/security/pwhistory.conf file example: -+ -+ -+debug -+remember=5 -+file=/tmp/opasswd -+ -+ -+ -+ -+ FILES -+ -+ -+ /etc/security/pwhistory.conf -+ -+ the config file for custom options -+ -+ -+ -+ -+ -+ -+ SEE ALSO -+ -+ -+ pwhistory8 -+ , -+ -+ pam_pwhistory8 -+ , -+ -+ pam.conf5 -+ , -+ -+ pam.d5 -+ , -+ -+ pam8 -+ -+ -+ -+ -+ -+ AUTHOR -+ -+ pam_pwhistory was written by Thorsten Kukuk. The support for -+ pwhistory.conf was written by Iker Pedrosa. -+ -+ -+ -+ - diff --git a/pam_xauth_data.3.xml.patch b/pam_xauth_data.3.xml.patch deleted file mode 100644 index 7902e64..0000000 --- a/pam_xauth_data.3.xml.patch +++ /dev/null @@ -1,97 +0,0 @@ ---- a/doc/man/pam_xauth_data.3.xml 2021-11-01 12:04:45.640077994 +0100 -+++ b/doc/man/pam_xauth_data.3.xml 2019-09-24 13:06:13.531781973 +0200 -@@ -0,0 +1,94 @@ -+ -+ -+ -+ -+ -+ -+ pam_xauth_data -+ 3 -+ Linux-PAM Manual -+ -+ -+ -+ pam_xauth_data -+ structure containing X authentication data -+ -+ -+ -+ -+ -+ -+ #include <security/pam_appl.h> -+ -+ -+struct pam_xauth_data { -+ int namelen; -+ char *name; -+ int datalen; -+ char *data; -+}; -+ -+ -+ -+ -+ DESCRIPTION -+ -+ The pam_xauth_data structure contains X -+ authentication data used to make a connection to an X display. -+ Using this mechanism, an application can communicate X -+ authentication data to PAM service modules. This allows modules to -+ make a connection to the user's X display in order to label the -+ user's session on login, display visual feedback or for other -+ purposes. -+ -+ -+ The name field contains the name of the -+ authentication method, such as "MIT-MAGIC-COOKIE-1". The -+ namelen field contains the length of this string, -+ not including the trailing NUL character. -+ -+ -+ The data field contains the authentication -+ method-specific data corresponding to the specified name. The -+ datalen field contains its length in bytes. -+ -+ -+ The X authentication data can be changed with the -+ PAM_XAUTH_DATA item. It can be queried and -+ set with -+ -+ pam_get_item3 -+ -+ and -+ -+ pam_set_item 3 -+ respectively. The value used to set it should be -+ a pointer to a pam_xauth_data structure. An internal copy of both -+ the structure itself and its fields is made by PAM when setting the -+ item. -+ -+ -+ -+ -+ SEE ALSO -+ -+ -+ pam_start3 -+ , -+ -+ pam_get_item3 -+ , -+ -+ -+ -+ -+ STANDARDS -+ -+ The pam_xauth_data structure and -+ PAM_XAUTH_DATA item are -+ Linux-PAM extensions. -+ -+ -+ -+ -- 2.51.1 From e1066a3a40ac4687974ca34e34cc6639816526814e355138553e46ffb341f586 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 12 Apr 2023 11:48:48 +0000 Subject: [PATCH 191/226] Accepting request 1078636 from home:kukuk:cleanup - pam-userdb: add split provide OBS-URL: https://build.opensuse.org/request/show/1078636 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=275 --- pam.changes | 5 +++++ pam.spec | 1 + 2 files changed, 6 insertions(+) diff --git a/pam.changes b/pam.changes index 7bead11..298bd99 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + ------------------------------------------------------------------- Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index b4a4f08..250b7a9 100644 --- a/pam.spec +++ b/pam.spec @@ -125,6 +125,7 @@ having to recompile programs that do authentication. %package -n pam-userdb Summary: PAM module to authenticate against a separate database Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so BuildRequires: libdb-4_8-devel BuildRequires: pam-devel -- 2.51.1 From 81568528fdde745a60fd5cb2fad5332a173e5126a0ab4322981b0393579600ac Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 20 Apr 2023 10:12:45 +0000 Subject: [PATCH 192/226] Accepting request 1080765 from home:kukuk:cleanup - pam-extra: add split provide OBS-URL: https://build.opensuse.org/request/show/1080765 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=276 --- pam.changes | 5 +++++ pam.spec | 1 + 2 files changed, 6 insertions(+) diff --git a/pam.changes b/pam.changes index 298bd99..c591de6 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + ------------------------------------------------------------------- Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 250b7a9..20e0ae7 100644 --- a/pam.spec +++ b/pam.spec @@ -145,6 +145,7 @@ Summary: PAM module with extended dependencies Group: System/Libraries BuildRequires: pkgconfig(systemd) BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check %description -n pam-extra PAM (Pluggable Authentication Modules) is a system security tool that -- 2.51.1 From 341833cbf954837f9be81773b22c8e2c25e549d634210148f4ad5e43ff666686 Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Tue, 9 May 2023 16:04:51 +0000 Subject: [PATCH 193/226] Accepting request 1085746 from home:kukuk:cleanup - Update to final 1.5.3 release: - configure: added --enable-logind option to use logind instead of utmp in pam_issue and pam_timestamp. - pam_modutil_getlogin: changed to use getlogin() from libc instead of parsing utmp. - Added libeconf support to pam_env and pam_shells. - Added vendor directory support to pam_access, pam_env, pam_group, pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, pam_shells, and pam_time. - pam_limits: changed to not fail on missing config files. - pam_pwhistory: added conf= option to specify config file location. - pam_pwhistory: added file= option to specify password history file location. - pam_shells: added shells.d support when libeconf and vendordir are enabled. - Deprecated pam_lastlog: this module is no longer built by default because it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, even on 64bit architectures. pam_lastlog will be removed in one of the next releases, consider using pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() macros provided by _pam_macros.h; the memory override performed by these macros can be optimized out by the compiler and therefore can no longer be relied upon. OBS-URL: https://build.opensuse.org/request/show/1085746 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=277 --- Linux-PAM-1.5.2.90.tar.xz | 3 --- Linux-PAM-1.5.3.tar.xz | 3 +++ Linux-PAM-1.5.3.tar.xz.asc | 16 ++++++++++++++++ pam.changes | 28 ++++++++++++++++++++++++++++ pam.spec | 5 +++-- 5 files changed, 50 insertions(+), 5 deletions(-) delete mode 100644 Linux-PAM-1.5.2.90.tar.xz create mode 100644 Linux-PAM-1.5.3.tar.xz create mode 100644 Linux-PAM-1.5.3.tar.xz.asc diff --git a/Linux-PAM-1.5.2.90.tar.xz b/Linux-PAM-1.5.2.90.tar.xz deleted file mode 100644 index dddda6d..0000000 --- a/Linux-PAM-1.5.2.90.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5a819c1b629b8101543e6c964a4e22d23b29f3456d28b4ba403dd280e46a6315 -size 1009900 diff --git a/Linux-PAM-1.5.3.tar.xz b/Linux-PAM-1.5.3.tar.xz new file mode 100644 index 0000000..d1b6d47 --- /dev/null +++ b/Linux-PAM-1.5.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283 +size 1020076 diff --git a/Linux-PAM-1.5.3.tar.xz.asc b/Linux-PAM-1.5.3.tar.xz.asc new file mode 100644 index 0000000..8817c44 --- /dev/null +++ b/Linux-PAM-1.5.3.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJkWBFQAAoJEKgEH6g54W42OoMP/R1O9dvpncrR4DfD3yJViTPw +To3isPszsdHhw/uZUzCBEUMxhJgUgefzHGAng1EbTyX2eTLk/cnLY8pZLXr3pzC0 +5CfacxAqgjK8B/7CbchsZQCDal84E5jR8qyzVCM3IPxZQfpiR3HJzXVjhg/gnBcY +L6v7FbLpcdM2keHHT1C/hyQfTnzyIdmwyzRdE1DF3ERbe3/1VlNmANNOacZ1H2T9 +Hs5dVIFiXwOO11Xku42oOo99LCqXyIsRnEogBFCORHNjD7B88lCdJAHssBdvWq5t +/CJnoGtJrVCXs11JVPSNyW0rm24rZH9YCC6yVRIuMq6jjMBawFUlMAqamLoSA3hK +4BPuPqQjHYk/D5H+m0HF2qRDpz76Bj1zdmYofqspeJf4QJOyOpMSXFY3pgsohuKW +P8YQ44cAkmMswFqMSKGi9EVnf6SVXWQFoHJhtlbUgi7ef/4IICrbtgSSE96OGdlg +Sdoplu3n+1HClaYqlHbjkd/m0Hc8QvOjovctb0Zoclnlup+u2JH4rDNqjxFUvkWB +8CeILjebgBrNRqAFDx7fKBEQyHs5FLOtUU1SwBLXXSyMCHuMhr/tKBHcbDgMhpVP +IiIyYGyEGUoIR/er5AgIX9e6/zcQbc8OvY+gTu9t+tw+HIt8hGvUUkuYX8LB1k6r +zf06e/iTT4GL6AhJtbh3 +=2hyW +-----END PGP SIGNATURE----- diff --git a/pam.changes b/pam.changes index c591de6..bf4cb8f 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + ------------------------------------------------------------------- Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 20e0ae7..45459aa 100644 --- a/pam.spec +++ b/pam.spec @@ -71,14 +71,14 @@ # Name: pam%{name_suffix} # -Version: 1.5.2.90 +Version: 1.5.3 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause Group: System/Libraries URL: https://github.com/linux-pam/linux-pam Source: Linux-PAM-%{version}.tar.xz -# XXX Source1: Linux-PAM-%{version}.tar.xz.asc +Source1: Linux-PAM-%{version}.tar.xz.asc Source2: macros.pam Source3: other.pamd Source4: common-auth.pamd @@ -224,6 +224,7 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" --enable-isadir=../..%{_pam_moduledir} \ --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_prefix}/etc \ + --enable-logind \ --disable-nis \ %if %{with debug} --enable-debug -- 2.51.1 From 8fc5e81cde040dbe94716625f8e4a2a06c0859611d1cf712ef16c3b20b89ad4d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 7 Aug 2023 10:24:04 +0000 Subject: [PATCH 194/226] - pam_access backports from upstream: - pam_access-doc-IPv6-link-local.patch: Document only partial supported IPv6 link local addresses - pam_access-hostname-debug.patch: Don't print error if we cannot resolve a hostname, does not need to be a hostname - pam_shells-fix-econf-memory-leak.patch: Free econf keys variable - disable-examples.patch: Don't build examples OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=278 --- disable-examples.patch | 51 +++++++++++++++++++++ pam.changes | 14 ++++++ pam.spec | 14 ++++++ pam_access-doc-IPv6-link-local.patch | 63 ++++++++++++++++++++++++++ pam_access-hostname-debug.patch | 27 +++++++++++ pam_shells-fix-econf-memory-leak.patch | 22 +++++++++ 6 files changed, 191 insertions(+) create mode 100644 disable-examples.patch create mode 100644 pam_access-doc-IPv6-link-local.patch create mode 100644 pam_access-hostname-debug.patch create mode 100644 pam_shells-fix-econf-memory-leak.patch diff --git a/disable-examples.patch b/disable-examples.patch new file mode 100644 index 0000000..0ebaaed --- /dev/null +++ b/disable-examples.patch @@ -0,0 +1,51 @@ +From 5fa961fd3b5b8cf5ba1a0cf49b10ebf79e273e96 Mon Sep 17 00:00:00 2001 +From: Pino Toscano +Date: Mon, 8 May 2023 18:39:36 +0200 +Subject: [PATCH] configure.ac: add --enable-examples option + +Allow the user to not build the examples through --disable-examples +(enabled by default); this can be useful: +- when cross-compiling, as the examples are not useful +- in distribution builds, not building stuff that is not used in any + way +--- + Makefile.am | 5 ++++- + configure.ac | 5 +++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index deb252680..2e8fede7b 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -4,11 +4,14 @@ + + AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news + +-SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests ++SUBDIRS = libpam tests libpamc libpam_misc modules po conf xtests + + if HAVE_DOC + SUBDIRS += doc + endif ++if HAVE_EXAMPLES ++SUBDIRS += examples ++endif + + CLEANFILES = *~ + +diff --git a/configure.ac b/configure.ac +index b9b0f8392..6666b1b26 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -224,6 +224,11 @@ AC_ARG_ENABLE([doc], + WITH_DOC=$enableval, WITH_DOC=yes) + AM_CONDITIONAL([HAVE_DOC], [test "x$WITH_DOC" = "xyes"]) + ++AC_ARG_ENABLE([examples], ++ AS_HELP_STRING([--disable-examples],[Do not build the examples]), ++ WITH_EXAMPLES=$enableval, WITH_EXAMPLES=yes) ++AM_CONDITIONAL([HAVE_EXAMPLES], [test "x$WITH_EXAMPLES" = "xyes"]) ++ + AC_ARG_ENABLE([prelude], + AS_HELP_STRING([--disable-prelude],[do not use prelude]), + WITH_PRELUDE=$enableval, WITH_PRELUDE=yes) diff --git a/pam.changes b/pam.changes index bf4cb8f..6b48ff1 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + ------------------------------------------------------------------- Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 45459aa..58a4155 100644 --- a/pam.spec +++ b/pam.spec @@ -96,6 +96,14 @@ Source22: postlogin-account.pamd Source23: postlogin-password.pamd Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch +# https://github.com/linux-pam/linux-pam/pull/594 +Patch2: pam_access-doc-IPv6-link-local.patch +# https://github.com/linux-pam/linux-pam/pull/596 +Patch3: pam_access-hostname-debug.patch +# https://github.com/linux-pam/linux-pam/pull/581 +Patch4: pam_shells-fix-econf-memory-leak.patch +# https://github.com/linux-pam/linux-pam/pull/574 +Patch5: disable-examples.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -206,6 +214,10 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} cp -a %{SOURCE12} . %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 %build bash ./pam-login_defs-check.sh @@ -216,6 +228,7 @@ CFLAGS="$CFLAGS -DNDEBUG" %if %{livepatchable} CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" %endif +autoreconf %configure \ --includedir=%{_includedir}/security \ --docdir=%{_docdir}/pam \ @@ -225,6 +238,7 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_prefix}/etc \ --enable-logind \ + --disable-examples \ --disable-nis \ %if %{with debug} --enable-debug diff --git a/pam_access-doc-IPv6-link-local.patch b/pam_access-doc-IPv6-link-local.patch new file mode 100644 index 0000000..d84a1de --- /dev/null +++ b/pam_access-doc-IPv6-link-local.patch @@ -0,0 +1,63 @@ +From 4ba3105511c3a55fc750a790f7310c6d7ebfdfda Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 3 Aug 2023 17:11:32 +0200 +Subject: [PATCH] pam_access: document IPv6 link-local addresses (#582) + +* modules/pam_access/access.conf.5.xml: Add example and note for IPv6 + link-local addresses +* modules/pam_access/access.conf: Add example for IPv6 link-local + addresses +--- + modules/pam_access/access.conf | 3 +++ + modules/pam_access/access.conf.5.xml | 12 +++++++++++- + 2 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf +index 47b6b84c1..9c8e21716 100644 +--- a/modules/pam_access/access.conf ++++ b/modules/pam_access/access.conf +@@ -115,6 +115,9 @@ + # User "john" should get access from ipv6 host address (same as above) + #+:john:2001:4ca0:0:101:0:0:0:1 + # ++# User "john" should get access from ipv6 local link host address ++#+:john:fe80::de95:818c:1b55:7e42%eth0 ++# + # User "john" should get access from ipv6 net/mask + #+:john:2001:4ca0:0:101::/64 + # +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index ff1cb2237..2dc5d477c 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -188,6 +188,12 @@ + + +:john foo:2001:db8:0:101::1 + ++ ++ User john and foo ++ should get access from IPv6 link local host address. ++ ++ +:john foo:fe80::de95:818c:1b55:7e42%eth1 ++ + + User john should get access from IPv6 net/mask. + +@@ -222,6 +228,10 @@ + item and the line will be most probably ignored. For this reason, it is not + recommended to put spaces around the ':' characters. + ++ ++ An IPv6 link local host address must contain the interface ++ identifier. IPv6 link local network/netmask is not supported. ++ + + + +@@ -246,4 +256,4 @@ + introduced by Mike Becher <mike.becher@lrz-muenchen.de>. + + +- +\ No newline at end of file ++ diff --git a/pam_access-hostname-debug.patch b/pam_access-hostname-debug.patch new file mode 100644 index 0000000..13168b5 --- /dev/null +++ b/pam_access-hostname-debug.patch @@ -0,0 +1,27 @@ +From 741acf4ff707d53b94947736a01eeeda5e2c7e98 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Fri, 4 Aug 2023 15:46:16 +0200 +Subject: [PATCH] pam_access: make non-resolveable hostname a debug output + (#590) + +* modules/pam_access/pam_access.c (network_netmask_match): Don't print +an error if a string is not resolveable, only a debug message in debug +mode. We even don't know if that entry is for remote logins or not. +--- + modules/pam_access/pam_access.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index f70b7e495..985dc7de2 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -876,7 +876,8 @@ network_netmask_match (pam_handle_t *pamh, + */ + if (getaddrinfo (tok, NULL, NULL, &ai) != 0) + { +- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); ++ if (item->debug) ++ pam_syslog(pamh, LOG_DEBUG, "cannot resolve hostname \"%s\"", tok); + + return NO; + } diff --git a/pam_shells-fix-econf-memory-leak.patch b/pam_shells-fix-econf-memory-leak.patch new file mode 100644 index 0000000..506a1c5 --- /dev/null +++ b/pam_shells-fix-econf-memory-leak.patch @@ -0,0 +1,22 @@ +From 1a734af22a9f35a9a09edaea44a4e0767de6343b Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 18 May 2023 17:55:21 +0200 +Subject: [PATCH] pam_shells: Plug econf memory leak + +Signed-off-by: Tobias Stoeckmann +--- + modules/pam_shells/pam_shells.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c +index 05c09c656..276a56dd5 100644 +--- a/modules/pam_shells/pam_shells.c ++++ b/modules/pam_shells/pam_shells.c +@@ -112,6 +112,7 @@ static int perform_check(pam_handle_t *pamh) + if (!retval) + break; + } ++ econf_free (keys); + econf_free (key_file); + #else + char shellFileLine[256]; -- 2.51.1 From add873f61e483a4220ec58f895a99bbe859741079890e2a09901161a1c43e512 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 23 Aug 2023 09:38:24 +0000 Subject: [PATCH 195/226] Accepting request 1105450 from home:kukuk:no-utmp - Fix building without SELinux OBS-URL: https://build.opensuse.org/request/show/1105450 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=279 --- pam.changes | 5 +++++ pam.spec | 2 ++ 2 files changed, 7 insertions(+) diff --git a/pam.changes b/pam.changes index 6b48ff1..d5bc85e 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + ------------------------------------------------------------------- Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 58a4155..0d05b92 100644 --- a/pam.spec +++ b/pam.spec @@ -551,8 +551,10 @@ done %{_mandir}/man8/pam_rhosts.8%{?ext_man} %{_mandir}/man8/pam_rootok.8%{?ext_man} %{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} %{_mandir}/man8/pam_selinux.8%{?ext_man} %{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif %{_mandir}/man8/pam_setquota.8%{?ext_man} %{_mandir}/man8/pam_shells.8%{?ext_man} %{_mandir}/man8/pam_stress.8%{?ext_man} -- 2.51.1 From e352b2c6616d02ede5738b678d95dff435a7127ba6a0bd8b2d537bf6f9cb8ed2 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Jan 2024 09:18:10 +0000 Subject: [PATCH 196/226] - Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. - libpam: added use of getrandom(2) as a source of randomness if available. - libpam: fixed calculation of fail delay with very long delays. - libpam: fixed potential infinite recursion with includes. - libpam: implemented string to number conversions validation when parsing controls in configuration. - pam_access: added quiet_log option. - pam_access: fixed truncation of very long group names. - pam_canonicalize_user: new module to canonicalize user name. - pam_echo: fixed file handling to prevent overflows and short reads. - pam_env: added support of '\' character in environment variable values. - pam_exec: allowed expose_authtok for password PAM_TYPE. - pam_exec: fixed stack overflow with binary output of programs. - pam_faildelay: implemented parameter ranges validation. - pam_listfile: changed to treat \r and \n exactly the same in configuration. - pam_mkhomedir: hardened directory creation against timing attacks. - Please note that using *at functions leads to more open file handles during creation. - pam_namespace: fixed potential local DoS (CVE-2024-22365). - pam_nologin: fixed file handling to prevent short reads. - pam_pwhistory: helper binary is now built only if SELinux support is enabled. - pam_pwhistory: implemented reliable usernames handling when remembering passwords. - pam_shells: changed to allow shell entries with absolute paths only. - pam_succeed_if: fixed treating empty strings as numerical value 0. - pam_unix: added support of disabled password aging. - pam_unix: synchronized password aging with shadow. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=280 --- Linux-PAM-1.5.3.tar.xz | 3 -- Linux-PAM-1.5.3.tar.xz.asc | 16 ------- Linux-PAM-1.6.0.tar.xz | 3 ++ Linux-PAM-1.6.0.tar.xz.asc | 16 +++++++ disable-examples.patch | 51 --------------------- pam-login_defs-check.sh | 2 +- pam.changes | 54 ++++++++++++++++++++++ pam.spec | 16 ++----- pam_access-doc-IPv6-link-local.patch | 63 -------------------------- pam_access-hostname-debug.patch | 27 ----------- pam_shells-fix-econf-memory-leak.patch | 22 --------- 11 files changed, 77 insertions(+), 196 deletions(-) delete mode 100644 Linux-PAM-1.5.3.tar.xz delete mode 100644 Linux-PAM-1.5.3.tar.xz.asc create mode 100644 Linux-PAM-1.6.0.tar.xz create mode 100644 Linux-PAM-1.6.0.tar.xz.asc delete mode 100644 disable-examples.patch delete mode 100644 pam_access-doc-IPv6-link-local.patch delete mode 100644 pam_access-hostname-debug.patch delete mode 100644 pam_shells-fix-econf-memory-leak.patch diff --git a/Linux-PAM-1.5.3.tar.xz b/Linux-PAM-1.5.3.tar.xz deleted file mode 100644 index d1b6d47..0000000 --- a/Linux-PAM-1.5.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283 -size 1020076 diff --git a/Linux-PAM-1.5.3.tar.xz.asc b/Linux-PAM-1.5.3.tar.xz.asc deleted file mode 100644 index 8817c44..0000000 --- a/Linux-PAM-1.5.3.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABCgAGBQJkWBFQAAoJEKgEH6g54W42OoMP/R1O9dvpncrR4DfD3yJViTPw -To3isPszsdHhw/uZUzCBEUMxhJgUgefzHGAng1EbTyX2eTLk/cnLY8pZLXr3pzC0 -5CfacxAqgjK8B/7CbchsZQCDal84E5jR8qyzVCM3IPxZQfpiR3HJzXVjhg/gnBcY -L6v7FbLpcdM2keHHT1C/hyQfTnzyIdmwyzRdE1DF3ERbe3/1VlNmANNOacZ1H2T9 -Hs5dVIFiXwOO11Xku42oOo99LCqXyIsRnEogBFCORHNjD7B88lCdJAHssBdvWq5t -/CJnoGtJrVCXs11JVPSNyW0rm24rZH9YCC6yVRIuMq6jjMBawFUlMAqamLoSA3hK -4BPuPqQjHYk/D5H+m0HF2qRDpz76Bj1zdmYofqspeJf4QJOyOpMSXFY3pgsohuKW -P8YQ44cAkmMswFqMSKGi9EVnf6SVXWQFoHJhtlbUgi7ef/4IICrbtgSSE96OGdlg -Sdoplu3n+1HClaYqlHbjkd/m0Hc8QvOjovctb0Zoclnlup+u2JH4rDNqjxFUvkWB -8CeILjebgBrNRqAFDx7fKBEQyHs5FLOtUU1SwBLXXSyMCHuMhr/tKBHcbDgMhpVP -IiIyYGyEGUoIR/er5AgIX9e6/zcQbc8OvY+gTu9t+tw+HIt8hGvUUkuYX8LB1k6r -zf06e/iTT4GL6AhJtbh3 -=2hyW ------END PGP SIGNATURE----- diff --git a/Linux-PAM-1.6.0.tar.xz b/Linux-PAM-1.6.0.tar.xz new file mode 100644 index 0000000..e3aa8ba --- /dev/null +++ b/Linux-PAM-1.6.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fff4a34e5bbee77e2e8f1992f27631e2329bcbf8a0563ddeb5c3389b4e3169ad +size 1048296 diff --git a/Linux-PAM-1.6.0.tar.xz.asc b/Linux-PAM-1.6.0.tar.xz.asc new file mode 100644 index 0000000..d0ed0be --- /dev/null +++ b/Linux-PAM-1.6.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJlp6wnAAoJEKgEH6g54W42MiEP/A9ZznPwFC64SbhbvFYOt6dI +n7NMhzBK4NNw4FLuqeTtIDibNVZ5PkrPHTVaaUuZ2etIkAtUzQLJfB6AyIUY80Gm +NrURXs3LTGZT413A5hH21wUiMLFXIi8GGcz2THV9FJX4KruOkvxXVTxUH6ntlsHY +U+NpNbQXtbq7whzdb7A2W7Ofyg4/gG/QJuLil1cS0rlGg2GhGqxQKBpzvag3fFM3 +XQClfUTF0ALhR6RH0HzolwEsOSp/C1US0mHHfBsvMlbkHrba5VrlQyvdximtzXxw +6+vNaYVd0SX40e3QCLFQ3yAwqAVK6g0lVlgohSCZbjDJgdcoklShE2x7GtVyzwMi +Vic7nkzANQPb0EH14Bo+SMQEOGtZ99tVUt4jX4Rt6f0P/pBCiF6ugJj/IJ67Ouu2 +gp1aRVFrrhFetucdeZhnXb7IJ8h4FDtklRcOS8OgsPGJofLjZmVICrwt6sxpU30n +b/csdoJ1xrMuvo1RGAeSi58sz4KiyKxnTDJL1+7owoK6oNMkN2HR6pE4NH0Atm4n +NcQykgvavC6GZwUsMqrGQypG30LdkKiRScPqCerNYzi01iL7Zxw5BK/plFBwCqJQ +LQH1FUUKEUMA13dt/bUOMSUNmkyIC3PtE69g6XeLRL1M00gRwGgjn8azcYDzOWox +zxDFnUsJ/JgmJm3y47J2 +=wzV/ +-----END PGP SIGNATURE----- diff --git a/disable-examples.patch b/disable-examples.patch deleted file mode 100644 index 0ebaaed..0000000 --- a/disable-examples.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 5fa961fd3b5b8cf5ba1a0cf49b10ebf79e273e96 Mon Sep 17 00:00:00 2001 -From: Pino Toscano -Date: Mon, 8 May 2023 18:39:36 +0200 -Subject: [PATCH] configure.ac: add --enable-examples option - -Allow the user to not build the examples through --disable-examples -(enabled by default); this can be useful: -- when cross-compiling, as the examples are not useful -- in distribution builds, not building stuff that is not used in any - way ---- - Makefile.am | 5 ++++- - configure.ac | 5 +++++ - 2 files changed, 9 insertions(+), 1 deletion(-) - -diff --git a/Makefile.am b/Makefile.am -index deb252680..2e8fede7b 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -4,11 +4,14 @@ - - AUTOMAKE_OPTIONS = 1.9 gnu dist-xz no-dist-gzip check-news - --SUBDIRS = libpam tests libpamc libpam_misc modules po conf examples xtests -+SUBDIRS = libpam tests libpamc libpam_misc modules po conf xtests - - if HAVE_DOC - SUBDIRS += doc - endif -+if HAVE_EXAMPLES -+SUBDIRS += examples -+endif - - CLEANFILES = *~ - -diff --git a/configure.ac b/configure.ac -index b9b0f8392..6666b1b26 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -224,6 +224,11 @@ AC_ARG_ENABLE([doc], - WITH_DOC=$enableval, WITH_DOC=yes) - AM_CONDITIONAL([HAVE_DOC], [test "x$WITH_DOC" = "xyes"]) - -+AC_ARG_ENABLE([examples], -+ AS_HELP_STRING([--disable-examples],[Do not build the examples]), -+ WITH_EXAMPLES=$enableval, WITH_EXAMPLES=yes) -+AM_CONDITIONAL([HAVE_EXAMPLES], [test "x$WITH_EXAMPLES" = "xyes"]) -+ - AC_ARG_ENABLE([prelude], - AS_HELP_STRING([--disable-prelude],[do not use prelude]), - WITH_PRELUDE=$enableval, WITH_PRELUDE=yes) diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh index 50190eb..6b9b498 100644 --- a/pam-login_defs-check.sh +++ b/pam-login_defs-check.sh @@ -12,7 +12,7 @@ grep -rh LOGIN_DEFS . | sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | LC_ALL=C sort -u >pam-login_defs-vars.lst -if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != cda62ec4158236270a5a30ba1875fa2795926f23 ; then +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then echo "does not match!" >&2 echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 diff --git a/pam.changes b/pam.changes index d5bc85e..da9abb7 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,57 @@ +------------------------------------------------------------------- +Thu Jan 18 08:28:14 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + ------------------------------------------------------------------- Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 0d05b92..8b9a6e3 100644 --- a/pam.spec +++ b/pam.spec @@ -71,7 +71,7 @@ # Name: pam%{name_suffix} # -Version: 1.5.3 +Version: 1.6.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -96,14 +96,6 @@ Source22: postlogin-account.pamd Source23: postlogin-password.pamd Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch -# https://github.com/linux-pam/linux-pam/pull/594 -Patch2: pam_access-doc-IPv6-link-local.patch -# https://github.com/linux-pam/linux-pam/pull/596 -Patch3: pam_access-hostname-debug.patch -# https://github.com/linux-pam/linux-pam/pull/581 -Patch4: pam_shells-fix-econf-memory-leak.patch -# https://github.com/linux-pam/linux-pam/pull/574 -Patch5: disable-examples.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -214,10 +206,6 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} cp -a %{SOURCE12} . %patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build bash ./pam-login_defs-check.sh @@ -237,7 +225,9 @@ autoreconf --enable-isadir=../..%{_pam_moduledir} \ --enable-securedir=%{_pam_moduledir} \ --enable-vendordir=%{_prefix}/etc \ +%if "%{flavor}" == "full" --enable-logind \ +%endif --disable-examples \ --disable-nis \ %if %{with debug} diff --git a/pam_access-doc-IPv6-link-local.patch b/pam_access-doc-IPv6-link-local.patch deleted file mode 100644 index d84a1de..0000000 --- a/pam_access-doc-IPv6-link-local.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4ba3105511c3a55fc750a790f7310c6d7ebfdfda Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Thu, 3 Aug 2023 17:11:32 +0200 -Subject: [PATCH] pam_access: document IPv6 link-local addresses (#582) - -* modules/pam_access/access.conf.5.xml: Add example and note for IPv6 - link-local addresses -* modules/pam_access/access.conf: Add example for IPv6 link-local - addresses ---- - modules/pam_access/access.conf | 3 +++ - modules/pam_access/access.conf.5.xml | 12 +++++++++++- - 2 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/modules/pam_access/access.conf b/modules/pam_access/access.conf -index 47b6b84c1..9c8e21716 100644 ---- a/modules/pam_access/access.conf -+++ b/modules/pam_access/access.conf -@@ -115,6 +115,9 @@ - # User "john" should get access from ipv6 host address (same as above) - #+:john:2001:4ca0:0:101:0:0:0:1 - # -+# User "john" should get access from ipv6 local link host address -+#+:john:fe80::de95:818c:1b55:7e42%eth0 -+# - # User "john" should get access from ipv6 net/mask - #+:john:2001:4ca0:0:101::/64 - # -diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml -index ff1cb2237..2dc5d477c 100644 ---- a/modules/pam_access/access.conf.5.xml -+++ b/modules/pam_access/access.conf.5.xml -@@ -188,6 +188,12 @@ - - +:john foo:2001:db8:0:101::1 - -+ -+ User john and foo -+ should get access from IPv6 link local host address. -+ -+ +:john foo:fe80::de95:818c:1b55:7e42%eth1 -+ - - User john should get access from IPv6 net/mask. - -@@ -222,6 +228,10 @@ - item and the line will be most probably ignored. For this reason, it is not - recommended to put spaces around the ':' characters. - -+ -+ An IPv6 link local host address must contain the interface -+ identifier. IPv6 link local network/netmask is not supported. -+ - - - -@@ -246,4 +256,4 @@ - introduced by Mike Becher <mike.becher@lrz-muenchen.de>. - - -- -\ No newline at end of file -+ diff --git a/pam_access-hostname-debug.patch b/pam_access-hostname-debug.patch deleted file mode 100644 index 13168b5..0000000 --- a/pam_access-hostname-debug.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 741acf4ff707d53b94947736a01eeeda5e2c7e98 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Fri, 4 Aug 2023 15:46:16 +0200 -Subject: [PATCH] pam_access: make non-resolveable hostname a debug output - (#590) - -* modules/pam_access/pam_access.c (network_netmask_match): Don't print -an error if a string is not resolveable, only a debug message in debug -mode. We even don't know if that entry is for remote logins or not. ---- - modules/pam_access/pam_access.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index f70b7e495..985dc7de2 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -876,7 +876,8 @@ network_netmask_match (pam_handle_t *pamh, - */ - if (getaddrinfo (tok, NULL, NULL, &ai) != 0) - { -- pam_syslog(pamh, LOG_ERR, "cannot resolve hostname \"%s\"", tok); -+ if (item->debug) -+ pam_syslog(pamh, LOG_DEBUG, "cannot resolve hostname \"%s\"", tok); - - return NO; - } diff --git a/pam_shells-fix-econf-memory-leak.patch b/pam_shells-fix-econf-memory-leak.patch deleted file mode 100644 index 506a1c5..0000000 --- a/pam_shells-fix-econf-memory-leak.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 1a734af22a9f35a9a09edaea44a4e0767de6343b Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Thu, 18 May 2023 17:55:21 +0200 -Subject: [PATCH] pam_shells: Plug econf memory leak - -Signed-off-by: Tobias Stoeckmann ---- - modules/pam_shells/pam_shells.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c -index 05c09c656..276a56dd5 100644 ---- a/modules/pam_shells/pam_shells.c -+++ b/modules/pam_shells/pam_shells.c -@@ -112,6 +112,7 @@ static int perform_check(pam_handle_t *pamh) - if (!retval) - break; - } -+ econf_free (keys); - econf_free (key_file); - #else - char shellFileLine[256]; -- 2.51.1 From 182f702c5975cd8d156abcfd92c1c58e11d8e116356036438c4ca1f92973ef73 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Jan 2024 16:09:06 +0000 Subject: [PATCH 197/226] - disable-pam_env-test.patch: disable tst-pam_env-retval.c as it is broken OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=281 --- disable-pam_env-test.patch | 11 +++++++++++ pam.changes | 6 ++++++ pam.spec | 6 +++++- 3 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 disable-pam_env-test.patch diff --git a/disable-pam_env-test.patch b/disable-pam_env-test.patch new file mode 100644 index 0000000..6093897 --- /dev/null +++ b/disable-pam_env-test.patch @@ -0,0 +1,11 @@ +--- Linux-PAM-1.6.0/modules/pam_env/Makefile.am.old 2024-01-17 11:29:36.000000000 +0100 ++++ Linux-PAM-1.6.0/modules/pam_env/Makefile.am 2024-01-18 16:45:11.923011145 +0100 +@@ -12,7 +12,7 @@ + endif + XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml + dist_check_SCRIPTS = tst-pam_env +-TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) ++TESTS = $(dist_check_SCRIPTS) + + securelibdir = $(SECUREDIR) + if HAVE_VENDORDIR diff --git a/pam.changes b/pam.changes index da9abb7..4147492 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jan 18 15:45:53 UTC 2024 - Thorsten Kukuk + +- disable-pam_env-test.patch: disable tst-pam_env-retval.c as it is + broken + ------------------------------------------------------------------- Thu Jan 18 08:28:14 UTC 2024 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 8b9a6e3..65fef55 100644 --- a/pam.spec +++ b/pam.spec @@ -96,6 +96,7 @@ Source22: postlogin-account.pamd Source23: postlogin-password.pamd Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch +Patch2: disable-pam_env-test.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -206,6 +207,7 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} cp -a %{SOURCE12} . %patch1 -p1 +%patch2 -p1 %build bash ./pam-login_defs-check.sh @@ -280,7 +282,9 @@ mkdir -p -m 755 %{buildroot}%{_libdir} mkdir -p %{buildroot}%{_distconfdir}/pam.d %make_install -/sbin/ldconfig -n %{buildroot}%{libdir} +# XXX remove for now until we have a security review of the new module +rm -f %{buildroot}%{_libdir}/security/pam_canonicalize_user.so +/sbin/ldconfig -n %{buildroot}%{_libdir} # Install documentation %make_install -C doc # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript -- 2.51.1 From 089f3fa0f4f47a1e634a1e339c8af6250b4da04501ece36fef8c76edee275561 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Jan 2024 16:22:56 +0000 Subject: [PATCH 198/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=282 --- pam.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 65fef55..16b1120 100644 --- a/pam.spec +++ b/pam.spec @@ -144,7 +144,8 @@ username/password pair against values stored in a Berkeley DB database. %package -n pam-extra Summary: PAM module with extended dependencies Group: System/Libraries -BuildRequires: pkgconfig(systemd) +#BuildRequires: pkgconfig(systemd) +BuildRequires: systemd-devel >= 254 BuildRequires: pam-devel Provides: pam:%{_sbindir}/pam_timestamp_check -- 2.51.1 From 37a6bd3211c7914ea13682885b77101be0c030149ada4923a051fb1ce35238c2 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Jan 2024 16:36:00 +0000 Subject: [PATCH 199/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=283 --- pam.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pam.spec b/pam.spec index 16b1120..05479fb 100644 --- a/pam.spec +++ b/pam.spec @@ -144,8 +144,7 @@ username/password pair against values stored in a Berkeley DB database. %package -n pam-extra Summary: PAM module with extended dependencies Group: System/Libraries -#BuildRequires: pkgconfig(systemd) -BuildRequires: systemd-devel >= 254 +BuildRequires: pkgconfig(systemd) BuildRequires: pam-devel Provides: pam:%{_sbindir}/pam_timestamp_check -- 2.51.1 From e2402ccf1b87cfbe8228f9b601621c9360c2b8314b86c2ce41ce67bdebd5c611 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 18 Jan 2024 17:01:37 +0000 Subject: [PATCH 200/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=284 --- pam.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index 05479fb..316680a 100644 --- a/pam.spec +++ b/pam.spec @@ -144,7 +144,9 @@ username/password pair against values stored in a Berkeley DB database. %package -n pam-extra Summary: PAM module with extended dependencies Group: System/Libraries -BuildRequires: pkgconfig(systemd) +#BuildRequires: pkgconfig(systemd) +# The systemd-mini package does not pass configure checks +BuildRequires: systemd-devel >= 254 BuildRequires: pam-devel Provides: pam:%{_sbindir}/pam_timestamp_check @@ -287,6 +289,8 @@ rm -f %{buildroot}%{_libdir}/security/pam_canonicalize_user.so /sbin/ldconfig -n %{buildroot}%{_libdir} # Install documentation %make_install -C doc +# XXX remove for now until we have a security review, see above +rm -f %{buildroot}%{_mandir}/man8/pam_canonicalize_user.8* # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript install -d %{buildroot}%{_pam_secconfdir}/namespace.d # install other.pamd and common-*.pamd -- 2.51.1 From f0eb90949bbd71042d09d585dbc6b60a49638185b1d5cd8473353ce7de850d2d Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 09:33:12 +0000 Subject: [PATCH 201/226] - Add post 1.6.0 release fixes for pam_env: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=285 --- Linux-PAM-1.5.3.tar.xz | 3 ++ disable-pam_env-test.patch | 11 ----- pam.changes | 12 ++--- pam.spec | 9 +++- pam_env-fix-enable-vendordir-fallback.patch | 51 +++++++++++++++++++ pam_env-fix_vendordir.patch | 51 +++++++++++++++++++ pam_env-remove-escaped-newlines.patch | 54 +++++++++++++++++++++ 7 files changed, 172 insertions(+), 19 deletions(-) create mode 100644 Linux-PAM-1.5.3.tar.xz delete mode 100644 disable-pam_env-test.patch create mode 100644 pam_env-fix-enable-vendordir-fallback.patch create mode 100644 pam_env-fix_vendordir.patch create mode 100644 pam_env-remove-escaped-newlines.patch diff --git a/Linux-PAM-1.5.3.tar.xz b/Linux-PAM-1.5.3.tar.xz new file mode 100644 index 0000000..d1b6d47 --- /dev/null +++ b/Linux-PAM-1.5.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283 +size 1020076 diff --git a/disable-pam_env-test.patch b/disable-pam_env-test.patch deleted file mode 100644 index 6093897..0000000 --- a/disable-pam_env-test.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- Linux-PAM-1.6.0/modules/pam_env/Makefile.am.old 2024-01-17 11:29:36.000000000 +0100 -+++ Linux-PAM-1.6.0/modules/pam_env/Makefile.am 2024-01-18 16:45:11.923011145 +0100 -@@ -12,7 +12,7 @@ - endif - XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml - dist_check_SCRIPTS = tst-pam_env --TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS) -+TESTS = $(dist_check_SCRIPTS) - - securelibdir = $(SECUREDIR) - if HAVE_VENDORDIR diff --git a/pam.changes b/pam.changes index 4147492..4f8e09a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,12 +1,10 @@ ------------------------------------------------------------------- -Thu Jan 18 15:45:53 UTC 2024 - Thorsten Kukuk - -- disable-pam_env-test.patch: disable tst-pam_env-retval.c as it is - broken - -------------------------------------------------------------------- -Thu Jan 18 08:28:14 UTC 2024 - Thorsten Kukuk +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk +- Add post 1.6.0 release fixes for pam_env: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch - Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. diff --git a/pam.spec b/pam.spec index 316680a..fa47dab 100644 --- a/pam.spec +++ b/pam.spec @@ -96,7 +96,12 @@ Source22: postlogin-account.pamd Source23: postlogin-password.pamd Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch -Patch2: disable-pam_env-test.patch +# https://github.com/linux-pam/linux-pam/pull/739 +Patch2: pam_env-fix_vendordir.patch +# https://github.com/linux-pam/linux-pam/pull/740 +Patch3: pam_env-fix-enable-vendordir-fallback.patch +# https://github.com/linux-pam/linux-pam/pull/741 +Patch4: pam_env-remove-escaped-newlines.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -210,6 +215,8 @@ building both PAM-aware applications and modules for use with PAM. cp -a %{SOURCE12} . %patch1 -p1 %patch2 -p1 +%patch3 -p1 +%patch4 -p1 %build bash ./pam-login_defs-check.sh diff --git a/pam_env-fix-enable-vendordir-fallback.patch b/pam_env-fix-enable-vendordir-fallback.patch new file mode 100644 index 0000000..52c895d --- /dev/null +++ b/pam_env-fix-enable-vendordir-fallback.patch @@ -0,0 +1,51 @@ +From 28894b319488e8302899ee569b6e0911905f374e Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Thu, 18 Jan 2024 17:00:00 +0000 +Subject: [PATCH] pam_env: fix --enable-vendordir fallback logic + +* modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF && +VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file +if the config file is specified via module arguments. + +Link: https://github.com/linux-pam/linux-pam/issues/738 +Fixes: v1.5.3~69 ("pam_env: Use vendor specific pam_env.conf and environment as fallback") +--- + modules/pam_env/pam_env.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c +index a0b812fff..8b40b6a5a 100644 +--- a/modules/pam_env/pam_env.c ++++ b/modules/pam_env/pam_env.c +@@ -850,20 +850,20 @@ _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) + #ifdef USE_ECONF + /* If "file" is not NULL, only this file will be parsed. */ + retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); +-#else ++#else /* !USE_ECONF */ + /* Only one file will be parsed. So, file has to be set. */ +- if (file == NULL) /* No filename has been set via argv. */ ++ if (file == NULL) { /* No filename has been set via argv. */ + file = DEFAULT_CONF_FILE; +-#ifdef VENDOR_DEFAULT_CONF_FILE +- /* +- * Check whether file is available. +- * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. +- */ +- struct stat stat_buffer; +- if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { +- file = VENDOR_DEFAULT_CONF_FILE; ++# ifdef VENDOR_DEFAULT_CONF_FILE ++ /* ++ * Check whether DEFAULT_CONF_FILE file is available. ++ * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. ++ */ ++ struct stat stat_buffer; ++ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) ++ file = VENDOR_DEFAULT_CONF_FILE; ++# endif + } +-#endif + retval = read_file(pamh, file, &conf_list); + #endif + diff --git a/pam_env-fix_vendordir.patch b/pam_env-fix_vendordir.patch new file mode 100644 index 0000000..862b6b6 --- /dev/null +++ b/pam_env-fix_vendordir.patch @@ -0,0 +1,51 @@ +From 0703453bec6ac54ad31d7245be4529796a3ef764 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 18 Jan 2024 18:08:05 +0100 +Subject: [PATCH] pam_env: check VENDORDIR after config.h inclusion + +The VENDORDIR define has to be checked after config.h +inclusion, otherwise the ifdef test always yields false. + +Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback") + +Signed-off-by: Tobias Stoeckmann +--- + modules/pam_env/pam_env.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c +index 59adc942c..a0b812fff 100644 +--- a/modules/pam_env/pam_env.c ++++ b/modules/pam_env/pam_env.c +@@ -6,15 +6,6 @@ + * template for this file (via pam_mail) + */ + +-#define DEFAULT_ETC_ENVFILE "/etc/environment" +-#ifdef VENDORDIR +-#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/environment") +-#endif +-#define DEFAULT_READ_ENVFILE 1 +- +-#define DEFAULT_USER_ENVFILE ".pam_environment" +-#define DEFAULT_USER_READ_ENVFILE 0 +- + #include "config.h" + + #include +@@ -52,6 +43,15 @@ typedef struct var { + char *override; + } VAR; + ++#define DEFAULT_ETC_ENVFILE "/etc/environment" ++#ifdef VENDORDIR ++#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/environment") ++#endif ++#define DEFAULT_READ_ENVFILE 1 ++ ++#define DEFAULT_USER_ENVFILE ".pam_environment" ++#define DEFAULT_USER_READ_ENVFILE 0 ++ + #define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") + #ifdef VENDOR_SCONFIGDIR + #define VENDOR_DEFAULT_CONF_FILE (VENDOR_SCONFIGDIR "/pam_env.conf") diff --git a/pam_env-remove-escaped-newlines.patch b/pam_env-remove-escaped-newlines.patch new file mode 100644 index 0000000..3085571 --- /dev/null +++ b/pam_env-remove-escaped-newlines.patch @@ -0,0 +1,54 @@ +From ef51c51523b4c6ce6275b2863a0de1a3a6dff1e5 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 18 Jan 2024 20:25:20 +0100 +Subject: [PATCH] pam_env: remove escaped newlines from econf lines + +The libeconf routines do not remove escaped newlines the way we want to +process them later on. Manually remove them from values. + +Signed-off-by: Tobias Stoeckmann +--- + modules/pam_env/pam_env.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c +index a0b812fff..5f53fbb10 100644 +--- a/modules/pam_env/pam_env.c ++++ b/modules/pam_env/pam_env.c +@@ -160,6 +160,28 @@ isDirectory(const char *path) { + return S_ISDIR(statbuf.st_mode); + } + ++/* ++ * Remove escaped newline from string. ++ * ++ * All occurrences of "\\n" will be removed from string. ++ */ ++static void ++econf_unescnl(char *val) ++{ ++ char *dest, *p; ++ ++ dest = p = val; ++ ++ while (*p != '\0') { ++ if (p[0] == '\\' && p[1] == '\n') { ++ p += 2; ++ } else { ++ *dest++ = *p++; ++ } ++ } ++ *dest = '\0'; ++} ++ + static int + econf_read_file(const pam_handle_t *pamh, const char *filename, const char *delim, + const char *name, const char *suffix, const char *subpath, +@@ -270,6 +292,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli + keys[i], + econf_errString(error)); + } else { ++ econf_unescnl(val); + if (asprintf(&(*lines)[i],"%s%c%s", keys[i], delim[0], val) < 0) { + pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); + econf_free(keys); -- 2.51.1 From bafc2117536bb43e5694539f12e44fa1a3c9c68dafc3eccb0083f9a89dae2873 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 09:34:45 +0000 Subject: [PATCH 202/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=286 --- Linux-PAM-1.5.3.tar.xz | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 Linux-PAM-1.5.3.tar.xz diff --git a/Linux-PAM-1.5.3.tar.xz b/Linux-PAM-1.5.3.tar.xz deleted file mode 100644 index d1b6d47..0000000 --- a/Linux-PAM-1.5.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283 -size 1020076 -- 2.51.1 From 538371760fa150b0d099124ce6a4b9466d8bbffc2ca9ef5c943e6b16593876a7 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 09:49:30 +0000 Subject: [PATCH 203/226] - Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_unix-fix-password-aging-disabled.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=287 --- pam.changes | 3 ++- pam.spec | 3 +++ pam_unix-fix-password-aging-disabled.patch | 27 ++++++++++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 pam_unix-fix-password-aging-disabled.patch diff --git a/pam.changes b/pam.changes index 4f8e09a..7dd6086 100644 --- a/pam.changes +++ b/pam.changes @@ -1,10 +1,11 @@ ------------------------------------------------------------------- Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk -- Add post 1.6.0 release fixes for pam_env: +- Add post 1.6.0 release fixes for pam_env and pam_unix: - pam_env-fix-enable-vendordir-fallback.patch - pam_env-fix_vendordir.patch - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch - Update to version 1.6.0 - Added support of configuration files with arbitrarily long lines. - build: fixed build outside of the source tree. diff --git a/pam.spec b/pam.spec index fa47dab..a0249b5 100644 --- a/pam.spec +++ b/pam.spec @@ -102,6 +102,8 @@ Patch2: pam_env-fix_vendordir.patch Patch3: pam_env-fix-enable-vendordir-fallback.patch # https://github.com/linux-pam/linux-pam/pull/741 Patch4: pam_env-remove-escaped-newlines.patch +# https://github.com/linux-pam/linux-pam/pull/744 +Patch5: pam_unix-fix-password-aging-disabled.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex @@ -217,6 +219,7 @@ cp -a %{SOURCE12} . %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build bash ./pam-login_defs-check.sh diff --git a/pam_unix-fix-password-aging-disabled.patch b/pam_unix-fix-password-aging-disabled.patch new file mode 100644 index 0000000..53f2793 --- /dev/null +++ b/pam_unix-fix-password-aging-disabled.patch @@ -0,0 +1,27 @@ +From 9d40f55216b2de60ccb9b617c79b9280b9f29ead Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Fri, 19 Jan 2024 10:09:00 +0100 +Subject: [PATCH] pam_unix: do not warn if password aging disabled + +Later checks will print a warning if daysleft is 0. If password +aging is disabled, leave daysleft at -1. + +Fixes 9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb. + +Signed-off-by: Tobias Stoeckmann +--- + modules/pam_unix/passverify.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 5c4f862e7..1bc98fa25 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -314,7 +314,6 @@ PAMH_ARG_DECL(int check_shadow_expiry, + } + if (spent->sp_lstchg < 0) { + D(("password aging disabled")); +- *daysleft = 0; + return PAM_SUCCESS; + } + if (curdays < spent->sp_lstchg) { -- 2.51.1 From 3b382a88845e3619652ca4449f512afa66e0ec3139dff30d2e71f3b04d7fe1f3 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 11:13:37 +0000 Subject: [PATCH 204/226] - Move pam_namespace to pam-extra due to systemd dependencies OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=288 --- pam.changes | 5 +++++ pam.spec | 23 +++++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/pam.changes b/pam.changes index 7dd6086..536aae7 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 19 11:11:47 UTC 2024 - Thorsten Kukuk + +- Move pam_namespace to pam-extra due to systemd dependencies + ------------------------------------------------------------------- Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index a0249b5..23bbc86 100644 --- a/pam.spec +++ b/pam.spec @@ -151,11 +151,12 @@ username/password pair against values stored in a Berkeley DB database. %package -n pam-extra Summary: PAM module with extended dependencies Group: System/Libraries -#BuildRequires: pkgconfig(systemd) +#BuildRequires: pkgconfig(systemd) # The systemd-mini package does not pass configure checks BuildRequires: systemd-devel >= 254 BuildRequires: pam-devel Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_sbindir}/pam_namespace_helper %description -n pam-extra PAM (Pluggable Authentication Modules) is a system security tool that @@ -301,8 +302,6 @@ rm -f %{buildroot}%{_libdir}/security/pam_canonicalize_user.so %make_install -C doc # XXX remove for now until we have a security review, see above rm -f %{buildroot}%{_mandir}/man8/pam_canonicalize_user.8* -# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript -install -d %{buildroot}%{_pam_secconfdir}/namespace.d # install other.pamd and common-*.pamd install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth @@ -337,7 +336,7 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf -mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} +mkdir -p %{buildroot}%{_pam_secdistconfdir}/limits.d mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment # Remove manual pages for main package @@ -350,9 +349,10 @@ echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 %endif %if !%{build_main} -rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir}/{environment,pam.d},%{_sbindir}/{f*,m*,pw*,u*}} +rm -rf %{buildroot}{%{_pam_secdistconfdir}/{a,f,g,l,p,s,t}*.conf,%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}} -rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,no,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* %else # Delete files for extra package rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} @@ -419,10 +419,7 @@ done %{_pam_secdistconfdir}/sepermit.conf %endif %{_pam_secdistconfdir}/time.conf -%{_pam_secdistconfdir}/namespace.conf -%{_pam_secdistconfdir}/namespace.init %{_pam_secdistconfdir}/pwhistory.conf -%dir %{_pam_secdistconfdir}/namespace.d %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} %{_libdir}/libpamc.so.0 @@ -451,7 +448,6 @@ done %{_pam_moduledir}/pam_mail.so %{_pam_moduledir}/pam_mkhomedir.so %{_pam_moduledir}/pam_motd.so -%{_pam_moduledir}/pam_namespace.so %{_pam_moduledir}/pam_nologin.so %{_pam_moduledir}/pam_permit.so %{_pam_moduledir}/pam_pwhistory.so @@ -476,12 +472,10 @@ done %{_pam_moduledir}/pam_xauth.so %{_sbindir}/faillock %{_sbindir}/mkhomedir_helper -%{_sbindir}/pam_namespace_helper %{_sbindir}/pwhistory_helper %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd %attr(0700,root,root) %{_sbindir}/unix_update -%{_unitdir}/pam_namespace.service %{_tmpfilesdir}/pam.conf %files devel @@ -506,8 +500,13 @@ done %files -n pam-extra %defattr(-,root,root,755) %{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_namespace.so %{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_namespace_helper %{_sbindir}/pam_timestamp_check +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_unitdir}/pam_namespace.service %endif %if %{build_doc} -- 2.51.1 From 5f4342b7e38a9b24b11ca43c4cc6d017d2604ea29e1631309a12995adf0e6a09 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 11:23:06 +0000 Subject: [PATCH 205/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=289 --- pam.changes | 5 ----- 1 file changed, 5 deletions(-) diff --git a/pam.changes b/pam.changes index 536aae7..7dd6086 100644 --- a/pam.changes +++ b/pam.changes @@ -1,8 +1,3 @@ -------------------------------------------------------------------- -Fri Jan 19 11:11:47 UTC 2024 - Thorsten Kukuk - -- Move pam_namespace to pam-extra due to systemd dependencies - ------------------------------------------------------------------- Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk -- 2.51.1 From 488d867f619a7ddf6ad4d1f224fd50f52ba3d5e17bc125ea9ac0769e231febe7 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 11:24:46 +0000 Subject: [PATCH 206/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=290 --- pam.spec | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/pam.spec b/pam.spec index 23bbc86..a0249b5 100644 --- a/pam.spec +++ b/pam.spec @@ -151,12 +151,11 @@ username/password pair against values stored in a Berkeley DB database. %package -n pam-extra Summary: PAM module with extended dependencies Group: System/Libraries -#BuildRequires: pkgconfig(systemd) +#BuildRequires: pkgconfig(systemd) # The systemd-mini package does not pass configure checks BuildRequires: systemd-devel >= 254 BuildRequires: pam-devel Provides: pam:%{_sbindir}/pam_timestamp_check -Provides: pam:%{_sbindir}/pam_namespace_helper %description -n pam-extra PAM (Pluggable Authentication Modules) is a system security tool that @@ -302,6 +301,8 @@ rm -f %{buildroot}%{_libdir}/security/pam_canonicalize_user.so %make_install -C doc # XXX remove for now until we have a security review, see above rm -f %{buildroot}%{_mandir}/man8/pam_canonicalize_user.8* +# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript +install -d %{buildroot}%{_pam_secconfdir}/namespace.d # install other.pamd and common-*.pamd install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth @@ -336,7 +337,7 @@ install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam # /run/motd.d install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf -mkdir -p %{buildroot}%{_pam_secdistconfdir}/limits.d +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment # Remove manual pages for main package @@ -349,10 +350,9 @@ echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 %endif %if !%{build_main} -rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir}/{environment,pam.d},%{_sbindir}/{f*,m*,pw*,u*}} -rm -rf %{buildroot}{%{_pam_secdistconfdir}/{a,f,g,l,p,s,t}*.conf,%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}} -rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,no,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* %else # Delete files for extra package rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} @@ -419,7 +419,10 @@ done %{_pam_secdistconfdir}/sepermit.conf %endif %{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init %{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d %{_libdir}/libpam.so.0 %{_libdir}/libpam.so.%{libpam_so_version} %{_libdir}/libpamc.so.0 @@ -448,6 +451,7 @@ done %{_pam_moduledir}/pam_mail.so %{_pam_moduledir}/pam_mkhomedir.so %{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so %{_pam_moduledir}/pam_nologin.so %{_pam_moduledir}/pam_permit.so %{_pam_moduledir}/pam_pwhistory.so @@ -472,10 +476,12 @@ done %{_pam_moduledir}/pam_xauth.so %{_sbindir}/faillock %{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper %{_sbindir}/pwhistory_helper %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd %verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd %attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service %{_tmpfilesdir}/pam.conf %files devel @@ -500,13 +506,8 @@ done %files -n pam-extra %defattr(-,root,root,755) %{_pam_moduledir}/pam_issue.so -%{_pam_moduledir}/pam_namespace.so %{_pam_moduledir}/pam_timestamp.so -%{_sbindir}/pam_namespace_helper %{_sbindir}/pam_timestamp_check -%{_pam_secdistconfdir}/namespace.conf -%{_pam_secdistconfdir}/namespace.init -%{_unitdir}/pam_namespace.service %endif %if %{build_doc} -- 2.51.1 From 2563154862bbcd1ae4bf72a1733ebe7f28803a4fb82a133193d02eb113ce3232 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 11:30:53 +0000 Subject: [PATCH 207/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=291 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index a0249b5..423401a 100644 --- a/pam.spec +++ b/pam.spec @@ -351,7 +351,7 @@ echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 %if !%{build_main} rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} -rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir}} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* %else # Delete files for extra package -- 2.51.1 From 4352831aa4a65a4ed046cce820dafa33f6e45523ce090dee16f76eb8e8337434 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 19 Jan 2024 13:04:11 +0000 Subject: [PATCH 208/226] - disable-examples.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=292 --- pam.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/pam.changes b/pam.changes index 7dd6086..96b4404 100644 --- a/pam.changes +++ b/pam.changes @@ -54,6 +54,7 @@ Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk - pam_access-hostname-debug.patch - pam_shells-fix-econf-memory-leak.patch - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch - pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS is no longer used. -- 2.51.1 From 238a7db1972263a12b5e7b017747fa8f0322bf9d06159506c876b675567ffc0c Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 30 Jan 2024 15:18:15 +0000 Subject: [PATCH 209/226] - Enable pam_canonicalize_user.so OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=293 --- pam.changes | 5 +++++ pam.spec | 6 ++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/pam.changes b/pam.changes index 96b4404..94fe450 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + ------------------------------------------------------------------- Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 423401a..f86e357 100644 --- a/pam.spec +++ b/pam.spec @@ -294,13 +294,9 @@ mkdir -p -m 755 %{buildroot}%{_libdir} mkdir -p %{buildroot}%{_distconfdir}/pam.d %make_install -# XXX remove for now until we have a security review of the new module -rm -f %{buildroot}%{_libdir}/security/pam_canonicalize_user.so /sbin/ldconfig -n %{buildroot}%{_libdir} # Install documentation %make_install -C doc -# XXX remove for now until we have a security review, see above -rm -f %{buildroot}%{_mandir}/man8/pam_canonicalize_user.8* # install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript install -d %{buildroot}%{_pam_secconfdir}/namespace.d # install other.pamd and common-*.pamd @@ -431,6 +427,7 @@ done %{_libdir}/libpam_misc.so.%{libpam_misc_so_version} %dir %{_pam_moduledir} %{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so %{_pam_moduledir}/pam_debug.so %{_pam_moduledir}/pam_deny.so %{_pam_moduledir}/pam_echo.so @@ -532,6 +529,7 @@ done %{_mandir}/man8/mkhomedir_helper.8%{?ext_man} %{_mandir}/man8/pam.8%{?ext_man} %{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} %{_mandir}/man8/pam_debug.8%{?ext_man} %{_mandir}/man8/pam_deny.8%{?ext_man} %{_mandir}/man8/pam_echo.8%{?ext_man} -- 2.51.1 From 42e12ae97c721cb68a426ca7d2b60219d1e25ba4303402404d0f4229f58050e1 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 7 Feb 2024 13:33:52 +0000 Subject: [PATCH 210/226] - pam.tmpfiles: Make sure the content of the /run directories get removed in case of a soft-reboot OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=294 --- pam.changes | 6 ++++++ pam.tmpfiles | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pam.changes b/pam.changes index 94fe450..ce9fabd 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + ------------------------------------------------------------------- Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk diff --git a/pam.tmpfiles b/pam.tmpfiles index 444ec5d..ff82860 100644 --- a/pam.tmpfiles +++ b/pam.tmpfiles @@ -1,4 +1,4 @@ #Type Path Mode User Group Age Argument -d /run/faillock 0755 root root - - -d /run/motd.d 0755 root root - - -d /run/pam_timestamp 0755 root root - - +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - -- 2.51.1 From 0158e751abaaf2eb81c826a0702ae2fc60dd1d04dfac72358534013c78397641 Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Fri, 23 Feb 2024 08:28:16 +0000 Subject: [PATCH 211/226] Accepting request 1149618 from home:vlefebvre:branches:Linux-PAM Use autosetup OBS-URL: https://build.opensuse.org/request/show/1149618 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=295 --- pam.changes | 5 +++++ pam.spec | 7 +------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pam.changes b/pam.changes index ce9fabd..3b03f61 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + ------------------------------------------------------------------- Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index f86e357..169944d 100644 --- a/pam.spec +++ b/pam.spec @@ -213,13 +213,8 @@ This package contains header files and static libraries used for building both PAM-aware applications and modules for use with PAM. %prep -%setup -q -n Linux-PAM-%{version} +%autosetup -p1 -n Linux-PAM-%{version} cp -a %{SOURCE12} . -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 %build bash ./pam-login_defs-check.sh -- 2.51.1 From 810c4f59c178a8b079d666a83966e53a05c564c3b206f1c9548deb3234e10279 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 10 Apr 2024 07:30:15 +0000 Subject: [PATCH 212/226] - Update to version 1.6.1 - pam_env: fixed --disable-econf --enable-vendordir support. - pam_unix: do not warn if password aging is disabled. - pam_unix: try to set uid to 0 before unix_chkpwd invocation. - pam_unix: allow empty passwords with non-empty hashes. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Remove backports: - pam_env-fix_vendordir.patch - pam_env-fix-enable-vendordir-fallback.patch - pam_env-remove-escaped-newlines.patch - pam_unix-fix-password-aging-disabled.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=296 --- Linux-PAM-1.6.0.tar.xz | 3 -- Linux-PAM-1.6.0.tar.xz.asc | 16 ------ Linux-PAM-1.6.1.tar.xz | 3 ++ Linux-PAM-1.6.1.tar.xz.asc | 16 ++++++ pam.changes | 16 ++++++ pam.spec | 10 +--- pam_env-fix-enable-vendordir-fallback.patch | 51 ------------------- pam_env-fix_vendordir.patch | 51 ------------------- pam_env-remove-escaped-newlines.patch | 54 --------------------- pam_unix-fix-password-aging-disabled.patch | 27 ----------- 10 files changed, 36 insertions(+), 211 deletions(-) delete mode 100644 Linux-PAM-1.6.0.tar.xz delete mode 100644 Linux-PAM-1.6.0.tar.xz.asc create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc delete mode 100644 pam_env-fix-enable-vendordir-fallback.patch delete mode 100644 pam_env-fix_vendordir.patch delete mode 100644 pam_env-remove-escaped-newlines.patch delete mode 100644 pam_unix-fix-password-aging-disabled.patch diff --git a/Linux-PAM-1.6.0.tar.xz b/Linux-PAM-1.6.0.tar.xz deleted file mode 100644 index e3aa8ba..0000000 --- a/Linux-PAM-1.6.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fff4a34e5bbee77e2e8f1992f27631e2329bcbf8a0563ddeb5c3389b4e3169ad -size 1048296 diff --git a/Linux-PAM-1.6.0.tar.xz.asc b/Linux-PAM-1.6.0.tar.xz.asc deleted file mode 100644 index d0ed0be..0000000 --- a/Linux-PAM-1.6.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIcBAABCgAGBQJlp6wnAAoJEKgEH6g54W42MiEP/A9ZznPwFC64SbhbvFYOt6dI -n7NMhzBK4NNw4FLuqeTtIDibNVZ5PkrPHTVaaUuZ2etIkAtUzQLJfB6AyIUY80Gm -NrURXs3LTGZT413A5hH21wUiMLFXIi8GGcz2THV9FJX4KruOkvxXVTxUH6ntlsHY -U+NpNbQXtbq7whzdb7A2W7Ofyg4/gG/QJuLil1cS0rlGg2GhGqxQKBpzvag3fFM3 -XQClfUTF0ALhR6RH0HzolwEsOSp/C1US0mHHfBsvMlbkHrba5VrlQyvdximtzXxw -6+vNaYVd0SX40e3QCLFQ3yAwqAVK6g0lVlgohSCZbjDJgdcoklShE2x7GtVyzwMi -Vic7nkzANQPb0EH14Bo+SMQEOGtZ99tVUt4jX4Rt6f0P/pBCiF6ugJj/IJ67Ouu2 -gp1aRVFrrhFetucdeZhnXb7IJ8h4FDtklRcOS8OgsPGJofLjZmVICrwt6sxpU30n -b/csdoJ1xrMuvo1RGAeSi58sz4KiyKxnTDJL1+7owoK6oNMkN2HR6pE4NH0Atm4n -NcQykgvavC6GZwUsMqrGQypG30LdkKiRScPqCerNYzi01iL7Zxw5BK/plFBwCqJQ -LQH1FUUKEUMA13dt/bUOMSUNmkyIC3PtE69g6XeLRL1M00gRwGgjn8azcYDzOWox -zxDFnUsJ/JgmJm3y47J2 -=wzV/ ------END PGP SIGNATURE----- diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/pam.changes b/pam.changes index 3b03f61..cfad22d 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + ------------------------------------------------------------------- Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre diff --git a/pam.spec b/pam.spec index 169944d..75915f7 100644 --- a/pam.spec +++ b/pam.spec @@ -71,7 +71,7 @@ # Name: pam%{name_suffix} # -Version: 1.6.0 +Version: 1.6.1 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0-or-later OR BSD-3-Clause @@ -96,14 +96,6 @@ Source22: postlogin-account.pamd Source23: postlogin-password.pamd Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch -# https://github.com/linux-pam/linux-pam/pull/739 -Patch2: pam_env-fix_vendordir.patch -# https://github.com/linux-pam/linux-pam/pull/740 -Patch3: pam_env-fix-enable-vendordir-fallback.patch -# https://github.com/linux-pam/linux-pam/pull/741 -Patch4: pam_env-remove-escaped-newlines.patch -# https://github.com/linux-pam/linux-pam/pull/744 -Patch5: pam_unix-fix-password-aging-disabled.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex diff --git a/pam_env-fix-enable-vendordir-fallback.patch b/pam_env-fix-enable-vendordir-fallback.patch deleted file mode 100644 index 52c895d..0000000 --- a/pam_env-fix-enable-vendordir-fallback.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 28894b319488e8302899ee569b6e0911905f374e Mon Sep 17 00:00:00 2001 -From: "Dmitry V. Levin" -Date: Thu, 18 Jan 2024 17:00:00 +0000 -Subject: [PATCH] pam_env: fix --enable-vendordir fallback logic - -* modules/pam_env/pam_env.c (_parse_config_file) [!USE_ECONF && -VENDOR_DEFAULT_CONF_FILE]: Do not fallback to vendor pam_env.conf file -if the config file is specified via module arguments. - -Link: https://github.com/linux-pam/linux-pam/issues/738 -Fixes: v1.5.3~69 ("pam_env: Use vendor specific pam_env.conf and environment as fallback") ---- - modules/pam_env/pam_env.c | 22 +++++++++++----------- - 1 file changed, 11 insertions(+), 11 deletions(-) - -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index a0b812fff..8b40b6a5a 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -850,20 +850,20 @@ _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) - #ifdef USE_ECONF - /* If "file" is not NULL, only this file will be parsed. */ - retval = econf_read_file(pamh, file, " \t", PAM_ENV, ".conf", "security", &conf_list); --#else -+#else /* !USE_ECONF */ - /* Only one file will be parsed. So, file has to be set. */ -- if (file == NULL) /* No filename has been set via argv. */ -+ if (file == NULL) { /* No filename has been set via argv. */ - file = DEFAULT_CONF_FILE; --#ifdef VENDOR_DEFAULT_CONF_FILE -- /* -- * Check whether file is available. -- * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. -- */ -- struct stat stat_buffer; -- if (stat(file, &stat_buffer) != 0 && errno == ENOENT) { -- file = VENDOR_DEFAULT_CONF_FILE; -+# ifdef VENDOR_DEFAULT_CONF_FILE -+ /* -+ * Check whether DEFAULT_CONF_FILE file is available. -+ * If it does not exist, fall back to VENDOR_DEFAULT_CONF_FILE file. -+ */ -+ struct stat stat_buffer; -+ if (stat(file, &stat_buffer) != 0 && errno == ENOENT) -+ file = VENDOR_DEFAULT_CONF_FILE; -+# endif - } --#endif - retval = read_file(pamh, file, &conf_list); - #endif - diff --git a/pam_env-fix_vendordir.patch b/pam_env-fix_vendordir.patch deleted file mode 100644 index 862b6b6..0000000 --- a/pam_env-fix_vendordir.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0703453bec6ac54ad31d7245be4529796a3ef764 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Thu, 18 Jan 2024 18:08:05 +0100 -Subject: [PATCH] pam_env: check VENDORDIR after config.h inclusion - -The VENDORDIR define has to be checked after config.h -inclusion, otherwise the ifdef test always yields false. - -Fixes: 6135c45347b6 ("pam_env: Use vendor specific pam_env.conf and environment as fallback") - -Signed-off-by: Tobias Stoeckmann ---- - modules/pam_env/pam_env.c | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index 59adc942c..a0b812fff 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -6,15 +6,6 @@ - * template for this file (via pam_mail) - */ - --#define DEFAULT_ETC_ENVFILE "/etc/environment" --#ifdef VENDORDIR --#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/environment") --#endif --#define DEFAULT_READ_ENVFILE 1 -- --#define DEFAULT_USER_ENVFILE ".pam_environment" --#define DEFAULT_USER_READ_ENVFILE 0 -- - #include "config.h" - - #include -@@ -52,6 +43,15 @@ typedef struct var { - char *override; - } VAR; - -+#define DEFAULT_ETC_ENVFILE "/etc/environment" -+#ifdef VENDORDIR -+#define VENDOR_DEFAULT_ETC_ENVFILE (VENDORDIR "/environment") -+#endif -+#define DEFAULT_READ_ENVFILE 1 -+ -+#define DEFAULT_USER_ENVFILE ".pam_environment" -+#define DEFAULT_USER_READ_ENVFILE 0 -+ - #define DEFAULT_CONF_FILE (SCONFIGDIR "/pam_env.conf") - #ifdef VENDOR_SCONFIGDIR - #define VENDOR_DEFAULT_CONF_FILE (VENDOR_SCONFIGDIR "/pam_env.conf") diff --git a/pam_env-remove-escaped-newlines.patch b/pam_env-remove-escaped-newlines.patch deleted file mode 100644 index 3085571..0000000 --- a/pam_env-remove-escaped-newlines.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ef51c51523b4c6ce6275b2863a0de1a3a6dff1e5 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Thu, 18 Jan 2024 20:25:20 +0100 -Subject: [PATCH] pam_env: remove escaped newlines from econf lines - -The libeconf routines do not remove escaped newlines the way we want to -process them later on. Manually remove them from values. - -Signed-off-by: Tobias Stoeckmann ---- - modules/pam_env/pam_env.c | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index a0b812fff..5f53fbb10 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -160,6 +160,28 @@ isDirectory(const char *path) { - return S_ISDIR(statbuf.st_mode); - } - -+/* -+ * Remove escaped newline from string. -+ * -+ * All occurrences of "\\n" will be removed from string. -+ */ -+static void -+econf_unescnl(char *val) -+{ -+ char *dest, *p; -+ -+ dest = p = val; -+ -+ while (*p != '\0') { -+ if (p[0] == '\\' && p[1] == '\n') { -+ p += 2; -+ } else { -+ *dest++ = *p++; -+ } -+ } -+ *dest = '\0'; -+} -+ - static int - econf_read_file(const pam_handle_t *pamh, const char *filename, const char *delim, - const char *name, const char *suffix, const char *subpath, -@@ -270,6 +292,7 @@ econf_read_file(const pam_handle_t *pamh, const char *filename, const char *deli - keys[i], - econf_errString(error)); - } else { -+ econf_unescnl(val); - if (asprintf(&(*lines)[i],"%s%c%s", keys[i], delim[0], val) < 0) { - pam_syslog(pamh, LOG_ERR, "Cannot allocate memory."); - econf_free(keys); diff --git a/pam_unix-fix-password-aging-disabled.patch b/pam_unix-fix-password-aging-disabled.patch deleted file mode 100644 index 53f2793..0000000 --- a/pam_unix-fix-password-aging-disabled.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 9d40f55216b2de60ccb9b617c79b9280b9f29ead Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Fri, 19 Jan 2024 10:09:00 +0100 -Subject: [PATCH] pam_unix: do not warn if password aging disabled - -Later checks will print a warning if daysleft is 0. If password -aging is disabled, leave daysleft at -1. - -Fixes 9ebc14085a3ba253598cfaa0d3f0d76ea5ee8ccb. - -Signed-off-by: Tobias Stoeckmann ---- - modules/pam_unix/passverify.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c -index 5c4f862e7..1bc98fa25 100644 ---- a/modules/pam_unix/passverify.c -+++ b/modules/pam_unix/passverify.c -@@ -314,7 +314,6 @@ PAMH_ARG_DECL(int check_shadow_expiry, - } - if (spent->sp_lstchg < 0) { - D(("password aging disabled")); -- *daysleft = 0; - return PAM_SUCCESS; - } - if (curdays < spent->sp_lstchg) { -- 2.51.1 From ddbfd22f64bbd820787f045fe163110169f1b3d348353471543c79aa46fe1fd3 Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Tue, 6 Aug 2024 12:08:23 +0000 Subject: [PATCH 213/226] Accepting request 1191618 from home:vlefebvre:Linux-PAM Prevent cursor escape from the login prompt [bsc#1194818] OBS-URL: https://build.opensuse.org/request/show/1191618 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=297 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 6 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 14 + common-session.pamd | 13 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 38 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2343 ++++++++++++++++++++++++++++ pam.spec | 574 +++++++ pam.tmpfiles | 4 + postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 ++++ 25 files changed, 3600 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..aae13c0 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,6 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..665a150 --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,14 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_limits.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..f20e8c2 --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_limits.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..c2d46e0 --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,38 @@ +https://github.com/linux-pam/linux-pam/pull/816 + +From d52c44fa6e70f3c1420feceafe48dcba10bee51e Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..a40057b --- /dev/null +++ b/pam.changes @@ -0,0 +1,2343 @@ +------------------------------------------------------------------- +Mon Jul 22 21:31:47 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- + +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..8c9a480 --- /dev/null +++ b/pam.spec @@ -0,0 +1,574 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux +%bcond_with debug + +%define flavor @BUILD_FLAVOR@%{nil} + +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} + %define config_noreplace 1 +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.6.1 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source10: unix2_chkpwd.c +Source11: unix2_chkpwd.8 +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +# https://github.com/linux-pam/linux-pam/pull/816 +Patch2: pam-bsc1194818-cursor-escape.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: libtool +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +#BuildRequires: pkgconfig(systemd) +# The systemd-mini package does not pass configure checks +BuildRequires: systemd-devel >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +export CFLAGS="%{optflags}" +%if !%{with debug} +CFLAGS="$CFLAGS -DNDEBUG" +%endif +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif +autoreconf +%configure \ + --includedir=%{_includedir}/security \ + --docdir=%{_docdir}/pam \ + --htmldir=%{_docdir}/pam/html \ + --pdfdir=%{_docdir}/pam/pdf \ + --enable-isadir=../..%{_pam_moduledir} \ + --enable-securedir=%{_pam_moduledir} \ + --enable-vendordir=%{_prefix}/etc \ +%if "%{flavor}" == "full" + --enable-logind \ +%endif + --disable-examples \ + --disable-nis \ +%if %{with debug} + --enable-debug +%endif + +%make_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam + +%if %{build_main} +%check +%make_build check +%endif + +%install +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} +mkdir -p %{buildroot}%{_includedir}/security +mkdir -p %{buildroot}%{_pam_moduledir} +mkdir -p %{buildroot}/sbin +mkdir -p -m 755 %{buildroot}%{_libdir} +# For compat reasons +mkdir -p %{buildroot}%{_distconfdir}/pam.d + +%make_install +/sbin/ldconfig -n %{buildroot}%{_libdir} +# Install documentation +%make_install -C doc +# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript +install -d %{buildroot}%{_pam_secconfdir}/namespace.d +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +mkdir -p %{buildroot}%{_prefix}/lib/motd.d +# +# Remove crap +# +find %{buildroot} -type f -name "*.la" -delete -print +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +mkdir -p $DOC/modules +pushd modules +for i in pam_*/README; do + cp -fpv "$i" "$DOC/modules/README.${i%/*}" +done +popd +# Install unix2_chkpwd +install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} +mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd +%verify_permissions -e %{_sbindir}/unix2_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%set_permissions %{_sbindir}/unix2_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%exclude %{_defaultdocdir}/pam/html +%exclude %{_defaultdocdir}/pam/modules +%exclude %{_defaultdocdir}/pam/pdf +%exclude %{_defaultdocdir}/pam/*.txt +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +# /usr/etc/pam.d is for compat reasons +%dir %{_distconfdir}/pam.d +%dir %{_prefix}/lib/motd.d +%if %{defined config_noreplace} +%config(noreplace) %{_pam_confdir}/other +%config(noreplace) %{_pam_confdir}/common-* +%else +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%endif +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/limits.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From 04d4b5da9598d5a6b57c72aa45e4ec6b5ef0069549170852215180a76a919499 Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Thu, 8 Aug 2024 10:24:54 +0000 Subject: [PATCH 214/226] No real change. Just use upstream patch reference, as it was just accepted by the upstream. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=298 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 6 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 14 + common-session.pamd | 13 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 36 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2343 ++++++++++++++++++++++++++++ pam.spec | 574 +++++++ pam.tmpfiles | 4 + postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 ++++ 25 files changed, 3598 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..aae13c0 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,6 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..665a150 --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,14 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_limits.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..f20e8c2 --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_limits.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..fbd27de --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,36 @@ +From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..2ed849d --- /dev/null +++ b/pam.changes @@ -0,0 +1,2343 @@ +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- + +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..8c9a480 --- /dev/null +++ b/pam.spec @@ -0,0 +1,574 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux +%bcond_with debug + +%define flavor @BUILD_FLAVOR@%{nil} + +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} + %define config_noreplace 1 +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.6.1 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source10: unix2_chkpwd.c +Source11: unix2_chkpwd.8 +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +# https://github.com/linux-pam/linux-pam/pull/816 +Patch2: pam-bsc1194818-cursor-escape.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: libtool +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +#BuildRequires: pkgconfig(systemd) +# The systemd-mini package does not pass configure checks +BuildRequires: systemd-devel >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +export CFLAGS="%{optflags}" +%if !%{with debug} +CFLAGS="$CFLAGS -DNDEBUG" +%endif +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif +autoreconf +%configure \ + --includedir=%{_includedir}/security \ + --docdir=%{_docdir}/pam \ + --htmldir=%{_docdir}/pam/html \ + --pdfdir=%{_docdir}/pam/pdf \ + --enable-isadir=../..%{_pam_moduledir} \ + --enable-securedir=%{_pam_moduledir} \ + --enable-vendordir=%{_prefix}/etc \ +%if "%{flavor}" == "full" + --enable-logind \ +%endif + --disable-examples \ + --disable-nis \ +%if %{with debug} + --enable-debug +%endif + +%make_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam + +%if %{build_main} +%check +%make_build check +%endif + +%install +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} +mkdir -p %{buildroot}%{_includedir}/security +mkdir -p %{buildroot}%{_pam_moduledir} +mkdir -p %{buildroot}/sbin +mkdir -p -m 755 %{buildroot}%{_libdir} +# For compat reasons +mkdir -p %{buildroot}%{_distconfdir}/pam.d + +%make_install +/sbin/ldconfig -n %{buildroot}%{_libdir} +# Install documentation +%make_install -C doc +# install /etc/security/namespace.d used by pam_namespace.so for namespace.conf iscript +install -d %{buildroot}%{_pam_secconfdir}/namespace.d +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +mkdir -p %{buildroot}%{_prefix}/lib/motd.d +# +# Remove crap +# +find %{buildroot} -type f -name "*.la" -delete -print +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +mkdir -p $DOC/modules +pushd modules +for i in pam_*/README; do + cp -fpv "$i" "$DOC/modules/README.${i%/*}" +done +popd +# Install unix2_chkpwd +install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} +mv %{buildroot}%{_sysconfdir}/environment %{buildroot}%{_distconfdir}/environment + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_sysconfdir},%{_distconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,l,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd +%verify_permissions -e %{_sbindir}/unix2_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%set_permissions %{_sbindir}/unix2_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%exclude %{_defaultdocdir}/pam/html +%exclude %{_defaultdocdir}/pam/modules +%exclude %{_defaultdocdir}/pam/pdf +%exclude %{_defaultdocdir}/pam/*.txt +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +# /usr/etc/pam.d is for compat reasons +%dir %{_distconfdir}/pam.d +%dir %{_prefix}/lib/motd.d +%if %{defined config_noreplace} +%config(noreplace) %{_pam_confdir}/other +%config(noreplace) %{_pam_confdir}/common-* +%else +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%endif +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/limits.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From 8f4235636c94d256a4769da66aeb93e2a0e0c7b0a6194286ab96de29d4c5312a Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 24 Oct 2024 12:22:19 +0000 Subject: [PATCH 215/226] - Update to version 1.7.0 - build: changed build system from autotools to meson. - libpam_misc: use ECHOCTL in the terminal input - pam_access: support UID and GID in access.conf - pam_env: install environment file in vendordir if vendordir is enabled - pam_issue: only count class user if logind support is enabled - pam_limits: use systemd-logind instead of utmp if logind support is enabled - pam_unix: compare password hashes in constant time - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - Drop upstream patches: - pam-bsc1194818-cursor-escape.patch - pam_limits-systemd.patch - pam_issue-systemd.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=302 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + Linux-PAM-1.7.0.tar.xz | 3 + Linux-PAM-1.7.0.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 7 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 13 + common-session.pamd | 12 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 36 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2380 ++++++++++++++++++++++++++++ pam.spec | 533 +++++++ pam.tmpfiles | 4 + pam_issue-systemd.patch | 51 + pam_limits-systemd.patch | 157 ++ postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 ++++ 29 files changed, 3820 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 Linux-PAM-1.7.0.tar.xz create mode 100644 Linux-PAM-1.7.0.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 pam_issue-systemd.patch create mode 100644 pam_limits-systemd.patch create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.0.tar.xz b/Linux-PAM-1.7.0.tar.xz new file mode 100644 index 0000000..69dc2e3 --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697 +size 507824 diff --git a/Linux-PAM-1.7.0.tar.xz.asc b/Linux-PAM-1.7.0.tar.xz.asc new file mode 100644 index 0000000..5fbbdaa --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJnGiIVAAoJEKgEH6g54W42kSsP/jsmwl1WMrtPlze2jtRZ1ZVD +HvJPJMYNCeXKpXxSCL4rt97TeZKp+8WbrmrbG+zG8okIFDKl4rHuU9PpJocIpwDd ++zAD1GQOqeUz0AyPPXBmsMshmQ3z+l8W9ykR1WCFrceXRAswSgNEDEavluVP9EHG +epFA/+t1BR8G3GV6LH9LhRkTOOsE8O30hTEHZp1vCrR+xKJo41ZTq+VVvU8KFUrC +lPGH9pX1ioe5rlLfvKNJthUKVoaNyDXED2la9sJPdTmc5hDBGLIo5hnBpvOn8Zfp +cfMoB3lFBy6MHF7tb4ZfDxgG44D/xIwXd7Zddc6HenJl/SUjucXFq1OXHcK+MhqO +63zFAci8k7ywwPPoGBpHMYZ2czZx3jo++It80b2CBMYKzi9YMVmaq/toEtMyI+Og +W3gh4EfHkN98GQz4XC9yO4fjIno1J/Bwni6HNXBaumbg6xIPRwvxcOCdXZBUjKrx +mDljxQetZJGzURidA+2cdJsAu1o0PDtzPguabno4aW2GMV9tUF3Q3aF+NClg18uZ ++eXlGd/fsrLOIGfhYOpbFyIEE5h/dZq3vIj/NOVfKCsU0yajs6d3Zj2Y+2sxs7ob +z9begFsadFZ6atqA77FL7i4781U2bTtqp8qsj9UXb+gJabqnQZ2k+qBXg4XtAWrn +iJaal6uBXWOJG9BG5l8G +=CVaC +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..af91018 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel +pam-userdb diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..827283b --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..c57304c --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,12 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..fbd27de --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,36 @@ +From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..0aaf97d --- /dev/null +++ b/pam.changes @@ -0,0 +1,2380 @@ +------------------------------------------------------------------- +Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk + +- Update to version 1.7.0 + - build: changed build system from autotools to meson. + - libpam_misc: use ECHOCTL in the terminal input + - pam_access: support UID and GID in access.conf + - pam_env: install environment file in vendordir if vendordir is enabled + - pam_issue: only count class user if logind support is enabled + - pam_limits: use systemd-logind instead of utmp if logind support is enabled + - pam_unix: compare password hashes in constant time + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Drop upstream patches: + - pam-bsc1194818-cursor-escape.patch + - pam_limits-systemd.patch + - pam_issue-systemd.patch + +------------------------------------------------------------------- +Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk + +- baselibs.conf: add pam-userdb + +------------------------------------------------------------------- +Tue Sep 10 08:22:02 UTC 2024 - Thorsten Kukuk + +- pam_limits-systemd.patch: update to final PR + +------------------------------------------------------------------- +Fri Sep 6 08:13:22 UTC 2024 - Thorsten Kukuk + +- Add systemd-logind support to pam_limits (pam_limits-systemd.patch) +- Remove /usr/etc/pam.d, everything should be migrated +- Remove pam_limits from default common-sessions* files. pam_limits + is now part of pam-extra and not in our default generated config. +- pam_issue-systemd.patch: only count class user sessions + +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- + +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..b3edcd8 --- /dev/null +++ b/pam.spec @@ -0,0 +1,533 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux + +%define flavor @BUILD_FLAVOR@%{nil} + +# List of config files for migration to /usr/etc +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.7.0 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source10: unix2_chkpwd.c +Source11: unix2_chkpwd.8 +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: meson >= 0.62.0 +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(libsystemd) >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_pam_moduledir}/pam_limits.so + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif + +%meson -Dvendordir=%{_distconfdir} \ + -Ddocdir=%{_docdir}/pam \ + -Dhtmldir=%{_docdir}/pam/html \ + -Dpdfdir=%{_docdir}/pam/pdf \ + -Dsecuredir=%{_pam_moduledir} \ +%if "%{flavor}" != "full" + -Dlogind=disabled \ + -Dpam_userdb=disabled \ + -Ddocs=disabled \ +%endif + -Dexamples=false \ + -Dnis=disabled +%meson_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/%{_arch}-suse-linux/libpam -lpam + +%if %{build_main} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} + +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +%if "%{flavor}" == "full" +mkdir -p $DOC/modules +cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/" +%endif +# Install unix2_chkpwd +install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_distconfdir}/environment,%{_pam_secdistconfdir}/{a,f,g,n,p,s,t}*} +rm -rf %{buildroot}{%{_sysconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,la,lis,lo,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_limits.so,%{_pam_secdistconfdir}/limits.conf,%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd +%verify_permissions -e %{_sbindir}/unix2_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%set_permissions %{_sbindir}/unix2_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +%{_pam_secdistconfdir}/limits.conf +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/pam_issue-systemd.patch b/pam_issue-systemd.patch new file mode 100644 index 0000000..40e3bfb --- /dev/null +++ b/pam_issue-systemd.patch @@ -0,0 +1,51 @@ +From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 4 Sep 2024 16:07:56 +0200 +Subject: [PATCH] pam_issue: only count class user + +Since systemd added new types of classes (e.g. manager*), we cannot +use the count of all sessions anymore, but have to check which class +this is. + +This is backward compatible, systemd v209 or newer is required. +--- + modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index aade642ec5..e2c555c405 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + { + unsigned int users = 0; + #ifdef USE_LOGIND +- int sessions = sd_get_sessions(NULL); ++ char **sessions_list; ++ int sessions = sd_get_sessions(&sessions_list); + + if (sessions < 0) { + pam_syslog(pamh, LOG_ERR, "logind error: %s", + strerror(-sessions)); + _pam_drop(issue); + return PAM_SERVICE_ERR; ++ } else if (sessions > 0 && sessions_list != NULL) { ++ int i; ++ ++ for (i = 0; i < sessions; i++) { ++ char *class; ++ ++ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) ++ continue; ++ ++ if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete ++ users++; ++ free(class); ++ } ++ ++ for (i = 0; i < sessions; i++) ++ free(sessions_list[i]); ++ free(sessions_list); + } else { + users = sessions; + } diff --git a/pam_limits-systemd.patch b/pam_limits-systemd.patch new file mode 100644 index 0000000..3934ba9 --- /dev/null +++ b/pam_limits-systemd.patch @@ -0,0 +1,157 @@ +From 12bb33b56dee6d6b05200d4b776c7e6de3d0df91 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Fri, 6 Sep 2024 11:55:46 +0200 +Subject: [PATCH] pam_limits: use systemd-logind instead of utmp (#822) + +The utmp database is unreliable for counting logged in users, since +there is no standard which defines who should create an entry at which +time for which reason. And it has a Y2038 problem with glibc/x86-64. +Query systemd-logind for the number of user sessions instead. +--- + modules/pam_limits/Makefile.am | 4 +- + modules/pam_limits/pam_limits.c | 81 +++++++++++++++++++++++++++++++-- + 2 files changed, 80 insertions(+), 5 deletions(-) + +diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am +index ab3cf33ed..3f64d79bb 100644 +--- a/modules/pam_limits/Makefile.am ++++ b/modules/pam_limits/Makefile.am +@@ -24,7 +24,7 @@ limits_conf_dir = $(SCONFIGDIR)/limits.d + + AM_CFLAGS = -I$(top_srcdir)/libpam/include \ + -DLIMITS_FILE_DIR=\"$(limits_conf_dir)\" \ +- $(WARN_CFLAGS) ++ $(LOGIND_CFLAGS) $(WARN_CFLAGS) + AM_LDFLAGS = -no-undefined -avoid-version -module + if HAVE_VERSIONING + AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +@@ -32,7 +32,7 @@ endif + + securelib_LTLIBRARIES = pam_limits.la + pam_limits_la_LIBADD = $(top_builddir)/libpam_internal/libpam_internal.la \ +- $(top_builddir)/libpam/libpam.la ++ $(top_builddir)/libpam/libpam.la $(SYSTEMD_LIBS) + + dist_secureconf_DATA = limits.conf + +diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c +index 75c584fca..1e4dfa3d0 100644 +--- a/modules/pam_limits/pam_limits.c ++++ b/modules/pam_limits/pam_limits.c +@@ -36,7 +36,12 @@ + #include + #include + #include ++#ifdef USE_LOGIND ++#include ++#else + #include ++#endif ++ + #ifndef UT_USER /* some systems have ut_name instead of ut_user */ + #define UT_USER ut_user + #endif +@@ -240,7 +245,6 @@ static int + check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, + struct pam_limit_s *pl) + { +- struct utmp *ut; + int count; + + if (ctrl & PAM_DEBUG_ARG) { +@@ -255,8 +259,6 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, + return LOGIN_ERR; + } + +- setutent(); +- + /* Because there is no definition about when an application + actually adds a utmp entry, some applications bizarrely do the + utmp call before the have PAM authenticate them to the system: +@@ -273,6 +275,78 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, + count = 1; + } + ++#ifdef USE_LOGIND ++ char **sessions_list; ++ int sessions = sd_get_sessions(&sessions_list); ++ ++ /* maxlogins needs to be 2 with systemd-logind because ++ of the systemd --user process started with first login by ++ pam_systemd. ++ Which is also calling pam_limits, but in this very first special ++ case the session does already exist and is counted twice. ++ With start of the second session, session manager is already running ++ and no longer counted. */ ++ if (limit == 1) { ++ pam_syslog(pamh, LOG_WARNING, "Maxlogin limit needs to be 2 or higher with systemd-logind"); ++ return LIMIT_ERR; ++ } ++ ++ if (sessions < 0) { ++ pam_syslog(pamh, LOG_ERR, "logind error getting session list: %s", ++ strerror(-sessions)); ++ return LIMIT_ERR; ++ } else if (sessions > 0 && sessions_list != NULL && !pl->flag_numsyslogins) { ++ int i; ++ ++ for (i = 0; i < sessions; i++) { ++ char *user = NULL; ++ char *class = NULL; ++ ++ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) ++ continue; ++ ++ if (strncmp(class, "user", 4) != 0) { /* user, user-early, user-incomplete */ ++ free (class); ++ continue; ++ } ++ free (class); ++ ++ if (sd_session_get_username(sessions_list[i], &user) < 0 || user == NULL) { ++ pam_syslog(pamh, LOG_ERR, "logind error getting username: %s", ++ strerror(-sessions)); ++ return LIMIT_ERR; ++ } ++ ++ if (((pl->login_limit_def == LIMITS_DEF_USER) ++ || (pl->login_limit_def == LIMITS_DEF_GROUP) ++ || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) ++ && strcmp(name, user) != 0) { ++ free(user); ++ continue; ++ } ++ if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) ++ && pl->login_group != NULL ++ && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { ++ free(user); ++ continue; ++ } ++ free(user); ++ ++ if (++count > limit) { ++ break; ++ } ++ } ++ for (i = 0; i < sessions; i++) ++ free(sessions_list[i]); ++ free(sessions_list); ++ } else { ++ count = sessions; ++ } ++#else ++ struct utmp *ut; ++ ++ setutent(); ++ + while((ut = getutent())) { + #ifdef USER_PROCESS + if (ut->ut_type != USER_PROCESS) { +@@ -311,6 +385,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, + } + } + endutent(); ++#endif + if (count > limit) { + if (name) { + pam_syslog(pamh, LOG_NOTICE, diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From ed4a5b0650ee475b7934ebd09802e384b82e85ea415fba55e59d79a11d321824 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 24 Oct 2024 12:26:52 +0000 Subject: [PATCH 216/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=303 --- pam_limits-systemd.patch | 157 --------------------------------------- 1 file changed, 157 deletions(-) delete mode 100644 pam_limits-systemd.patch diff --git a/pam_limits-systemd.patch b/pam_limits-systemd.patch deleted file mode 100644 index 3934ba9..0000000 --- a/pam_limits-systemd.patch +++ /dev/null @@ -1,157 +0,0 @@ -From 12bb33b56dee6d6b05200d4b776c7e6de3d0df91 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Fri, 6 Sep 2024 11:55:46 +0200 -Subject: [PATCH] pam_limits: use systemd-logind instead of utmp (#822) - -The utmp database is unreliable for counting logged in users, since -there is no standard which defines who should create an entry at which -time for which reason. And it has a Y2038 problem with glibc/x86-64. -Query systemd-logind for the number of user sessions instead. ---- - modules/pam_limits/Makefile.am | 4 +- - modules/pam_limits/pam_limits.c | 81 +++++++++++++++++++++++++++++++-- - 2 files changed, 80 insertions(+), 5 deletions(-) - -diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am -index ab3cf33ed..3f64d79bb 100644 ---- a/modules/pam_limits/Makefile.am -+++ b/modules/pam_limits/Makefile.am -@@ -24,7 +24,7 @@ limits_conf_dir = $(SCONFIGDIR)/limits.d - - AM_CFLAGS = -I$(top_srcdir)/libpam/include \ - -DLIMITS_FILE_DIR=\"$(limits_conf_dir)\" \ -- $(WARN_CFLAGS) -+ $(LOGIND_CFLAGS) $(WARN_CFLAGS) - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -@@ -32,7 +32,7 @@ endif - - securelib_LTLIBRARIES = pam_limits.la - pam_limits_la_LIBADD = $(top_builddir)/libpam_internal/libpam_internal.la \ -- $(top_builddir)/libpam/libpam.la -+ $(top_builddir)/libpam/libpam.la $(SYSTEMD_LIBS) - - dist_secureconf_DATA = limits.conf - -diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index 75c584fca..1e4dfa3d0 100644 ---- a/modules/pam_limits/pam_limits.c -+++ b/modules/pam_limits/pam_limits.c -@@ -36,7 +36,12 @@ - #include - #include - #include -+#ifdef USE_LOGIND -+#include -+#else - #include -+#endif -+ - #ifndef UT_USER /* some systems have ut_name instead of ut_user */ - #define UT_USER ut_user - #endif -@@ -240,7 +245,6 @@ static int - check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, - struct pam_limit_s *pl) - { -- struct utmp *ut; - int count; - - if (ctrl & PAM_DEBUG_ARG) { -@@ -255,8 +259,6 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, - return LOGIN_ERR; - } - -- setutent(); -- - /* Because there is no definition about when an application - actually adds a utmp entry, some applications bizarrely do the - utmp call before the have PAM authenticate them to the system: -@@ -273,6 +275,78 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, - count = 1; - } - -+#ifdef USE_LOGIND -+ char **sessions_list; -+ int sessions = sd_get_sessions(&sessions_list); -+ -+ /* maxlogins needs to be 2 with systemd-logind because -+ of the systemd --user process started with first login by -+ pam_systemd. -+ Which is also calling pam_limits, but in this very first special -+ case the session does already exist and is counted twice. -+ With start of the second session, session manager is already running -+ and no longer counted. */ -+ if (limit == 1) { -+ pam_syslog(pamh, LOG_WARNING, "Maxlogin limit needs to be 2 or higher with systemd-logind"); -+ return LIMIT_ERR; -+ } -+ -+ if (sessions < 0) { -+ pam_syslog(pamh, LOG_ERR, "logind error getting session list: %s", -+ strerror(-sessions)); -+ return LIMIT_ERR; -+ } else if (sessions > 0 && sessions_list != NULL && !pl->flag_numsyslogins) { -+ int i; -+ -+ for (i = 0; i < sessions; i++) { -+ char *user = NULL; -+ char *class = NULL; -+ -+ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) -+ continue; -+ -+ if (strncmp(class, "user", 4) != 0) { /* user, user-early, user-incomplete */ -+ free (class); -+ continue; -+ } -+ free (class); -+ -+ if (sd_session_get_username(sessions_list[i], &user) < 0 || user == NULL) { -+ pam_syslog(pamh, LOG_ERR, "logind error getting username: %s", -+ strerror(-sessions)); -+ return LIMIT_ERR; -+ } -+ -+ if (((pl->login_limit_def == LIMITS_DEF_USER) -+ || (pl->login_limit_def == LIMITS_DEF_GROUP) -+ || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) -+ && strcmp(name, user) != 0) { -+ free(user); -+ continue; -+ } -+ if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) -+ && pl->login_group != NULL -+ && !pam_modutil_user_in_group_nam_nam(pamh, user, pl->login_group)) { -+ free(user); -+ continue; -+ } -+ free(user); -+ -+ if (++count > limit) { -+ break; -+ } -+ } -+ for (i = 0; i < sessions; i++) -+ free(sessions_list[i]); -+ free(sessions_list); -+ } else { -+ count = sessions; -+ } -+#else -+ struct utmp *ut; -+ -+ setutent(); -+ - while((ut = getutent())) { - #ifdef USER_PROCESS - if (ut->ut_type != USER_PROCESS) { -@@ -311,6 +385,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, - } - } - endutent(); -+#endif - if (count > limit) { - if (name) { - pam_syslog(pamh, LOG_NOTICE, -- 2.51.1 From a28cd8540f01ecfa2485809e3e79bac4d5209d9ee2edcb324a857a04e96f8146 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 25 Oct 2024 06:36:02 +0000 Subject: [PATCH 217/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=304 --- pam.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pam.spec b/pam.spec index b3edcd8..51fefdb 100644 --- a/pam.spec +++ b/pam.spec @@ -252,7 +252,7 @@ cp %{tar_package_name} %{_other} %endif # livepatchable -gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/%{_arch}-suse-linux/libpam -lpam +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/%{_target_platform}/libpam -lpam %if %{build_main} %check -- 2.51.1 From a01288951ccda9bebe6b792e2fab8c3018d2259c5518d36d9fd363dadb3cf5d1 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Fri, 6 Dec 2024 09:32:46 +0000 Subject: [PATCH 218/226] - pam_access: rework resolving of tokens as hostname - separate resolving of IP addresses from hostnames. Don't resolve TTYs or display variables as hostname. - Add "nodns" option to disallow resolving of tokens as hostname. - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, CVE-2024-10963] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=305 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + Linux-PAM-1.7.0.tar.xz | 3 + Linux-PAM-1.7.0.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 7 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 13 + common-session.pamd | 12 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 36 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2390 +++++++++++++++++ pam.spec | 535 ++++ pam.tmpfiles | 4 + ...work-resolving-of-tokens-as-hostname.patch | 225 ++ pam_issue-systemd.patch | 51 + postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 +++ 29 files changed, 3900 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 Linux-PAM-1.7.0.tar.xz create mode 100644 Linux-PAM-1.7.0.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 pam_access-rework-resolving-of-tokens-as-hostname.patch create mode 100644 pam_issue-systemd.patch create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.0.tar.xz b/Linux-PAM-1.7.0.tar.xz new file mode 100644 index 0000000..69dc2e3 --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697 +size 507824 diff --git a/Linux-PAM-1.7.0.tar.xz.asc b/Linux-PAM-1.7.0.tar.xz.asc new file mode 100644 index 0000000..5fbbdaa --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJnGiIVAAoJEKgEH6g54W42kSsP/jsmwl1WMrtPlze2jtRZ1ZVD +HvJPJMYNCeXKpXxSCL4rt97TeZKp+8WbrmrbG+zG8okIFDKl4rHuU9PpJocIpwDd ++zAD1GQOqeUz0AyPPXBmsMshmQ3z+l8W9ykR1WCFrceXRAswSgNEDEavluVP9EHG +epFA/+t1BR8G3GV6LH9LhRkTOOsE8O30hTEHZp1vCrR+xKJo41ZTq+VVvU8KFUrC +lPGH9pX1ioe5rlLfvKNJthUKVoaNyDXED2la9sJPdTmc5hDBGLIo5hnBpvOn8Zfp +cfMoB3lFBy6MHF7tb4ZfDxgG44D/xIwXd7Zddc6HenJl/SUjucXFq1OXHcK+MhqO +63zFAci8k7ywwPPoGBpHMYZ2czZx3jo++It80b2CBMYKzi9YMVmaq/toEtMyI+Og +W3gh4EfHkN98GQz4XC9yO4fjIno1J/Bwni6HNXBaumbg6xIPRwvxcOCdXZBUjKrx +mDljxQetZJGzURidA+2cdJsAu1o0PDtzPguabno4aW2GMV9tUF3Q3aF+NClg18uZ ++eXlGd/fsrLOIGfhYOpbFyIEE5h/dZq3vIj/NOVfKCsU0yajs6d3Zj2Y+2sxs7ob +z9begFsadFZ6atqA77FL7i4781U2bTtqp8qsj9UXb+gJabqnQZ2k+qBXg4XtAWrn +iJaal6uBXWOJG9BG5l8G +=CVaC +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..af91018 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel +pam-userdb diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..827283b --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..c57304c --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,12 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..fbd27de --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,36 @@ +From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..fd4f311 --- /dev/null +++ b/pam.changes @@ -0,0 +1,2390 @@ +------------------------------------------------------------------- +Thu Dec 5 12:44:33 UTC 2024 - Valentin Lefebvre + +- pam_access: rework resolving of tokens as hostname + - separate resolving of IP addresses from hostnames. Don't resolve TTYs or + display variables as hostname. + - Add "nodns" option to disallow resolving of tokens as hostname. + - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, + CVE-2024-10963] + +------------------------------------------------------------------- +Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk + +- Update to version 1.7.0 + - build: changed build system from autotools to meson. + - libpam_misc: use ECHOCTL in the terminal input + - pam_access: support UID and GID in access.conf + - pam_env: install environment file in vendordir if vendordir is enabled + - pam_issue: only count class user if logind support is enabled + - pam_limits: use systemd-logind instead of utmp if logind support is enabled + - pam_unix: compare password hashes in constant time + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Drop upstream patches: + - pam-bsc1194818-cursor-escape.patch + - pam_limits-systemd.patch + - pam_issue-systemd.patch + +------------------------------------------------------------------- +Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk + +- baselibs.conf: add pam-userdb + +------------------------------------------------------------------- +Tue Sep 10 08:22:02 UTC 2024 - Thorsten Kukuk + +- pam_limits-systemd.patch: update to final PR + +------------------------------------------------------------------- +Fri Sep 6 08:13:22 UTC 2024 - Thorsten Kukuk + +- Add systemd-logind support to pam_limits (pam_limits-systemd.patch) +- Remove /usr/etc/pam.d, everything should be migrated +- Remove pam_limits from default common-sessions* files. pam_limits + is now part of pam-extra and not in our default generated config. +- pam_issue-systemd.patch: only count class user sessions + +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- + +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..563e7d5 --- /dev/null +++ b/pam.spec @@ -0,0 +1,535 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux + +%define flavor @BUILD_FLAVOR@%{nil} + +# List of config files for migration to /usr/etc +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.7.0 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source10: unix2_chkpwd.c +Source11: unix2_chkpwd.8 +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +# PATCH-FIX-UPSTREAM: CVE-2024-10963 +Patch2: pam_access-rework-resolving-of-tokens-as-hostname.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: meson >= 0.62.0 +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(libsystemd) >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_pam_moduledir}/pam_limits.so + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif + +%meson -Dvendordir=%{_distconfdir} \ + -Ddocdir=%{_docdir}/pam \ + -Dhtmldir=%{_docdir}/pam/html \ + -Dpdfdir=%{_docdir}/pam/pdf \ + -Dsecuredir=%{_pam_moduledir} \ +%if "%{flavor}" != "full" + -Dlogind=disabled \ + -Dpam_userdb=disabled \ + -Ddocs=disabled \ +%endif + -Dexamples=false \ + -Dnis=disabled +%meson_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/%{_target_platform}/libpam -lpam + +%if %{build_main} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} + +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +%if "%{flavor}" == "full" +mkdir -p $DOC/modules +cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/" +%endif +# Install unix2_chkpwd +install -m 755 %{_builddir}/unix2_chkpwd %{buildroot}%{_sbindir} + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +install -m 644 %{_sourcedir}/unix2_chkpwd.8 %{buildroot}/%{_mandir}/man8/ +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_distconfdir}/environment,%{_pam_secdistconfdir}/{a,f,g,n,p,s,t}*} +rm -rf %{buildroot}{%{_sysconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,la,lis,lo,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_limits.so,%{_pam_secdistconfdir}/limits.conf,%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd +%verify_permissions -e %{_sbindir}/unix2_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%set_permissions %{_sbindir}/unix2_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix2_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +%{_pam_secdistconfdir}/limits.conf +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix2_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/pam_access-rework-resolving-of-tokens-as-hostname.patch b/pam_access-rework-resolving-of-tokens-as-hostname.patch new file mode 100644 index 0000000..36f36cd --- /dev/null +++ b/pam_access-rework-resolving-of-tokens-as-hostname.patch @@ -0,0 +1,225 @@ +From 940747f88c16e029b69a74e80a2e94f65cb3e628 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 14 Nov 2024 10:27:28 +0100 +Subject: [PATCH] pam_access: rework resolving of tokens as hostname + +* modules/pam_access/pam_access.c: separate resolving of IP addresses + from hostnames. Don't resolve TTYs or display variables as hostname + (#834). + Add "nodns" option to disallow resolving of tokens as hostname. +* modules/pam_access/pam_access.8.xml: document nodns option +* modules/pam_access/access.conf.5.xml: document that hostnames should + be written as FQHN. +--- + modules/pam_access/access.conf.5.xml | 4 ++ + modules/pam_access/pam_access.8.xml | 46 ++++++++++++------ + modules/pam_access/pam_access.c | 72 +++++++++++++++++++++++++++- + 3 files changed, 105 insertions(+), 17 deletions(-) + +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index 0b93db00..10b8ba92 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -233,6 +233,10 @@ + An IPv6 link local host address must contain the interface + identifier. IPv6 link local network/netmask is not supported. + ++ ++ Hostnames should be written as Fully-Qualified Host Name (FQHN) to avoid ++ confusion with device names or PAM service names. ++ + + + +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index c991d7a0..71a4f7ee 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -22,11 +22,14 @@ + + debug + ++ ++ noaudit ++ + + nodefgroup + + +- noaudit ++ nodns + + + quiet_log +@@ -132,6 +135,33 @@ + + + ++ ++ ++ nodefgroup ++ ++ ++ ++ User tokens which are not enclosed in parentheses will not be ++ matched against the group database. The backwards compatible default is ++ to try the group database match even for tokens not enclosed ++ in parentheses. ++ ++ ++ ++ ++ ++ ++ nodns ++ ++ ++ ++ Do not try to resolve tokens as hostnames, only IPv4 and IPv6 ++ addresses will be resolved. Which means to allow login from a ++ remote host, the IP addresses need to be specified in access.conf. ++ ++ ++ ++ + + + quiet_log +@@ -185,20 +215,6 @@ + + + +- +- +- nodefgroup +- +- +- +- User tokens which are not enclosed in parentheses will not be +- matched against the group database. The backwards compatible default is +- to try the group database match even for tokens not enclosed +- in parentheses. +- +- +- +- + + + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 48e7c7e9..109115e9 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -100,6 +100,7 @@ struct login_info { + int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ + int noaudit; /* Do not audit denials */ + int quiet_log; /* Do not log denials */ ++ int nodns; /* Do not try to resolve tokens as hostnames */ + const char *fs; /* field separator */ + const char *sep; /* list-element separator */ + int from_remote_host; /* If PAM_RHOST was used for from */ +@@ -154,6 +155,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, + loginfo->noaudit = YES; + } else if (strcmp (argv[i], "quiet_log") == 0) { + loginfo->quiet_log = YES; ++ } else if (strcmp (argv[i], "nodns") == 0) { ++ loginfo->nodns = YES; + } else { + pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]); + } +@@ -820,7 +823,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers/subnet (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -895,6 +898,39 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + } + + ++static int ++is_device (pam_handle_t *pamh, const char *tok) ++{ ++ struct stat st; ++ const char *dev = "/dev/"; ++ char *devname; ++ ++ devname = malloc (strlen(dev) + strlen (tok) + 1); ++ if (devname == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for device name: %m"); ++ /* ++ * We should return an error and abort, but pam_access has no good ++ * error handling. ++ */ ++ return NO; ++ } ++ ++ char *cp = stpcpy (devname, dev); ++ strcpy (cp, tok); ++ ++ if (lstat(devname, &st) != 0) ++ { ++ free (devname); ++ return NO; ++ } ++ free (devname); ++ ++ if (S_ISCHR(st.st_mode)) ++ return YES; ++ ++ return NO; ++} ++ + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok + * represents either a hostname, a single ip (v4,v6) address +@@ -956,10 +992,42 @@ network_netmask_match (pam_handle_t *pamh, + return NO; + } + } ++ else if (isipaddr(tok, NULL, NULL) == YES) ++ { ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ if (item->debug) ++ pam_syslog(pamh, LOG_DEBUG, "cannot resolve IP address \"%s\"", tok); ++ ++ return NO; ++ } ++ netmask_ptr = NULL; ++ } ++ else if (item->nodns) ++ { ++ /* Only hostnames are left, which we would need to resolve via DNS */ ++ return NO; ++ } + else + { ++ /* Bail out on X11 Display entries and ttys. */ ++ if (tok[0] == ':') ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is X11 display", tok); ++ return NO; ++ } ++ if (is_device (pamh, tok)) ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is a TTY", tok); ++ return NO; ++ } ++ + /* +- * It is either an IP address or a hostname. ++ * It is most likely a hostname. + * Let getaddrinfo sort everything out + */ + if (getaddrinfo (tok, NULL, NULL, &ai) != 0) +-- +2.47.0 + diff --git a/pam_issue-systemd.patch b/pam_issue-systemd.patch new file mode 100644 index 0000000..40e3bfb --- /dev/null +++ b/pam_issue-systemd.patch @@ -0,0 +1,51 @@ +From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 4 Sep 2024 16:07:56 +0200 +Subject: [PATCH] pam_issue: only count class user + +Since systemd added new types of classes (e.g. manager*), we cannot +use the count of all sessions anymore, but have to check which class +this is. + +This is backward compatible, systemd v209 or newer is required. +--- + modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index aade642ec5..e2c555c405 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + { + unsigned int users = 0; + #ifdef USE_LOGIND +- int sessions = sd_get_sessions(NULL); ++ char **sessions_list; ++ int sessions = sd_get_sessions(&sessions_list); + + if (sessions < 0) { + pam_syslog(pamh, LOG_ERR, "logind error: %s", + strerror(-sessions)); + _pam_drop(issue); + return PAM_SERVICE_ERR; ++ } else if (sessions > 0 && sessions_list != NULL) { ++ int i; ++ ++ for (i = 0; i < sessions; i++) { ++ char *class; ++ ++ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) ++ continue; ++ ++ if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete ++ users++; ++ free(class); ++ } ++ ++ for (i = 0; i < sessions; i++) ++ free(sessions_list[i]); ++ free(sessions_list); + } else { + users = sessions; + } diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From 137ec2595f6a44c1c010294b252fe7a07788d449488b58ef3900fceee6ee0e4b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 24 Mar 2025 17:44:02 +0000 Subject: [PATCH 219/226] - Remove unix2_chkpwd, no consumer left OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=306 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + Linux-PAM-1.7.0.tar.xz | 3 + Linux-PAM-1.7.0.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 7 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 13 + common-session.pamd | 12 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 36 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2395 +++++++++++++++++ pam.spec | 524 ++++ pam.tmpfiles | 4 + ...work-resolving-of-tokens-as-hostname.patch | 225 ++ pam_issue-systemd.patch | 51 + postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 +++ 29 files changed, 3894 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 Linux-PAM-1.7.0.tar.xz create mode 100644 Linux-PAM-1.7.0.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 pam_access-rework-resolving-of-tokens-as-hostname.patch create mode 100644 pam_issue-systemd.patch create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.0.tar.xz b/Linux-PAM-1.7.0.tar.xz new file mode 100644 index 0000000..69dc2e3 --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697 +size 507824 diff --git a/Linux-PAM-1.7.0.tar.xz.asc b/Linux-PAM-1.7.0.tar.xz.asc new file mode 100644 index 0000000..5fbbdaa --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJnGiIVAAoJEKgEH6g54W42kSsP/jsmwl1WMrtPlze2jtRZ1ZVD +HvJPJMYNCeXKpXxSCL4rt97TeZKp+8WbrmrbG+zG8okIFDKl4rHuU9PpJocIpwDd ++zAD1GQOqeUz0AyPPXBmsMshmQ3z+l8W9ykR1WCFrceXRAswSgNEDEavluVP9EHG +epFA/+t1BR8G3GV6LH9LhRkTOOsE8O30hTEHZp1vCrR+xKJo41ZTq+VVvU8KFUrC +lPGH9pX1ioe5rlLfvKNJthUKVoaNyDXED2la9sJPdTmc5hDBGLIo5hnBpvOn8Zfp +cfMoB3lFBy6MHF7tb4ZfDxgG44D/xIwXd7Zddc6HenJl/SUjucXFq1OXHcK+MhqO +63zFAci8k7ywwPPoGBpHMYZ2czZx3jo++It80b2CBMYKzi9YMVmaq/toEtMyI+Og +W3gh4EfHkN98GQz4XC9yO4fjIno1J/Bwni6HNXBaumbg6xIPRwvxcOCdXZBUjKrx +mDljxQetZJGzURidA+2cdJsAu1o0PDtzPguabno4aW2GMV9tUF3Q3aF+NClg18uZ ++eXlGd/fsrLOIGfhYOpbFyIEE5h/dZq3vIj/NOVfKCsU0yajs6d3Zj2Y+2sxs7ob +z9begFsadFZ6atqA77FL7i4781U2bTtqp8qsj9UXb+gJabqnQZ2k+qBXg4XtAWrn +iJaal6uBXWOJG9BG5l8G +=CVaC +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..af91018 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel +pam-userdb diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..827283b --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..c57304c --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,12 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..fbd27de --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,36 @@ +From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..6067eee --- /dev/null +++ b/pam.changes @@ -0,0 +1,2395 @@ +------------------------------------------------------------------- +Mon Mar 24 17:41:34 UTC 2025 - Thorsten Kukuk + +- Remove unix2_chkpwd, no consumer left + +------------------------------------------------------------------- +Thu Dec 5 12:44:33 UTC 2024 - Valentin Lefebvre + +- pam_access: rework resolving of tokens as hostname + - separate resolving of IP addresses from hostnames. Don't resolve TTYs or + display variables as hostname. + - Add "nodns" option to disallow resolving of tokens as hostname. + - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, + CVE-2024-10963] + +------------------------------------------------------------------- +Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk + +- Update to version 1.7.0 + - build: changed build system from autotools to meson. + - libpam_misc: use ECHOCTL in the terminal input + - pam_access: support UID and GID in access.conf + - pam_env: install environment file in vendordir if vendordir is enabled + - pam_issue: only count class user if logind support is enabled + - pam_limits: use systemd-logind instead of utmp if logind support is enabled + - pam_unix: compare password hashes in constant time + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Drop upstream patches: + - pam-bsc1194818-cursor-escape.patch + - pam_limits-systemd.patch + - pam_issue-systemd.patch + +------------------------------------------------------------------- +Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk + +- baselibs.conf: add pam-userdb + +------------------------------------------------------------------- +Tue Sep 10 08:22:02 UTC 2024 - Thorsten Kukuk + +- pam_limits-systemd.patch: update to final PR + +------------------------------------------------------------------- +Fri Sep 6 08:13:22 UTC 2024 - Thorsten Kukuk + +- Add systemd-logind support to pam_limits (pam_limits-systemd.patch) +- Remove /usr/etc/pam.d, everything should be migrated +- Remove pam_limits from default common-sessions* files. pam_limits + is now part of pam-extra and not in our default generated config. +- pam_issue-systemd.patch: only count class user sessions + +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- + +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..736123d --- /dev/null +++ b/pam.spec @@ -0,0 +1,524 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux + +%define flavor @BUILD_FLAVOR@%{nil} + +# List of config files for migration to /usr/etc +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.7.0 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +# PATCH-FIX-UPSTREAM: CVE-2024-10963 +Patch2: pam_access-rework-resolving-of-tokens-as-hostname.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: meson >= 0.62.0 +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(libsystemd) >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_pam_moduledir}/pam_limits.so + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif + +%meson -Dvendordir=%{_distconfdir} \ + -Ddocdir=%{_docdir}/pam \ + -Dhtmldir=%{_docdir}/pam/html \ + -Dpdfdir=%{_docdir}/pam/pdf \ + -Dsecuredir=%{_pam_moduledir} \ +%if "%{flavor}" != "full" + -Dlogind=disabled \ + -Dpam_userdb=disabled \ + -Ddocs=disabled \ +%endif + -Dexamples=false \ + -Dnis=disabled +%meson_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +%if %{build_main} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} + +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +%if "%{flavor}" == "full" +mkdir -p $DOC/modules +cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/" +%endif + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_distconfdir}/environment,%{_pam_secdistconfdir}/{a,f,g,n,p,s,t}*} +rm -rf %{buildroot}{%{_sysconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,la,lis,lo,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_limits.so,%{_pam_secdistconfdir}/limits.conf,%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +%{_pam_secdistconfdir}/limits.conf +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/pam_access-rework-resolving-of-tokens-as-hostname.patch b/pam_access-rework-resolving-of-tokens-as-hostname.patch new file mode 100644 index 0000000..36f36cd --- /dev/null +++ b/pam_access-rework-resolving-of-tokens-as-hostname.patch @@ -0,0 +1,225 @@ +From 940747f88c16e029b69a74e80a2e94f65cb3e628 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 14 Nov 2024 10:27:28 +0100 +Subject: [PATCH] pam_access: rework resolving of tokens as hostname + +* modules/pam_access/pam_access.c: separate resolving of IP addresses + from hostnames. Don't resolve TTYs or display variables as hostname + (#834). + Add "nodns" option to disallow resolving of tokens as hostname. +* modules/pam_access/pam_access.8.xml: document nodns option +* modules/pam_access/access.conf.5.xml: document that hostnames should + be written as FQHN. +--- + modules/pam_access/access.conf.5.xml | 4 ++ + modules/pam_access/pam_access.8.xml | 46 ++++++++++++------ + modules/pam_access/pam_access.c | 72 +++++++++++++++++++++++++++- + 3 files changed, 105 insertions(+), 17 deletions(-) + +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index 0b93db00..10b8ba92 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -233,6 +233,10 @@ + An IPv6 link local host address must contain the interface + identifier. IPv6 link local network/netmask is not supported. + ++ ++ Hostnames should be written as Fully-Qualified Host Name (FQHN) to avoid ++ confusion with device names or PAM service names. ++ + + + +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index c991d7a0..71a4f7ee 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -22,11 +22,14 @@ + + debug + ++ ++ noaudit ++ + + nodefgroup + + +- noaudit ++ nodns + + + quiet_log +@@ -132,6 +135,33 @@ + + + ++ ++ ++ nodefgroup ++ ++ ++ ++ User tokens which are not enclosed in parentheses will not be ++ matched against the group database. The backwards compatible default is ++ to try the group database match even for tokens not enclosed ++ in parentheses. ++ ++ ++ ++ ++ ++ ++ nodns ++ ++ ++ ++ Do not try to resolve tokens as hostnames, only IPv4 and IPv6 ++ addresses will be resolved. Which means to allow login from a ++ remote host, the IP addresses need to be specified in access.conf. ++ ++ ++ ++ + + + quiet_log +@@ -185,20 +215,6 @@ + + + +- +- +- nodefgroup +- +- +- +- User tokens which are not enclosed in parentheses will not be +- matched against the group database. The backwards compatible default is +- to try the group database match even for tokens not enclosed +- in parentheses. +- +- +- +- + + + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 48e7c7e9..109115e9 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -100,6 +100,7 @@ struct login_info { + int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ + int noaudit; /* Do not audit denials */ + int quiet_log; /* Do not log denials */ ++ int nodns; /* Do not try to resolve tokens as hostnames */ + const char *fs; /* field separator */ + const char *sep; /* list-element separator */ + int from_remote_host; /* If PAM_RHOST was used for from */ +@@ -154,6 +155,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, + loginfo->noaudit = YES; + } else if (strcmp (argv[i], "quiet_log") == 0) { + loginfo->quiet_log = YES; ++ } else if (strcmp (argv[i], "nodns") == 0) { ++ loginfo->nodns = YES; + } else { + pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]); + } +@@ -820,7 +823,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers/subnet (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -895,6 +898,39 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + } + + ++static int ++is_device (pam_handle_t *pamh, const char *tok) ++{ ++ struct stat st; ++ const char *dev = "/dev/"; ++ char *devname; ++ ++ devname = malloc (strlen(dev) + strlen (tok) + 1); ++ if (devname == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for device name: %m"); ++ /* ++ * We should return an error and abort, but pam_access has no good ++ * error handling. ++ */ ++ return NO; ++ } ++ ++ char *cp = stpcpy (devname, dev); ++ strcpy (cp, tok); ++ ++ if (lstat(devname, &st) != 0) ++ { ++ free (devname); ++ return NO; ++ } ++ free (devname); ++ ++ if (S_ISCHR(st.st_mode)) ++ return YES; ++ ++ return NO; ++} ++ + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok + * represents either a hostname, a single ip (v4,v6) address +@@ -956,10 +992,42 @@ network_netmask_match (pam_handle_t *pamh, + return NO; + } + } ++ else if (isipaddr(tok, NULL, NULL) == YES) ++ { ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ if (item->debug) ++ pam_syslog(pamh, LOG_DEBUG, "cannot resolve IP address \"%s\"", tok); ++ ++ return NO; ++ } ++ netmask_ptr = NULL; ++ } ++ else if (item->nodns) ++ { ++ /* Only hostnames are left, which we would need to resolve via DNS */ ++ return NO; ++ } + else + { ++ /* Bail out on X11 Display entries and ttys. */ ++ if (tok[0] == ':') ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is X11 display", tok); ++ return NO; ++ } ++ if (is_device (pamh, tok)) ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is a TTY", tok); ++ return NO; ++ } ++ + /* +- * It is either an IP address or a hostname. ++ * It is most likely a hostname. + * Let getaddrinfo sort everything out + */ + if (getaddrinfo (tok, NULL, NULL, &ai) != 0) +-- +2.47.0 + diff --git a/pam_issue-systemd.patch b/pam_issue-systemd.patch new file mode 100644 index 0000000..40e3bfb --- /dev/null +++ b/pam_issue-systemd.patch @@ -0,0 +1,51 @@ +From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 4 Sep 2024 16:07:56 +0200 +Subject: [PATCH] pam_issue: only count class user + +Since systemd added new types of classes (e.g. manager*), we cannot +use the count of all sessions anymore, but have to check which class +this is. + +This is backward compatible, systemd v209 or newer is required. +--- + modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index aade642ec5..e2c555c405 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + { + unsigned int users = 0; + #ifdef USE_LOGIND +- int sessions = sd_get_sessions(NULL); ++ char **sessions_list; ++ int sessions = sd_get_sessions(&sessions_list); + + if (sessions < 0) { + pam_syslog(pamh, LOG_ERR, "logind error: %s", + strerror(-sessions)); + _pam_drop(issue); + return PAM_SERVICE_ERR; ++ } else if (sessions > 0 && sessions_list != NULL) { ++ int i; ++ ++ for (i = 0; i < sessions; i++) { ++ char *class; ++ ++ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) ++ continue; ++ ++ if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete ++ users++; ++ free(class); ++ } ++ ++ for (i = 0; i < sessions; i++) ++ free(sessions_list[i]); ++ free(sessions_list); + } else { + users = sessions; + } diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From d181fd6fc78b30501a7628bfb6c2062d64156daed4639f57ab215f911b4e698e Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 18 Jun 2025 05:59:17 +0000 Subject: [PATCH 220/226] - Update to version 1.7.1 - pam_access: do not resolve ttys or display variables as hostnames. - pam_access: added "nodns" option to disallow resolving of tokens as hostnames (CVE-2024-10963). - pam_limits: added support for rttime (RLIMIT_RTTIME). - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). - meson: added support of elogind as a logind provider. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=307 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + Linux-PAM-1.7.0.tar.xz | 3 + Linux-PAM-1.7.0.tar.xz.asc | 16 + Linux-PAM-1.7.1.tar.xz | 3 + Linux-PAM-1.7.1.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 7 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 13 + common-session.pamd | 12 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 36 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2409 +++++++++++++++++ pam.spec | 523 ++++ pam.tmpfiles | 4 + ...work-resolving-of-tokens-as-hostname.patch | 225 ++ pam_issue-systemd.patch | 51 + postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 +++ 31 files changed, 3926 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 Linux-PAM-1.7.0.tar.xz create mode 100644 Linux-PAM-1.7.0.tar.xz.asc create mode 100644 Linux-PAM-1.7.1.tar.xz create mode 100644 Linux-PAM-1.7.1.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 pam_access-rework-resolving-of-tokens-as-hostname.patch create mode 100644 pam_issue-systemd.patch create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.0.tar.xz b/Linux-PAM-1.7.0.tar.xz new file mode 100644 index 0000000..69dc2e3 --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697 +size 507824 diff --git a/Linux-PAM-1.7.0.tar.xz.asc b/Linux-PAM-1.7.0.tar.xz.asc new file mode 100644 index 0000000..5fbbdaa --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJnGiIVAAoJEKgEH6g54W42kSsP/jsmwl1WMrtPlze2jtRZ1ZVD +HvJPJMYNCeXKpXxSCL4rt97TeZKp+8WbrmrbG+zG8okIFDKl4rHuU9PpJocIpwDd ++zAD1GQOqeUz0AyPPXBmsMshmQ3z+l8W9ykR1WCFrceXRAswSgNEDEavluVP9EHG +epFA/+t1BR8G3GV6LH9LhRkTOOsE8O30hTEHZp1vCrR+xKJo41ZTq+VVvU8KFUrC +lPGH9pX1ioe5rlLfvKNJthUKVoaNyDXED2la9sJPdTmc5hDBGLIo5hnBpvOn8Zfp +cfMoB3lFBy6MHF7tb4ZfDxgG44D/xIwXd7Zddc6HenJl/SUjucXFq1OXHcK+MhqO +63zFAci8k7ywwPPoGBpHMYZ2czZx3jo++It80b2CBMYKzi9YMVmaq/toEtMyI+Og +W3gh4EfHkN98GQz4XC9yO4fjIno1J/Bwni6HNXBaumbg6xIPRwvxcOCdXZBUjKrx +mDljxQetZJGzURidA+2cdJsAu1o0PDtzPguabno4aW2GMV9tUF3Q3aF+NClg18uZ ++eXlGd/fsrLOIGfhYOpbFyIEE5h/dZq3vIj/NOVfKCsU0yajs6d3Zj2Y+2sxs7ob +z9begFsadFZ6atqA77FL7i4781U2bTtqp8qsj9UXb+gJabqnQZ2k+qBXg4XtAWrn +iJaal6uBXWOJG9BG5l8G +=CVaC +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.1.tar.xz b/Linux-PAM-1.7.1.tar.xz new file mode 100644 index 0000000..7b3c6a7 --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:21dbcec6e01dd578f14789eac9024a18941e6f2702a05cf91b28c232eeb26ab0 +size 510828 diff --git a/Linux-PAM-1.7.1.tar.xz.asc b/Linux-PAM-1.7.1.tar.xz.asc new file mode 100644 index 0000000..ebcc2cf --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJoUTDGAAoJEKgEH6g54W42RDQQAIKq+ltEn0g/lB0g+xU9SArO +ItMiZDp6RaLDIRgOxbl1hnQyXvXcW5LYBT36u+e5PLKrtMzc8/S3kDtn2FRsS5KW +aZaKmZI6UlEQVErMfX2F8/uPvcMRNmqHL7h3+BW8aIWp+WTBO3TIOZxVqNoDFbxj +L/9G3KYTgcuKjb6XoDlicS68ImcLJC2BPjcaisaoqKRyK504jgYK6Wl6AFo7Fu8r +PS134LM6gUUxMzdYCpISmO5tZh+uOqtCfbdeOY3bwBeupe2J4D6v7uASF7RqEXPX +/imsmUkmqLmOOolvLflGDsiz1HaY05LW7CcJngXOV6WKU+HqBg9E5Xclnr0RyvBD +tmFPeWlgPw+zg+BVUhGAUeLoFCknbtY/7TEB4Jh0Z/Tm+pOUVoQbhrUCI0rAgapN +dA9i5DCUuEBXRul2YvG7EZGuYs77fzpf/J++b9XKB9kH1Bc3vaaZoaO+lbN8g6Ei +CbZCmD0ct0UhUTX+FEUG9SkMTomyd9ihz6kuHcuo4eCVbVuDJpF+vEUjVb7no9Aw +KlZ6/I45GRRjIYYk/vxpgNX05D8xeMxDkXEMcKAHsI/q4oOe7Hsuess47WioiVXL +xNl6AHjJ4VMcz1xLPR8COA8L3uaZNtxuIGhazZFeJbrfJct5gsf9iv04pdAA73/B +NtgHrE6GjGSmw+/xX22z +=RQhR +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..af91018 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel +pam-userdb diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..827283b --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..c57304c --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,12 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..fbd27de --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,36 @@ +From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..9243cf0 --- /dev/null +++ b/pam.changes @@ -0,0 +1,2409 @@ +------------------------------------------------------------------- +Wed Jun 18 05:38:35 UTC 2025 - Thorsten Kukuk + +- Update to version 1.7.1 + - pam_access: do not resolve ttys or display variables as hostnames. + - pam_access: added "nodns" option to disallow resolving of tokens + as hostnames (CVE-2024-10963). + - pam_limits: added support for rttime (RLIMIT_RTTIME). + - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). + - meson: added support of elogind as a logind provider. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted + +------------------------------------------------------------------- +Mon Mar 24 17:41:34 UTC 2025 - Thorsten Kukuk + +- Remove unix2_chkpwd, no consumer left + +------------------------------------------------------------------- +Thu Dec 5 12:44:33 UTC 2024 - Valentin Lefebvre + +- pam_access: rework resolving of tokens as hostname + - separate resolving of IP addresses from hostnames. Don't resolve TTYs or + display variables as hostname. + - Add "nodns" option to disallow resolving of tokens as hostname. + - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, + CVE-2024-10963] + +------------------------------------------------------------------- +Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk + +- Update to version 1.7.0 + - build: changed build system from autotools to meson. + - libpam_misc: use ECHOCTL in the terminal input + - pam_access: support UID and GID in access.conf + - pam_env: install environment file in vendordir if vendordir is enabled + - pam_issue: only count class user if logind support is enabled + - pam_limits: use systemd-logind instead of utmp if logind support is enabled + - pam_unix: compare password hashes in constant time + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Drop upstream patches: + - pam-bsc1194818-cursor-escape.patch + - pam_limits-systemd.patch + - pam_issue-systemd.patch + +------------------------------------------------------------------- +Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk + +- baselibs.conf: add pam-userdb + +------------------------------------------------------------------- +Tue Sep 10 08:22:02 UTC 2024 - Thorsten Kukuk + +- pam_limits-systemd.patch: update to final PR + +------------------------------------------------------------------- +Fri Sep 6 08:13:22 UTC 2024 - Thorsten Kukuk + +- Add systemd-logind support to pam_limits (pam_limits-systemd.patch) +- Remove /usr/etc/pam.d, everything should be migrated +- Remove pam_limits from default common-sessions* files. pam_limits + is now part of pam-extra and not in our default generated config. +- pam_issue-systemd.patch: only count class user sessions + +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- + +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..29ad071 --- /dev/null +++ b/pam.spec @@ -0,0 +1,523 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux + +%define flavor @BUILD_FLAVOR@%{nil} + +# List of config files for migration to /usr/etc +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.7.1 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: meson >= 0.62.0 +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(libsystemd) >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_pam_moduledir}/pam_limits.so + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif + +%meson -Dvendordir=%{_distconfdir} \ + -Ddocdir=%{_docdir}/pam \ + -Dhtmldir=%{_docdir}/pam/html \ + -Dpdfdir=%{_docdir}/pam/pdf \ + -Dsecuredir=%{_pam_moduledir} \ +%if "%{flavor}" != "full" + -Dlogind=disabled \ + -Delogind=disabled \ + -Dpam_userdb=disabled \ + -Ddocs=disabled \ +%endif + -Dexamples=false \ + -Dnis=disabled +%meson_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +%if %{build_main} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} + +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +%if "%{flavor}" == "full" +mkdir -p $DOC/modules +cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/" +%endif + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_distconfdir}/environment,%{_pam_secdistconfdir}/{a,f,g,n,p,s,t}*} +rm -rf %{buildroot}{%{_sysconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,la,lis,lo,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_limits.so,%{_pam_secdistconfdir}/limits.conf,%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +%{_pam_secdistconfdir}/limits.conf +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/pam_access-rework-resolving-of-tokens-as-hostname.patch b/pam_access-rework-resolving-of-tokens-as-hostname.patch new file mode 100644 index 0000000..36f36cd --- /dev/null +++ b/pam_access-rework-resolving-of-tokens-as-hostname.patch @@ -0,0 +1,225 @@ +From 940747f88c16e029b69a74e80a2e94f65cb3e628 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 14 Nov 2024 10:27:28 +0100 +Subject: [PATCH] pam_access: rework resolving of tokens as hostname + +* modules/pam_access/pam_access.c: separate resolving of IP addresses + from hostnames. Don't resolve TTYs or display variables as hostname + (#834). + Add "nodns" option to disallow resolving of tokens as hostname. +* modules/pam_access/pam_access.8.xml: document nodns option +* modules/pam_access/access.conf.5.xml: document that hostnames should + be written as FQHN. +--- + modules/pam_access/access.conf.5.xml | 4 ++ + modules/pam_access/pam_access.8.xml | 46 ++++++++++++------ + modules/pam_access/pam_access.c | 72 +++++++++++++++++++++++++++- + 3 files changed, 105 insertions(+), 17 deletions(-) + +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index 0b93db00..10b8ba92 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -233,6 +233,10 @@ + An IPv6 link local host address must contain the interface + identifier. IPv6 link local network/netmask is not supported. + ++ ++ Hostnames should be written as Fully-Qualified Host Name (FQHN) to avoid ++ confusion with device names or PAM service names. ++ + + + +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index c991d7a0..71a4f7ee 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -22,11 +22,14 @@ + + debug + ++ ++ noaudit ++ + + nodefgroup + + +- noaudit ++ nodns + + + quiet_log +@@ -132,6 +135,33 @@ + + + ++ ++ ++ nodefgroup ++ ++ ++ ++ User tokens which are not enclosed in parentheses will not be ++ matched against the group database. The backwards compatible default is ++ to try the group database match even for tokens not enclosed ++ in parentheses. ++ ++ ++ ++ ++ ++ ++ nodns ++ ++ ++ ++ Do not try to resolve tokens as hostnames, only IPv4 and IPv6 ++ addresses will be resolved. Which means to allow login from a ++ remote host, the IP addresses need to be specified in access.conf. ++ ++ ++ ++ + + + quiet_log +@@ -185,20 +215,6 @@ + + + +- +- +- nodefgroup +- +- +- +- User tokens which are not enclosed in parentheses will not be +- matched against the group database. The backwards compatible default is +- to try the group database match even for tokens not enclosed +- in parentheses. +- +- +- +- + + + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 48e7c7e9..109115e9 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -100,6 +100,7 @@ struct login_info { + int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ + int noaudit; /* Do not audit denials */ + int quiet_log; /* Do not log denials */ ++ int nodns; /* Do not try to resolve tokens as hostnames */ + const char *fs; /* field separator */ + const char *sep; /* list-element separator */ + int from_remote_host; /* If PAM_RHOST was used for from */ +@@ -154,6 +155,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, + loginfo->noaudit = YES; + } else if (strcmp (argv[i], "quiet_log") == 0) { + loginfo->quiet_log = YES; ++ } else if (strcmp (argv[i], "nodns") == 0) { ++ loginfo->nodns = YES; + } else { + pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]); + } +@@ -820,7 +823,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers/subnet (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -895,6 +898,39 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + } + + ++static int ++is_device (pam_handle_t *pamh, const char *tok) ++{ ++ struct stat st; ++ const char *dev = "/dev/"; ++ char *devname; ++ ++ devname = malloc (strlen(dev) + strlen (tok) + 1); ++ if (devname == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for device name: %m"); ++ /* ++ * We should return an error and abort, but pam_access has no good ++ * error handling. ++ */ ++ return NO; ++ } ++ ++ char *cp = stpcpy (devname, dev); ++ strcpy (cp, tok); ++ ++ if (lstat(devname, &st) != 0) ++ { ++ free (devname); ++ return NO; ++ } ++ free (devname); ++ ++ if (S_ISCHR(st.st_mode)) ++ return YES; ++ ++ return NO; ++} ++ + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok + * represents either a hostname, a single ip (v4,v6) address +@@ -956,10 +992,42 @@ network_netmask_match (pam_handle_t *pamh, + return NO; + } + } ++ else if (isipaddr(tok, NULL, NULL) == YES) ++ { ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ if (item->debug) ++ pam_syslog(pamh, LOG_DEBUG, "cannot resolve IP address \"%s\"", tok); ++ ++ return NO; ++ } ++ netmask_ptr = NULL; ++ } ++ else if (item->nodns) ++ { ++ /* Only hostnames are left, which we would need to resolve via DNS */ ++ return NO; ++ } + else + { ++ /* Bail out on X11 Display entries and ttys. */ ++ if (tok[0] == ':') ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is X11 display", tok); ++ return NO; ++ } ++ if (is_device (pamh, tok)) ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is a TTY", tok); ++ return NO; ++ } ++ + /* +- * It is either an IP address or a hostname. ++ * It is most likely a hostname. + * Let getaddrinfo sort everything out + */ + if (getaddrinfo (tok, NULL, NULL, &ai) != 0) +-- +2.47.0 + diff --git a/pam_issue-systemd.patch b/pam_issue-systemd.patch new file mode 100644 index 0000000..40e3bfb --- /dev/null +++ b/pam_issue-systemd.patch @@ -0,0 +1,51 @@ +From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 4 Sep 2024 16:07:56 +0200 +Subject: [PATCH] pam_issue: only count class user + +Since systemd added new types of classes (e.g. manager*), we cannot +use the count of all sessions anymore, but have to check which class +this is. + +This is backward compatible, systemd v209 or newer is required. +--- + modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index aade642ec5..e2c555c405 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + { + unsigned int users = 0; + #ifdef USE_LOGIND +- int sessions = sd_get_sessions(NULL); ++ char **sessions_list; ++ int sessions = sd_get_sessions(&sessions_list); + + if (sessions < 0) { + pam_syslog(pamh, LOG_ERR, "logind error: %s", + strerror(-sessions)); + _pam_drop(issue); + return PAM_SERVICE_ERR; ++ } else if (sessions > 0 && sessions_list != NULL) { ++ int i; ++ ++ for (i = 0; i < sessions; i++) { ++ char *class; ++ ++ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) ++ continue; ++ ++ if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete ++ users++; ++ free(class); ++ } ++ ++ for (i = 0; i < sessions; i++) ++ free(sessions_list[i]); ++ free(sessions_list); + } else { + users = sessions; + } diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From a7cbf492abaa3eb680037cfb3378b672e576fc1ca16ef5e5f8d9b9aa0664cf41 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 18 Jun 2025 06:22:26 +0000 Subject: [PATCH 221/226] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=308 --- pam.changes | 1 - 1 file changed, 1 deletion(-) diff --git a/pam.changes b/pam.changes index 9243cf0..11deb8b 100644 --- a/pam.changes +++ b/pam.changes @@ -1255,7 +1255,6 @@ Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com * correct parsing of "quiet" option ------------------------------------------------------------------- - Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com - fix for bnc#673826 (pam_listfile) -- 2.51.1 From 12d827a80e6f8f99ec75d8ba322e947a98cbb22c94c56f37fea65c487bd9c770 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 18 Jun 2025 12:02:48 +0000 Subject: [PATCH 222/226] - hardcode disabling elogind, meson detection is unreliable in OBS OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=309 --- pam.changes | 5 +++++ pam.spec | 4 +++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pam.changes b/pam.changes index 11deb8b..a215916 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Jun 18 12:01:57 UTC 2025 - Thorsten Kukuk + +- hardcode disabling elogind, meson detection is unreliable in OBS + ------------------------------------------------------------------- Wed Jun 18 05:38:35 UTC 2025 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index 29ad071..344dfbe 100644 --- a/pam.spec +++ b/pam.spec @@ -217,10 +217,12 @@ CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" -Dsecuredir=%{_pam_moduledir} \ %if "%{flavor}" != "full" -Dlogind=disabled \ - -Delogind=disabled \ -Dpam_userdb=disabled \ -Ddocs=disabled \ +%else + -Dlogind=enabled \ %endif + -Delogind=disabled \ -Dexamples=false \ -Dnis=disabled %meson_build -- 2.51.1 From df04febe28339bb326e5c2a9d9c50288b978ae7a323236e8c8ad6857afb2afcb Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 19 Aug 2025 14:33:05 +0000 Subject: [PATCH 223/226] - Make sure that the buffer containing encrypted passwords get's erased, before free. [pam_modutil_get-overwrite-password-at-free.patch, bsc#1232234, CVE-20244-10041] OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=310 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + Linux-PAM-1.7.0.tar.xz | 3 + Linux-PAM-1.7.0.tar.xz.asc | 16 + Linux-PAM-1.7.1.tar.xz | 3 + Linux-PAM-1.7.1.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 7 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 13 + common-session.pamd | 12 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 36 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2421 +++++++++++++++++ pam.spec | 527 ++++ pam.tmpfiles | 4 + ...work-resolving-of-tokens-as-hostname.patch | 225 ++ pam_issue-systemd.patch | 51 + ...dutil_get-overwrite-password-at-free.patch | 162 ++ postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 +++ 32 files changed, 4104 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 Linux-PAM-1.7.0.tar.xz create mode 100644 Linux-PAM-1.7.0.tar.xz.asc create mode 100644 Linux-PAM-1.7.1.tar.xz create mode 100644 Linux-PAM-1.7.1.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 pam_access-rework-resolving-of-tokens-as-hostname.patch create mode 100644 pam_issue-systemd.patch create mode 100644 pam_modutil_get-overwrite-password-at-free.patch create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.0.tar.xz b/Linux-PAM-1.7.0.tar.xz new file mode 100644 index 0000000..69dc2e3 --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697 +size 507824 diff --git a/Linux-PAM-1.7.0.tar.xz.asc b/Linux-PAM-1.7.0.tar.xz.asc new file mode 100644 index 0000000..5fbbdaa --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJnGiIVAAoJEKgEH6g54W42kSsP/jsmwl1WMrtPlze2jtRZ1ZVD +HvJPJMYNCeXKpXxSCL4rt97TeZKp+8WbrmrbG+zG8okIFDKl4rHuU9PpJocIpwDd ++zAD1GQOqeUz0AyPPXBmsMshmQ3z+l8W9ykR1WCFrceXRAswSgNEDEavluVP9EHG +epFA/+t1BR8G3GV6LH9LhRkTOOsE8O30hTEHZp1vCrR+xKJo41ZTq+VVvU8KFUrC +lPGH9pX1ioe5rlLfvKNJthUKVoaNyDXED2la9sJPdTmc5hDBGLIo5hnBpvOn8Zfp +cfMoB3lFBy6MHF7tb4ZfDxgG44D/xIwXd7Zddc6HenJl/SUjucXFq1OXHcK+MhqO +63zFAci8k7ywwPPoGBpHMYZ2czZx3jo++It80b2CBMYKzi9YMVmaq/toEtMyI+Og +W3gh4EfHkN98GQz4XC9yO4fjIno1J/Bwni6HNXBaumbg6xIPRwvxcOCdXZBUjKrx +mDljxQetZJGzURidA+2cdJsAu1o0PDtzPguabno4aW2GMV9tUF3Q3aF+NClg18uZ ++eXlGd/fsrLOIGfhYOpbFyIEE5h/dZq3vIj/NOVfKCsU0yajs6d3Zj2Y+2sxs7ob +z9begFsadFZ6atqA77FL7i4781U2bTtqp8qsj9UXb+gJabqnQZ2k+qBXg4XtAWrn +iJaal6uBXWOJG9BG5l8G +=CVaC +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.1.tar.xz b/Linux-PAM-1.7.1.tar.xz new file mode 100644 index 0000000..7b3c6a7 --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:21dbcec6e01dd578f14789eac9024a18941e6f2702a05cf91b28c232eeb26ab0 +size 510828 diff --git a/Linux-PAM-1.7.1.tar.xz.asc b/Linux-PAM-1.7.1.tar.xz.asc new file mode 100644 index 0000000..ebcc2cf --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJoUTDGAAoJEKgEH6g54W42RDQQAIKq+ltEn0g/lB0g+xU9SArO +ItMiZDp6RaLDIRgOxbl1hnQyXvXcW5LYBT36u+e5PLKrtMzc8/S3kDtn2FRsS5KW +aZaKmZI6UlEQVErMfX2F8/uPvcMRNmqHL7h3+BW8aIWp+WTBO3TIOZxVqNoDFbxj +L/9G3KYTgcuKjb6XoDlicS68ImcLJC2BPjcaisaoqKRyK504jgYK6Wl6AFo7Fu8r +PS134LM6gUUxMzdYCpISmO5tZh+uOqtCfbdeOY3bwBeupe2J4D6v7uASF7RqEXPX +/imsmUkmqLmOOolvLflGDsiz1HaY05LW7CcJngXOV6WKU+HqBg9E5Xclnr0RyvBD +tmFPeWlgPw+zg+BVUhGAUeLoFCknbtY/7TEB4Jh0Z/Tm+pOUVoQbhrUCI0rAgapN +dA9i5DCUuEBXRul2YvG7EZGuYs77fzpf/J++b9XKB9kH1Bc3vaaZoaO+lbN8g6Ei +CbZCmD0ct0UhUTX+FEUG9SkMTomyd9ihz6kuHcuo4eCVbVuDJpF+vEUjVb7no9Aw +KlZ6/I45GRRjIYYk/vxpgNX05D8xeMxDkXEMcKAHsI/q4oOe7Hsuess47WioiVXL +xNl6AHjJ4VMcz1xLPR8COA8L3uaZNtxuIGhazZFeJbrfJct5gsf9iv04pdAA73/B +NtgHrE6GjGSmw+/xX22z +=RQhR +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..af91018 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel +pam-userdb diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..827283b --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..c57304c --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,12 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..fbd27de --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,36 @@ +From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..30f97aa --- /dev/null +++ b/pam.changes @@ -0,0 +1,2421 @@ +------------------------------------------------------------------- +Tue Aug 19 10:12:13 UTC 2025 - Valentin Lefebvre + +- Make sure that the buffer containing encrypted passwords get's erased, + before free. + [pam_modutil_get-overwrite-password-at-free.patch, bsc#1232234, + CVE-20244-10041] + +------------------------------------------------------------------- +Wed Jun 18 12:01:57 UTC 2025 - Thorsten Kukuk + +- hardcode disabling elogind, meson detection is unreliable in OBS + +------------------------------------------------------------------- +Wed Jun 18 05:38:35 UTC 2025 - Thorsten Kukuk + +- Update to version 1.7.1 + - pam_access: do not resolve ttys or display variables as hostnames. + - pam_access: added "nodns" option to disallow resolving of tokens + as hostnames (CVE-2024-10963). + - pam_limits: added support for rttime (RLIMIT_RTTIME). + - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). + - meson: added support of elogind as a logind provider. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted + +------------------------------------------------------------------- +Mon Mar 24 17:41:34 UTC 2025 - Thorsten Kukuk + +- Remove unix2_chkpwd, no consumer left + +------------------------------------------------------------------- +Thu Dec 5 12:44:33 UTC 2024 - Valentin Lefebvre + +- pam_access: rework resolving of tokens as hostname + - separate resolving of IP addresses from hostnames. Don't resolve TTYs or + display variables as hostname. + - Add "nodns" option to disallow resolving of tokens as hostname. + - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, + CVE-2024-10963] + +------------------------------------------------------------------- +Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk + +- Update to version 1.7.0 + - build: changed build system from autotools to meson. + - libpam_misc: use ECHOCTL in the terminal input + - pam_access: support UID and GID in access.conf + - pam_env: install environment file in vendordir if vendordir is enabled + - pam_issue: only count class user if logind support is enabled + - pam_limits: use systemd-logind instead of utmp if logind support is enabled + - pam_unix: compare password hashes in constant time + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Drop upstream patches: + - pam-bsc1194818-cursor-escape.patch + - pam_limits-systemd.patch + - pam_issue-systemd.patch + +------------------------------------------------------------------- +Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk + +- baselibs.conf: add pam-userdb + +------------------------------------------------------------------- +Tue Sep 10 08:22:02 UTC 2024 - Thorsten Kukuk + +- pam_limits-systemd.patch: update to final PR + +------------------------------------------------------------------- +Fri Sep 6 08:13:22 UTC 2024 - Thorsten Kukuk + +- Add systemd-logind support to pam_limits (pam_limits-systemd.patch) +- Remove /usr/etc/pam.d, everything should be migrated +- Remove pam_limits from default common-sessions* files. pam_limits + is now part of pam-extra and not in our default generated config. +- pam_issue-systemd.patch: only count class user sessions + +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..92258e5 --- /dev/null +++ b/pam.spec @@ -0,0 +1,527 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux + +%define flavor @BUILD_FLAVOR@%{nil} + +# List of config files for migration to /usr/etc +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.7.1 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +# PATCH-FIX-UPSTREAM +Patch2: pam_modutil_get-overwrite-password-at-free.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: meson >= 0.62.0 +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(libsystemd) >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_pam_moduledir}/pam_limits.so + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif + +%meson -Dvendordir=%{_distconfdir} \ + -Ddocdir=%{_docdir}/pam \ + -Dhtmldir=%{_docdir}/pam/html \ + -Dpdfdir=%{_docdir}/pam/pdf \ + -Dsecuredir=%{_pam_moduledir} \ +%if "%{flavor}" != "full" + -Dlogind=disabled \ + -Dpam_userdb=disabled \ + -Ddocs=disabled \ +%else + -Dlogind=enabled \ +%endif + -Delogind=disabled \ + -Dexamples=false \ + -Dnis=disabled +%meson_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +%if %{build_main} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} + +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +%if "%{flavor}" == "full" +mkdir -p $DOC/modules +cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/" +%endif + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_distconfdir}/environment,%{_pam_secdistconfdir}/{a,f,g,n,p,s,t}*} +rm -rf %{buildroot}{%{_sysconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,la,lis,lo,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_limits.so,%{_pam_secdistconfdir}/limits.conf,%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +%{_pam_secdistconfdir}/limits.conf +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/pam_access-rework-resolving-of-tokens-as-hostname.patch b/pam_access-rework-resolving-of-tokens-as-hostname.patch new file mode 100644 index 0000000..36f36cd --- /dev/null +++ b/pam_access-rework-resolving-of-tokens-as-hostname.patch @@ -0,0 +1,225 @@ +From 940747f88c16e029b69a74e80a2e94f65cb3e628 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 14 Nov 2024 10:27:28 +0100 +Subject: [PATCH] pam_access: rework resolving of tokens as hostname + +* modules/pam_access/pam_access.c: separate resolving of IP addresses + from hostnames. Don't resolve TTYs or display variables as hostname + (#834). + Add "nodns" option to disallow resolving of tokens as hostname. +* modules/pam_access/pam_access.8.xml: document nodns option +* modules/pam_access/access.conf.5.xml: document that hostnames should + be written as FQHN. +--- + modules/pam_access/access.conf.5.xml | 4 ++ + modules/pam_access/pam_access.8.xml | 46 ++++++++++++------ + modules/pam_access/pam_access.c | 72 +++++++++++++++++++++++++++- + 3 files changed, 105 insertions(+), 17 deletions(-) + +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index 0b93db00..10b8ba92 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -233,6 +233,10 @@ + An IPv6 link local host address must contain the interface + identifier. IPv6 link local network/netmask is not supported. + ++ ++ Hostnames should be written as Fully-Qualified Host Name (FQHN) to avoid ++ confusion with device names or PAM service names. ++ + + + +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index c991d7a0..71a4f7ee 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -22,11 +22,14 @@ + + debug + ++ ++ noaudit ++ + + nodefgroup + + +- noaudit ++ nodns + + + quiet_log +@@ -132,6 +135,33 @@ + + + ++ ++ ++ nodefgroup ++ ++ ++ ++ User tokens which are not enclosed in parentheses will not be ++ matched against the group database. The backwards compatible default is ++ to try the group database match even for tokens not enclosed ++ in parentheses. ++ ++ ++ ++ ++ ++ ++ nodns ++ ++ ++ ++ Do not try to resolve tokens as hostnames, only IPv4 and IPv6 ++ addresses will be resolved. Which means to allow login from a ++ remote host, the IP addresses need to be specified in access.conf. ++ ++ ++ ++ + + + quiet_log +@@ -185,20 +215,6 @@ + + + +- +- +- nodefgroup +- +- +- +- User tokens which are not enclosed in parentheses will not be +- matched against the group database. The backwards compatible default is +- to try the group database match even for tokens not enclosed +- in parentheses. +- +- +- +- + + + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 48e7c7e9..109115e9 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -100,6 +100,7 @@ struct login_info { + int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ + int noaudit; /* Do not audit denials */ + int quiet_log; /* Do not log denials */ ++ int nodns; /* Do not try to resolve tokens as hostnames */ + const char *fs; /* field separator */ + const char *sep; /* list-element separator */ + int from_remote_host; /* If PAM_RHOST was used for from */ +@@ -154,6 +155,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, + loginfo->noaudit = YES; + } else if (strcmp (argv[i], "quiet_log") == 0) { + loginfo->quiet_log = YES; ++ } else if (strcmp (argv[i], "nodns") == 0) { ++ loginfo->nodns = YES; + } else { + pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]); + } +@@ -820,7 +823,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers/subnet (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -895,6 +898,39 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + } + + ++static int ++is_device (pam_handle_t *pamh, const char *tok) ++{ ++ struct stat st; ++ const char *dev = "/dev/"; ++ char *devname; ++ ++ devname = malloc (strlen(dev) + strlen (tok) + 1); ++ if (devname == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for device name: %m"); ++ /* ++ * We should return an error and abort, but pam_access has no good ++ * error handling. ++ */ ++ return NO; ++ } ++ ++ char *cp = stpcpy (devname, dev); ++ strcpy (cp, tok); ++ ++ if (lstat(devname, &st) != 0) ++ { ++ free (devname); ++ return NO; ++ } ++ free (devname); ++ ++ if (S_ISCHR(st.st_mode)) ++ return YES; ++ ++ return NO; ++} ++ + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok + * represents either a hostname, a single ip (v4,v6) address +@@ -956,10 +992,42 @@ network_netmask_match (pam_handle_t *pamh, + return NO; + } + } ++ else if (isipaddr(tok, NULL, NULL) == YES) ++ { ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ if (item->debug) ++ pam_syslog(pamh, LOG_DEBUG, "cannot resolve IP address \"%s\"", tok); ++ ++ return NO; ++ } ++ netmask_ptr = NULL; ++ } ++ else if (item->nodns) ++ { ++ /* Only hostnames are left, which we would need to resolve via DNS */ ++ return NO; ++ } + else + { ++ /* Bail out on X11 Display entries and ttys. */ ++ if (tok[0] == ':') ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is X11 display", tok); ++ return NO; ++ } ++ if (is_device (pamh, tok)) ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is a TTY", tok); ++ return NO; ++ } ++ + /* +- * It is either an IP address or a hostname. ++ * It is most likely a hostname. + * Let getaddrinfo sort everything out + */ + if (getaddrinfo (tok, NULL, NULL, &ai) != 0) +-- +2.47.0 + diff --git a/pam_issue-systemd.patch b/pam_issue-systemd.patch new file mode 100644 index 0000000..40e3bfb --- /dev/null +++ b/pam_issue-systemd.patch @@ -0,0 +1,51 @@ +From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 4 Sep 2024 16:07:56 +0200 +Subject: [PATCH] pam_issue: only count class user + +Since systemd added new types of classes (e.g. manager*), we cannot +use the count of all sessions anymore, but have to check which class +this is. + +This is backward compatible, systemd v209 or newer is required. +--- + modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index aade642ec5..e2c555c405 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + { + unsigned int users = 0; + #ifdef USE_LOGIND +- int sessions = sd_get_sessions(NULL); ++ char **sessions_list; ++ int sessions = sd_get_sessions(&sessions_list); + + if (sessions < 0) { + pam_syslog(pamh, LOG_ERR, "logind error: %s", + strerror(-sessions)); + _pam_drop(issue); + return PAM_SERVICE_ERR; ++ } else if (sessions > 0 && sessions_list != NULL) { ++ int i; ++ ++ for (i = 0; i < sessions; i++) { ++ char *class; ++ ++ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) ++ continue; ++ ++ if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete ++ users++; ++ free(class); ++ } ++ ++ for (i = 0; i < sessions; i++) ++ free(sessions_list[i]); ++ free(sessions_list); + } else { + users = sessions; + } diff --git a/pam_modutil_get-overwrite-password-at-free.patch b/pam_modutil_get-overwrite-password-at-free.patch new file mode 100644 index 0000000..c53c2ff --- /dev/null +++ b/pam_modutil_get-overwrite-password-at-free.patch @@ -0,0 +1,162 @@ +From e2fdc55d9d8d277c9395f96c3bf2938bacc84f62 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 14 Aug 2025 12:01:25 +0200 +Subject: [PATCH] pam_modutil_get*: overwrite password at free (#846) + +Make sure that the buffer containing encrypted passwords (struct group, +passwd and shadow) get's erased before free, so that they are not +available anymore if the memory get allocated again. +--- + libpam/pam_modutil_cleanup.c | 40 +++++++++++++++++++++++++++++++++++ + libpam/pam_modutil_getgrgid.c | 2 +- + libpam/pam_modutil_getgrnam.c | 2 +- + libpam/pam_modutil_getpwnam.c | 2 +- + libpam/pam_modutil_getpwuid.c | 2 +- + libpam/pam_modutil_getspnam.c | 2 +- + libpam/pam_modutil_private.h | 9 ++++++++ + 7 files changed, 54 insertions(+), 5 deletions(-) + +diff --git a/libpam/pam_modutil_cleanup.c b/libpam/pam_modutil_cleanup.c +index 2077cbd7..46233736 100644 +--- a/libpam/pam_modutil_cleanup.c ++++ b/libpam/pam_modutil_cleanup.c +@@ -5,8 +5,12 @@ + */ + + #include "pam_modutil_private.h" ++#include "pam_inline.h" + ++#include ++#include + #include ++#include + + void + pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, +@@ -15,3 +19,39 @@ pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, + /* junk it */ + free(data); + } ++ ++void ++pam_modutil_cleanup_group (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct group *gr = data; ++ ++ if (gr && gr->gr_passwd) ++ pam_overwrite_string(gr->gr_passwd); ++ ++ free(data); ++} ++ ++void ++pam_modutil_cleanup_passwd (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct passwd *pw = data; ++ ++ if (pw && pw->pw_passwd) ++ pam_overwrite_string(pw->pw_passwd); ++ ++ free(data); ++} ++ ++void ++pam_modutil_cleanup_shadow (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct spwd *sp = data; ++ ++ if (sp && sp->sp_pwdp) ++ pam_overwrite_string(sp->sp_pwdp); ++ ++ free(data); ++} +diff --git a/libpam/pam_modutil_getgrgid.c b/libpam/pam_modutil_getgrgid.c +index 6c2bb31b..fa3436c5 100644 +--- a/libpam/pam_modutil_getgrgid.c ++++ b/libpam/pam_modutil_getgrgid.c +@@ -62,7 +62,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_group); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getgrnam.c b/libpam/pam_modutil_getgrnam.c +index 418b9e47..533a8ce6 100644 +--- a/libpam/pam_modutil_getgrnam.c ++++ b/libpam/pam_modutil_getgrnam.c +@@ -62,7 +62,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_group); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getpwnam.c b/libpam/pam_modutil_getpwnam.c +index 5701ba9c..de654aeb 100644 +--- a/libpam/pam_modutil_getpwnam.c ++++ b/libpam/pam_modutil_getpwnam.c +@@ -62,7 +62,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_passwd); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getpwuid.c b/libpam/pam_modutil_getpwuid.c +index d3bb7231..6534958c 100644 +--- a/libpam/pam_modutil_getpwuid.c ++++ b/libpam/pam_modutil_getpwuid.c +@@ -62,7 +62,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_passwd); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getspnam.c b/libpam/pam_modutil_getspnam.c +index 9aa6ac9a..9733eda0 100644 +--- a/libpam/pam_modutil_getspnam.c ++++ b/libpam/pam_modutil_getspnam.c +@@ -62,7 +62,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_shadow); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_private.h b/libpam/pam_modutil_private.h +index 98a30f68..611c7696 100644 +--- a/libpam/pam_modutil_private.h ++++ b/libpam/pam_modutil_private.h +@@ -20,5 +20,14 @@ + extern void + pam_modutil_cleanup(pam_handle_t *pamh, void *data, + int error_status); ++extern void ++pam_modutil_cleanup_group(pam_handle_t *pamh, void *data, ++ int error_status); ++extern void ++pam_modutil_cleanup_passwd(pam_handle_t *pamh, void *data, ++ int error_status); ++extern void ++pam_modutil_cleanup_shadow(pam_handle_t *pamh, void *data, ++ int error_status); + + #endif /* PAMMODUTIL_PRIVATE_H */ +-- +2.50.1 + diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From c1f502e6aab435d868e840036cf0546aeb03f51c48745f1bb3d188fd28823e3b Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Wed, 20 Aug 2025 14:40:36 +0000 Subject: [PATCH 224/226] CVE typo OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=311 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.6.1.tar.xz | 3 + Linux-PAM-1.6.1.tar.xz.asc | 16 + Linux-PAM-1.7.0.tar.xz | 3 + Linux-PAM-1.7.0.tar.xz.asc | 16 + Linux-PAM-1.7.1.tar.xz | 3 + Linux-PAM-1.7.1.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 7 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 13 + common-session.pamd | 12 + macros.pam | 8 + other.pamd | 10 + pam-bsc1194818-cursor-escape.patch | 36 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2421 +++++++++++++++++ pam.spec | 527 ++++ pam.tmpfiles | 4 + ...work-resolving-of-tokens-as-hostname.patch | 225 ++ pam_issue-systemd.patch | 51 + ...dutil_get-overwrite-password-at-free.patch | 162 ++ postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 +++ 32 files changed, 4104 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.6.1.tar.xz create mode 100644 Linux-PAM-1.6.1.tar.xz.asc create mode 100644 Linux-PAM-1.7.0.tar.xz create mode 100644 Linux-PAM-1.7.0.tar.xz.asc create mode 100644 Linux-PAM-1.7.1.tar.xz create mode 100644 Linux-PAM-1.7.1.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-bsc1194818-cursor-escape.patch create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 pam_access-rework-resolving-of-tokens-as-hostname.patch create mode 100644 pam_issue-systemd.patch create mode 100644 pam_modutil_get-overwrite-password-at-free.patch create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.6.1.tar.xz b/Linux-PAM-1.6.1.tar.xz new file mode 100644 index 0000000..95fe0a8 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f8923c740159052d719dbfc2a2f81942d68dd34fcaf61c706a02c9b80feeef8e +size 1054152 diff --git a/Linux-PAM-1.6.1.tar.xz.asc b/Linux-PAM-1.6.1.tar.xz.asc new file mode 100644 index 0000000..8cbfcb4 --- /dev/null +++ b/Linux-PAM-1.6.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJmFWt/AAoJEKgEH6g54W42NCwP/iWl8igdScTreVF6zV79Dqu1 +sl+ZjBr/dL+DOTcotsRnoAZUOy4ug3iktMZr1t0BMpWUorNmUofH4SZuhsX0CgRq +47t5mVqCakwn4JLq8J9cLOciMno6ips5ZT4RbMgzRYd1WcBurCAxQSNLP3aQGgub +RFObkqw5814ksz9Ge6QVhJ4l9P0wUoKfcpkzHj2Vq+cy0EzlBtnBGCHrMDgrz5aT +mXqGVvWTPO+lR2S+7wOLUtPoRv0uvN6h97ZszaoGoJ6wa6yYwOYz12/AiIsVQhet +cnr29ymuwPDqlrYGD1Hb0+ZUQExjVDQY90hdJ/ZntUlK7CY/2SotpDGB9kR8dTYJ +fpIVmR6GEZ+xSjBqa7RaiL8ieZCgT3TIvsMqteiFkqI+2lhlSGHX3g3oNSd3sbqd +PLok6W4L+xWDp89aMyYDDs/ISjBt5sSNK4NOOTZIMK4oeScGJJvrDL3S5DOSk1ku +o3l9N62WStD7fk0LYnyUGZORg/ccK6Yy2fV22zBMm/76PoyA1yHfFxCW+HwwmcqR +0riaFjA8cesZ3Dj79q24U3FRVdW5fTF9gS/5mK/Yj51KMMzTkUmbjksEC/AEBKzB +9laXxPdIeKUwNlGs7Heo/NE87u4OZfyihwpzLaTcOzbpN3zDyH6aH5poDs1FSaQ2 +UoUkHsbCWJU/ksn/9BIQ +=Dbz2 +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.0.tar.xz b/Linux-PAM-1.7.0.tar.xz new file mode 100644 index 0000000..69dc2e3 --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:57dcd7a6b966ecd5bbd95e1d11173734691e16b68692fa59661cdae9b13b1697 +size 507824 diff --git a/Linux-PAM-1.7.0.tar.xz.asc b/Linux-PAM-1.7.0.tar.xz.asc new file mode 100644 index 0000000..5fbbdaa --- /dev/null +++ b/Linux-PAM-1.7.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJnGiIVAAoJEKgEH6g54W42kSsP/jsmwl1WMrtPlze2jtRZ1ZVD +HvJPJMYNCeXKpXxSCL4rt97TeZKp+8WbrmrbG+zG8okIFDKl4rHuU9PpJocIpwDd ++zAD1GQOqeUz0AyPPXBmsMshmQ3z+l8W9ykR1WCFrceXRAswSgNEDEavluVP9EHG +epFA/+t1BR8G3GV6LH9LhRkTOOsE8O30hTEHZp1vCrR+xKJo41ZTq+VVvU8KFUrC +lPGH9pX1ioe5rlLfvKNJthUKVoaNyDXED2la9sJPdTmc5hDBGLIo5hnBpvOn8Zfp +cfMoB3lFBy6MHF7tb4ZfDxgG44D/xIwXd7Zddc6HenJl/SUjucXFq1OXHcK+MhqO +63zFAci8k7ywwPPoGBpHMYZ2czZx3jo++It80b2CBMYKzi9YMVmaq/toEtMyI+Og +W3gh4EfHkN98GQz4XC9yO4fjIno1J/Bwni6HNXBaumbg6xIPRwvxcOCdXZBUjKrx +mDljxQetZJGzURidA+2cdJsAu1o0PDtzPguabno4aW2GMV9tUF3Q3aF+NClg18uZ ++eXlGd/fsrLOIGfhYOpbFyIEE5h/dZq3vIj/NOVfKCsU0yajs6d3Zj2Y+2sxs7ob +z9begFsadFZ6atqA77FL7i4781U2bTtqp8qsj9UXb+gJabqnQZ2k+qBXg4XtAWrn +iJaal6uBXWOJG9BG5l8G +=CVaC +-----END PGP SIGNATURE----- diff --git a/Linux-PAM-1.7.1.tar.xz b/Linux-PAM-1.7.1.tar.xz new file mode 100644 index 0000000..7b3c6a7 --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:21dbcec6e01dd578f14789eac9024a18941e6f2702a05cf91b28c232eeb26ab0 +size 510828 diff --git a/Linux-PAM-1.7.1.tar.xz.asc b/Linux-PAM-1.7.1.tar.xz.asc new file mode 100644 index 0000000..ebcc2cf --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJoUTDGAAoJEKgEH6g54W42RDQQAIKq+ltEn0g/lB0g+xU9SArO +ItMiZDp6RaLDIRgOxbl1hnQyXvXcW5LYBT36u+e5PLKrtMzc8/S3kDtn2FRsS5KW +aZaKmZI6UlEQVErMfX2F8/uPvcMRNmqHL7h3+BW8aIWp+WTBO3TIOZxVqNoDFbxj +L/9G3KYTgcuKjb6XoDlicS68ImcLJC2BPjcaisaoqKRyK504jgYK6Wl6AFo7Fu8r +PS134LM6gUUxMzdYCpISmO5tZh+uOqtCfbdeOY3bwBeupe2J4D6v7uASF7RqEXPX +/imsmUkmqLmOOolvLflGDsiz1HaY05LW7CcJngXOV6WKU+HqBg9E5Xclnr0RyvBD +tmFPeWlgPw+zg+BVUhGAUeLoFCknbtY/7TEB4Jh0Z/Tm+pOUVoQbhrUCI0rAgapN +dA9i5DCUuEBXRul2YvG7EZGuYs77fzpf/J++b9XKB9kH1Bc3vaaZoaO+lbN8g6Ei +CbZCmD0ct0UhUTX+FEUG9SkMTomyd9ihz6kuHcuo4eCVbVuDJpF+vEUjVb7no9Aw +KlZ6/I45GRRjIYYk/vxpgNX05D8xeMxDkXEMcKAHsI/q4oOe7Hsuess47WioiVXL +xNl6AHjJ4VMcz1xLPR8COA8L3uaZNtxuIGhazZFeJbrfJct5gsf9iv04pdAA73/B +NtgHrE6GjGSmw+/xX22z +=RQhR +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..af91018 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel +pam-userdb diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..827283b --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..c57304c --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,12 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-bsc1194818-cursor-escape.patch b/pam-bsc1194818-cursor-escape.patch new file mode 100644 index 0000000..fbd27de --- /dev/null +++ b/pam-bsc1194818-cursor-escape.patch @@ -0,0 +1,36 @@ +From 8ae228fa76ff9ef1d8d6b2199582d9206f1830c6 Mon Sep 17 00:00:00 2001 +From: Stanislav Brabec +Date: Mon, 22 Jul 2024 23:18:16 +0200 +Subject: [PATCH] libpam_misc: Use ECHOCTL in the terminal input + +Use the canonical terminal mode (line mode) and set ECHOCTL to prevent +cursor escape from the login prompt using arrows or escape sequences. + +ICANON is the default in most cases anyway. ECHOCTL is default on tty, but +for example not on pty, allowing cursor to escape. + +Stanislav Brabec +--- + libpam_misc/misc_conv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c +index 7410e929..6b839b48 100644 +--- a/libpam_misc/misc_conv.c ++++ b/libpam_misc/misc_conv.c +@@ -145,9 +145,10 @@ static int read_string(int echo, const char *prompt, char **retstr) + return -1; + } + memcpy(&term_tmp, &term_before, sizeof(term_tmp)); +- if (!echo) { ++ if (echo) ++ term_tmp.c_lflag |= ICANON | ECHOCTL; ++ else + term_tmp.c_lflag &= ~(ECHO); +- } + have_term = 1; + + /* +-- +2.45.2 + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..6a0a364 --- /dev/null +++ b/pam.changes @@ -0,0 +1,2421 @@ +------------------------------------------------------------------- +Tue Aug 19 10:12:13 UTC 2025 - Valentin Lefebvre + +- Make sure that the buffer containing encrypted passwords get's erased, + before free. + [pam_modutil_get-overwrite-password-at-free.patch, bsc#1232234, + CVE-2024-10041] + +------------------------------------------------------------------- +Wed Jun 18 12:01:57 UTC 2025 - Thorsten Kukuk + +- hardcode disabling elogind, meson detection is unreliable in OBS + +------------------------------------------------------------------- +Wed Jun 18 05:38:35 UTC 2025 - Thorsten Kukuk + +- Update to version 1.7.1 + - pam_access: do not resolve ttys or display variables as hostnames. + - pam_access: added "nodns" option to disallow resolving of tokens + as hostnames (CVE-2024-10963). + - pam_limits: added support for rttime (RLIMIT_RTTIME). + - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). + - meson: added support of elogind as a logind provider. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted + +------------------------------------------------------------------- +Mon Mar 24 17:41:34 UTC 2025 - Thorsten Kukuk + +- Remove unix2_chkpwd, no consumer left + +------------------------------------------------------------------- +Thu Dec 5 12:44:33 UTC 2024 - Valentin Lefebvre + +- pam_access: rework resolving of tokens as hostname + - separate resolving of IP addresses from hostnames. Don't resolve TTYs or + display variables as hostname. + - Add "nodns" option to disallow resolving of tokens as hostname. + - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, + CVE-2024-10963] + +------------------------------------------------------------------- +Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk + +- Update to version 1.7.0 + - build: changed build system from autotools to meson. + - libpam_misc: use ECHOCTL in the terminal input + - pam_access: support UID and GID in access.conf + - pam_env: install environment file in vendordir if vendordir is enabled + - pam_issue: only count class user if logind support is enabled + - pam_limits: use systemd-logind instead of utmp if logind support is enabled + - pam_unix: compare password hashes in constant time + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Drop upstream patches: + - pam-bsc1194818-cursor-escape.patch + - pam_limits-systemd.patch + - pam_issue-systemd.patch + +------------------------------------------------------------------- +Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk + +- baselibs.conf: add pam-userdb + +------------------------------------------------------------------- +Tue Sep 10 08:22:02 UTC 2024 - Thorsten Kukuk + +- pam_limits-systemd.patch: update to final PR + +------------------------------------------------------------------- +Fri Sep 6 08:13:22 UTC 2024 - Thorsten Kukuk + +- Add systemd-logind support to pam_limits (pam_limits-systemd.patch) +- Remove /usr/etc/pam.d, everything should be migrated +- Remove pam_limits from default common-sessions* files. pam_limits + is now part of pam-extra and not in our default generated config. +- pam_issue-systemd.patch: only count class user sessions + +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..92258e5 --- /dev/null +++ b/pam.spec @@ -0,0 +1,527 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux + +%define flavor @BUILD_FLAVOR@%{nil} + +# List of config files for migration to /usr/etc +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.7.1 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +# PATCH-FIX-UPSTREAM +Patch2: pam_modutil_get-overwrite-password-at-free.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: meson >= 0.62.0 +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(libsystemd) >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_pam_moduledir}/pam_limits.so + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif + +%meson -Dvendordir=%{_distconfdir} \ + -Ddocdir=%{_docdir}/pam \ + -Dhtmldir=%{_docdir}/pam/html \ + -Dpdfdir=%{_docdir}/pam/pdf \ + -Dsecuredir=%{_pam_moduledir} \ +%if "%{flavor}" != "full" + -Dlogind=disabled \ + -Dpam_userdb=disabled \ + -Ddocs=disabled \ +%else + -Dlogind=enabled \ +%endif + -Delogind=disabled \ + -Dexamples=false \ + -Dnis=disabled +%meson_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +%if %{build_main} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} + +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +%if "%{flavor}" == "full" +mkdir -p $DOC/modules +cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/" +%endif + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_distconfdir}/environment,%{_pam_secdistconfdir}/{a,f,g,n,p,s,t}*} +rm -rf %{buildroot}{%{_sysconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,la,lis,lo,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_limits.so,%{_pam_secdistconfdir}/limits.conf,%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +%{_pam_secdistconfdir}/limits.conf +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/pam_access-rework-resolving-of-tokens-as-hostname.patch b/pam_access-rework-resolving-of-tokens-as-hostname.patch new file mode 100644 index 0000000..36f36cd --- /dev/null +++ b/pam_access-rework-resolving-of-tokens-as-hostname.patch @@ -0,0 +1,225 @@ +From 940747f88c16e029b69a74e80a2e94f65cb3e628 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 14 Nov 2024 10:27:28 +0100 +Subject: [PATCH] pam_access: rework resolving of tokens as hostname + +* modules/pam_access/pam_access.c: separate resolving of IP addresses + from hostnames. Don't resolve TTYs or display variables as hostname + (#834). + Add "nodns" option to disallow resolving of tokens as hostname. +* modules/pam_access/pam_access.8.xml: document nodns option +* modules/pam_access/access.conf.5.xml: document that hostnames should + be written as FQHN. +--- + modules/pam_access/access.conf.5.xml | 4 ++ + modules/pam_access/pam_access.8.xml | 46 ++++++++++++------ + modules/pam_access/pam_access.c | 72 +++++++++++++++++++++++++++- + 3 files changed, 105 insertions(+), 17 deletions(-) + +diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml +index 0b93db00..10b8ba92 100644 +--- a/modules/pam_access/access.conf.5.xml ++++ b/modules/pam_access/access.conf.5.xml +@@ -233,6 +233,10 @@ + An IPv6 link local host address must contain the interface + identifier. IPv6 link local network/netmask is not supported. + ++ ++ Hostnames should be written as Fully-Qualified Host Name (FQHN) to avoid ++ confusion with device names or PAM service names. ++ + + + +diff --git a/modules/pam_access/pam_access.8.xml b/modules/pam_access/pam_access.8.xml +index c991d7a0..71a4f7ee 100644 +--- a/modules/pam_access/pam_access.8.xml ++++ b/modules/pam_access/pam_access.8.xml +@@ -22,11 +22,14 @@ + + debug + ++ ++ noaudit ++ + + nodefgroup + + +- noaudit ++ nodns + + + quiet_log +@@ -132,6 +135,33 @@ + + + ++ ++ ++ nodefgroup ++ ++ ++ ++ User tokens which are not enclosed in parentheses will not be ++ matched against the group database. The backwards compatible default is ++ to try the group database match even for tokens not enclosed ++ in parentheses. ++ ++ ++ ++ ++ ++ ++ nodns ++ ++ ++ ++ Do not try to resolve tokens as hostnames, only IPv4 and IPv6 ++ addresses will be resolved. Which means to allow login from a ++ remote host, the IP addresses need to be specified in access.conf. ++ ++ ++ ++ + + + quiet_log +@@ -185,20 +215,6 @@ + + + +- +- +- nodefgroup +- +- +- +- User tokens which are not enclosed in parentheses will not be +- matched against the group database. The backwards compatible default is +- to try the group database match even for tokens not enclosed +- in parentheses. +- +- +- +- + + + +diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c +index 48e7c7e9..109115e9 100644 +--- a/modules/pam_access/pam_access.c ++++ b/modules/pam_access/pam_access.c +@@ -100,6 +100,7 @@ struct login_info { + int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ + int noaudit; /* Do not audit denials */ + int quiet_log; /* Do not log denials */ ++ int nodns; /* Do not try to resolve tokens as hostnames */ + const char *fs; /* field separator */ + const char *sep; /* list-element separator */ + int from_remote_host; /* If PAM_RHOST was used for from */ +@@ -154,6 +155,8 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo, + loginfo->noaudit = YES; + } else if (strcmp (argv[i], "quiet_log") == 0) { + loginfo->quiet_log = YES; ++ } else if (strcmp (argv[i], "nodns") == 0) { ++ loginfo->nodns = YES; + } else { + pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]); + } +@@ -820,7 +823,7 @@ remote_match (pam_handle_t *pamh, char *tok, struct login_info *item) + if ((str_len = strlen(string)) > tok_len + && strcasecmp(tok, string + str_len - tok_len) == 0) + return YES; +- } else if (tok[tok_len - 1] == '.') { /* internet network numbers (end with ".") */ ++ } else if (tok[tok_len - 1] == '.') { /* internet network numbers/subnet (end with ".") */ + struct addrinfo hint; + + memset (&hint, '\0', sizeof (hint)); +@@ -895,6 +898,39 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string, + } + + ++static int ++is_device (pam_handle_t *pamh, const char *tok) ++{ ++ struct stat st; ++ const char *dev = "/dev/"; ++ char *devname; ++ ++ devname = malloc (strlen(dev) + strlen (tok) + 1); ++ if (devname == NULL) { ++ pam_syslog(pamh, LOG_ERR, "Cannot allocate memory for device name: %m"); ++ /* ++ * We should return an error and abort, but pam_access has no good ++ * error handling. ++ */ ++ return NO; ++ } ++ ++ char *cp = stpcpy (devname, dev); ++ strcpy (cp, tok); ++ ++ if (lstat(devname, &st) != 0) ++ { ++ free (devname); ++ return NO; ++ } ++ free (devname); ++ ++ if (S_ISCHR(st.st_mode)) ++ return YES; ++ ++ return NO; ++} ++ + /* network_netmask_match - match a string against one token + * where string is a hostname or ip (v4,v6) address and tok + * represents either a hostname, a single ip (v4,v6) address +@@ -956,10 +992,42 @@ network_netmask_match (pam_handle_t *pamh, + return NO; + } + } ++ else if (isipaddr(tok, NULL, NULL) == YES) ++ { ++ if (getaddrinfo (tok, NULL, NULL, &ai) != 0) ++ { ++ if (item->debug) ++ pam_syslog(pamh, LOG_DEBUG, "cannot resolve IP address \"%s\"", tok); ++ ++ return NO; ++ } ++ netmask_ptr = NULL; ++ } ++ else if (item->nodns) ++ { ++ /* Only hostnames are left, which we would need to resolve via DNS */ ++ return NO; ++ } + else + { ++ /* Bail out on X11 Display entries and ttys. */ ++ if (tok[0] == ':') ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is X11 display", tok); ++ return NO; ++ } ++ if (is_device (pamh, tok)) ++ { ++ if (item->debug) ++ pam_syslog (pamh, LOG_DEBUG, ++ "network_netmask_match: tok=%s is a TTY", tok); ++ return NO; ++ } ++ + /* +- * It is either an IP address or a hostname. ++ * It is most likely a hostname. + * Let getaddrinfo sort everything out + */ + if (getaddrinfo (tok, NULL, NULL, &ai) != 0) +-- +2.47.0 + diff --git a/pam_issue-systemd.patch b/pam_issue-systemd.patch new file mode 100644 index 0000000..40e3bfb --- /dev/null +++ b/pam_issue-systemd.patch @@ -0,0 +1,51 @@ +From 8401cef10cd5f62849c5fcfef4c82db92712296c Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Wed, 4 Sep 2024 16:07:56 +0200 +Subject: [PATCH] pam_issue: only count class user + +Since systemd added new types of classes (e.g. manager*), we cannot +use the count of all sessions anymore, but have to check which class +this is. + +This is backward compatible, systemd v209 or newer is required. +--- + modules/pam_issue/pam_issue.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c +index aade642ec5..e2c555c405 100644 +--- a/modules/pam_issue/pam_issue.c ++++ b/modules/pam_issue/pam_issue.c +@@ -165,13 +165,31 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) + { + unsigned int users = 0; + #ifdef USE_LOGIND +- int sessions = sd_get_sessions(NULL); ++ char **sessions_list; ++ int sessions = sd_get_sessions(&sessions_list); + + if (sessions < 0) { + pam_syslog(pamh, LOG_ERR, "logind error: %s", + strerror(-sessions)); + _pam_drop(issue); + return PAM_SERVICE_ERR; ++ } else if (sessions > 0 && sessions_list != NULL) { ++ int i; ++ ++ for (i = 0; i < sessions; i++) { ++ char *class; ++ ++ if (sd_session_get_class(sessions_list[i], &class) < 0 || class == NULL) ++ continue; ++ ++ if (strncmp(class, "user", 4) == 0) // user, user-early, user-incomplete ++ users++; ++ free(class); ++ } ++ ++ for (i = 0; i < sessions; i++) ++ free(sessions_list[i]); ++ free(sessions_list); + } else { + users = sessions; + } diff --git a/pam_modutil_get-overwrite-password-at-free.patch b/pam_modutil_get-overwrite-password-at-free.patch new file mode 100644 index 0000000..c53c2ff --- /dev/null +++ b/pam_modutil_get-overwrite-password-at-free.patch @@ -0,0 +1,162 @@ +From e2fdc55d9d8d277c9395f96c3bf2938bacc84f62 Mon Sep 17 00:00:00 2001 +From: Thorsten Kukuk +Date: Thu, 14 Aug 2025 12:01:25 +0200 +Subject: [PATCH] pam_modutil_get*: overwrite password at free (#846) + +Make sure that the buffer containing encrypted passwords (struct group, +passwd and shadow) get's erased before free, so that they are not +available anymore if the memory get allocated again. +--- + libpam/pam_modutil_cleanup.c | 40 +++++++++++++++++++++++++++++++++++ + libpam/pam_modutil_getgrgid.c | 2 +- + libpam/pam_modutil_getgrnam.c | 2 +- + libpam/pam_modutil_getpwnam.c | 2 +- + libpam/pam_modutil_getpwuid.c | 2 +- + libpam/pam_modutil_getspnam.c | 2 +- + libpam/pam_modutil_private.h | 9 ++++++++ + 7 files changed, 54 insertions(+), 5 deletions(-) + +diff --git a/libpam/pam_modutil_cleanup.c b/libpam/pam_modutil_cleanup.c +index 2077cbd7..46233736 100644 +--- a/libpam/pam_modutil_cleanup.c ++++ b/libpam/pam_modutil_cleanup.c +@@ -5,8 +5,12 @@ + */ + + #include "pam_modutil_private.h" ++#include "pam_inline.h" + ++#include ++#include + #include ++#include + + void + pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, +@@ -15,3 +19,39 @@ pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, + /* junk it */ + free(data); + } ++ ++void ++pam_modutil_cleanup_group (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct group *gr = data; ++ ++ if (gr && gr->gr_passwd) ++ pam_overwrite_string(gr->gr_passwd); ++ ++ free(data); ++} ++ ++void ++pam_modutil_cleanup_passwd (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct passwd *pw = data; ++ ++ if (pw && pw->pw_passwd) ++ pam_overwrite_string(pw->pw_passwd); ++ ++ free(data); ++} ++ ++void ++pam_modutil_cleanup_shadow (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct spwd *sp = data; ++ ++ if (sp && sp->sp_pwdp) ++ pam_overwrite_string(sp->sp_pwdp); ++ ++ free(data); ++} +diff --git a/libpam/pam_modutil_getgrgid.c b/libpam/pam_modutil_getgrgid.c +index 6c2bb31b..fa3436c5 100644 +--- a/libpam/pam_modutil_getgrgid.c ++++ b/libpam/pam_modutil_getgrgid.c +@@ -62,7 +62,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_group); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getgrnam.c b/libpam/pam_modutil_getgrnam.c +index 418b9e47..533a8ce6 100644 +--- a/libpam/pam_modutil_getgrnam.c ++++ b/libpam/pam_modutil_getgrnam.c +@@ -62,7 +62,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_group); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getpwnam.c b/libpam/pam_modutil_getpwnam.c +index 5701ba9c..de654aeb 100644 +--- a/libpam/pam_modutil_getpwnam.c ++++ b/libpam/pam_modutil_getpwnam.c +@@ -62,7 +62,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_passwd); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getpwuid.c b/libpam/pam_modutil_getpwuid.c +index d3bb7231..6534958c 100644 +--- a/libpam/pam_modutil_getpwuid.c ++++ b/libpam/pam_modutil_getpwuid.c +@@ -62,7 +62,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_passwd); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getspnam.c b/libpam/pam_modutil_getspnam.c +index 9aa6ac9a..9733eda0 100644 +--- a/libpam/pam_modutil_getspnam.c ++++ b/libpam/pam_modutil_getspnam.c +@@ -62,7 +62,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_shadow); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_private.h b/libpam/pam_modutil_private.h +index 98a30f68..611c7696 100644 +--- a/libpam/pam_modutil_private.h ++++ b/libpam/pam_modutil_private.h +@@ -20,5 +20,14 @@ + extern void + pam_modutil_cleanup(pam_handle_t *pamh, void *data, + int error_status); ++extern void ++pam_modutil_cleanup_group(pam_handle_t *pamh, void *data, ++ int error_status); ++extern void ++pam_modutil_cleanup_passwd(pam_handle_t *pamh, void *data, ++ int error_status); ++extern void ++pam_modutil_cleanup_shadow(pam_handle_t *pamh, void *data, ++ int error_status); + + #endif /* PAMMODUTIL_PRIVATE_H */ +-- +2.50.1 + diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +} -- 2.51.1 From ed6a7a6b67d48a9b27f14cf27d816c576f31f85a38d242f8fd31e8b8da6940c5 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Wed, 27 Aug 2025 14:27:29 +0000 Subject: [PATCH 225/226] - Update to 1.7.1+git (post-v1.7.1.patch) - disable unix_chkpwd by default, only used as fallback again - pam_modutil_get-overwrite-password-at-free.patch is included OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=312 --- .gitattributes | 23 + .gitignore | 1 + Linux-PAM-1.7.1.tar.xz | 3 + Linux-PAM-1.7.1.tar.xz.asc | 16 + _multibuild | 3 + baselibs.conf | 7 + common-account.pamd | 9 + common-auth.pamd | 11 + common-password.pamd | 11 + common-session-nonlogin.pamd | 13 + common-session.pamd | 12 + macros.pam | 8 + other.pamd | 10 + pam-limit-nproc.patch | 11 + pam-login_defs-check.sh | 46 + pam.changes | 2428 ++++++++++++++++++++++++++++++++++ pam.spec | 529 ++++++++ pam.tmpfiles | 4 + post-v1.7.1.patch | 1273 ++++++++++++++++++ postlogin-account.pamd | 10 + postlogin-auth.pamd | 10 + postlogin-password.pamd | 10 + postlogin-session.pamd | 10 + 23 files changed, 4458 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 Linux-PAM-1.7.1.tar.xz create mode 100644 Linux-PAM-1.7.1.tar.xz.asc create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 common-account.pamd create mode 100644 common-auth.pamd create mode 100644 common-password.pamd create mode 100644 common-session-nonlogin.pamd create mode 100644 common-session.pamd create mode 100644 macros.pam create mode 100644 other.pamd create mode 100644 pam-limit-nproc.patch create mode 100644 pam-login_defs-check.sh create mode 100644 pam.changes create mode 100644 pam.spec create mode 100644 pam.tmpfiles create mode 100644 post-v1.7.1.patch create mode 100644 postlogin-account.pamd create mode 100644 postlogin-auth.pamd create mode 100644 postlogin-password.pamd create mode 100644 postlogin-session.pamd diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Linux-PAM-1.7.1.tar.xz b/Linux-PAM-1.7.1.tar.xz new file mode 100644 index 0000000..7b3c6a7 --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:21dbcec6e01dd578f14789eac9024a18941e6f2702a05cf91b28c232eeb26ab0 +size 510828 diff --git a/Linux-PAM-1.7.1.tar.xz.asc b/Linux-PAM-1.7.1.tar.xz.asc new file mode 100644 index 0000000..ebcc2cf --- /dev/null +++ b/Linux-PAM-1.7.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABCgAGBQJoUTDGAAoJEKgEH6g54W42RDQQAIKq+ltEn0g/lB0g+xU9SArO +ItMiZDp6RaLDIRgOxbl1hnQyXvXcW5LYBT36u+e5PLKrtMzc8/S3kDtn2FRsS5KW +aZaKmZI6UlEQVErMfX2F8/uPvcMRNmqHL7h3+BW8aIWp+WTBO3TIOZxVqNoDFbxj +L/9G3KYTgcuKjb6XoDlicS68ImcLJC2BPjcaisaoqKRyK504jgYK6Wl6AFo7Fu8r +PS134LM6gUUxMzdYCpISmO5tZh+uOqtCfbdeOY3bwBeupe2J4D6v7uASF7RqEXPX +/imsmUkmqLmOOolvLflGDsiz1HaY05LW7CcJngXOV6WKU+HqBg9E5Xclnr0RyvBD +tmFPeWlgPw+zg+BVUhGAUeLoFCknbtY/7TEB4Jh0Z/Tm+pOUVoQbhrUCI0rAgapN +dA9i5DCUuEBXRul2YvG7EZGuYs77fzpf/J++b9XKB9kH1Bc3vaaZoaO+lbN8g6Ei +CbZCmD0ct0UhUTX+FEUG9SkMTomyd9ihz6kuHcuo4eCVbVuDJpF+vEUjVb7no9Aw +KlZ6/I45GRRjIYYk/vxpgNX05D8xeMxDkXEMcKAHsI/q4oOe7Hsuess47WioiVXL +xNl6AHjJ4VMcz1xLPR8COA8L3uaZNtxuIGhazZFeJbrfJct5gsf9iv04pdAA73/B +NtgHrE6GjGSmw+/xX22z +=RQhR +-----END PGP SIGNATURE----- diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..86627c6 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + full + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..af91018 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,7 @@ +pam + requires "(systemd- if systemd)" + obsoletes "pam_unix-" + obsoletes "pam_unix-nis-" +pam-extra +pam-devel +pam-userdb diff --git a/common-account.pamd b/common-account.pamd new file mode 100644 index 0000000..e2b3274 --- /dev/null +++ b/common-account.pamd @@ -0,0 +1,9 @@ +# +# /etc/pam.d/common-account - account settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the account modules that define +# the central access policy for use on the system. The default is to +# only deny service to users whose accounts are expired. +# +account required pam_unix.so try_first_pass diff --git a/common-auth.pamd b/common-auth.pamd new file mode 100644 index 0000000..b4d5dc3 --- /dev/null +++ b/common-auth.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-auth - authentication settings common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of the authentication modules that define +# the central authentication scheme for use on the system +# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the +# traditional Unix authentication mechanisms. +# +auth required pam_env.so +auth required pam_unix.so try_first_pass diff --git a/common-password.pamd b/common-password.pamd new file mode 100644 index 0000000..83e9109 --- /dev/null +++ b/common-password.pamd @@ -0,0 +1,11 @@ +# +# /etc/pam.d/common-password - password-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define the services to be +# used to change user passwords. +# +# The "nullok" option allows users to change an empty password, else +# empty passwords are treated as locked accounts. +# +password required pam_unix.so nullok diff --git a/common-session-nonlogin.pamd b/common-session-nonlogin.pamd new file mode 100644 index 0000000..827283b --- /dev/null +++ b/common-session-nonlogin.pamd @@ -0,0 +1,13 @@ +# +# /etc/pam.d/common-session-nonlogin - session-related modules common +# to services not doing a real login +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive), but not if they don't create a new login session +# (e.g. like cron, chfn, chsh, ...) +# +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/common-session.pamd b/common-session.pamd new file mode 100644 index 0000000..c57304c --- /dev/null +++ b/common-session.pamd @@ -0,0 +1,12 @@ +# +# /etc/pam.d/common-session - session-related modules common to all services +# +# This file is included from other service-specific PAM config files, +# and should contain a list of modules that define tasks to be performed +# at the start and end of sessions of *any* kind (both interactive and +# non-interactive). +# +session optional pam_systemd.so +session required pam_unix.so try_first_pass +session optional pam_umask.so +session optional pam_env.so diff --git a/macros.pam b/macros.pam new file mode 100644 index 0000000..ac665f6 --- /dev/null +++ b/macros.pam @@ -0,0 +1,8 @@ +%_pam_libdir %{_libdir} +%_pam_moduledir %{_libdir}/security +%_pam_secconfdir %{_sysconfdir}/security +%_pam_secdistconfdir %{_distconfdir}/security +%_pam_confdir %{_sysconfdir}/pam.d +%_pam_vendordir %{_prefix}/lib/pam.d +# legacy, to be retired +%_pamdir %{_pam_moduledir} diff --git a/other.pamd b/other.pamd new file mode 100644 index 0000000..cd3b1b3 --- /dev/null +++ b/other.pamd @@ -0,0 +1,10 @@ +#%PAM-1.0 +auth required pam_warn.so +auth required pam_deny.so +account required pam_warn.so +account required pam_deny.so +password required pam_warn.so +password required pam_deny.so +session required pam_warn.so +session required pam_deny.so + diff --git a/pam-limit-nproc.patch b/pam-limit-nproc.patch new file mode 100644 index 0000000..db06758 --- /dev/null +++ b/pam-limit-nproc.patch @@ -0,0 +1,11 @@ +Index: Linux-PAM-1.3.1/modules/pam_limits/limits.conf +=================================================================== +--- Linux-PAM-1.3.1.orig/modules/pam_limits/limits.conf ++++ Linux-PAM-1.3.1/modules/pam_limits/limits.conf +@@ -47,4 +47,6 @@ + #ftp hard nproc 0 + #@student - maxlogins 4 + ++# No limits for nproc, use systemd configuration instead ++ + # End of file diff --git a/pam-login_defs-check.sh b/pam-login_defs-check.sh new file mode 100644 index 0000000..6b9b498 --- /dev/null +++ b/pam-login_defs-check.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +# Extract list of variables supported by su/runuser. +# +# If you edit this file, you will probably need to edit +# shadow-login_defs-check.sh from shadow sources in a similar way. + +set -o errexit + +echo -n "Checking login.defs variables in pam... " >&2 +grep -rh LOGIN_DEFS . | + sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | + LC_ALL=C sort -u >pam-login_defs-vars.lst + +if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != 8521c47f55dff97fac980d52395b763590cd3f07 ; then + + echo "does not match!" >&2 + echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2 + +cat >&2 <&2 +fi diff --git a/pam.changes b/pam.changes new file mode 100644 index 0000000..52a0ff3 --- /dev/null +++ b/pam.changes @@ -0,0 +1,2428 @@ +------------------------------------------------------------------- +Wed Aug 27 14:20:14 UTC 2025 - Thorsten Kukuk + +- Update to 1.7.1+git (post-v1.7.1.patch) + - disable unix_chkpwd by default, only used as fallback again +- pam_modutil_get-overwrite-password-at-free.patch is included + +------------------------------------------------------------------- +Tue Aug 19 10:12:13 UTC 2025 - Valentin Lefebvre + +- Make sure that the buffer containing encrypted passwords get's erased, + before free. + [pam_modutil_get-overwrite-password-at-free.patch, bsc#1232234, + CVE-2024-10041] + +------------------------------------------------------------------- +Wed Jun 18 12:01:57 UTC 2025 - Thorsten Kukuk + +- hardcode disabling elogind, meson detection is unreliable in OBS + +------------------------------------------------------------------- +Wed Jun 18 05:38:35 UTC 2025 - Thorsten Kukuk + +- Update to version 1.7.1 + - pam_access: do not resolve ttys or display variables as hostnames. + - pam_access: added "nodns" option to disallow resolving of tokens + as hostnames (CVE-2024-10963). + - pam_limits: added support for rttime (RLIMIT_RTTIME). + - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). + - meson: added support of elogind as a logind provider. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted + +------------------------------------------------------------------- +Mon Mar 24 17:41:34 UTC 2025 - Thorsten Kukuk + +- Remove unix2_chkpwd, no consumer left + +------------------------------------------------------------------- +Thu Dec 5 12:44:33 UTC 2024 - Valentin Lefebvre + +- pam_access: rework resolving of tokens as hostname + - separate resolving of IP addresses from hostnames. Don't resolve TTYs or + display variables as hostname. + - Add "nodns" option to disallow resolving of tokens as hostname. + - [pam_access-rework-resolving-of-tokens-as-hostname.patch, bsc#1233078, + CVE-2024-10963] + +------------------------------------------------------------------- +Thu Oct 24 11:57:20 UTC 2024 - Thorsten Kukuk + +- Update to version 1.7.0 + - build: changed build system from autotools to meson. + - libpam_misc: use ECHOCTL in the terminal input + - pam_access: support UID and GID in access.conf + - pam_env: install environment file in vendordir if vendordir is enabled + - pam_issue: only count class user if logind support is enabled + - pam_limits: use systemd-logind instead of utmp if logind support is enabled + - pam_unix: compare password hashes in constant time + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Drop upstream patches: + - pam-bsc1194818-cursor-escape.patch + - pam_limits-systemd.patch + - pam_issue-systemd.patch + +------------------------------------------------------------------- +Thu Sep 12 07:50:55 UTC 2024 - Thorsten Kukuk + +- baselibs.conf: add pam-userdb + +------------------------------------------------------------------- +Tue Sep 10 08:22:02 UTC 2024 - Thorsten Kukuk + +- pam_limits-systemd.patch: update to final PR + +------------------------------------------------------------------- +Fri Sep 6 08:13:22 UTC 2024 - Thorsten Kukuk + +- Add systemd-logind support to pam_limits (pam_limits-systemd.patch) +- Remove /usr/etc/pam.d, everything should be migrated +- Remove pam_limits from default common-sessions* files. pam_limits + is now part of pam-extra and not in our default generated config. +- pam_issue-systemd.patch: only count class user sessions + +------------------------------------------------------------------- +Wed Aug 7 14:44:56 UTC 2024 - Stanislav Brabec + +- Prevent cursor escape from the login prompt [bsc#1194818] + * Added: pam-bsc1194818-cursor-escape.patch + +------------------------------------------------------------------- +Wed Apr 10 07:12:02 UTC 2024 - Thorsten Kukuk + +- Update to version 1.6.1 + - pam_env: fixed --disable-econf --enable-vendordir support. + - pam_unix: do not warn if password aging is disabled. + - pam_unix: try to set uid to 0 before unix_chkpwd invocation. + - pam_unix: allow empty passwords with non-empty hashes. + - Multiple minor bug fixes, build fixes, portability fixes, + documentation improvements, and translation updates. +- Remove backports: + - pam_env-fix_vendordir.patch + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch + +------------------------------------------------------------------- +Thu Feb 22 17:30:24 UTC 2024 - Valentin Lefebvre + +- Use autosetup to prepare for RPM 4.20. + +------------------------------------------------------------------- +Wed Feb 7 13:11:15 UTC 2024 - Thorsten Kukuk + +- pam.tmpfiles: Make sure the content of the /run directories get + removed in case of a soft-reboot + +------------------------------------------------------------------- +Tue Jan 30 15:17:57 UTC 2024 - Thorsten Kukuk + +- Enable pam_canonicalize_user.so + +------------------------------------------------------------------- +Fri Jan 19 09:11:30 UTC 2024 - Thorsten Kukuk + +- Add post 1.6.0 release fixes for pam_env and pam_unix: + - pam_env-fix-enable-vendordir-fallback.patch + - pam_env-fix_vendordir.patch + - pam_env-remove-escaped-newlines.patch + - pam_unix-fix-password-aging-disabled.patch +- Update to version 1.6.0 + - Added support of configuration files with arbitrarily long lines. + - build: fixed build outside of the source tree. + - libpam: added use of getrandom(2) as a source of randomness if available. + - libpam: fixed calculation of fail delay with very long delays. + - libpam: fixed potential infinite recursion with includes. + - libpam: implemented string to number conversions validation when parsing + controls in configuration. + - pam_access: added quiet_log option. + - pam_access: fixed truncation of very long group names. + - pam_canonicalize_user: new module to canonicalize user name. + - pam_echo: fixed file handling to prevent overflows and short reads. + - pam_env: added support of '\' character in environment variable values. + - pam_exec: allowed expose_authtok for password PAM_TYPE. + - pam_exec: fixed stack overflow with binary output of programs. + - pam_faildelay: implemented parameter ranges validation. + - pam_listfile: changed to treat \r and \n exactly the same in configuration. + - pam_mkhomedir: hardened directory creation against timing attacks. + - Please note that using *at functions leads to more open file handles + during creation. + - pam_namespace: fixed potential local DoS (CVE-2024-22365). + - pam_nologin: fixed file handling to prevent short reads. + - pam_pwhistory: helper binary is now built only if SELinux support is + enabled. + - pam_pwhistory: implemented reliable usernames handling when remembering + passwords. + - pam_shells: changed to allow shell entries with absolute paths only. + - pam_succeed_if: fixed treating empty strings as numerical value 0. + - pam_unix: added support of disabled password aging. + - pam_unix: synchronized password aging with shadow. + - pam_unix: implemented string to number conversions validation. + - pam_unix: fixed truncation of very long user names. + - pam_unix: corrected rounds retrieval for configured encryption method. + - pam_unix: implemented reliable usernames handling when remembering + passwords. + - pam_unix: changed to always run the helper to obtain shadow password + entries. + - pam_unix: unix_update helper binary is now built only if SELinux support + is enabled. + - pam_unix: added audit support to unix_update helper. + - pam_userdb: added gdbm support. + - Multiple minor bug fixes, portability fixes, documentation improvements, + and translation updates. +- The following patches are obsolete with the update: + - pam_access-doc-IPv6-link-local.patch + - pam_access-hostname-debug.patch + - pam_shells-fix-econf-memory-leak.patch + - pam_shells-fix-econf-memory-leak.patch + - disable-examples.patch +- pam-login_defs-check.sh: adjust checksum, SHA_CRYPT_MAX_ROUNDS + is no longer used. + +------------------------------------------------------------------- +Wed Aug 23 09:20:06 UTC 2023 - Thorsten Kukuk + +- Fix building without SELinux + +------------------------------------------------------------------- +Mon Aug 7 09:41:27 UTC 2023 - Thorsten Kukuk + +- pam_access backports from upstream: + - pam_access-doc-IPv6-link-local.patch: + Document only partial supported IPv6 link local addresses + - pam_access-hostname-debug.patch: + Don't print error if we cannot resolve a hostname, does not + need to be a hostname + - pam_shells-fix-econf-memory-leak.patch: + Free econf keys variable + - disable-examples.patch: + Don't build examples + +------------------------------------------------------------------- +Tue May 9 12:14:48 UTC 2023 - Thorsten Kukuk + +- Update to final 1.5.3 release: + - configure: added --enable-logind option to use logind instead of utmp + in pam_issue and pam_timestamp. + - pam_modutil_getlogin: changed to use getlogin() from libc instead of + parsing utmp. + - Added libeconf support to pam_env and pam_shells. + - Added vendor directory support to pam_access, pam_env, pam_group, + pam_faillock, pam_limits, pam_namespace, pam_pwhistory, pam_sepermit, + pam_shells, and pam_time. + - pam_limits: changed to not fail on missing config files. + - pam_pwhistory: added conf= option to specify config file location. + - pam_pwhistory: added file= option to specify password history file + location. + - pam_shells: added shells.d support when libeconf and vendordir are enabled. + - Deprecated pam_lastlog: this module is no longer built by default because + it uses utmp, wtmp, btmp and lastlog, but none of them are Y2038 safe, + even on 64bit architectures. + pam_lastlog will be removed in one of the next releases, consider using + pam_lastlog2 (from https://github.com/thkukuk/lastlog2) and/or + pam_wtmpdb (from https://github.com/thkukuk/wtmpdb) instead. + - Deprecated _pam_overwrite(), _pam_overwrite_n(), and _pam_drop_reply() + macros provided by _pam_macros.h; the memory override performed by these + macros can be optimized out by the compiler and therefore can no longer + be relied upon. + +------------------------------------------------------------------- +Thu Apr 20 09:40:50 UTC 2023 - Thorsten Kukuk + +- pam-extra: add split provide + +------------------------------------------------------------------- +Wed Apr 12 11:28:48 UTC 2023 - Thorsten Kukuk + +- pam-userdb: add split provide + +------------------------------------------------------------------- +Tue Apr 11 07:53:44 UTC 2023 - Thorsten Kukuk + +- Drop pam-xauth_ownership.patch, got fixed in sudo itself +- Drop pam-bsc1177858-dont-free-environment-string.patch, was a + fix for above patch + +------------------------------------------------------------------- +Thu Apr 6 12:11:30 UTC 2023 - Thorsten Kukuk + +- Use bcond selinux to disable SELinux +- Remove old pam_unix_* compat symlinks +- Move pam_userdb to own pam-userdb sub-package +- pam-extra contains now modules having extended dependencies like + libsystemd +- Update to 1.5.3.90 git snapshot +- Drop merged patches: + - pam-git.diff + - docbook5.patch + - pam_pwhistory-docu.patch + - pam_xauth_data.3.xml.patch +- Drop Linux-PAM-1.5.2.90.tar.xz as we have to rebuild all + documentation anyways and don't use the prebuild versions +- Move all devel manual pages to pam-manpages, too. Fixes the + problem that adjusted defaults not shown correct. + +------------------------------------------------------------------- +Mon Mar 20 10:12:41 UTC 2023 - Thorsten Kukuk + +- Add common-session-nonlogin and postlogin-* pam.d config files + for https://github.com/SUSE/pam-config/pull/16, pam_lastlog2 + and upcoming pam_wtmpdb. + +------------------------------------------------------------------- +Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi + +- Enable livepatching support on x86_64. + +------------------------------------------------------------------- +Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre + +- Use rpm macros for pam dist conf dir (/usr/etc/security) + +------------------------------------------------------------------- +Wed Jan 18 09:33:37 UTC 2023 - Stefan Schubert + +- Moved following files/dirs in /etc/security to vendor directory: + access.conf, limits.d, sepermit.conf, time.conf, namespace.conf, + namespace.d, namespace.init + +------------------------------------------------------------------- +Sat Dec 24 13:31:33 UTC 2022 - Dominique Leuenberger + +- Also obsolete pam_unix-32bit to have clean upgrade path. + +------------------------------------------------------------------- +Fri Dec 16 09:37:15 UTC 2022 - Thorsten Kukuk + +- Merge pam_unix back into pam, seperate package not needed anymore + +------------------------------------------------------------------- +Thu Dec 15 12:47:53 UTC 2022 - Thorsten Kukuk + +- Update pam-git.diff to current upstream + - pam_env: Use vendor specific pam_env.conf and environment as fallback + - pam_shells: Use the vendor directory + obsoletes pam_env_econf.patch +- Refresh docbook5.patch + +------------------------------------------------------------------- +Tue Dec 6 16:43:49 UTC 2022 - Thorsten Kukuk + +- pam_pwhistory-docu.patch, docbook5.patch: convert docu to + docbook5 + +------------------------------------------------------------------- +Thu Dec 1 13:51:35 UTC 2022 - Thorsten Kukuk + +- pam-git.diff: update to current git + - obsoletes pam-hostnames-in-access_conf.patch + - obsoletes tst-pam_env-retval.c +- pam_env_econf.patch refresh + +------------------------------------------------------------------- +Tue Nov 22 15:24:12 UTC 2022 - Thorsten Kukuk + +- Move pam_env config files below /usr/etc + +------------------------------------------------------------------- +Tue Oct 11 14:44:56 UTC 2022 - Stefan Schubert + +- pam_env: Using libeconf for reading configuration and environment + files. (Patch: pam_env_econf.patch; Testcase: tst-pam_env-retval.c) + +------------------------------------------------------------------- +Fri Jun 17 15:26:20 UTC 2022 - Thorsten Kukuk + +- Keep old directory in filelist for migration + +------------------------------------------------------------------- +Wed Jun 1 11:43:22 UTC 2022 - Thorsten Kukuk + +- Move PAM config files from /usr/etc/pam.d to /usr/lib/pam.d + +------------------------------------------------------------------- +Fri Mar 11 11:25:35 UTC 2022 - Thorsten Kukuk + +- pam-hostnames-in-access_conf.patch: update with upstream + submission. Fixes several bugs including memory leaks. + +------------------------------------------------------------------- +Wed Feb 9 14:05:01 UTC 2022 - Thorsten Kukuk + +- Move group.conf and faillock.conf to /usr/etc/security + +------------------------------------------------------------------- +Mon Feb 7 09:46:16 UTC 2022 - Thorsten Kukuk + +- Update to current git for enhanced vendordir support (pam-git.diff) + Obsoletes: + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch + +------------------------------------------------------------------- +Mon Dec 13 13:06:47 UTC 2021 - Thorsten Kukuk + +- Drop pam_umask-usergroups-login_defs.patch, does more harm + than helps. If not explizit specified as module option, we + use UMASK from login.defs unmodified. + +------------------------------------------------------------------- +Thu Nov 25 10:12:20 UTC 2021 - Thorsten Kukuk + +- Don't define doc/manpages packages in main build + +------------------------------------------------------------------- +Wed Nov 24 13:45:22 UTC 2021 - Thorsten Kukuk + +- Add missing recommends and split provides + +------------------------------------------------------------------- +Wed Nov 24 13:39:45 UTC 2021 - Thorsten Kukuk + +- Use multibuild to build docu with correct paths and available + features. + +------------------------------------------------------------------- +Mon Nov 22 13:12:09 UTC 2021 - Thorsten Kukuk + +- common-session: move pam_systemd to first position as if the + file would have been generated with pam-config +- Add vendordir fixes and enhancements from upstream: + - pam_xauth_data.3.xml.patch + - 0001-Include-pam_xauth_data.3.xml-in-source-archive-400.patch + - 0002-Only-include-vendordir-in-manual-page-if-set-401.patch + - 0003-Use-vendor-specific-limits.conf-as-fallback-402.patch +- For buggy bot: Makefile-pam_unix-nis.diff belonged to the other + spec file. + +------------------------------------------------------------------- +Wed Nov 17 04:14:18 UTC 2021 - Stanislav Brabec + +- Update pam-login_defs-check.sh regexp and + login_defs-support-for-pam symbol to version 1.5.2 + (new variable HMAC_CRYPTO_ALGO). + +------------------------------------------------------------------- +Tue Nov 2 20:32:04 UTC 2021 - Callum Farmer + +- Add /run/pam_timestamp to pam.tmpfiles + +------------------------------------------------------------------- +Tue Oct 12 13:49:53 UTC 2021 - Josef Möllers + +- Corrected macro definition of %_pam_moduledir: + %_pam_moduledir %{_libdir}/security + [macros.pam] + +------------------------------------------------------------------- +Wed Oct 6 09:14:11 UTC 2021 - Josef Möllers + +- Prepend a slash to the expansion of %{_lib} in macros.pam as + this are defined without a leading slash! + +------------------------------------------------------------------- +Wed Sep 15 13:34:52 UTC 2021 - Thorsten Kukuk + +- Rename motd.tmpfiles to pam.tmpfiles + - Add /run/faillock directory + +------------------------------------------------------------------- +Fri Sep 10 10:08:28 UTC 2021 - Thorsten Kukuk + +- pam-login_defs-check.sh: adjust for new login.defs variable usages + +------------------------------------------------------------------- +Mon Sep 6 11:51:30 UTC 2021 - Josef Möllers + +- Update to 1.5.2 + Noteworthy changes in Linux-PAM 1.5.2: + + * pam_exec: implemented quiet_log option. + * pam_mkhomedir: added support of HOME_MODE and UMASK from + /etc/login.defs. + * pam_timestamp: changed hmac algorithm to call openssl instead + of the bundled sha1 implementation if selected, added option + to select the hash algorithm to use with HMAC. + * Added pkgconfig files for provided libraries. + * Added --with-systemdunitdir configure option to specify systemd + unit directory. + * Added --with-misc-conv-bufsize configure option to specify the + buffer size in libpam_misc's misc_conv() function, raised the + default value for this parameter from 512 to 4096. + * Multiple minor bug fixes, portability fixes, documentation + improvements, and translation updates. + + pam_tally2 has been removed upstream, remove pam_tally2-removal.patch + + pam_cracklib has been removed from the upstream sources. This + obsoletes pam-pam_cracklib-add-usersubstr.patch and + pam_cracklib-removal.patch. + The following patches have been accepted upstream and, so, + are obsolete: + - pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch + - pam_securetty-don-t-complain-about-missing-config.patch + - bsc1184358-prevent-LOCAL-from-being-resolved.patch + - revert-check_shadow_expiry.diff + + [Linux-PAM-1.5.2-docs.tar.xz, Linux-PAM-1.5.2-docs.tar.xz.asc, + Linux-PAM-1.5.2.tar.xz, Linux-PAM-1.5.2.tar.xz.asc, + pam-pam_cracklib-add-usersubstr.patch, pam_cracklib-removal.patch, + pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch, + pam_securetty-don-t-complain-about-missing-config.patch, + bsc1184358-prevent-LOCAL-from-being-resolved.patch, + revert-check_shadow_expiry.diff] + +------------------------------------------------------------------- +Thu Aug 12 14:42:54 UTC 2021 - Thorsten Kukuk + +- pam_umask-usergroups-login_defs.patch: Deprecate pam_umask + explicit "usergroups" option and instead read it from login.def's + "USERGROUP_ENAB" option if umask is only defined there. + [bsc#1189139] + +------------------------------------------------------------------- +Tue Aug 3 09:26:00 UTC 2021 - pgajdos@suse.com + +- package man5/motd.5 as a man-pages link to man8/pam_motd.8 + [bsc#1188724] + +------------------------------------------------------------------- +Tue Jul 13 13:40:00 UTC 2021 - Thorsten Kukuk + +- revert-check_shadow_expiry.diff: revert wrong + CRYPT_SALT_METHOD_LEGACY check. + +------------------------------------------------------------------- +Fri Jun 25 08:07:04 UTC 2021 - Callum Farmer + +- Create /run/motd.d + +------------------------------------------------------------------- +Wed Jun 9 14:01:19 UTC 2021 - Ludwig Nussel + +- Remove legacy pre-usrmerge compat code (removed pam-usrmerge.diff) +- Backport patch to not install /usr/etc/securetty (boo#1033626) ie + no distro defaults and don't complain about it missing + (pam_securetty-don-t-complain-about-missing-config.patch) +- add debug bcond to be able to build pam with debug output easily +- add macros file to allow other packages to stop hardcoding + directory names. Compatible with Fedora. + +------------------------------------------------------------------- +Mon May 10 14:22:01 UTC 2021 - Josef Möllers + +- In the 32-bit compatibility package for 64-bit architectures, + require "systemd-32bit" to be also installed as it contains + pam_systemd.so for 32 bit applications. + [bsc#1185562, baselibs.conf] + +------------------------------------------------------------------- +Wed Apr 7 12:20:40 UTC 2021 - Josef Möllers + +- If "LOCAL" is configured in access.conf, and a login attempt from + a remote host is made, pam_access tries to resolve "LOCAL" as + a hostname and logs a failure. + Checking explicitly for "LOCAL" and rejecting access in this case + resolves this issue. + [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] + +------------------------------------------------------------------- +Wed Mar 31 11:43:17 UTC 2021 - Josef Möllers + +- pam_limits: "unlimited" is not a legitimate value for "nofile" + (see setrlimit(2)). So, when "nofile" is set to one of the + "unlimited" values, it is set to the contents of + "/proc/sys/fs/nr_open" instead. + Also changed the manpage of pam_limits to express this. + [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] + +------------------------------------------------------------------- +Thu Feb 18 22:16:43 UTC 2021 - Thorsten Kukuk + +- Add missing conflicts for pam_unix-nis + +------------------------------------------------------------------- +Tue Feb 16 10:27:04 UTC 2021 - Thorsten Kukuk + +- Split out pam_unix module and build without NIS support + +------------------------------------------------------------------- +Fri Nov 27 09:10:28 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.1 + - pam_unix: fixed CVE-2020-27780 - authentication bypass when a user + doesn't exist and root password is blank [bsc#1179166] + - pam_faillock: added nodelay option to not set pam_fail_delay + - pam_wheel: use pam_modutil_user_in_group to check for the group membership + with getgrouplist where it is available + +------------------------------------------------------------------- +Thu Nov 26 13:31:52 UTC 2020 - Ludwig Nussel + +- add macros.pam to abstract directory for pam modules + +------------------------------------------------------------------- +Thu Nov 19 15:43:33 UTC 2020 - Thorsten Kukuk + +- Update to 1.5.0 + - obsoletes pam-bsc1178727-initialize-daysleft.patch + - Multiple minor bug fixes, portability fixes, and documentation improvements. + - Extended libpam API with pam_modutil_check_user_in_passwd function. + - pam_faillock: changed /run/faillock/$USER permissions from 0600 to 0660. + - pam_motd: read motd files with target user credentials skipping unreadable ones. + - pam_pwhistory: added a SELinux helper executable. + - pam_unix, pam_usertype: implemented avoidance of certain timing attacks. + - pam_wheel: implemented PAM_RUSER fallback for the case when getlogin fails. + - pam_env: Reading of the user environment is deprecated and will be removed + at some point in the future. + - libpam: pam_modutil_drop_priv() now correctly sets the target user's + supplementary groups, allowing pam_motd to filter messages accordingly +- Refresh pam-xauth_ownership.patch +- pam_tally2-removal.patch: Re-add pam_tally2 for deprecated sub-package +- pam_cracklib-removal.patch: Re-add pam_cracklib for deprecated sub-package + +------------------------------------------------------------------- +Wed Nov 18 13:02:15 UTC 2020 - Josef Möllers + +- pam_cracklib: added code to check whether the password contains + a substring of of the user's name of at least characters length + in some form. + This is enabled by the new parameter "usersubstr=" + See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4 + [jsc#SLE-16719, jsc#SLE-16720, pam-pam_cracklib-add-usersubstr.patch] + +------------------------------------------------------------------- +Wed Nov 18 10:02:32 UTC 2020 - Josef Möllers + +- pam_xauth.c: do not free() a string which has been (successfully) + passed to putenv(). + [bsc#1177858, pam-bsc1177858-dont-free-environment-string.patch] + +------------------------------------------------------------------- +Fri Nov 13 09:13:18 UTC 2020 - Josef Möllers + +- Initialize pam_unix pam_sm_acct_mgmt() local variable "daysleft" + to avoid spurious (and misleading) + Warning: your password will expire in ... days. + fixed upstream with commit db6b293046a + [bsc#1178727, pam-bsc1178727-initialize-daysleft.patch] + +------------------------------------------------------------------- +Tue Nov 10 11:09:39 UTC 2020 - Thorsten Kukuk + +- Enable pam_faillock [bnc#1171562] + +------------------------------------------------------------------- +Thu Oct 29 10:10:23 UTC 2020 - Ludwig Nussel + +- prepare usrmerge (boo#1029961, pam-usrmerge.diff) + +------------------------------------------------------------------- +Wed Oct 8 13:31:39 UTC 2020 - Josef Möllers + +- /usr/bin/xauth chokes on the old user's $HOME being on an NFS + file system. Run /usr/bin/xauth using the old user's uid/gid + Patch courtesy of Dr. Werner Fink. + [bsc#1174593, pam-xauth_ownership.patch] + +------------------------------------------------------------------- +Thu Oct 8 02:33:16 UTC 2020 - Stanislav Brabec + +- pam-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +------------------------------------------------------------------- +Wed Jun 24 13:06:33 UTC 2020 - Josef Möllers + +- Revert the previous change [SR#815713]. + The group is not necessary for PAM functionality but used only + during testing. The test system should therefore create this group. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 15 15:05:18 UTC 2020 - Josef Möllers + +- Add requirement for group "wheel" to spec file. + [bsc#1171016, pam.spec] + +------------------------------------------------------------------- +Mon Jun 8 13:19:12 UTC 2020 - Thorsten Kukuk + +- Update to final 1.4.0 release + - includes pam-check-user-home-dir.patch + - obsoletes fix-man-links.dif + +------------------------------------------------------------------- +Mon Jun 8 07:59:58 UTC 2020 - Thorsten Kukuk + +- common-password: remove pam_cracklib, as that is deprecated. + +------------------------------------------------------------------- +Thu May 28 12:36:33 UTC 2020 - Josef Möllers + +- pam_setquota.so: + When setting quota, don't apply any quota if the user's $HOME is + a mountpoint (ie the user has a partition of his/her own). + [bsc#1171721, pam-check-user-home-dir.patch] + +------------------------------------------------------------------- +Wed May 27 09:27:32 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - pam_tally* and pam_cracklib got deprecated +- Disable pam_faillock and pam_setquota until they are whitelisted + +------------------------------------------------------------------- +Tue May 12 11:44:19 UTC 2020 - Josef Möllers + +- Adapted patch pam-hostnames-in-access_conf.patch for new version + New version obsoleted patch use-correct-IP-address.patch + [pam-hostnames-in-access_conf.patch, + use-correct-IP-address.patch] + +------------------------------------------------------------------- +Tue May 12 11:30:27 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Obsoletes pam_namespace-systemd.diff + +------------------------------------------------------------------- +Tue May 12 09:24:46 UTC 2020 - Thorsten Kukuk + +- Update to current Linux-PAM snapshot + - Add pam_faillock + - Multiple minor bug fixes and documentation improvements + - Fixed grammar of messages printed via pam_prompt + - Added support for a vendor directory and libeconf + - configure: Allowed disabling documentation through --disable-doc + - pam_get_authtok_verify: Avoid duplicate password verification + - pam_env: Changed the default to not read the user .pam_environment file + - pam_group, pam_time: Fixed logical error with multiple ! operators + - pam_keyinit: In pam_sm_setcred do the same as in pam_sm_open_session + - pam_lastlog: Do not log info about failed login if the session was opened + with PAM_SILENT flag + - pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs + - pam_lastlog: With 'unlimited' option prevent SIGXFSZ due to reduced 'fsize' + limit + - pam_motd: Export MOTD_SHOWN=pam after showing MOTD + - pam_motd: Support multiple motd paths specified, with filename overrides + - pam_namespace: Added a systemd service, which creates the namespaced + instance parent directories during boot + - pam_namespace: Support for noexec, nosuid and nodev flags for tmpfs mounts + - pam_shells: Recognize /bin/sh as the default shell + - pam_succeed_if: Support lists in group membership checks + - pam_tty_audit: If kernel audit is disabled return PAM_IGNORE + - pam_umask: Added new 'nousergroups' module argument and allowed specifying + the default for usergroups at build-time + - pam_unix: Added 'nullresetok' option to allow resetting blank passwords + - pam_unix: Report unusable hashes found by checksalt to syslog + - pam_unix: Support for (gost-)yescrypt hashing methods + - pam_unix: Use bcrypt b-variant when it bcrypt is chosen + - pam_usertype: New module to tell if uid is in login.defs ranges + - Added new API call pam_start_confdir() for special applications that + cannot use the system-default PAM configuration paths and need to + explicitly specify another path +- pam_namespace-systemd.diff: fix path of pam_namespace.services + +------------------------------------------------------------------- +Thu Apr 2 09:51:31 UTC 2020 - Ludwig Nussel + +- own /usr/lib/motd.d/ so other packages can add files there + +------------------------------------------------------------------- +Tue Mar 24 07:09:55 UTC 2020 - Josef Möllers + +- Listed all manual pages seperately as pam_userdb.8 has been moved + to pam-extra. + Also %exclude %{_defaultdocdir}/pam as the docs are in a separate + package. + [pam.spec] + +------------------------------------------------------------------- +Mon Mar 16 13:26:27 UTC 2020 - Josef Möllers + +- pam_userdb moved to a new package pam-extra as pam-modules + is obsolete and not part of SLE. + [bsc#1166510, pam.spec] + +------------------------------------------------------------------- +Thu Mar 12 16:01:46 UTC 2020 - Josef Möllers + +- Removed pam_userdb from this package and moved to pam-modules. + This removed the requirement for libdb. + Also made "xz" required for all releases. + Remove limits for nproc from /etc/security/limits.conf + [bsc#1164562, bsc#1166510, bsc#1110700, pam.spec] + +------------------------------------------------------------------- +Wed Feb 19 10:04:09 CET 2020 - kukuk@suse.de + +- Recommend login.defs only (no hard requirement) + +------------------------------------------------------------------- +Tue Sep 24 11:15:19 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190923.ea78d67: + * Fixed missing quotes in configure script + * Add support for a vendor directory and libeconf (#136) + * pam_lastlog: document the 'unlimited' option + * pam_lastlog: prevent crash due to reduced 'fsize' limit + * pam_unix_sess.c add uid for opening session + * Fix the man page for "pam_fail_delay()" + * Fix a typo + * Update a function comment +- drop usr-etc-support.patch (accepted upstream) + +------------------------------------------------------------------- +Thu Sep 5 10:09:05 CEST 2019 - kukuk@suse.de + +- Add migration support from /etc to /usr/etc during upgrade + +------------------------------------------------------------------- +Wed Sep 04 19:06:01 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190902.9de67ee: + * pwhistory: fix read of uninitialized data and memory leak when modifying opasswd + +------------------------------------------------------------------- +Tue Aug 27 18:41:10 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190826.1b087ed: + * libpam/pam_modutil_sanitize.c: optimize the way to close fds + +------------------------------------------------------------------- +Thu Aug 22 20:29:24 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars by macros. +- Avoid unnecessary invocation of subshells. +- Shorten recipe for constructing securetty contents on s390. + +------------------------------------------------------------------- +Mon Aug 19 14:45:43 CEST 2019 - kukuk@suse.de + +- usr-etc-support.patch: Add support for /usr/etc/pam.d + +------------------------------------------------------------------- +Mon Aug 19 13:33:49 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.diff: obsolete, NIS clients shouldn't + require DES anymore. +- etc.environment: removed, the sources contain the same + +------------------------------------------------------------------- +Mon Aug 19 11:28:31 UTC 2019 - kukuk@suse.com + +- Update to version 1.3.1+git20190807.e31dd6c: + * pam_tty_audit: Manual page clarification about password logging + * pam_get_authtok_verify: Avoid duplicate password verification + * Mention that ./autogen.sh is needeed to be run if you check out the sources from git + * pam_unix: Correct MAXPASS define name in the previous two commits. + * Restrict password length when changing password + * Trim password at PAM_MAX_RESP_SIZE chars + * pam_succeed_if: Request user data only when needed + * pam_tally2: Remove unnecessary fsync() + * Fixed a grammer mistake + * Fix documentation for pam_wheel + * Fix a typo in the documentation + * pam_lastlog: Improve silent option documentation + * pam_lastlog: Respect PAM_SILENT flag + * Fix regressions from the last commits. + * Replace strndupa with strncpy + * build: ignore pam_lastlog when logwtmp is not available. + * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. + * pam_motd: Cleanup the code and avoid unnecessary logging + * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. + * Move the duplicated search_key function to pam_modutil. + * pam_unix: Use pam_syslog instead of helper_log_err. + * pam_unix: Report unusable hashes found by checksalt to syslog. + * Revert "pam_unix: Add crypt_default method, if supported." + * pam_unix: Add crypt_default method, if supported. + * Revert part of the commit 4da9febc + * pam_unix: Add support for (gost-)yescrypt hashing methods. + * pam_unix: Fix closing curly brace. (#77) + * pam_unix: Add support for crypt_checksalt, if libcrypt supports it. + * pam_unix: Prefer a gensalt function, that supports auto entropy. + * pam_motd: Fix segmentation fault when no motd_dir specified (#76) + * pam_motd: Support multiple motd paths specified, with filename overrides (#69) + * pam_unix: Use bcrypt b-variant for computing new hashes. + * pam_tally, pam_tally2: fix grammar and spelling (#54) + * Fix grammar of messages printed via pam_prompt + * pam_stress: do not mark messages for translation + * pam_unix: remove obsolete _UNIX_AUTHTOK, _UNIX_OLD_AUTHTOK, and _UNIX_NEW_AUTHTOK macros + * pam_unix: remove obsolete _unix_read_password prototype + +------------------------------------------------------------------- +Thu May 2 23:55:30 CEST 2019 - sbrabec@suse.com + +- Add virtual symbols for login.defs compatibility (bsc#1121197). +- Add login.defs safety check pam-login_defs-check.sh + (bsc#1121197). + +------------------------------------------------------------------- +Thu Nov 15 15:41:08 UTC 2018 - josef.moellers@suse.com + +- When comparing an incoming IP address with an entry in + access.conf that only specified a single host (ie no netmask), + the incoming IP address was used rather than the IP address from + access.conf, effectively comparing the incoming address with + itself. (Also fixed a small typo while I was at it) + {bsc#1115640, use-correct-IP-address.patch, CVE-2018-17953] + +------------------------------------------------------------------- +Mon Oct 22 07:42:19 UTC 2018 - josef.moellers@suse.com + +- Upgrade to 1.3.1 + * pam_motd: add support for a motd.d directory + * pam_umask: Fix documentation to align with order of loading umask + * pam_get_user.3: Fix missing word in documentation + * pam_tally2 --reset: avoid creating a missing tallylog file + * pam_mkhomedir: Allow creating parent of homedir under / + * access.conf.5: Add note about spaces around ':' + * pam.8: Workaround formatting problem + * pam_unix: Check return value of malloc used for setcred data + * pam_cracklib: Drop unused prompt macros + * pam_tty_audit: Support matching users by uid range + * pam_access: support parsing files in /etc/security/access.d/*.conf + * pam_localuser: Correct documentation + * pam_issue: Fix no prompting in parse escape codes mode + * Unification and cleanup of syslog log levels + Also: removed nproc limit, referred to systemd instead. + Patch5 (pam-fix-config-order-in-manpage.patch) not needed any more. + [bsc#1112508, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Fri Aug 24 09:35:18 UTC 2018 - psimons@suse.com + +- Add libdb as build-time dependency to enable pam_userdb module. + This module is useful for implementing virtual user support for + vsftpd and possibly other daemons, too. [bsc#929711, fate#322538] + +------------------------------------------------------------------- +Fri Jul 13 15:48:58 CEST 2018 - sbrabec@suse.com + +- Install empty directory /etc/security/namespace.d for + pam_namespace.so iscript. + +------------------------------------------------------------------- +Thu May 3 07:08:50 UTC 2018 - josef.moellers@suse.com + +- pam_umask.8 needed to be patched as well. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Wed May 2 12:32:40 UTC 2018 - josef.moellers@suse.com + +- Changed order of configuration files to reflect actual code. + [bsc#1089884, pam-fix-config-order-in-manpage.patch] + +------------------------------------------------------------------- +Thu Feb 22 15:10:42 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Thu Oct 12 08:55:29 UTC 2017 - schwab@suse.de + +- Prerequire group(shadow), user(root) + +------------------------------------------------------------------- +Fri Jan 27 10:35:29 UTC 2017 - josef.moellers@suse.com + +- Allow symbolic hostnames in access.conf file. + [pam-hostnames-in-access_conf.patch, boo#1019866] + +------------------------------------------------------------------- +Thu Dec 8 12:41:05 UTC 2016 - josef.moellers@suse.com + +- Increased nproc limits for non-privileged users to 4069/16384. + Removed limits for "root". + [pam-limit-nproc.patch, bsc#1012494, bsc#1013706] + +------------------------------------------------------------------- +Sun Jul 31 11:08:19 UTC 2016 - develop7@develop7.info + +- pam-limit-nproc.patch: increased process limit to help + Chrome/Chromuim users with really lots of tabs. New limit gets + closer to UserTasksMax parameter in logind.conf + +------------------------------------------------------------------- +Thu Jul 28 14:29:09 CEST 2016 - kukuk@suse.de + +- Add doc directory to filelist. + +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff +- Link pam_unix against libtirpc and external libnsl to enable + IPv6 support. + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + +------------------------------------------------------------------- +Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de + +- Add 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + - Replace IPv4 only functions + +------------------------------------------------------------------- +Fri Apr 1 10:37:58 CEST 2016 - kukuk@suse.de + +- Fix typo in common-account.pamd [bnc#959439] + +------------------------------------------------------------------- +Tue Mar 29 14:25:02 CEST 2016 - kukuk@suse.de + +- Add 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - readd PAM_EXTERN for external PAM modules + +------------------------------------------------------------------- +Wed Mar 23 11:21:16 CET 2016 - kukuk@suse.de + +- Add 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +- Add 0002-Remove-enable-static-modules-option-and-support-from.patch +- Add 0003-fix-nis-checks.patch + +------------------------------------------------------------------- +Sat Jul 25 16:03:33 UTC 2015 - joschibrauchle@gmx.de + +- Add folder /etc/security/limits.d as mentioned in 'man pam_limits' + +------------------------------------------------------------------- +Fri Jun 26 09:39:42 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.1 + - security update for CVE-2015-3238 + +------------------------------------------------------------------- +Mon Apr 27 17:14:40 CEST 2015 - kukuk@suse.de + +- Update to version 1.2.0 + - obsoletes Linux-PAM-git-20150109.diff + +------------------------------------------------------------------- +Fri Jan 9 15:37:28 CET 2015 - kukuk@suse.de + +- Re-add lost patch encryption_method_nis.diff [bnc#906660] + +------------------------------------------------------------------- +Fri Jan 9 14:53:50 CET 2015 - kukuk@suse.de + +- Update to current git: + - Linux-PAM-git-20150109.diff replaces Linux-PAM-git-20140127.diff + - obsoletes pam_loginuid-log_write_errors.diff + - obsoletes pam_xauth-sigpipe.diff + - obsoletes bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Fri Jan 9 11:10:45 UTC 2015 - bwiedemann@suse.com + +- increase process limit to 1200 to help chromium users with many tabs + +------------------------------------------------------------------- +Tue May 6 14:31:36 UTC 2014 - bwiedemann@suse.com + +- limit number of processes to 700 to harden against fork-bombs + Add pam-limit-nproc.patch + +------------------------------------------------------------------- +Wed Apr 9 16:02:17 UTC 2014 - ckornacker@suse.com + +- Fix CVE-2014-2583: pam_timestamp path injection (bnc#870433) + bug-870433_pam_timestamp-fix-directory-traversal.patch + +------------------------------------------------------------------- +Tue Apr 1 15:35:56 UTC 2014 - ckornacker@suse.com + +- adding sclp_line0/ttysclp0 to /etc/securetty on s390 (bnc#869664) + +------------------------------------------------------------------- +Mon Jan 27 17:05:11 CET 2014 - kukuk@suse.de + +- Add pam_loginuid-log_write_errors.diff: log significant loginuid + write errors +- pam_xauth-sigpipe.diff: avoid potential SIGPIPE when writing to + xauth process + +------------------------------------------------------------------- +Mon Jan 27 15:14:34 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140127.diff), which + obsoletes pam_loginuid-part1.diff, pam_loginuid-part2.diff and + Linux-PAM-git-20140109.diff. + - Fix gratuitous use of strdup and x_strdup + - pam_xauth: log fatal errors preventing xauth process execution + - pam_loginuid: cleanup loginuid buffer initialization + - libpam_misc: fix an inconsistency in handling memory allocation errors + - pam_limits: fix utmp->ut_user handling + - pam_mkhomedir: check and create home directory for the same user + - pam_limits: detect and ignore stale utmp entries +- Disable pam_userdb (remove db-devel from build requires) + +------------------------------------------------------------------- +Fri Jan 10 10:56:24 UTC 2014 - kukuk@suse.com + +- Add pam_loginuid-part1.diff: Ignore missing /proc/self/loginuid +- Add pam_loginuid-part2.diff: Workaround to run pam_loginuid inside lxc + +------------------------------------------------------------------- +Thu Jan 9 17:31:27 CET 2014 - kukuk@suse.de + +- Update to current git (Linux-PAM-git-20140109.diff, which + replaces pam_unix.diff and encryption_method_nis.diff) + - pam_access: fix debug level logging + - pam_warn: log flags passed to the module + - pam_securetty: check return value of fgets + - pam_lastlog: fix format string + - pam_loginuid: If the correct loginuid is already set, skip writing it + +------------------------------------------------------------------- +Fri Nov 29 20:25:32 UTC 2013 - schwab@linux-m68k.org + +- common-session.pamd: add missing newline + +------------------------------------------------------------------- +Thu Nov 28 12:00:09 CET 2013 - kukuk@suse.de + +- Remove libtrpc support to solve dependency/build cycles, plain + glibc is enough for now. + +------------------------------------------------------------------- +Tue Nov 12 13:08:44 CET 2013 - kukuk@suse.de + +- Add encryption_method_nis.diff: + - implement pam_unix2 functionality to use another hash for + NIS passwords. + +------------------------------------------------------------------- +Fri Nov 8 16:01:35 CET 2013 - kukuk@suse.de + +- Add pam_unix.diff: + - fix if /etc/login.defs uses DES + - ask always for old password if a NIS password will be changed + +------------------------------------------------------------------- +Sat Sep 28 09:26:21 UTC 2013 - mc@suse.com + +- fix manpages links (bnc#842872) [fix-man-links.dif] + +------------------------------------------------------------------- +Fri Sep 20 21:42:54 UTC 2013 - hrvoje.senjan@gmail.com + +- Explicitly add pam_systemd.so to list of modules in + common-session.pamd (bnc#812462) + +------------------------------------------------------------------- +Fri Sep 20 09:43:38 CEST 2013 - kukuk@suse.de + +- Update to official release 1.1.8 (1.1.7 + git-20130916.diff) +- Remove needless pam_tally-deprecated.diff patch + +------------------------------------------------------------------- +Mon Sep 16 11:54:15 CEST 2013 - kukuk@suse.de + +- Replace fix-compiler-warnings.diff with current git snapshot + (git-20130916.diff) for pam_unix.so: + - fix glibc warnings + - fix syntax error in SELinux code + - fix crash at login + +------------------------------------------------------------------- +Thu Sep 12 10:05:53 CEST 2013 - kukuk@suse.de + +- Remove pam_unix-login.defs.diff, not needed anymore + +------------------------------------------------------------------- +Thu Sep 12 09:47:52 CEST 2013 - kukuk@suse.de + +- Update to version 1.1.7 (bugfix release) + - Drop missing-DESTDIR.diff and pam-fix-includes.patch + - fix-compiler-warnings.diff: fix unchecked setuid return code + +------------------------------------------------------------------- +Tue Aug 6 10:30:13 CEST 2013 - mc@suse.de + +- adding hvc0-hvc7 to /etc/securetty on s390 (bnc#718516) + +------------------------------------------------------------------- +Mon May 27 12:26:53 CEST 2013 - kukuk@suse.de + +- Fix typo in common-password [bnc#821526] + +------------------------------------------------------------------- +Fri Apr 26 10:25:06 UTC 2013 - mmeister@suse.com + +- Added libtool as BuildRequire, and autoreconf -i option to fix + build with new automake + +------------------------------------------------------------------- +Tue Feb 5 17:28:25 CET 2013 - kukuk@suse.de + +- Update pam_unix-login.defs.diff patch to the final upstream + version. + +------------------------------------------------------------------- +Tue Feb 5 14:09:06 CET 2013 - kukuk@suse.de + +- Adjust URL +- Add set_permission macro and PreReq +- Read default encryption method from /etc/login.defs + (pam_unix-login.defs.diff) + +------------------------------------------------------------------- +Fri Jan 25 13:49:36 UTC 2013 - kukuk@suse.com + +- Remove deprecated pam_tally.so module, it's too buggy and can + destroy config and log files. + +------------------------------------------------------------------- +Mon Nov 12 14:42:53 CET 2012 - kukuk@suse.de + +- Sync common-*.pamd config with pam-config (use pam_unix.so as + default). + +------------------------------------------------------------------- +Wed Sep 19 14:20:54 CEST 2012 - kukuk@suse.de + +- Fix building in Factory (add patch missing-DESTDIR.diff) + +------------------------------------------------------------------- +Fri Sep 14 10:55:31 CEST 2012 - kukuk@suse.de + +- Update to Linux-PAM 1.1.6 + - Update translations + - pam_cracklib: Add more checks for weak passwords + - pam_lastlog: Never lock out root + - Lot of bug fixes and smaller enhancements + +------------------------------------------------------------------- +Thu Jun 21 11:59:52 UTC 2012 - aj@suse.de + +- Include correct headers for getrlimit (add patch pam-fix-includes.patch). + +------------------------------------------------------------------- +Mon Apr 23 15:30:02 UTC 2012 - jengelh@medozas.de + +- Update homepage URL in specfile + +------------------------------------------------------------------- +Sat Mar 3 15:16:42 UTC 2012 - jengelh@medozas.de + +- Update to new upstream release 1.1.5 +* pam_env: Fix CVE-2011-3148: correctly count leading whitespace + when parsing environment file in pam_env +* Fix CVE-2011-3149: when overflowing, exit with PAM_BUF_ERR in + pam_env +* pam_access: Add hostname resolution cache + +------------------------------------------------------------------- +Tue Oct 25 14:24:27 CEST 2011 - mc@suse.de + +- pam_tally2: remove invalid options from manpage (bnc#726071) +- fix possible overflow and DOS in pam_env (bnc#724480) + CVE-2011-3148, CVE-2011-3149 + +------------------------------------------------------------------- +Mon Jun 27 15:29:11 CEST 2011 - kukuk@suse.de + +- Update to version 1.1.4 + * pam_securetty: Honour console= kernel option, add noconsole option + * pam_limits: Add %group syntax, drop change_uid option, add set_all option + * Lot of small bug fixes + * Add support for libtirpc +- Build against libtirpc + +------------------------------------------------------------------- +Thu May 26 09:37:34 UTC 2011 - cfarrell@novell.com + +- license update: GPL-2.0+ or BSD-3-Clause + Updating to spdx.org/licenses syntax as legal-auto for some reason did + not accept the previous spec file license + +------------------------------------------------------------------- +Wed May 25 16:15:30 CEST 2011 - kukuk@suse.de + +- Remove libxcrypt-devel from BuildRequires + +------------------------------------------------------------------- +Wed Feb 23 12:45:03 UTC 2011 - vcizek@novell.com + +- bnc#673826 rework + * manpage is left intact, as it was + * correct parsing of "quiet" option + +------------------------------------------------------------------- +Wed Feb 23 10:00:22 UTC 2011 - vcizek@novell.com + +- fix for bnc#673826 (pam_listfile) + * removed unnecessary logging when listfile is missing and quiet +option is specified + * manpage is also updated, to reflect that all option +require values + +------------------------------------------------------------------- +Thu Oct 28 16:23:49 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.3 + - fixes CVE-2010-3853, CVE-2010-3431, CVE-2010-3430 + - pam_unix: Add minlen option, change default from 6 to 0 + +------------------------------------------------------------------- +Tue Aug 31 13:38:23 CEST 2010 - kukuk@suse.de + +- Update to Linux-PAM 1.1.2 + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon May 10 14:22:18 CEST 2010 - kukuk@suse.de + +- Update to current CVS version (pam_rootok: Add support for + chauthtok and acct_mgmt, [bnc#533249]) + +------------------------------------------------------------------- +Thu Mar 11 13:25:46 CET 2010 - kukuk@suse.de + +- Install correct documentation + +------------------------------------------------------------------- +Wed Dec 16 15:22:39 CET 2009 - kukuk@suse.de + +- Update to Linux-PAM 1.1.1 (bug fix release) + +------------------------------------------------------------------- +Sat Dec 12 18:36:43 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Wed Dec 9 10:50:22 CET 2009 - jengelh@medozas.de + +- enable parallel building + +------------------------------------------------------------------- +Fri Jun 26 14:46:21 CEST 2009 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Wed Jun 24 09:52:29 CEST 2009 - kukuk@suse.de + +- Update to final version 1.1.0 (spelling fixes) + +------------------------------------------------------------------- +Tue May 5 16:07:00 CEST 2009 - kukuk@suse.de + +- Update to version 1.0.92: + * Update translations + * pam_succeed_if: Use provided username + * pam_mkhomedir: Fix handling of options + +------------------------------------------------------------------- +Fri Apr 3 21:43:48 CEST 2009 - rguenther@suse.de + +- Remove cracklib-dict-full and pwdutils BuildRequires again. + +------------------------------------------------------------------- +Fri Mar 27 11:41:23 CET 2009 - kukuk@suse.de + +- Update to version 1.0.91 aka 1.1 Beta2: + * Changes in the behavior of the password stack. Results of + PRELIM_CHECK are not used for the final run. + * Redefine LOCAL keyword of pam_access configuration file + * Add support for try_first_pass and use_first_pass to + pam_cracklib + * New password quality tests in pam_cracklib + * Add support for passing PAM_AUTHTOK to stdin of helpers from + pam_exec + * New options for pam_lastlog to show last failed login attempt and + to disable lastlog update + * New pam_pwhistory module to store last used passwords + * New pam_tally2 module similar to pam_tally with wordsize independent + tally data format, obsoletes pam_tally + * Make libpam not log missing module if its type is prepended with '-' + * New pam_timestamp module for authentication based on recent successful + login. + * Add blowfish support to pam_unix. + * Add support for user specific environment file to pam_env. + * Add pam_get_authtok to libpam as Linux-PAM extension. + +------------------------------------------------------------------- +Wed Feb 11 01:20:15 CET 2009 - ro@suse.de + +- use sr@latin instead of sr@Latn + +------------------------------------------------------------------- +Thu Feb 5 17:01:56 CET 2009 - kukuk@suse.de + +- Log failures of setrlimit in pam_limits [bnc#448314] +- Fix using of requisite in password stack [bnc#470337] + +------------------------------------------------------------------- +Tue Jan 20 12:21:08 CET 2009 - kukuk@suse.de + +- Regenerate documentation [bnc#448314] + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Dec 4 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Thu Nov 27 15:56:51 CET 2008 - mc@suse.de + +- enhance the man page for limits.conf (bnc#448314) + +------------------------------------------------------------------- +Mon Nov 24 17:21:19 CET 2008 - kukuk@suse.de + +- pam_time: fix parsing if '|' is used [bdo#326407] + +------------------------------------------------------------------- +Wed Nov 19 11:13:31 CET 2008 - kukuk@suse.de + +- pam_xauth: update last patch +- pam_pwhistory: add missing type option + +------------------------------------------------------------------- +Tue Nov 4 13:42:03 CET 2008 - mc@suse.de + +- pam_xauth: put XAUTHLOCALHOSTNAME into new enviroment + (bnc#441314) + +------------------------------------------------------------------- +Fri Oct 17 14:02:31 CEST 2008 - kukuk@suse.de + +- Add pam_tally2 +- Regenerate Documentation + +------------------------------------------------------------------- +Sat Oct 11 17:06:49 CEST 2008 - kukuk@suse.de + +- Enhance pam_lastlog with status output +- Add pam_pwhistory as tech preview + +------------------------------------------------------------------- +Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de + +- pam_tally: fix fd leak +- pam_mail: fix "quiet" option + +------------------------------------------------------------------- +Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.2 (fix SELinux regression) +- enhance pam_tally [FATE#303753] +- Backport fixes from CVS + +------------------------------------------------------------------- +Wed Aug 20 14:59:30 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Wed Apr 16 13:24:22 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.1: + - Fixes regression in pam_set_item(). + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Apr 4 14:41:44 CEST 2008 - kukuk@suse.de + +- Remove devfs lines from securetty [bnc#372241] + +------------------------------------------------------------------- +Thu Apr 3 15:18:11 CEST 2008 - kukuk@suse.de + +- Update to version 1.0.0: + - Official first "stable" release + - bug fixes + - translation updates + +------------------------------------------------------------------- +Fri Feb 15 10:55:26 CET 2008 - kukuk@suse.de + +- Update to version 0.99.10.0: + - New substack directive in config file syntax + - New module pam_tty_audit.so for enabling and disabling tty + auditing + - New PAM items PAM_XDISPLAY and PAM_XAUTHDATA + - Improved functionality of pam_namespace.so module (method flags, + namespace.d configuration directory, new options). + - Finaly removed deprecated pam_rhosts_auth module. + +------------------------------------------------------------------- +Wed Oct 10 15:13:33 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.9.0: + - misc_conv no longer blocks SIGINT; applications that don't want + user-interruptable prompts should block SIGINT themselves + - Merge fixes from Debian + - Fix parser for pam_group and pam_time + +------------------------------------------------------------------- +Wed Jul 18 12:00:07 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.1: + - Fix regression in pam_audit + +------------------------------------------------------------------- +Fri Jul 6 11:38:42 CEST 2007 - kukuk@suse.de + +- Update to version 0.99.8.0: + - Add translations for ar, ca, da, ru, sv and zu. + - Update hungarian translation. + - Add support for limits.d directory to pam_limits. + - Add minclass option to pam_cracklib + - Add new group syntax to pam_access + +------------------------------------------------------------------- +Thu Apr 19 15:30:46 CEST 2007 - mc@suse.de + +- move the documentation into a seperate package (pam-doc) + [partly fixes Bug #265733] + +------------------------------------------------------------------- +Mon Mar 26 15:48:13 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Wed Jan 24 11:27:16 CET 2007 - mc@suse.de + +- add %verify_permissions for /sbin/unix_chkpwd + [#237625] + +------------------------------------------------------------------- +Tue Jan 23 13:19:51 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.1 (security fix) + +------------------------------------------------------------------- +Wed Jan 17 14:13:14 CET 2007 - kukuk@suse.de + +- Update to Version 0.99.7.0 + * Add manual page for pam_unix.so. + * Add pam_faildelay module to set pam_fail_delay() value. + * Fix possible seg.fault in libpam/pam_set_data(). + * Cleanup of configure options. + * Update hungarian translation, fix german translation. + +------------------------------------------------------------------- +Wed Jan 17 14:00:03 CET 2007 - lnussel@suse.de + +- install unix_chkpwd setuid root instead of setgid shadow (#216816) + +------------------------------------------------------------------- +Tue Oct 24 14:26:51 CEST 2006 - kukuk@suse.de + +- pam_unix.so/unix_chkpwd: teach about blowfish [#213929] +- pam_namespace.so: Fix two possible buffer overflow +- link against libxcrypt + +------------------------------------------------------------------- +Sat Oct 7 11:46:56 CEST 2006 - kukuk@suse.de + +- Update hungarian translation [#210091] + +------------------------------------------------------------------- +Tue Sep 19 18:25:25 CEST 2006 - kukuk@suse.de + +- Don't remove pam_unix.so +- Use cracklib again (goes lost with one of the last cleanups) + +------------------------------------------------------------------- +Thu Sep 14 16:11:36 CEST 2006 - kukuk@suse.de + +- Add pam_umask.so to common-session [Fate#3621] + +------------------------------------------------------------------- +Wed Sep 6 16:37:33 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.3 (merges all patches) + +------------------------------------------------------------------- +Wed Aug 30 17:14:22 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.2 (incorporate last change) +- Add pam_loginuid and fixes from CVS [Fate#300486] + +------------------------------------------------------------------- +Wed Aug 23 19:11:41 CEST 2006 - kukuk@suse.de + +- Fix seg.fault in pam_cracklib if retyped password is empty + +------------------------------------------------------------------- +Tue Aug 22 21:53:40 CEST 2006 - kukuk@suse.de + +- Remove use_first_pass from pam_unix2.so in password section + +------------------------------------------------------------------- +Fri Aug 11 03:26:56 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.6.1 (big documentation update) + +------------------------------------------------------------------- +Fri Jul 28 11:30:28 CEST 2006 - kukuk@suse.de + +- Add missing namespace.init script + +------------------------------------------------------------------- +Thu Jul 27 17:12:24 CEST 2006 - kukuk@suse.de + +- Reenable audit subsystem [Fate#300486] + +------------------------------------------------------------------- +Wed Jun 28 13:07:15 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.5.0 (more manual pages, three new PAM + modules: pam_keyinit, pam_namespace, pam_rhosts) + +------------------------------------------------------------------- +Mon Jun 12 11:49:20 CEST 2006 - kukuk@suse.de + +- Update to current CVS (lot of new manual pages and docu) + +------------------------------------------------------------------- +Tue May 30 15:28:21 CEST 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.4.0 (merge all patches and translations) + +------------------------------------------------------------------- +Wed May 24 10:54:25 CEST 2006 - kukuk@suse.de + +- Fix problems found by Coverity + +------------------------------------------------------------------- +Wed May 17 14:46:04 CEST 2006 - schwab@suse.de + +- Don't strip binaries. + +------------------------------------------------------------------- +Fri May 5 15:16:29 CEST 2006 - kukuk@suse.de + +- Fix pam_tally LFS support [#172492] + +------------------------------------------------------------------- +Fri Apr 21 13:48:17 CEST 2006 - kukuk@suse.de + +- Update fr.po and pl.po + +------------------------------------------------------------------- +Tue Apr 11 14:56:37 CEST 2006 - kukuk@suse.de + +- Update km.po + +------------------------------------------------------------------- +Tue Apr 4 14:24:11 CEST 2006 - kukuk@suse.de + +- Remove obsolete pam-laus from the system + +------------------------------------------------------------------- +Mon Mar 27 14:20:56 CEST 2006 - kukuk@suse.de + +- Update translations for pt, pl, fr, fi and cs +- Add translation for uk + +------------------------------------------------------------------- +Tue Mar 21 14:06:00 CET 2006 - kukuk@suse.de + +- Update hu.po + +------------------------------------------------------------------- +Tue Mar 21 12:40:11 CET 2006 - kukuk@suse.de + +- Add translation for tr + +------------------------------------------------------------------- +Mon Mar 13 11:47:07 CET 2006 - kukuk@suse.de + +- Fix order of NULL checks in pam_get_user +- Fix comment in pam_lastlog for translators to be visible in + pot file +- Docu update, remove pam_selinux docu + +------------------------------------------------------------------- +Thu Mar 2 16:49:10 CET 2006 - kukuk@suse.de + +- Update km translation + +------------------------------------------------------------------- +Thu Feb 23 13:21:22 CET 2006 - kukuk@suse.de + +- pam_lastlog: + - Initialize correct struct member [SF#1427401] + - Mark strftime fmt string for translation [SF#1428269] + +------------------------------------------------------------------- +Sun Feb 19 09:15:42 CET 2006 - kukuk@suse.de + +- Update more manual pages + +------------------------------------------------------------------- +Sat Feb 18 12:45:19 CET 2006 - ro@suse.de + +- really disable audit if header file not present + +------------------------------------------------------------------- +Tue Feb 14 13:29:42 CET 2006 - kukuk@suse.de + +- Update fi.po +- Add km.po +- Update pl.po + +------------------------------------------------------------------- +Mon Feb 13 09:38:56 CET 2006 - kukuk@suse.de + +- Update with better manual pages + +------------------------------------------------------------------- +Thu Feb 9 16:07:27 CET 2006 - kukuk@suse.de + +- Add translation for nl, update pt translation + +------------------------------------------------------------------- +Fri Jan 27 14:03:06 CET 2006 - kukuk@suse.de + +- Move devel manual pages to -devel package +- Mark PAM config files as noreplace +- Mark /etc/securetty as noreplace +- Run ldconfig +- Fix libdb/ndbm compat detection with gdbm +- Adjust german translation +- Add all services to pam_listfile + +------------------------------------------------------------------- +Wed Jan 25 21:30:44 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Fri Jan 13 22:34:02 CET 2006 - kukuk@suse.de + +- Update to Linux-PAM 0.99.3.0 release candiate tar balls + (new translations) + +------------------------------------------------------------------- +Mon Jan 9 18:04:53 CET 2006 - kukuk@suse.de + +- Fix NULL handling for LSB-pam test suite [#141240] + +------------------------------------------------------------------- +Sun Jan 8 13:04:19 CET 2006 - kukuk@suse.de + +- Fix usage of PAM_AUTHTOK_RECOVER_ERR vs. PAM_AUTHTOK_RECOVERY_ERR + +------------------------------------------------------------------- +Fri Jan 6 12:34:57 CET 2006 - kukuk@suse.de + +- NULL is allowed as thirs argument for pam_get_item [#141240] + +------------------------------------------------------------------- +Wed Dec 21 10:29:02 CET 2005 - kukuk@suse.de + +- Add fixes from CVS + +------------------------------------------------------------------- +Thu Dec 15 17:18:35 CET 2005 - kukuk@suse.de + +- Fix pam_lastlog: don't report error on first login + +------------------------------------------------------------------- +Tue Dec 13 09:19:12 CET 2005 - kukuk@suse.de + +- Update to 0.99.2.1 + +------------------------------------------------------------------- +Fri Dec 9 09:41:05 CET 2005 - kukuk@suse.de + +- Add /etc/environment to avoid warnings in syslog + +------------------------------------------------------------------- +Mon Dec 5 12:36:47 CET 2005 - kukuk@suse.de + +- disable SELinux + +------------------------------------------------------------------- +Wed Nov 23 17:42:10 CET 2005 - kukuk@suse.de + +- Update getlogin() fix to final one + +------------------------------------------------------------------- +Mon Nov 21 18:15:05 CET 2005 - kukuk@suse.de + +- Fix PAM getlogin() implementation + +------------------------------------------------------------------- +Mon Nov 21 16:37:57 CET 2005 - kukuk@suse.de + +- Update to official 0.99.2.0 release + +------------------------------------------------------------------- +Tue Nov 8 08:49:30 CET 2005 - kukuk@suse.de + +- Update to new snapshot + +------------------------------------------------------------------- +Mon Oct 10 18:15:20 CEST 2005 - kukuk@suse.de + +- Enable original pam_wheel module + +------------------------------------------------------------------- +Tue Sep 27 10:56:58 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Compile libpam_misc with -fno-strict-aliasing + +------------------------------------------------------------------- +Mon Sep 19 15:31:34 CEST 2005 - kukuk@suse.de + +- Update to current CVS +- Fix compiling of pammodutil with -fPIC + +------------------------------------------------------------------- +Sun Sep 18 15:29:37 CEST 2005 - kukuk@suse.de + +- Update to current CVS + +------------------------------------------------------------------- +Tue Aug 23 16:27:50 CEST 2005 - kukuk@suse.de + +- Update to new snapshot (Major version is back to 0) + +------------------------------------------------------------------- +Fri Aug 19 16:24:54 CEST 2005 - kukuk@suse.de + +- Update to Linux-PAM 0.99.0.3 snapshot + +------------------------------------------------------------------- +Mon Jul 11 15:48:19 CEST 2005 - kukuk@suse.de + +- Add pam_umask + +------------------------------------------------------------------- +Mon Jul 4 11:13:21 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Thu Jun 23 10:28:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Add pam_loginuid + +------------------------------------------------------------------- +Thu Jun 9 12:01:49 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot + +------------------------------------------------------------------- +Mon Jun 6 17:55:33 CEST 2005 - kukuk@suse.de + +- Don't reset priority [#81690] +- Fix creating of symlinks + +------------------------------------------------------------------- +Fri May 20 13:18:43 CEST 2005 - kukuk@suse.de + +- Update to current CVS snapshot +- Real fix for [#82687] (don't include kernel header files) + +------------------------------------------------------------------- +Thu May 12 16:37:07 CEST 2005 - schubi@suse.de + +- Bug 82687 - pam_client.h redefines __u8 and __u32 + +------------------------------------------------------------------- +Fri Apr 29 11:18:16 CEST 2005 - kukuk@suse.de + +- Apply lot of fixes from CVS (including SELinux support) + +------------------------------------------------------------------- +Fri Apr 1 09:41:16 CEST 2005 - kukuk@suse.de + +- Update to final 0.79 release + +------------------------------------------------------------------- +Mon Mar 14 10:01:07 CET 2005 - kukuk@suse.de + +- Apply patch for pam_xauth to preserve DISPLAY variable [#66885] + +------------------------------------------------------------------- +Mon Jan 24 16:02:11 CET 2005 - kukuk@suse.de + +- Compile with large file support + +------------------------------------------------------------------- +Mon Jan 24 11:30:27 CET 2005 - schubi@suse.de + +- Made patch of latest CVS tree +- Removed patch pam_handler.diff ( included in CVS now ) +- moved Linux-PAM-0.78.dif to pam_group_time.diff + +------------------------------------------------------------------- +Wed Jan 5 13:09:18 CET 2005 - kukuk@suse.de + +- Fix seg.fault, if a PAM config line is incomplete + +------------------------------------------------------------------- +Thu Nov 18 14:58:43 CET 2004 - kukuk@suse.de + +- Update to final 0.78 + +------------------------------------------------------------------- +Mon Nov 8 17:09:53 CET 2004 - kukuk@suse.de + +- Add pam_env.so to common-auth +- Add pam_limit.so to common-session + +------------------------------------------------------------------- +Wed Oct 13 15:11:59 CEST 2004 - kukuk@suse.de + +- Update to 0.78-Beta1 + +------------------------------------------------------------------- +Wed Sep 22 16:40:26 CEST 2004 - kukuk@suse.de + +- Create pam.d/common-{auth,account,password,session} and include + them in pam.d/other +- Update to current CVS version of upcoming 0.78 release + +------------------------------------------------------------------- +Mon Aug 23 16:44:40 CEST 2004 - kukuk@suse.de + +- Update "code cleanup" patch +- Disable reading of /etc/environment in pam_env.so per default + +------------------------------------------------------------------- +Thu Aug 19 16:55:24 CEST 2004 - kukuk@suse.de + +- Reenable a "fixed" version of "code cleanup" patch +- Use pam_wheel from pam-modules package + +------------------------------------------------------------------- +Wed Aug 18 17:06:33 CEST 2004 - kukuk@suse.de + +- Disable "code cleanup" patch (no more comments about security + fixes) + +------------------------------------------------------------------- +Fri Aug 13 15:40:31 CEST 2004 - kukuk@suse.de + +- Apply big "code cleanup" patch [Bug #39673] + +------------------------------------------------------------------- +Fri Mar 12 14:32:27 CET 2004 - kukuk@suse.de + +- pam_wheel: Use original getlogin again, PAM internal does not + work without application help [Bug #35682] + +------------------------------------------------------------------- +Sun Jan 18 12:11:37 CET 2004 - meissner@suse.de + +- We no longer have pam in the buildsystem, so we + need some buildroot magic flags for the dlopen tests. + +------------------------------------------------------------------- +Thu Jan 15 23:19:55 CET 2004 - kukuk@suse.de + +- Cleanup neededforbuild + +------------------------------------------------------------------- +Fri Dec 5 11:32:57 CET 2003 - kukuk@suse.de + +- Add manual pages from SLES8 + +------------------------------------------------------------------- +Fri Nov 28 09:21:01 CET 2003 - kukuk@suse.de + +- Fix installing manual pages of modules +- Remove pthread check (db is now linked against pthread) + +------------------------------------------------------------------- +Thu Nov 27 09:13:46 CET 2003 - kukuk@suse.de + +- Merge with current CVS +- Apply bug fixes from bugtracking system +- Build as normal user + +------------------------------------------------------------------- +Fri Nov 21 14:41:41 CET 2003 - kukuk@suse.de + +- Compile with noexecstack + +------------------------------------------------------------------- +Thu Nov 6 12:12:15 CET 2003 - kukuk@suse.de + +- Fix pam_securetty CVS patch + +------------------------------------------------------------------- +Wed Oct 29 13:47:02 CET 2003 - kukuk@suse.de + +- Sync with current CVS version + +------------------------------------------------------------------- +Thu Oct 2 18:37:19 CEST 2003 - kukuk@suse.de + +- Add patch to implement "include" statement in pamd files + +------------------------------------------------------------------- +Wed Sep 10 14:36:51 CEST 2003 - uli@suse.de + +- added ttyS1 (VT220) to securetty on s390* (bug #29239) + +------------------------------------------------------------------- +Mon Jul 28 15:35:32 CEST 2003 - kukuk@suse.de + +- Apply lot of fixes for various problems + +------------------------------------------------------------------- +Tue Jun 10 12:08:56 CEST 2003 - kukuk@suse.de + +- Fix getlogin handling in pam_wheel.so + +------------------------------------------------------------------- +Tue May 27 16:26:00 CEST 2003 - ro@suse.de + +- added cracklib-devel to neededforbuild + +------------------------------------------------------------------- +Thu Feb 13 14:56:05 CET 2003 - kukuk@suse.de + +- Update pam_localuser and pam_xauth. + +------------------------------------------------------------------- +Wed Nov 13 14:51:23 CET 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.77 (minor bug fixes and enhancemants) + +------------------------------------------------------------------- +Mon Nov 11 11:26:13 CET 2002 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Sat Sep 14 18:12:49 CEST 2002 - ro@suse.de + +- changed securetty / use extra file + +------------------------------------------------------------------- +Fri Sep 13 18:21:35 CEST 2002 - bk@suse.de + +- 390: standard console (4,64)/ttyS0 ->only ttyS0 in /etc/securetty + +------------------------------------------------------------------- +Tue Aug 27 17:23:30 CEST 2002 - kukuk@suse.de + +- Call password checking helper from pam_unix.so whenever the + passwd field is invalid. + +------------------------------------------------------------------- +Sat Aug 24 14:41:43 CEST 2002 - kukuk@suse.de + +- Don't build ps and pdf documentation + +------------------------------------------------------------------- +Fri Aug 9 10:26:37 CEST 2002 - kukuk@suse.de + +- pam-devel requires pam [Bug #17543] + +------------------------------------------------------------------- +Wed Jul 17 21:48:22 CEST 2002 - kukuk@suse.de + +- Remove explicit requires + +------------------------------------------------------------------- +Wed Jul 10 10:14:17 CEST 2002 - kukuk@suse.de + +- Update to Linux-PAM 0.76 +- Remove reentrant patch for original PAM modules (needs to be + rewritten for new PAM version) +- Add docu in PDF format + +------------------------------------------------------------------- +Thu Jul 4 11:07:23 CEST 2002 - kukuk@suse.de + +- Fix build on different partitions + +------------------------------------------------------------------- +Tue Apr 16 14:50:19 CEST 2002 - mmj@suse.de + +- Fix to not own /usr/shar/man/man3 + +------------------------------------------------------------------- +Wed Mar 13 10:44:20 CET 2002 - kukuk@suse.de + +- Add /usr/include/security to pam-devel filelist + +------------------------------------------------------------------- +Mon Feb 11 22:46:43 CET 2002 - ro@suse.de + +- tar option for bz2 is "j" + +------------------------------------------------------------------- +Fri Jan 25 18:55:26 CET 2002 - kukuk@suse.de + +- Fix last pam_securetty patch + +------------------------------------------------------------------- +Thu Jan 24 20:11:37 CET 2002 - kukuk@suse.de + +- Use reentrant getpwnam functions for most modules +- Fix unresolved symbols in pam_access and pam_userdb + +------------------------------------------------------------------- +Sun Jan 20 22:06:39 CET 2002 - kukuk@suse.de + +- libpam_misc: Don't handle Ctrl-D as error. + +------------------------------------------------------------------- +Wed Jan 16 12:21:30 CET 2002 - kukuk@suse.de + +- Remove SuSEconfig.pam +- Update pam_localuser and pam_xauth +- Add new READMEs about blowfish and cracklib + +------------------------------------------------------------------- +Mon Nov 12 13:33:09 CET 2001 - kukuk@suse.de + +- Remove pam_unix.so (is part of pam-modules) + +------------------------------------------------------------------- +Fri Nov 9 10:42:02 CET 2001 - kukuk@suse.de + +- Move extra PAM modules to separate package +- Require pam-modules package + +------------------------------------------------------------------- +Fri Aug 24 14:55:04 CEST 2001 - kukuk@suse.de + +- Move susehelp config file to susehelp package + +------------------------------------------------------------------- +Mon Aug 13 15:51:57 CEST 2001 - ro@suse.de + +- changed neededforbuild to + +------------------------------------------------------------------- +Tue Aug 7 17:48:40 CEST 2001 - kukuk@suse.de + +- Fixes wrong symlink handling of pam_homecheck [Bug #3905] + +------------------------------------------------------------------- +Wed Jul 11 18:10:11 CEST 2001 - kukuk@suse.de + +- Sync pam_homecheck and pam_unix2 fixes from 7.2 +- Always ask for the old password if it is expired + +------------------------------------------------------------------- +Sat May 5 20:18:35 CEST 2001 - kukuk@suse.de + +- Cleanup Patches, make tar archive from extra pam modules + +------------------------------------------------------------------- +Fri May 4 16:51:07 CEST 2001 - kukuk@suse.de + +- Use LOG_NOTICE for trace option [Bug #7673] + +------------------------------------------------------------------- +Thu Apr 12 17:45:55 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link pam_access against libnsl +- Add pam.conf for susehelp/pam html docu + +------------------------------------------------------------------- +Tue Apr 10 17:39:50 CEST 2001 - kukuk@suse.de + +- Linux-PAM: Update to version 0.75 + +------------------------------------------------------------------- +Tue Apr 3 15:08:27 CEST 2001 - kukuk@suse.de + +- Linux-PAM: link libpam_misc against libpam [Bug #6890] + +------------------------------------------------------------------- +Thu Mar 8 15:38:22 CET 2001 - kukuk@suse.de + +- Linux-PAM: Fix manual pages (.so reference) +- pam_pwcheck: fix Makefile + +------------------------------------------------------------------- +Tue Mar 6 12:16:58 CET 2001 - kukuk@suse.de + +- Update for Linux-PAM 0.74 +- Drop pwdb subpackage + +------------------------------------------------------------------- +Tue Feb 13 14:17:13 CET 2001 - kukuk@suse.de + +- pam_unix2: Create temp files with permission 0600 + +------------------------------------------------------------------- +Tue Feb 6 01:34:06 CET 2001 - ro@suse.de + +- pam_issue.c: include time.h to make it compile + +------------------------------------------------------------------- +Fri Jan 5 22:51:44 CET 2001 - kukuk@suse.de + +- Don't print error message about failed initialization from + pam_limits with kernel 2.2 [Bug #5198] + +------------------------------------------------------------------- +Thu Jan 4 17:15:44 CET 2001 - kukuk@suse.de + +- Adjust docu for pam_limits + +------------------------------------------------------------------- +Sun Dec 17 13:22:11 CET 2000 - kukuk@suse.de + +- Adjust docu for pam_pwcheck + +------------------------------------------------------------------- +Thu Dec 7 15:23:37 CET 2000 - kukuk@suse.de + +- Add fix for pam_limits from 0.73 + +------------------------------------------------------------------- +Thu Oct 26 16:36:09 CEST 2000 - kukuk@suse.de + +- Add db-devel to need for build + +------------------------------------------------------------------- +Fri Oct 20 12:03:07 CEST 2000 - kukuk@suse.de + +- Don't link PAM modules against old libpam library + +------------------------------------------------------------------- +Wed Oct 18 11:53:34 CEST 2000 - kukuk@suse.de + +- Create new "devel" subpackage + +------------------------------------------------------------------- +Thu Oct 12 15:16:55 CEST 2000 - kukuk@suse.de + +- Add SuSEconfig.pam + +------------------------------------------------------------------- +Tue Oct 3 15:05:00 CEST 2000 - kukuk@suse.de + +- Fix problems with new gcc and glibc 2.2 header files + +------------------------------------------------------------------- +Wed Sep 13 13:12:08 CEST 2000 - kukuk@suse.de + +- Fix problem with passwords longer then PASS_MAX_LEN + +------------------------------------------------------------------- +Wed Sep 6 16:01:50 CEST 2000 - kukuk@suse.de + +- Add missing PAM modules to filelist +- Fix seg.fault in pam_pwcheck [BUG #3894] +- Clean spec file + +------------------------------------------------------------------- +Fri Jun 23 12:40:40 CEST 2000 - kukuk@suse.de + +- Lot of bug fixes in pam_unix2 and pam_pwcheck +- compress postscript docu + +------------------------------------------------------------------- +Mon May 15 10:57:16 CEST 2000 - kukuk@suse.de + +- Move docu to /usr/share/doc/pam +- Fix some bugs in pam_unix2 and pam_pwcheck + +------------------------------------------------------------------- +Tue Apr 25 16:32:56 CEST 2000 - kukuk@suse.de + +- Add pam_homecheck Module + +------------------------------------------------------------------- +Tue Apr 25 14:17:10 CEST 2000 - kukuk@suse.de + +- Add devfs devices to /etc/securetty + +------------------------------------------------------------------- +Wed Mar 1 17:35:27 CET 2000 - kukuk@suse.de + +- Fix handling of changing passwords to empty one + +------------------------------------------------------------------- +Tue Feb 22 18:00:48 CET 2000 - kukuk@suse.de + +- Set correct attr for unix_chkpwd and pwdb_chkpwd + +------------------------------------------------------------------- +Tue Feb 15 17:47:50 CET 2000 - kukuk@suse.de + +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Mon Feb 7 17:55:42 CET 2000 - kukuk@suse.de + +- pwdb: Update to 0.61 + +------------------------------------------------------------------- +Thu Jan 27 16:54:03 CET 2000 - kukuk@suse.de + +- Add config files and README for md5 passwords +- Update pam_pwcheck +- Update pam_unix2 + +------------------------------------------------------------------- +Thu Jan 13 18:22:10 CET 2000 - kukuk@suse.de + +- Update pam_unix2 +- New: pam_pwcheck +- Update to Linux-PAM 0.72 + +------------------------------------------------------------------- +Wed Oct 13 16:48:51 MEST 1999 - kukuk@suse.de + +- pam_pwdb: Add security fixes from RedHat + +------------------------------------------------------------------- +Mon Oct 11 20:34:18 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.70 +- Update to pwdb-0.60 +- Fix more pam_unix2 shadow bugs + +------------------------------------------------------------------- +Fri Oct 8 17:20:11 MEST 1999 - kukuk@suse.de + +- Add more PAM fixes +- Implement Password changing request (sp_lstchg == 0) + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Sat Sep 11 17:38:50 MEST 1999 - kukuk@suse.de + +- Add pam_wheel to file list +- pam_wheel: Minor fixes +- pam_unix2: root is allowed to change passwords with wrong + password aging information + +------------------------------------------------------------------- +Mon Aug 30 10:16:43 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix typo + +------------------------------------------------------------------- +Thu Aug 19 16:05:09 MEST 1999 - kukuk@suse.de + +- Linux-PAM: Update to version 0.69 + +------------------------------------------------------------------- +Fri Jul 16 12:35:14 MEST 1999 - kukuk@suse.de + +- pam_unix2: Root is allowed to use the old password again. + +------------------------------------------------------------------- +Tue Jul 13 11:09:41 MEST 1999 - kukuk@suse.de + +- pam_unix2: Allow root to set an empty password. + +------------------------------------------------------------------- +Sat Jul 10 18:41:00 MEST 1999 - kukuk@suse.de + +- Add HP-UX password aging to pam_unix2. + +------------------------------------------------------------------- +Wed Jul 7 17:45:04 MEST 1999 - kukuk@suse.de + +- Don't install .cvsignore files +- Make sure, /etc/shadow has the correct rights + +------------------------------------------------------------------- +Tue Jul 6 10:14:08 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.68 + +------------------------------------------------------------------- +Wed Jun 30 18:46:26 MEST 1999 - kukuk@suse.de + +- pam_unix2: more bug fixes + +------------------------------------------------------------------- +Tue Jun 29 10:57:18 MEST 1999 - kukuk@suse.de + +- pam_unix2: Fix "inactive" password + +------------------------------------------------------------------- +Mon Jun 28 13:59:18 MEST 1999 - kukuk@suse.de + +- pam_warn: Add missing functions +- other.pamd: Update +- Add more doku + +------------------------------------------------------------------- +Thu Jun 24 14:24:54 MEST 1999 - kukuk@suse.de + +- Add securetty config file +- Fix Debian pam_env patch + +------------------------------------------------------------------- +Mon Jun 21 10:10:35 MEST 1999 - kukuk@suse.de + +- Update to Linux-PAM 0.67 +- Add Debian pam_env patch + +------------------------------------------------------------------- +Thu Jun 17 15:59:30 MEST 1999 - kukuk@suse.de + +- pam_ftp malloc (core dump) fix + +------------------------------------------------------------------- +Tue Jun 15 18:57:03 MEST 1999 - kukuk@suse.de + +- pam_unix2 fixes + +------------------------------------------------------------------- +Mon Jun 7 11:34:48 MEST 1999 - kukuk@suse.de + +- First PAM package: pam 0.66, pwdb 0.57 and pam_unix2 diff --git a/pam.spec b/pam.spec new file mode 100644 index 0000000..cc574c3 --- /dev/null +++ b/pam.spec @@ -0,0 +1,529 @@ +# +# spec file for package pam +# +# Copyright (c) 2020 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 +# Enable livepatching support for SLE15-SP4 onwards. It requires +# compiler support introduced there. +%define livepatchable 1 + +# Set variables for livepatching. +%define _other %{_topdir}/OTHER +%define tar_basename pam-livepatch-%{version}-%{release} +%define tar_package_name %{tar_basename}.%{_arch}.tar.xz +%define clones_dest_dir %{tar_basename}/%{_arch} +%else +# Unsupported operating system. +%define livepatchable 0 +%endif + +%ifnarch x86_64 +# Unsupported architectures must have livepatch disabled. +%define livepatchable 0 +%endif + +%bcond_without selinux + +%define flavor @BUILD_FLAVOR@%{nil} + +# List of config files for migration to /usr/etc +%define config_files pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session \\\ + security/faillock.conf security/group.conf security/limits.conf security/pam_env.conf security/access.conf \\\ + security/namespace.conf security/namespace.init security/sepermit.conf + +%if "%{flavor}" == "full" +%define build_main 0 +%define build_doc 1 +%define build_extra 1 +%define build_userdb 1 +%define name_suffix -%{flavor}-src +%else +%define build_main 1 +%define build_doc 0 +%define build_extra 0 +%define build_userdb 0 +%define name_suffix %{nil} +%endif + +# +%define libpam_so_version 0.85.1 +%define libpam_misc_so_version 0.82.1 +%define libpamc_so_version 0.82.1 +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%endif +# +%{load:%{_sourcedir}/macros.pam} +# +Name: pam%{name_suffix} +# +Version: 1.7.1 +Release: 0 +Summary: A Security Tool that Provides Authentication for Applications +License: GPL-2.0-or-later OR BSD-3-Clause +Group: System/Libraries +URL: https://github.com/linux-pam/linux-pam +Source: Linux-PAM-%{version}.tar.xz +Source1: Linux-PAM-%{version}.tar.xz.asc +Source2: macros.pam +Source3: other.pamd +Source4: common-auth.pamd +Source5: common-account.pamd +Source6: common-password.pamd +Source7: common-session.pamd +Source9: baselibs.conf +Source12: pam-login_defs-check.sh +Source13: pam.tmpfiles +Source20: common-session-nonlogin.pamd +Source21: postlogin-auth.pamd +Source22: postlogin-account.pamd +Source23: postlogin-password.pamd +Source24: postlogin-session.pamd +Patch1: pam-limit-nproc.patch +# PATCH-FIX-UPSTREAM +Patch2: post-v1.7.1.patch +BuildRequires: audit-devel +BuildRequires: bison +BuildRequires: flex +BuildRequires: meson >= 0.62.0 +BuildRequires: xz +Requires(post): permissions +# All login.defs variables require support from shadow side. +# Upgrade this symbol version only if new variables appear! +# Verify by shadow-login_defs-check.sh from shadow source package. +Recommends: login_defs-support-for-pam >= 1.5.2 +BuildRequires: pkgconfig(libeconf) +%if %{with selinux} +BuildRequires: libselinux-devel +%endif +Obsoletes: pam_unix +Obsoletes: pam_unix-nis +Recommends: pam-manpages +Requires(pre): group(shadow) +Requires(pre): user(root) + +%description +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +%if %{build_userdb} +%package -n pam-userdb +Summary: PAM module to authenticate against a separate database +Group: System/Libraries +Provides: pam-extra:%{_pam_moduledir}/pam_userdb.so +BuildRequires: libdb-4_8-devel +BuildRequires: pam-devel + +%description -n pam-userdb +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains pam_userdb which is used to verify a +username/password pair against values stored in a Berkeley DB database. +%endif + + +%if %{build_extra} +%package -n pam-extra +Summary: PAM module with extended dependencies +Group: System/Libraries +BuildRequires: pkgconfig(libsystemd) >= 254 +BuildRequires: pam-devel +Provides: pam:%{_sbindir}/pam_timestamp_check +Provides: pam:%{_pam_moduledir}/pam_limits.so + +%description -n pam-extra +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains extra modules eg pam_issue and pam_timestamp which +can have extended dependencies. +%endif + +%if %{build_doc} + +%package -n pam-doc +Summary: Documentation for Pluggable Authentication Modules +Group: Documentation/HTML +BuildArch: noarch + +%description -n pam-doc +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the documentation. + +%package -n pam-manpages +Summary: Manualpages for Pluggable Authentication Modules +Group: Documentation/HTML +Provides: pam:/%{_mandir}/man8/PAM.8.gz +BuildArch: noarch +BuildRequires: docbook5-xsl-stylesheets +BuildRequires: elinks +BuildRequires: xmlgraphics-fop + +%description -n pam-manpages +PAM (Pluggable Authentication Modules) is a system security tool that +allows system administrators to set authentication policies without +having to recompile programs that do authentication. + +This package contains the manual pages. + +%endif + +%package devel +Summary: Include Files and Libraries for PAM Development +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: pam = %{version} + +%description devel +PAM (Pluggable Authentication Modules) is a system security tool which +allows system administrators to set authentication policy without +having to recompile programs which do authentication. + +This package contains header files and static libraries used for +building both PAM-aware applications and modules for use with PAM. + +%prep +%autosetup -p1 -n Linux-PAM-%{version} +cp -a %{SOURCE12} . + +%build +bash ./pam-login_defs-check.sh +%if %{livepatchable} +CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones" +%endif + +%meson -Dvendordir=%{_distconfdir} \ + -Ddocdir=%{_docdir}/pam \ + -Dhtmldir=%{_docdir}/pam/html \ + -Dpdfdir=%{_docdir}/pam/pdf \ + -Dsecuredir=%{_pam_moduledir} \ + -Dpam_unix-try-getspnam=true \ +%if "%{flavor}" != "full" + -Dlogind=disabled \ + -Dpam_userdb=disabled \ + -Ddocs=disabled \ +%else + -Dlogind=enabled \ +%endif + -Dpwaccess=disabled \ + -Delogind=disabled \ + -Dexamples=false \ + -Dnis=disabled +%meson_build + +%if %{livepatchable} + +# Ipa-clones are files generated by gcc which logs changes made across +# functions, and we need to know such changes to build livepatches +# correctly. These files are intended to be used by the livepatch +# developers and may be retrieved by using `osc getbinaries`. +# +# Create list of ipa-clones. +find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list + +# Create ipa-clones destination folder and move clones there. +mkdir -p ipa-clones/%{clones_dest_dir} +while read f; do + _dest=ipa-clones/%{clones_dest_dir}/$f + mkdir -p ${_dest%/*} + cp $f $_dest +done < ipa-clones.list + +# Create tar package with the clone files. +tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename} + +# Copy tar package to the OTHERS folder +cp %{tar_package_name} %{_other} + +%endif # livepatchable + +%if %{build_main} +%check +%meson_test +%endif + +%install +%meson_install + +mkdir -p %{buildroot}%{_pam_confdir} +mkdir -p %{buildroot}%{_pam_vendordir} + +# install other.pamd and common-*.pamd +install -m 644 %{SOURCE3} %{buildroot}%{_pam_vendordir}/other +install -m 644 %{SOURCE4} %{buildroot}%{_pam_vendordir}/common-auth +install -m 644 %{SOURCE5} %{buildroot}%{_pam_vendordir}/common-account +install -m 644 %{SOURCE6} %{buildroot}%{_pam_vendordir}/common-password +install -m 644 %{SOURCE7} %{buildroot}%{_pam_vendordir}/common-session +install -m 644 %{SOURCE20} %{buildroot}%{_pam_vendordir}/common-session-nonlogin +install -m 644 %{SOURCE21} %{buildroot}%{_pam_vendordir}/postlogin-auth +install -m 644 %{SOURCE22} %{buildroot}%{_pam_vendordir}/postlogin-account +install -m 644 %{SOURCE23} %{buildroot}%{_pam_vendordir}/postlogin-password +install -m 644 %{SOURCE24} %{buildroot}%{_pam_vendordir}/postlogin-session +# +# Install READMEs of PAM modules +# +DOC=%{buildroot}%{_defaultdocdir}/pam +%if "%{flavor}" == "full" +mkdir -p $DOC/modules +cp -fpv %{_vpath_builddir}/modules/pam_*/pam_*.txt "$DOC/modules/" +%endif + +# rpm macros +install -D -m 644 %{SOURCE2} %{buildroot}%{_rpmmacrodir}/macros.pam +# /run/motd.d +install -Dm0644 %{SOURCE13} %{buildroot}%{_tmpfilesdir}/pam.conf + +mkdir -p %{buildroot}%{_pam_secdistconfdir}/{limits.d,namespace.d} + +# Remove manual pages for main package +%if !%{build_doc} +rm -rf %{buildroot}%{_mandir}/man?/* +%else +# bsc#1188724 +echo '.so man8/pam_motd.8' > %{buildroot}%{_mandir}/man5/motd.5 +%endif + +%if !%{build_main} +rm -rf %{buildroot}{%{_distconfdir}/environment,%{_pam_secdistconfdir}/{a,f,g,n,p,s,t}*} +rm -rf %{buildroot}{%{_sysconfdir},%{_sbindir}/{f*,m*,pam_n*,pw*,u*},%{_pam_secconfdir},%{_pam_confdir},%{_datadir}/locale} +rm -rf %{buildroot}{%{_includedir},%{_libdir}/{libpam*,pkgconfig},%{_pam_vendordir},%{_rpmmacrodir},%{_tmpfilesdir},%{_unitdir}/pam_namespace.service} +rm -rf %{buildroot}%{_pam_moduledir}/pam_{a,b,c,d,e,f,g,h,j,k,la,lis,lo,m,n,o,p,q,r,s,v,w,x,y,z,time.,tt,um,un,usertype}* +%else +# Delete files for extra package +rm -rf %{buildroot}{%{_pam_moduledir}/pam_limits.so,%{_pam_secdistconfdir}/limits.conf,%{_pam_moduledir}/pam_issue.so,%{_pam_moduledir}/pam_timestamp.so,%{_sbindir}/pam_timestamp_check} + +# Create filelist with translations +%find_lang Linux-PAM + +%endif + +%if %{build_main} + +%verifyscript +%verify_permissions -e %{_sbindir}/unix_chkpwd + +%post +/sbin/ldconfig +%set_permissions %{_sbindir}/unix_chkpwd +%tmpfiles_create %{_tmpfilesdir}/pam.conf + +%postun -p /sbin/ldconfig +%pre +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done + +%posttrans +# Migration to /usr/etc. +for i in securetty %{config_files} ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done + +%files -f Linux-PAM.lang +%doc NEWS +%license COPYING +%dir %{_pam_confdir} +%dir %{_pam_vendordir} +%dir %{_pam_secconfdir} +%dir %{_pam_secdistconfdir} +%{_pam_vendordir}/other +%{_pam_vendordir}/common-* +%{_pam_vendordir}/postlogin-* +%{_distconfdir}/environment +%{_pam_secdistconfdir}/access.conf +%{_pam_secdistconfdir}/group.conf +%{_pam_secdistconfdir}/faillock.conf +%{_pam_secdistconfdir}/pam_env.conf +%if %{with selinux} +%{_pam_secdistconfdir}/sepermit.conf +%endif +%{_pam_secdistconfdir}/time.conf +%{_pam_secdistconfdir}/namespace.conf +%{_pam_secdistconfdir}/namespace.init +%{_pam_secdistconfdir}/pwhistory.conf +%dir %{_pam_secdistconfdir}/namespace.d +%{_libdir}/libpam.so.0 +%{_libdir}/libpam.so.%{libpam_so_version} +%{_libdir}/libpamc.so.0 +%{_libdir}/libpamc.so.%{libpamc_so_version} +%{_libdir}/libpam_misc.so.0 +%{_libdir}/libpam_misc.so.%{libpam_misc_so_version} +%dir %{_pam_moduledir} +%{_pam_moduledir}/pam_access.so +%{_pam_moduledir}/pam_canonicalize_user.so +%{_pam_moduledir}/pam_debug.so +%{_pam_moduledir}/pam_deny.so +%{_pam_moduledir}/pam_echo.so +%{_pam_moduledir}/pam_env.so +%{_pam_moduledir}/pam_exec.so +%{_pam_moduledir}/pam_faildelay.so +%{_pam_moduledir}/pam_faillock.so +%{_pam_moduledir}/pam_filter.so +%dir %{_pam_moduledir}/pam_filter +%{_pam_moduledir}//pam_filter/upperLOWER +%{_pam_moduledir}/pam_ftp.so +%{_pam_moduledir}/pam_group.so +%{_pam_moduledir}/pam_keyinit.so +%{_pam_moduledir}/pam_listfile.so +%{_pam_moduledir}/pam_localuser.so +%{_pam_moduledir}/pam_loginuid.so +%{_pam_moduledir}/pam_mail.so +%{_pam_moduledir}/pam_mkhomedir.so +%{_pam_moduledir}/pam_motd.so +%{_pam_moduledir}/pam_namespace.so +%{_pam_moduledir}/pam_nologin.so +%{_pam_moduledir}/pam_permit.so +%{_pam_moduledir}/pam_pwhistory.so +%{_pam_moduledir}/pam_rhosts.so +%{_pam_moduledir}/pam_rootok.so +%{_pam_moduledir}/pam_securetty.so +%if %{with selinux} +%{_pam_moduledir}/pam_selinux.so +%{_pam_moduledir}/pam_sepermit.so +%endif +%{_pam_moduledir}/pam_setquota.so +%{_pam_moduledir}/pam_shells.so +%{_pam_moduledir}/pam_stress.so +%{_pam_moduledir}/pam_succeed_if.so +%{_pam_moduledir}/pam_time.so +%{_pam_moduledir}/pam_tty_audit.so +%{_pam_moduledir}/pam_umask.so +%{_pam_moduledir}/pam_unix.so +%{_pam_moduledir}/pam_usertype.so +%{_pam_moduledir}/pam_warn.so +%{_pam_moduledir}/pam_wheel.so +%{_pam_moduledir}/pam_xauth.so +%{_sbindir}/faillock +%{_sbindir}/mkhomedir_helper +%{_sbindir}/pam_namespace_helper +%{_sbindir}/pwhistory_helper +%verify(not mode) %attr(4755,root,shadow) %{_sbindir}/unix_chkpwd +%attr(0700,root,root) %{_sbindir}/unix_update +%{_unitdir}/pam_namespace.service +%{_tmpfilesdir}/pam.conf + +%files devel +%defattr(644,root,root,755) +%dir %{_includedir}/security +%{_includedir}/security/*.h +%{_libdir}/libpam.so +%{_libdir}/libpamc.so +%{_libdir}/libpam_misc.so +%{_rpmmacrodir}/macros.pam +%{_libdir}/pkgconfig/pam*.pc +%endif + +%if %{build_userdb} +%files -n pam-userdb +%defattr(-,root,root,755) +%{_pam_moduledir}/pam_userdb.so +%{_mandir}/man8/pam_userdb.8%{?ext_man} +%endif + +%if %{build_extra} +%files -n pam-extra +%defattr(-,root,root,755) +%dir %{_pam_secdistconfdir} +%dir %{_pam_secdistconfdir}/limits.d +%{_pam_secdistconfdir}/limits.conf +%{_pam_moduledir}/pam_limits.so +%{_pam_moduledir}/pam_issue.so +%{_pam_moduledir}/pam_timestamp.so +%{_sbindir}/pam_timestamp_check +%endif + +%if %{build_doc} + +%files -n pam-doc +%defattr(644,root,root,755) +%dir %{_defaultdocdir}/pam +%doc %{_defaultdocdir}/pam/html +%doc %{_defaultdocdir}/pam/modules +%doc %{_defaultdocdir}/pam/pdf +%doc %{_defaultdocdir}/pam/*.txt + +%files -n pam-manpages +%{_mandir}/man3/pam*.3%{?ext_man} +%{_mandir}/man3/misc_conv.3%{?ext_man} +%{_mandir}/man5/environment.5%{?ext_man} +%{_mandir}/man5/*.conf.5%{?ext_man} +%{_mandir}/man5/pam.d.5%{?ext_man} +%{_mandir}/man5/motd.5%{?ext_man} +%{_mandir}/man8/PAM.8%{?ext_man} +%{_mandir}/man8/faillock.8%{?ext_man} +%{_mandir}/man8/mkhomedir_helper.8%{?ext_man} +%{_mandir}/man8/pam.8%{?ext_man} +%{_mandir}/man8/pam_access.8%{?ext_man} +%{_mandir}/man8/pam_canonicalize_user.8%{?ext_man} +%{_mandir}/man8/pam_debug.8%{?ext_man} +%{_mandir}/man8/pam_deny.8%{?ext_man} +%{_mandir}/man8/pam_echo.8%{?ext_man} +%{_mandir}/man8/pam_env.8%{?ext_man} +%{_mandir}/man8/pam_exec.8%{?ext_man} +%{_mandir}/man8/pam_faildelay.8%{?ext_man} +%{_mandir}/man8/pam_faillock.8%{?ext_man} +%{_mandir}/man8/pam_filter.8%{?ext_man} +%{_mandir}/man8/pam_ftp.8%{?ext_man} +%{_mandir}/man8/pam_group.8%{?ext_man} +%{_mandir}/man8/pam_issue.8%{?ext_man} +%{_mandir}/man8/pam_keyinit.8%{?ext_man} +%{_mandir}/man8/pam_limits.8%{?ext_man} +%{_mandir}/man8/pam_listfile.8%{?ext_man} +%{_mandir}/man8/pam_localuser.8%{?ext_man} +%{_mandir}/man8/pam_loginuid.8%{?ext_man} +%{_mandir}/man8/pam_mail.8%{?ext_man} +%{_mandir}/man8/pam_mkhomedir.8%{?ext_man} +%{_mandir}/man8/pam_motd.8%{?ext_man} +%{_mandir}/man8/pam_namespace.8%{?ext_man} +%{_mandir}/man8/pam_namespace_helper.8%{?ext_man} +%{_mandir}/man8/pam_nologin.8%{?ext_man} +%{_mandir}/man8/pam_permit.8%{?ext_man} +%{_mandir}/man8/pam_pwhistory.8%{?ext_man} +%{_mandir}/man8/pam_rhosts.8%{?ext_man} +%{_mandir}/man8/pam_rootok.8%{?ext_man} +%{_mandir}/man8/pam_securetty.8%{?ext_man} +%if %{with selinux} +%{_mandir}/man8/pam_selinux.8%{?ext_man} +%{_mandir}/man8/pam_sepermit.8%{?ext_man} +%endif +%{_mandir}/man8/pam_setquota.8%{?ext_man} +%{_mandir}/man8/pam_shells.8%{?ext_man} +%{_mandir}/man8/pam_stress.8%{?ext_man} +%{_mandir}/man8/pam_succeed_if.8%{?ext_man} +%{_mandir}/man8/pam_time.8%{?ext_man} +%{_mandir}/man8/pam_timestamp.8%{?ext_man} +%{_mandir}/man8/pam_timestamp_check.8%{?ext_man} +%{_mandir}/man8/pam_tty_audit.8%{?ext_man} +%{_mandir}/man8/pam_umask.8%{?ext_man} +%{_mandir}/man8/pam_unix.8%{?ext_man} +%{_mandir}/man8/pam_usertype.8%{?ext_man} +%{_mandir}/man8/pam_warn.8%{?ext_man} +%{_mandir}/man8/pam_wheel.8%{?ext_man} +%{_mandir}/man8/pam_xauth.8%{?ext_man} +%{_mandir}/man8/pwhistory_helper.8%{?ext_man} +%{_mandir}/man8/unix_chkpwd.8%{?ext_man} +%{_mandir}/man8/unix_update.8%{?ext_man} + +%endif + +%changelog diff --git a/pam.tmpfiles b/pam.tmpfiles new file mode 100644 index 0000000..ff82860 --- /dev/null +++ b/pam.tmpfiles @@ -0,0 +1,4 @@ +#Type Path Mode User Group Age Argument +D /run/faillock 0755 root root - - +D /run/motd.d 0755 root root - - +D /run/pam_timestamp 0755 root root - - diff --git a/post-v1.7.1.patch b/post-v1.7.1.patch new file mode 100644 index 0000000..0e1aca8 --- /dev/null +++ b/post-v1.7.1.patch @@ -0,0 +1,1273 @@ +diff --git a/doc/specs/draft-morgan-pam.raw b/doc/specs/draft-morgan-pam.raw +index 8fdb0502..253d7e2c 100644 +--- a/doc/specs/draft-morgan-pam.raw ++++ b/doc/specs/draft-morgan-pam.raw +@@ -442,7 +442,7 @@ available agents on the system is implementation specific. + pamc_start() function returns NULL on failure. Otherwise, the return + value is a pointer to an opaque data type which provides a handle to + the libpamc library. On systems where threading is available, the +-libpamc libraray is thread safe provided a single (pamc_handler_t *) ++libpamc library is thread safe provided a single (pamc_handler_t *) + is used by each thread. + + #$$$$ Client (Applicant) selection of agents +diff --git a/examples/check_user.c b/examples/check_user.c +index 89cc137b..bb100bc5 100644 +--- a/examples/check_user.c ++++ b/examples/check_user.c +@@ -6,8 +6,8 @@ + + You need to add the following (or equivalent) to the /etc/pam.conf file. + # check authorization +- check auth required pam_unix_auth.so +- check account required pam_unix_acct.so ++ check auth required pam_unix.so ++ check account required pam_unix.so + */ + + #include +diff --git a/examples/tty_conv.c b/examples/tty_conv.c +index 59bbb3b3..2219a51e 100644 +--- a/examples/tty_conv.c ++++ b/examples/tty_conv.c +@@ -18,26 +18,26 @@ + static void echoOff(int fd, int off) + { + struct termios tty; +- if (ioctl(fd, TCGETA, &tty) < 0) ++ if (tcgetattr(fd, &tty) < 0) + { +- fprintf(stderr, "TCGETA failed: %s\n", strerror(errno)); ++ fprintf(stderr, "tcgetattr failed: %s\n", strerror(errno)); + return; + } + + if (off) + { + tty.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL); +- if (ioctl(fd, TCSETAF, &tty) < 0) ++ if (tcsetattr(fd, TCSAFLUSH, &tty) < 0) + { +- fprintf(stderr, "TCSETAF failed: %s\n", strerror(errno)); ++ fprintf(stderr, "tcsetattr(TCSAFLUSH) failed: %s\n", strerror(errno)); + } + } + else + { + tty.c_lflag |= (ECHO | ECHOE | ECHOK | ECHONL); +- if (ioctl(fd, TCSETAW, &tty) < 0) ++ if (tcsetattr(fd, TCSADRAIN, &tty) < 0) + { +- fprintf(stderr, "TCSETAW failed: %s\n", strerror(errno)); ++ fprintf(stderr, "tcsetattr(TCSADRAIN) failed: %s\n", strerror(errno)); + } + } + } +diff --git a/libpam/pam_modutil_cleanup.c b/libpam/pam_modutil_cleanup.c +index 2077cbd7..46233736 100644 +--- a/libpam/pam_modutil_cleanup.c ++++ b/libpam/pam_modutil_cleanup.c +@@ -5,8 +5,12 @@ + */ + + #include "pam_modutil_private.h" ++#include "pam_inline.h" + ++#include ++#include + #include ++#include + + void + pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, +@@ -15,3 +19,39 @@ pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, + /* junk it */ + free(data); + } ++ ++void ++pam_modutil_cleanup_group (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct group *gr = data; ++ ++ if (gr && gr->gr_passwd) ++ pam_overwrite_string(gr->gr_passwd); ++ ++ free(data); ++} ++ ++void ++pam_modutil_cleanup_passwd (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct passwd *pw = data; ++ ++ if (pw && pw->pw_passwd) ++ pam_overwrite_string(pw->pw_passwd); ++ ++ free(data); ++} ++ ++void ++pam_modutil_cleanup_shadow (pam_handle_t *pamh UNUSED, void *data, ++ int error_status UNUSED) ++{ ++ struct spwd *sp = data; ++ ++ if (sp && sp->sp_pwdp) ++ pam_overwrite_string(sp->sp_pwdp); ++ ++ free(data); ++} +diff --git a/libpam/pam_modutil_getgrgid.c b/libpam/pam_modutil_getgrgid.c +index 6c2bb31b..fa3436c5 100644 +--- a/libpam/pam_modutil_getgrgid.c ++++ b/libpam/pam_modutil_getgrgid.c +@@ -62,7 +62,7 @@ pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_group); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getgrnam.c b/libpam/pam_modutil_getgrnam.c +index 418b9e47..533a8ce6 100644 +--- a/libpam/pam_modutil_getgrnam.c ++++ b/libpam/pam_modutil_getgrnam.c +@@ -62,7 +62,7 @@ pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_group); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getpwnam.c b/libpam/pam_modutil_getpwnam.c +index 5701ba9c..de654aeb 100644 +--- a/libpam/pam_modutil_getpwnam.c ++++ b/libpam/pam_modutil_getpwnam.c +@@ -62,7 +62,7 @@ pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_passwd); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getpwuid.c b/libpam/pam_modutil_getpwuid.c +index d3bb7231..6534958c 100644 +--- a/libpam/pam_modutil_getpwuid.c ++++ b/libpam/pam_modutil_getpwuid.c +@@ -62,7 +62,7 @@ pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_passwd); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_getspnam.c b/libpam/pam_modutil_getspnam.c +index 9aa6ac9a..9733eda0 100644 +--- a/libpam/pam_modutil_getspnam.c ++++ b/libpam/pam_modutil_getspnam.c +@@ -62,7 +62,7 @@ pam_modutil_getspnam(pam_handle_t *pamh, const char *user) + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, +- result, pam_modutil_cleanup); ++ result, pam_modutil_cleanup_shadow); + } + free(data_name); + if (status == PAM_SUCCESS) { +diff --git a/libpam/pam_modutil_private.h b/libpam/pam_modutil_private.h +index 98a30f68..611c7696 100644 +--- a/libpam/pam_modutil_private.h ++++ b/libpam/pam_modutil_private.h +@@ -20,5 +20,14 @@ + extern void + pam_modutil_cleanup(pam_handle_t *pamh, void *data, + int error_status); ++extern void ++pam_modutil_cleanup_group(pam_handle_t *pamh, void *data, ++ int error_status); ++extern void ++pam_modutil_cleanup_passwd(pam_handle_t *pamh, void *data, ++ int error_status); ++extern void ++pam_modutil_cleanup_shadow(pam_handle_t *pamh, void *data, ++ int error_status); + + #endif /* PAMMODUTIL_PRIVATE_H */ +diff --git a/meson.build b/meson.build +index 0827a53e..af83cd51 100644 +--- a/meson.build ++++ b/meson.build +@@ -53,6 +53,7 @@ cdata.set10('DEFAULT_USERGROUPS_SETTING', get_option('usergroups')) + cdata.set('PAM_USERTYPE_UIDMIN', get_option('uidmin')) + cdata.set('PAM_USERTYPE_OVERFLOW_UID', get_option('kernel-overflow-uid')) + cdata.set('PAM_MISC_CONV_BUFSIZE', get_option('misc-conv-bufsize')) ++cdata.set('PAM_UNIX_TRY_GETSPNAM', get_option('pam_unix-try-getspnam') ? 1 : false) + + cdata.set_quoted('_PAM_ISA', + get_option('isadir') != '' ? get_option('isadir') : '../..' / fs.name(libdir) / 'security') +@@ -150,6 +151,7 @@ add_project_link_arguments( + # --as-needed and --no-undefined are enabled by default + cc.get_supported_link_arguments([ + '-Wl,--fatal-warnings', ++ '-Wl,--no-undefined-version', + '-Wl,-O1', + ]), + language: 'c') +@@ -263,6 +265,10 @@ foreach f: ['crypt_r'] + endif + endforeach + ++libpwaccess = dependency('libpwaccess', required: get_option('pwaccess')) ++if libpwaccess.found() ++ cdata.set('USE_PWACCESS', 1) ++endif + + libeconf = dependency('libeconf', version: '>= 0.5.0', required: get_option('econf')) + if libeconf.found() +diff --git a/meson_options.txt b/meson_options.txt +index a172ceea..35d979b5 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -14,6 +14,8 @@ option('elogind', type: 'feature', value: 'auto', + description: 'logind support in pam_issue, pam_limits, and pam_timestamp via elogind') + option('openssl', type: 'feature', value: 'disabled', + description: 'Use OpenSSL crypto libraries in pam_timestamp') ++option('pwaccess', type: 'feature', value: 'auto', ++ description: 'libpwaccess support in pam_unix') + option('selinux', type: 'feature', value: 'auto', + description: 'SELinux support') + option('nis', type: 'feature', value: 'auto', +@@ -85,7 +87,7 @@ option('xauth', type: 'string', + description: 'Additional path to check for xauth when it is called from pam_xauth') + option('randomdev', type: 'string', + description: 'Random device to use instead of /dev/urandom') +-option('vendordir', type: 'string', ++option('vendordir', type: 'string', value: '/usr/share/pam', + description: 'Distribution provided configuration files directory') + + option('pam_userdb', type: 'feature', value: 'auto', +@@ -99,3 +101,5 @@ option('pam_lastlog', type: 'feature', value: 'disabled', + description: 'pam_lastlog module') + option('pam_unix', type: 'feature', value: 'auto', + description: 'pam_unix module') ++option('pam_unix-try-getspnam', type: 'boolean', value: false, ++ description: 'Let pam_unix try getspnam to obtain shadow password file entry before falling back to invoking the helper') +diff --git a/modules/maps/modules-account-session.map b/modules/maps/modules-account-session.map +new file mode 100644 +index 00000000..da87def8 +--- /dev/null ++++ b/modules/maps/modules-account-session.map +@@ -0,0 +1,7 @@ ++{ ++ global: ++ pam_sm_acct_mgmt; ++ pam_sm_close_session; ++ pam_sm_open_session; ++ local: *; ++}; +diff --git a/modules/maps/modules-account.map b/modules/maps/modules-account.map +new file mode 100644 +index 00000000..2b35aeb7 +--- /dev/null ++++ b/modules/maps/modules-account.map +@@ -0,0 +1,5 @@ ++{ ++ global: ++ pam_sm_acct_mgmt; ++ local: *; ++}; +diff --git a/modules/modules.map b/modules/maps/modules-auth-account-password-session.map +similarity index 100% +rename from modules/modules.map +rename to modules/maps/modules-auth-account-password-session.map +diff --git a/modules/maps/modules-auth-account-password.map b/modules/maps/modules-auth-account-password.map +new file mode 100644 +index 00000000..1f9e00b1 +--- /dev/null ++++ b/modules/maps/modules-auth-account-password.map +@@ -0,0 +1,8 @@ ++{ ++ global: ++ pam_sm_acct_mgmt; ++ pam_sm_authenticate; ++ pam_sm_chauthtok; ++ pam_sm_setcred; ++ local: *; ++}; +diff --git a/modules/maps/modules-auth-account-session.map b/modules/maps/modules-auth-account-session.map +new file mode 100644 +index 00000000..dcc94d87 +--- /dev/null ++++ b/modules/maps/modules-auth-account-session.map +@@ -0,0 +1,9 @@ ++{ ++ global: ++ pam_sm_acct_mgmt; ++ pam_sm_authenticate; ++ pam_sm_close_session; ++ pam_sm_open_session; ++ pam_sm_setcred; ++ local: *; ++}; +diff --git a/modules/maps/modules-auth-account.map b/modules/maps/modules-auth-account.map +new file mode 100644 +index 00000000..71928f8b +--- /dev/null ++++ b/modules/maps/modules-auth-account.map +@@ -0,0 +1,7 @@ ++{ ++ global: ++ pam_sm_acct_mgmt; ++ pam_sm_authenticate; ++ pam_sm_setcred; ++ local: *; ++}; +diff --git a/modules/maps/modules-auth-session.map b/modules/maps/modules-auth-session.map +new file mode 100644 +index 00000000..40ec74d6 +--- /dev/null ++++ b/modules/maps/modules-auth-session.map +@@ -0,0 +1,8 @@ ++{ ++ global: ++ pam_sm_authenticate; ++ pam_sm_close_session; ++ pam_sm_open_session; ++ pam_sm_setcred; ++ local: *; ++}; +diff --git a/modules/maps/modules-auth.map b/modules/maps/modules-auth.map +new file mode 100644 +index 00000000..eb970e07 +--- /dev/null ++++ b/modules/maps/modules-auth.map +@@ -0,0 +1,6 @@ ++{ ++ global: ++ pam_sm_authenticate; ++ pam_sm_setcred; ++ local: *; ++}; +diff --git a/modules/maps/modules-password.map b/modules/maps/modules-password.map +new file mode 100644 +index 00000000..b2538d45 +--- /dev/null ++++ b/modules/maps/modules-password.map +@@ -0,0 +1,5 @@ ++{ ++ global: ++ pam_sm_chauthtok; ++ local: *; ++}; +diff --git a/modules/maps/modules-session.map b/modules/maps/modules-session.map +new file mode 100644 +index 00000000..b413987f +--- /dev/null ++++ b/modules/maps/modules-session.map +@@ -0,0 +1,6 @@ ++{ ++ global: ++ pam_sm_close_session; ++ pam_sm_open_session; ++ local: *; ++}; +diff --git a/modules/meson.build b/modules/meson.build +index 20cebdbb..68a7a63c 100644 +--- a/modules/meson.build ++++ b/modules/meson.build +@@ -1,9 +1,3 @@ +-pam_module_map = 'modules.map' +-pam_module_map_path = meson.current_source_dir() / pam_module_map +- +-pam_module_link_deps = ['..' / pam_module_map] +-pam_module_link_args = ['-Wl,--version-script=' + pam_module_map_path] +- + subdir('pam_access') + subdir('pam_canonicalize_user') + subdir('pam_debug') +diff --git a/modules/module-meson.build b/modules/module-meson.build +index dce38b90..7920dc8b 100644 +--- a/modules/module-meson.build ++++ b/modules/module-meson.build +@@ -128,6 +128,12 @@ if module == 'pam_xauth' + pam_module_deps += [libselinux] + endif + ++pam_module_map = 'module.map' ++pam_module_map_path = meson.current_source_dir() / pam_module_map ++ ++pam_module_link_deps = [pam_module_map] ++pam_module_link_args = ['-Wl,--version-script=' + pam_module_map_path] ++ + pam_module = shared_module( + module, + name_prefix: '', +@@ -425,7 +431,7 @@ if module == 'pam_unix' + ], + c_args: ['-DHELPER_COMPILE="unix_chkpwd"'], + link_args: exe_link_args, +- dependencies: [libpam_internal_dep, libpam_dep, libcrypt, libselinux, libaudit], ++ dependencies: [libpam_internal_dep, libpam_dep, libcrypt, libselinux, libaudit, libpwaccess], + install: true, + install_dir: sbindir, + ) +@@ -441,7 +447,7 @@ if module == 'pam_unix' + ], + c_args: ['-DHELPER_COMPILE="unix_update"'], + link_args: exe_link_args, +- dependencies: [libpam_internal_dep, libpam_dep, libcrypt, libselinux, libaudit], ++ dependencies: [libpam_internal_dep, libpam_dep, libcrypt, libselinux, libaudit, libpwaccess], + install: true, + install_dir: sbindir, + ) +diff --git a/modules/pam_access/module.map b/modules/pam_access/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_access/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_canonicalize_user/module.map b/modules/pam_canonicalize_user/module.map +new file mode 120000 +index 00000000..190be9a2 +--- /dev/null ++++ b/modules/pam_canonicalize_user/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth.map +\ No newline at end of file +diff --git a/modules/pam_debug/module.map b/modules/pam_debug/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_debug/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_deny/module.map b/modules/pam_deny/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_deny/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_echo/module.map b/modules/pam_echo/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_echo/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_env/module.map b/modules/pam_env/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_env/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml +index c7889e0f..2bf7d7b2 100644 +--- a/modules/pam_env/pam_env.8.xml ++++ b/modules/pam_env/pam_env.8.xml +@@ -80,8 +80,8 @@ + pairs on separate lines. The path to this file can be specified with the + envfile option. + If this file has not been defined, the settings are read from the +- files /etc/security/environment and +- /etc/security/environment.d/*. ++ files /etc/environment and ++ /etc/environment.d/*. + If the file /etc/environment does not exist, the + settings are read from the files %vendordir%/environment, + %vendordir%/environment.d/* and +diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c +index 496c8943..3158768e 100644 +--- a/modules/pam_env/pam_env.c ++++ b/modules/pam_env/pam_env.c +@@ -627,10 +627,15 @@ _expand_arg(pam_handle_t *pamh, char **value) + if ('\\' == *orig) { + ++orig; + if ('$' != *orig && '@' != *orig && '\\' != *orig) { +- D(("Unrecognized escaped character: <%c> - ignoring", *orig)); +- pam_syslog(pamh, LOG_ERR, +- "Unrecognized escaped character: <%c> - ignoring", +- *orig); ++ if (*orig) { ++ D(("Unrecognized escaped character: <%c> - ignoring", *orig)); ++ pam_syslog(pamh, LOG_ERR, ++ "Unrecognized escaped character: <%c> - ignoring", ++ *orig); ++ } else { ++ D(("Ignoring backslash at end of string")); ++ pam_syslog(pamh, LOG_ERR, "Ignoring backslash at end of string"); ++ } + } else { + /* Note the increment */ + if (_strbuf_add_char(&buf, *orig++)) { +diff --git a/modules/pam_exec/module.map b/modules/pam_exec/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_exec/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_faildelay/module.map b/modules/pam_faildelay/module.map +new file mode 120000 +index 00000000..190be9a2 +--- /dev/null ++++ b/modules/pam_faildelay/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth.map +\ No newline at end of file +diff --git a/modules/pam_faillock/faillock.conf b/modules/pam_faillock/faillock.conf +index 16d93df7..3e119013 100644 +--- a/modules/pam_faillock/faillock.conf ++++ b/modules/pam_faillock/faillock.conf +@@ -33,7 +33,7 @@ + # + # The length of the interval during which the consecutive + # authentication failures must happen for the user account +-# lock out is n seconds. ++# lock out is n seconds. + # The default is 900 (15 minutes). + # fail_interval = 900 + # +@@ -56,7 +56,7 @@ + # + # If a group name is specified with this option, members + # of the group will be handled by this module the same as +-# the root account (the options `even_deny_root>` and +-# `root_unlock_time` will apply to them. ++# the root account (the options `even_deny_root` and ++# `root_unlock_time` will apply to them). + # By default, the option is not set. + # admin_group = +diff --git a/modules/pam_faillock/module.map b/modules/pam_faillock/module.map +new file mode 120000 +index 00000000..6cc612ef +--- /dev/null ++++ b/modules/pam_faillock/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account.map +\ No newline at end of file +diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml +index ce0ae050..42f87e81 100644 +--- a/modules/pam_faillock/pam_faillock.8.xml ++++ b/modules/pam_faillock/pam_faillock.8.xml +@@ -243,6 +243,14 @@ + user accounts allowing the adversary to infer that a particular account + is not existing on a system. + ++ ++ If the stack has not been run prior to the ++ stack, the logic to reset the failed login counter is intentionally skipped. This prevents ++ automated services, such as crond or systemd-user, ++ which might only perform account management tasks, from inadvertently clearing a user's ++ failed attempt records. This ensures the faillock counter is only reset by a service that ++ performs a full, successful authentication. ++ + + + +diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c +index 2d847aeb..a8363b6c 100644 +--- a/modules/pam_faillock/pam_faillock.c ++++ b/modules/pam_faillock/pam_faillock.c +@@ -62,6 +62,8 @@ + #define FAILLOCK_ACTION_AUTHSUCC 1 + #define FAILLOCK_ACTION_AUTHFAIL 2 + ++#define FAILLOCK_AUTH_EXECUTED "pam_faillock:auth_executed" ++ + static int + args_parse(pam_handle_t *pamh, int argc, const char **argv, + int flags, struct options *opts) +@@ -478,6 +480,10 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, + goto err; + } + ++ rv = pam_set_data(pamh, FAILLOCK_AUTH_EXECUTED, (void *)1, NULL); ++ if (rv != PAM_SUCCESS) ++ goto err; ++ + if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) || + check_local_user (pamh, opts.user) != 0) { + switch (opts.action) { +@@ -531,6 +537,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + struct options opts; + int rv, fd = -1; + struct tally_data tallies; ++ const void *auth_flag; + + memset(&tallies, 0, sizeof(tallies)); + +@@ -541,6 +548,12 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, + + opts.action = FAILLOCK_ACTION_AUTHSUCC; + ++ rv = pam_get_data(pamh, FAILLOCK_AUTH_EXECUTED, &auth_flag); ++ if (rv == PAM_NO_MODULE_DATA) { ++ rv = PAM_SUCCESS; ++ goto err; ++ } ++ + if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) { + goto err; + } +diff --git a/modules/pam_filter/module.map b/modules/pam_filter/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_filter/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_ftp/module.map b/modules/pam_ftp/module.map +new file mode 120000 +index 00000000..190be9a2 +--- /dev/null ++++ b/modules/pam_ftp/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth.map +\ No newline at end of file +diff --git a/modules/pam_group/module.map b/modules/pam_group/module.map +new file mode 120000 +index 00000000..190be9a2 +--- /dev/null ++++ b/modules/pam_group/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth.map +\ No newline at end of file +diff --git a/modules/pam_issue/module.map b/modules/pam_issue/module.map +new file mode 120000 +index 00000000..190be9a2 +--- /dev/null ++++ b/modules/pam_issue/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth.map +\ No newline at end of file +diff --git a/modules/pam_keyinit/module.map b/modules/pam_keyinit/module.map +new file mode 120000 +index 00000000..96519a4f +--- /dev/null ++++ b/modules/pam_keyinit/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-session.map +\ No newline at end of file +diff --git a/modules/pam_lastlog/module.map b/modules/pam_lastlog/module.map +new file mode 120000 +index 00000000..fa8c55e7 +--- /dev/null ++++ b/modules/pam_lastlog/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-session.map +\ No newline at end of file +diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c +index 01545a69..c68b5fb0 100644 +--- a/modules/pam_lastlog/pam_lastlog.c ++++ b/modules/pam_lastlog/pam_lastlog.c +@@ -569,7 +569,8 @@ last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t llt + + while ((retval=pam_modutil_read(fd, (void *)&ut, + sizeof(ut))) == sizeof(ut)) { +- if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { ++ if (zero_extend_signed_to_ull(ut.ut_tv.tv_sec) >= zero_extend_signed_to_ull(lltime) ++ && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { + memcpy(&utuser, &ut, sizeof(utuser)); + failed++; + } +diff --git a/modules/pam_limits/module.map b/modules/pam_limits/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_limits/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file +diff --git a/modules/pam_listfile/module.map b/modules/pam_listfile/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_listfile/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_localuser/module.map b/modules/pam_localuser/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_localuser/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_loginuid/module.map b/modules/pam_loginuid/module.map +new file mode 120000 +index 00000000..d4486c2b +--- /dev/null ++++ b/modules/pam_loginuid/module.map +@@ -0,0 +1 @@ ++../maps/modules-account-session.map +\ No newline at end of file +diff --git a/modules/pam_mail/module.map b/modules/pam_mail/module.map +new file mode 120000 +index 00000000..96519a4f +--- /dev/null ++++ b/modules/pam_mail/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-session.map +\ No newline at end of file +diff --git a/modules/pam_mkhomedir/module.map b/modules/pam_mkhomedir/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_mkhomedir/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file +diff --git a/modules/pam_motd/module.map b/modules/pam_motd/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_motd/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file +diff --git a/modules/pam_namespace/module.map b/modules/pam_namespace/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_namespace/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file +diff --git a/modules/pam_nologin/module.map b/modules/pam_nologin/module.map +new file mode 120000 +index 00000000..6cc612ef +--- /dev/null ++++ b/modules/pam_nologin/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account.map +\ No newline at end of file +diff --git a/modules/pam_permit/module.map b/modules/pam_permit/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_permit/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_pwhistory/module.map b/modules/pam_pwhistory/module.map +new file mode 120000 +index 00000000..7df2e1b6 +--- /dev/null ++++ b/modules/pam_pwhistory/module.map +@@ -0,0 +1 @@ ++../maps/modules-password.map +\ No newline at end of file +diff --git a/modules/pam_rhosts/module.map b/modules/pam_rhosts/module.map +new file mode 120000 +index 00000000..190be9a2 +--- /dev/null ++++ b/modules/pam_rhosts/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth.map +\ No newline at end of file +diff --git a/modules/pam_rootok/module.map b/modules/pam_rootok/module.map +new file mode 120000 +index 00000000..175e8b86 +--- /dev/null ++++ b/modules/pam_rootok/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password.map +\ No newline at end of file +diff --git a/modules/pam_securetty/module.map b/modules/pam_securetty/module.map +new file mode 120000 +index 00000000..6cc612ef +--- /dev/null ++++ b/modules/pam_securetty/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account.map +\ No newline at end of file +diff --git a/modules/pam_selinux/module.map b/modules/pam_selinux/module.map +new file mode 120000 +index 00000000..96519a4f +--- /dev/null ++++ b/modules/pam_selinux/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-session.map +\ No newline at end of file +diff --git a/modules/pam_sepermit/module.map b/modules/pam_sepermit/module.map +new file mode 120000 +index 00000000..6cc612ef +--- /dev/null ++++ b/modules/pam_sepermit/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account.map +\ No newline at end of file +diff --git a/modules/pam_setquota/module.map b/modules/pam_setquota/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_setquota/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file +diff --git a/modules/pam_shells/module.map b/modules/pam_shells/module.map +new file mode 120000 +index 00000000..6cc612ef +--- /dev/null ++++ b/modules/pam_shells/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account.map +\ No newline at end of file +diff --git a/modules/pam_stress/module.map b/modules/pam_stress/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_stress/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_succeed_if/module.map b/modules/pam_succeed_if/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_succeed_if/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_time/module.map b/modules/pam_time/module.map +new file mode 120000 +index 00000000..1057580e +--- /dev/null ++++ b/modules/pam_time/module.map +@@ -0,0 +1 @@ ++../maps/modules-account.map +\ No newline at end of file +diff --git a/modules/pam_timestamp/module.map b/modules/pam_timestamp/module.map +new file mode 120000 +index 00000000..96519a4f +--- /dev/null ++++ b/modules/pam_timestamp/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-session.map +\ No newline at end of file +diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c +index 0172d1ef..030fa2b8 100644 +--- a/modules/pam_timestamp/pam_timestamp.c ++++ b/modules/pam_timestamp/pam_timestamp.c +@@ -244,7 +244,9 @@ check_login_time( + if (strncmp(ruser, ut->ut_user, sizeof(ut->ut_user)) != 0) { + continue; + } +- if (oldest_login == 0 || oldest_login > ut->ut_tv.tv_sec) { ++ if (oldest_login == 0 || ++ zero_extend_signed_to_ull(oldest_login) ++ > zero_extend_signed_to_ull(ut->ut_tv.tv_sec)) { + oldest_login = ut->ut_tv.tv_sec; + } + } +diff --git a/modules/pam_tty_audit/module.map b/modules/pam_tty_audit/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_tty_audit/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file +diff --git a/modules/pam_umask/module.map b/modules/pam_umask/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_umask/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file +diff --git a/modules/pam_unix/module.map b/modules/pam_unix/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_unix/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c +index 961b7667..5afcbba9 100644 +--- a/modules/pam_unix/pam_unix_acct.c ++++ b/modules/pam_unix/pam_unix_acct.c +@@ -63,7 +63,7 @@ + #include "passverify.h" + + int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, +- const char *user, int *daysleft) ++ const char *user, long *daysleft) + { + int retval=0, child, fds[2]; + struct sigaction newsa, oldsa; +@@ -156,7 +156,7 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, + rc = pam_modutil_read(fds[0], buf, sizeof(buf) - 1); + if(rc > 0) { + buf[rc] = '\0'; +- if (sscanf(buf,"%d", daysleft) != 1 ) ++ if (sscanf(buf,"%ld", daysleft) != 1) + retval = PAM_AUTH_ERR; + } + else { +@@ -191,7 +191,8 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) + unsigned long long ctrl; + const void *void_uname; + const char *uname; +- int retval, daysleft = -1; ++ long daysleft = -1; ++ int retval; + char buf[256]; + + D(("called.")); +@@ -263,24 +264,24 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) + case PAM_SUCCESS: + if (daysleft >= 0) { + pam_syslog(pamh, LOG_DEBUG, +- "password for user %s will expire in %d days", ++ "password for user %s will expire in %ld days", + uname, daysleft); + #if defined HAVE_DNGETTEXT && defined ENABLE_NLS + pam_sprintf(buf, + dngettext(PACKAGE, +- "Warning: your password will expire in %d day.", +- "Warning: your password will expire in %d days.", ++ "Warning: your password will expire in %ld day.", ++ "Warning: your password will expire in %ld days.", + daysleft), + daysleft); + #else + if (daysleft == 1) + pam_sprintf(buf, +- _("Warning: your password will expire in %d day."), ++ _("Warning: your password will expire in %ld day."), + daysleft); + else + pam_sprintf(buf, + /* TRANSLATORS: only used if dngettext is not supported */ +- _("Warning: your password will expire in %d days."), ++ _("Warning: your password will expire in %ld days."), + daysleft); + #endif + _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); +diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c +index ffb61547..e713afca 100644 +--- a/modules/pam_unix/pam_unix_auth.c ++++ b/modules/pam_unix/pam_unix_auth.c +@@ -2,7 +2,6 @@ + * pam_unix authentication management + * + * Copyright Alexander O. Yuriev, 1996. All rights reserved. +- * NIS+ support by Thorsten Kukuk + * Copyright Jan Rękorajski, 1999. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without +diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c +index cdd253e3..dbc9fb76 100644 +--- a/modules/pam_unix/pam_unix_passwd.c ++++ b/modules/pam_unix/pam_unix_passwd.c +@@ -510,7 +510,7 @@ static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned lo + { + struct passwd *pwent = NULL; /* Password and shadow password */ + struct spwd *spent = NULL; /* file entries for the user */ +- int daysleft; ++ long daysleft; + int retval; + + retval = get_account_info(pamh, user, &pwent, &spent); +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index 85e7841e..7f758bb4 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -23,6 +23,9 @@ + #ifdef HAVE_CRYPT_H + #include + #endif ++#ifdef USE_PWACCESS ++#include ++#endif + + #include "pam_cc_compat.h" + #include "pam_inline.h" +@@ -200,65 +203,51 @@ PAMH_ARG_DECL(int get_account_info, + *pwd = pam_modutil_getpwnam(pamh, name); /* Get password file entry... */ + *spwdent = NULL; + +- if (*pwd != NULL) { +- if (strcmp((*pwd)->pw_passwd, "*NP*") == 0) +- { /* NIS+ */ +-#ifdef HELPER_COMPILE +- uid_t save_euid, save_uid; +- +- save_euid = geteuid(); +- save_uid = getuid(); +- if (save_uid == (*pwd)->pw_uid) { +- if (setreuid(save_euid, save_uid)) +- return PAM_CRED_INSUFFICIENT; +- } else { +- if (setreuid(0, -1)) +- return PAM_CRED_INSUFFICIENT; +- if (setreuid(-1, (*pwd)->pw_uid)) { +- if (setreuid(-1, 0) +- || setreuid(0, -1) +- || setreuid(-1, (*pwd)->pw_uid)) { +- return PAM_CRED_INSUFFICIENT; +- } +- } +- } +- +- *spwdent = pam_modutil_getspnam(pamh, name); +- if (save_uid == (*pwd)->pw_uid) { +- if (setreuid(save_uid, save_euid)) +- return PAM_CRED_INSUFFICIENT; +- } else { +- if (setreuid(-1, 0) +- || setreuid(save_uid, -1) +- || setreuid(-1, save_euid)) +- return PAM_CRED_INSUFFICIENT; +- } ++ if (*pwd == NULL) { ++ return PAM_USER_UNKNOWN; ++ } + +- if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) +- return PAM_AUTHINFO_UNAVAIL; +-#else +- /* we must run helper for NIS+ passwords */ +- return PAM_UNIX_RUN_HELPER; ++ if (is_pwd_shadowed(*pwd)) { ++#if defined(HELPER_COMPILE) || defined(PAM_UNIX_TRY_GETSPNAM) ++ /* ++ * shadow password file entry for this user, ++ * if shadowing is enabled ++ */ ++#ifdef USE_PWACCESS ++ int r; ++ bool complete = false; ++ char *error = NULL; ++ ++ r = pwaccess_get_user_record(-1, name, NULL, spwdent, &complete, &error); ++ if (r < 0) { ++ if (!PWACCESS_IS_NOT_RUNNING(r)) ++ pam_syslog(pamh, LOG_ERR, "%s", ++ error ? error : strerror(-r)); ++ free(error); ++ } ++ if (complete) ++ return PAM_SUCCESS; ++ struct_shadow_freep(spwdent); + #endif +- } else if (is_pwd_shadowed(*pwd)) { +-#ifdef HELPER_COMPILE +- /* +- * shadow password file entry for this user, +- * if shadowing is enabled +- */ +- *spwdent = getspnam(name); +- if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) +- return PAM_AUTHINFO_UNAVAIL; +-#else +- /* +- * The helper has to be invoked to deal with +- * the shadow password file entry. +- */ +- return PAM_UNIX_RUN_HELPER; ++ *spwdent = pam_modutil_getspnam(pamh, name); ++ if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL ++# ifndef HELPER_COMPILE ++ /* synthesized entry from libnss-systemd */ ++ || (strcmp(name, "root") == 0 && ++ strcmp((*spwdent)->sp_pwdp, "!*") == 0) ++# endif ++ ) ++# ifdef HELPER_COMPILE ++ return PAM_AUTHINFO_UNAVAIL; ++# endif ++#endif /* HELPER_COMPILE || PAM_UNIX_TRY_GETSPNAM */ ++#ifndef HELPER_COMPILE ++ /* ++ * The helper has to be invoked to deal with ++ * the shadow password file entry. ++ */ ++ return PAM_UNIX_RUN_HELPER; + #endif +- } +- } else { +- return PAM_USER_UNKNOWN; + } + return PAM_SUCCESS; + } +@@ -284,23 +273,8 @@ PAMH_ARG_DECL(int get_pwd_hash, + return PAM_SUCCESS; + } + +-/* +- * invariant: 0 <= num1 +- * invariant: 0 <= num2 +- */ +-static int +-subtract(long num1, long num2) +-{ +- long value = num1 - num2; +- if (value < INT_MIN) +- return INT_MIN; +- if (value > INT_MAX) +- return INT_MAX; +- return (int)value; +-} +- + PAMH_ARG_DECL(int check_shadow_expiry, +- struct spwd *spent, int *daysleft) ++ struct spwd *spent, long *daysleft) + { + long int curdays, passed; + *daysleft = -1; +@@ -331,7 +305,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, + long inact = spent->sp_max < LONG_MAX - spent->sp_inact ? + spent->sp_max + spent->sp_inact : LONG_MAX; + if (passed >= inact) { +- *daysleft = subtract(inact, passed); ++ *daysleft = inact - passed; + D(("authtok expired")); + return PAM_AUTHTOK_EXPIRED; + } +@@ -344,7 +318,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, + long warn = spent->sp_warn > spent->sp_max ? -1 : + spent->sp_max - spent->sp_warn; + if (passed >= warn) { +- *daysleft = subtract(spent->sp_max, passed); ++ *daysleft = spent->sp_max - passed; + D(("warn before expiry")); + } + } +diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h +index 1636791c..234eb8ca 100644 +--- a/modules/pam_unix/passverify.h ++++ b/modules/pam_unix/passverify.h +@@ -73,7 +73,7 @@ PAMH_ARG_DECL(int get_pwd_hash, + const char *name, struct passwd **pwd, char **hash); + + PAMH_ARG_DECL(int check_shadow_expiry, +- struct spwd *spent, int *daysleft); ++ struct spwd *spent, long *daysleft); + + PAMH_ARG_DECL(int unix_update_passwd, + const char *forwho, const char *towhat); +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index b95f95e6..652e35b2 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -648,7 +648,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned long long ctrl, const char *name + { + struct passwd *pwd = NULL; + char *salt = NULL; +- int daysleft; ++ long daysleft; + int retval; + int blank = 0; + int execloop; +@@ -863,7 +863,7 @@ int + _unix_verify_user(pam_handle_t *pamh, + unsigned long long ctrl, + const char *name, +- int *daysleft) ++ long *daysleft) + { + int retval; + struct spwd *spent; +diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h +index e8f629d7..759b7ba0 100644 +--- a/modules/pam_unix/support.h ++++ b/modules/pam_unix/support.h +@@ -174,9 +174,9 @@ extern int _unix_verify_password(pam_handle_t * pamh, const char *name, + const char *p, unsigned long long ctrl); + + extern int _unix_verify_user(pam_handle_t *pamh, unsigned long long ctrl, +- const char *name, int *daysleft); ++ const char *name, long *daysleft); + + extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned long long ctrl, +- const char *user, int *daysleft); ++ const char *user, long *daysleft); + #endif /* _PAM_UNIX_SUPPORT_H */ +diff --git a/modules/pam_unix/unix_chkpwd.c b/modules/pam_unix/unix_chkpwd.c +index 820136d5..dde41a3a 100644 +--- a/modules/pam_unix/unix_chkpwd.c ++++ b/modules/pam_unix/unix_chkpwd.c +@@ -41,7 +41,7 @@ static int _check_expiry(const char *uname) + struct spwd *spent; + struct passwd *pwent; + int retval; +- int daysleft; ++ long daysleft; + + retval = get_account_info(uname, &pwent, &spent); + if (retval != PAM_SUCCESS) { +@@ -56,7 +56,7 @@ static int _check_expiry(const char *uname) + } + + retval = check_shadow_expiry(spent, &daysleft); +- printf("%d\n", daysleft); ++ printf("%ld\n", daysleft); + return retval; + } + +diff --git a/modules/pam_userdb/module.map b/modules/pam_userdb/module.map +new file mode 120000 +index 00000000..6cc612ef +--- /dev/null ++++ b/modules/pam_userdb/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account.map +\ No newline at end of file +diff --git a/modules/pam_usertype/module.map b/modules/pam_usertype/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_usertype/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_warn/module.map b/modules/pam_warn/module.map +new file mode 120000 +index 00000000..894551fb +--- /dev/null ++++ b/modules/pam_warn/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account-password-session.map +\ No newline at end of file +diff --git a/modules/pam_wheel/module.map b/modules/pam_wheel/module.map +new file mode 120000 +index 00000000..6cc612ef +--- /dev/null ++++ b/modules/pam_wheel/module.map +@@ -0,0 +1 @@ ++../maps/modules-auth-account.map +\ No newline at end of file +diff --git a/modules/pam_xauth/module.map b/modules/pam_xauth/module.map +new file mode 120000 +index 00000000..b90af7a8 +--- /dev/null ++++ b/modules/pam_xauth/module.map +@@ -0,0 +1 @@ ++../maps/modules-session.map +\ No newline at end of file diff --git a/postlogin-account.pamd b/postlogin-account.pamd new file mode 100644 index 0000000..fe77682 --- /dev/null +++ b/postlogin-account.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-account - account settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-account". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-auth.pamd b/postlogin-auth.pamd new file mode 100644 index 0000000..be3326c --- /dev/null +++ b/postlogin-auth.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-auth - authentication settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-auth". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-password.pamd b/postlogin-password.pamd new file mode 100644 index 0000000..42b3af2 --- /dev/null +++ b/postlogin-password.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-password - password settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-password". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# diff --git a/postlogin-session.pamd b/postlogin-session.pamd new file mode 100644 index 0000000..f2f6db0 --- /dev/null +++ b/postlogin-session.pamd @@ -0,0 +1,10 @@ +# +# /etc/pam.d/postlogin-session - session settings common to login services +# +# This file is included from login service-specific PAM config files, +# and contains the PAM modules which should be called after +# the modules of "common-session". +# +# This file should only be included from services doing real logins, +# so like "login", "xdm" or "sshd", but not "chsh" or "cron". +# -- 2.51.1 From 9545def85276a8bfe7fa3cb831c6566f5297ba8bc234dde1df077d494a51b0c3 Mon Sep 17 00:00:00 2001 From: Valentin Lefebvre Date: Mon, 15 Sep 2025 12:00:47 +0000 Subject: [PATCH 226/226] pam_mkhomedir: building with vendordir option allows fetching skeleton directory from the vendor directory when creating the user home directory. OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=313 --- pam.changes | 7 + pam.spec | 2 + ...mkhomedir-Use-vendordir-when-defined.patch | 315 ++++++++++++++++++ 3 files changed, 324 insertions(+) create mode 100644 pam_mkhomedir-Use-vendordir-when-defined.patch diff --git a/pam.changes b/pam.changes index 52a0ff3..16fe18a 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 15 07:53:29 UTC 2025 - Valentin Lefebvre + +- pam_mkhomedir: building with vendordir option allows fetching skeleton + directory from the vendor directory when creating the user home directory. + [+ pam_mkhomedir-Use-vendordir-when-defined.patch, bsc#1245524] + ------------------------------------------------------------------- Wed Aug 27 14:20:14 UTC 2025 - Thorsten Kukuk diff --git a/pam.spec b/pam.spec index cc574c3..9f85228 100644 --- a/pam.spec +++ b/pam.spec @@ -95,6 +95,8 @@ Source24: postlogin-session.pamd Patch1: pam-limit-nproc.patch # PATCH-FIX-UPSTREAM Patch2: post-v1.7.1.patch +# PATCH-FIX-UPSTREAM +Patch3: pam_mkhomedir-Use-vendordir-when-defined.patch BuildRequires: audit-devel BuildRequires: bison BuildRequires: flex diff --git a/pam_mkhomedir-Use-vendordir-when-defined.patch b/pam_mkhomedir-Use-vendordir-when-defined.patch new file mode 100644 index 0000000..31e4063 --- /dev/null +++ b/pam_mkhomedir-Use-vendordir-when-defined.patch @@ -0,0 +1,315 @@ +From c4a53492e1b7aebcf7a65a778d9e3a78f196d117 Mon Sep 17 00:00:00 2001 +From: vlefebvre +Date: Tue, 15 Jul 2025 15:42:50 +0200 +Subject: [PATCH] pam_mkhomedir: Use vendordir when defined + +* When the configuration is split between /etc and vendordir, + pam_mkhomedir now takes care of the distribution-provided + skeleton directory. + +* mkhomedir_helper gets a new optional argument: vendordir. + If specified, the home directory will be populated by contents of + the directory specified by skeldir argument, followed by contents + of the directory specified by vendordir argument. + +Signed-off-by: vlefebvre +--- + modules/pam_mkhomedir/mkhomedir_helper.8.xml | 12 ++- + modules/pam_mkhomedir/mkhomedir_helper.c | 91 +++++++++++++------- + modules/pam_mkhomedir/pam_mkhomedir.8.xml | 8 +- + modules/pam_mkhomedir/pam_mkhomedir.c | 14 ++- + 4 files changed, 88 insertions(+), 37 deletions(-) + +diff --git a/modules/pam_mkhomedir/mkhomedir_helper.8.xml b/modules/pam_mkhomedir/mkhomedir_helper.8.xml +index 0f4c4b40..87b83a40 100644 +--- a/modules/pam_mkhomedir/mkhomedir_helper.8.xml ++++ b/modules/pam_mkhomedir/mkhomedir_helper.8.xml +@@ -24,6 +24,9 @@ + path-to-skel + + home_mode ++ ++ path-to-vendor-skel ++ + + + +@@ -48,6 +51,13 @@ + umask. + + ++ ++ path-to-vendor-skel doesn't have default ++ value. When set to a path, home directory will be ++ populated by contents of path-to-skel first, ++ and then by contents of path. ++ ++ + + The helper is separated from the module to not require direct access from + login SELinux domains to the contents of user home directories. The +@@ -77,4 +87,4 @@ + + + +- +\ No newline at end of file ++ +diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c +index 0c05ee9c..1d741c5d 100644 +--- a/modules/pam_mkhomedir/mkhomedir_helper.c ++++ b/modules/pam_mkhomedir/mkhomedir_helper.c +@@ -36,7 +36,7 @@ static unsigned long u_mask = 0022; + static const char *skeldir = "/etc/skel"; + + static int create_homedir(struct dir_spec *, const struct passwd *, mode_t, +- const char *, const char *); ++ const char *, const char *, const char *); + + static int + dir_spec_open(struct dir_spec *spec, const char *path) +@@ -88,7 +88,7 @@ dir_spec_close(struct dir_spec *spec) + + static int + copy_entry(struct dir_spec *parent, const struct passwd *pwd, mode_t dir_mode, +- const char *source, struct dirent *dent) ++ const char *source, struct dirent *dent, const char *vendordir) + { + char remark[BUFSIZ]; + int srcfd = -1, destfd = -1; +@@ -96,6 +96,7 @@ copy_entry(struct dir_spec *parent, const struct passwd *pwd, mode_t dir_mode, + int retval = PAM_SESSION_ERR; + struct stat st; + char *newsource; ++ char *newvendordir = NULL; + + /* Determine what kind of file it is. */ + if ((newsource = pam_asprintf("%s/%s", source, dent->d_name)) == NULL) +@@ -114,8 +115,23 @@ copy_entry(struct dir_spec *parent, const struct passwd *pwd, mode_t dir_mode, + /* If it's a directory, recurse. */ + if (S_ISDIR(st.st_mode)) + { ++ if (vendordir != NULL) ++ { ++ if ((newvendordir = pam_asprintf("%s/%s", vendordir, dent->d_name)) == NULL) ++ { ++ pam_syslog(NULL, LOG_CRIT, "asprintf failed for 'newvendordir'"); ++ retval = PAM_BUF_ERR; ++ goto go_out; ++ } ++ if (lstat(newvendordir, &st) != 0) ++ { ++ free(newvendordir); ++ newvendordir = NULL; ++ } ++ } ++ + retval = create_homedir(parent, pwd, dir_mode & (~u_mask), newsource, +- dent->d_name); ++ dent->d_name, newvendordir); + goto go_out; + } + +@@ -259,19 +275,22 @@ copy_entry(struct dir_spec *parent, const struct passwd *pwd, mode_t dir_mode, + close(destfd); + + free(newsource); +- ++ free(newvendordir); + return retval; + } + + /* Do the actual work of creating a home dir */ + static int + create_homedir(struct dir_spec *parent, const struct passwd *pwd, +- mode_t dir_mode, const char *source, const char *dest) ++ mode_t dir_mode, const char *source, const char *dest, ++ const char *vendordir) + { + DIR *d = NULL; + struct dirent *dent; + struct dir_spec base; + int retval = PAM_SESSION_ERR; ++ const char *sourcedirs[] = {source, vendordir}; ++ unsigned int idx = 0; + + /* Create the new directory */ + if (mkdirat(parent->fd, dest, 0700)) +@@ -289,32 +308,35 @@ create_homedir(struct dir_spec *parent, const struct passwd *pwd, + goto go_out; + } + +- /* See if we need to copy the skel dir over. */ +- if ((source == NULL) || (strlen(source) == 0)) +- { +- retval = PAM_SUCCESS; +- goto go_out; +- } +- +- /* Scan the directory */ +- d = opendir(source); +- if (d == NULL) +- { +- pam_syslog(NULL, LOG_DEBUG, "unable to read directory %s: %m", source); +- retval = PAM_PERM_DENIED; +- goto go_out; +- } +- +- for (dent = readdir(d); dent != NULL; dent = readdir(d)) ++ /* Scan source directories */ ++ for (idx = 0; idx < PAM_ARRAY_SIZE(sourcedirs); idx++) + { +- /* Skip some files.. */ +- if (strcmp(dent->d_name,".") == 0 || +- strcmp(dent->d_name,"..") == 0) +- continue; ++ /* See if we need to copy the source skel dir over. */ ++ if ((sourcedirs[idx] == NULL) || strlen(sourcedirs[idx]) == 0) ++ continue; ++ d = opendir(sourcedirs[idx]); ++ if (d == NULL) ++ { ++ pam_syslog(NULL, LOG_DEBUG, "unable to read directory %s: %m", ++ sourcedirs[idx]); ++ retval = PAM_PERM_DENIED; ++ goto go_out; ++ } + +- retval = copy_entry(&base, pwd, dir_mode, source, dent); +- if (retval != PAM_SUCCESS) +- goto go_out; ++ for (dent = readdir(d); dent != NULL; dent = readdir(d)) ++ { ++ /* Skip some files.. */ ++ if (strcmp(dent->d_name,".") == 0 || ++ strcmp(dent->d_name,"..") == 0) ++ continue; ++ ++ retval = copy_entry(&base, pwd, dir_mode, sourcedirs[idx], dent, ++ sourcedirs[idx] == vendordir ? NULL : vendordir); ++ if (retval != PAM_SUCCESS) ++ goto go_out; ++ } ++ closedir(d); ++ d = NULL; + } + + retval = PAM_SUCCESS; +@@ -340,7 +362,8 @@ create_homedir(struct dir_spec *parent, const struct passwd *pwd, + + static int + create_homedir_helper(const struct passwd *_pwd, mode_t home_mode, +- const char *_skeldir, const char *_homedir) ++ const char *_skeldir, const char *_homedir, ++ const char *_vendordir) + { + int retval = PAM_SESSION_ERR; + struct dir_spec base; +@@ -357,7 +380,7 @@ create_homedir_helper(const struct passwd *_pwd, mode_t home_mode, + } + *cp = '/'; + +- retval = create_homedir(&base, _pwd, home_mode, _skeldir, cp + 1); ++ retval = create_homedir(&base, _pwd, home_mode, _skeldir, cp + 1, _vendordir); + + go_out: + dir_spec_close(&base); +@@ -399,6 +422,7 @@ main(int argc, char *argv[]) + struct stat st; + char *eptr; + unsigned long home_mode = 0; ++ const char *vendordir = NULL; + + if (argc < 2) { + fprintf(stderr, "Usage: %s [ [ []]]\n", argv[0]); +@@ -433,6 +457,9 @@ main(int argc, char *argv[]) + } + } + ++ if (argc >= 6) ++ vendordir = argv[5]; ++ + if (home_mode == 0) + home_mode = 0777 & ~u_mask; + +@@ -449,5 +476,5 @@ main(int argc, char *argv[]) + if (make_parent_dirs(pwd->pw_dir, 0) != PAM_SUCCESS) + return PAM_PERM_DENIED; + +- return create_homedir_helper(pwd, home_mode, skeldir, pwd->pw_dir); ++ return create_homedir_helper(pwd, home_mode, skeldir, pwd->pw_dir, vendordir); + } +diff --git a/modules/pam_mkhomedir/pam_mkhomedir.8.xml b/modules/pam_mkhomedir/pam_mkhomedir.8.xml +index ad957248..42f42c58 100644 +--- a/modules/pam_mkhomedir/pam_mkhomedir.8.xml ++++ b/modules/pam_mkhomedir/pam_mkhomedir.8.xml +@@ -46,6 +46,12 @@ + /etc/skel/) is used to copy default files + and also sets a umask for the creation. + ++ ++ ++ %vendordir%/skel will also be used unless ++ skel option is specified. ++ ++ + + The new users home directory will not be removed after logout + of the user. +@@ -213,4 +219,4 @@ + pam_mkhomedir was written by Jason Gunthorpe <jgg@debian.org>. + + +- +\ No newline at end of file ++ +diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c +index f090deee..5b08b6fd 100644 +--- a/modules/pam_mkhomedir/pam_mkhomedir.c ++++ b/modules/pam_mkhomedir/pam_mkhomedir.c +@@ -60,6 +60,11 @@ + #define LOGIN_DEFS "/etc/login.defs" + #define UMASK_DEFAULT "0022" + ++#define SKELDIR "/etc/skel" ++#ifdef VENDORDIR ++#define VENDOR_SKELDIR (VENDORDIR "/skel") ++#endif ++ + struct options_t { + int ctrl; + const char *umask; +@@ -73,7 +78,7 @@ _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, + { + opt->ctrl = 0; + opt->umask = NULL; +- opt->skeldir = "/etc/skel"; ++ opt->skeldir = NULL; + + /* does the application require quiet? */ + if ((flags & PAM_SILENT) == PAM_SILENT) +@@ -154,7 +159,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, + child = fork(); + if (child == 0) { + static char *envp[] = { NULL }; +- const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; ++ const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL, NULL }; + + if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_PIPE_FD, + PAM_MODUTIL_PIPE_FD, +@@ -165,8 +170,11 @@ create_homedir (pam_handle_t *pamh, options_t *opt, + args[0] = MKHOMEDIR_HELPER; + args[1] = user; + args[2] = opt->umask ? opt->umask : UMASK_DEFAULT; +- args[3] = opt->skeldir; ++ args[3] = opt->skeldir ? opt->skeldir : SKELDIR; + args[4] = login_homemode; ++#ifdef VENDORDIR ++ args[5] = opt->skeldir ? NULL : VENDOR_SKELDIR; ++#endif + + DIAG_PUSH_IGNORE_CAST_QUAL; + execve(MKHOMEDIR_HELPER, (char **)args, envp); +-- +2.51.0 + -- 2.51.1